Quoting posts on Mastodon is slightly complex. Because of the privacy conscious nature of the platform and its users, reposting isn't merely a case of sharing a URl. A user writes a status. The user can choose to make their statuses quotable or not. What happens when a quoter quotes that post? I've read through the specification and tried to simplify it. Quoting is a multi-step process: The…
Continue reading →
Because I'm an optimist, I submitted a few talks to FOSDEM in the hope one might be accepted. Because I'm lucky, I got two speaking slots. Because I'm an idiot, I decided to do both talks. On the same day. An hour apart. On opposite ends of the venue. Fool! My first talk was at the Social Web Birds-of-a-Feather session. I told people about my ActivityBot social networking server and how I…
Continue reading →
As you may have read, BotsIn.Space is closing down, I have lots of automated bot accounts living on the Fediverse - and I want them to continue posting. Installing and maintaining an entire Mastodon instance sounds like hard work. Paying people to host my stuff feels like putting my fate in someone else's hands. Say… didn't I write my own ActivityPub server? Why, yes! Yes I did! I took the c…
Continue reading →
What does it mean to block someone on a social media site? Way back in the mists of time, we dealt with trolls on Usenet with the almighty PLONK - PLaced On Newsgroup Killfile. It meant your newsreader never downloaded their posts. They could rant at you all day long, and you'd never hear from them. It's what we would nowadays call "Mute". But, whether you're on Usenet or a modern social…
Continue reading →
Several years ago, I posted this poll on Twitter. Terence Eden is on Mastodon@edentIf the recent Twitter hack had exposed they way you voted on every Twitter poll, how would you feel?(There is no suggestion that this has happened, I'm just curious about people's relationships to voting and privacy.)Meh. So what?: (167)167Hmph. That's annoying.: (68)68Umm… This could be bad!: (32)32Delete account …
Continue reading →
Vague thoughts as they enter my brainbox. The BlueSky social network has introduced "Reply Gating" - it looks like this: You can write your hot take on Taylor Swift and not be inundated by weirdos replying to you. Nifty! This is nothing new. Twitter has it. Facebook has the concept of "audiences" to restrict who your post is visible to. And, of course, blogging has this! There is a comment …
Continue reading →
One of the most frustrating things in modern technology is the effort spent trying to artificially restrict abundance. Take, for example, this tale from museum-worker Aaron Cope: I was out with a friend who worked for Twitter and I asked them whether it would be possible for the museum to “create 200,000 Twitter accounts, one for each object in the Cooper Hewitt’s collection”. My friend looke…
Continue reading →
I didn't realise this, so I'm documenting it to stop other people making the same silly mistake that I did. Messages in ActivityPub have two distinct ID strings. Here's a (truncated) view of what happens when I send a new message on Mastodon: "id": "https://mastodon.social/users/Edent/statuses/1234567890/activity", "type": "Create", …
Continue reading →
It's never great to find out you're wrong, but that's how learning and personal growth happens. HTTP Message Signatures are hard. There are lots of complex parts and getting any aspect wrong means certain death. In a previous post, I wrote A simple(ish) guide to verifying HTTP Message Signatures in PHP. It turns out that it was too simple. And far too trusting. An HTTP Message Signature is a…
Continue reading →
A few weeks ago, I built an ActivityPub Server in a Single PHP File. It's a proof of concept showing how easy it is to turn a website into a full-featured Fediverse participant. After a bunch of feedback and testing, I've added a some features to make it slightly more useful. A single PHP file - 45KB of no-library goodness. Just add your details, upload, and done. No databases. Everything…
Continue reading →
Mastodon makes heavy use of HTTP Message Signatures. They're a newish almost-standard which allows a server to verify that a request made to it came from the person who sent it. This is a quick example to show how to verify these signatures using PHP. I don't claim that it covers every use-case, and it is no-doubt missing some weird edge cases. But it successfully verifies messages sent by…
Continue reading →
I'm trying to get my head round HTTP Signatures as they're used extensively in the Fediverse. Conceptually, they're relatively straightforward. You send me a normal HTTP request. For example, you want to POST something to https://example.com/data You send me these headers: POST /data Host: example.com Date: Sat, 24 Feb 2024 14:43:48 GMT Accept-Encoding: gzip Digest:…
Continue reading →
