💾 Archived View for thebackupbox.net › ~epoch › blog › activity-pub captured on 2024-12-17 at 10:12:05. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-07-09)
-=-=-=-=-=-=-
If you were expecting a mastodon profile.. um. hi. I'm writing my own activitypub software.
I'm wanting to run my own activity pub server.
but I really don't want to run mastodon, or pleroma, or whatever.
so I'm writing my own bullshit.
it is quite a mess so far.
I did the usual setup-webfinger-stuff
then make an actor blob.
I derped up on that for a while and noticed I'd forgotten a / at the end of
https://thebackupbox.net/~epoch and that was breaking other people's instances silently
because I guess the self-referencing links weren't actually self-referencing
because that URL will redirect to the version with a / at the end.
I figured out how to verify HTTP Signatures in (mostly) shell-script.
//thebackupbox.net/~epoch/verify_signature.txt
//thebackupbox.net/~epoch/csv.txt
I made csv.c because it would have taken longer to find something that could parse
those headers with their asdf="merp",qwer="yerp" type of values... probably.
I think my next step is to make a script that can send my own signed objects,
then test them against myself.
so I don't break others stuff.
I derped up originally because I went and deleted my other fediverse accounts
before I remembered it is a pain in the butt to know whether my own stuff would work or not.
Anyway, I guess I can use this as a "I'm not on the fediverse in the old places anymore" notice
while you're here.
I made a twtxt file that I'll void-speak into.
and I'll probably be using this blog more often.
I'm on nostr too, but that place doesn't seem like a good place to talk about most things.
You can always check on my homepage for various ways of getting ahold of me... I should
probably make the gemini version prettier.
https://thebackupbox.net/~epoch/
gemini://thebackupbox.net/~epoch/
the stream of consciousness has about dried up it seems. gonna shut up and throw this
at antenna.
(minor update)
TODO still for activity pub stuff:
make a script that can sign outgoing requests
make some script auto-send Accept for Follow requests
come up with a good method of keeping the user's private key on their computer
(instead of on the server)
add support for more digest algorithms. hard-coded sha-256 atm.
I at least want to be able to like/favoite posts.
collections are going to be pain
unless I come up with some nifty method of doing it.
(forgot to put links)
https://www.hughrundle.net/how-to-implement-remote-following-for-your-activitypub-project/
read this, was kind of not what I needed. was about ostatus instead of ap
https://stackoverflow.com/questions/35086391/jq-how-to-iterate-through-keys-of-different-names
main helper here was the to_entries that I use to grab the key based on fragment ID from the actor json
https://www.zimuel.it/blog/sign-and-verify-a-file-using-openssl
read this a bit trying to figure out the incantation for openssl
https://www.geeksforgeeks.org/http-headers-digest/
read this to make sure the digest was actually for the POST body
https://www.w3.org/TR/activitypub/#server-to-server-interactions
ofc have to link to this
https://blog.joinmastodon.org/2018/06/how-to-implement-a-basic-activitypub-server/
and this
there. all of my tabs are closed now.
noticed I had a bunch of tabs open in the wrong browser profile. here's them:
https://brandonrozek.com/blog/website-visible-on-the-fediverse/