Where have I been?
To keep it short. The holiday season has been rather busy for me, especially at work. Working long hours, shift changes, etcetera. Plus my interest shifted more towards gaming and reading rather than writing or working on my site. This is pretty common for me; I tend to cycle through my interests and drop the current ones randomly. Presumably a symptom of my autism+adhd.
In other news, I posted the first chapter of a story I have begun to work on. A fanfiction set in the world of fallout, the MC being an amnesiac robobrain. Read it here
The Plan
As mentioned in a previous blogpost, by goal in my current hobby-project is to create a series of plug-and-play scripts that anyone with an afternoon of learning html could implement on their own sites. The goal is rather simple; to replicate all the functions of social media in a decentralized website-to-website manner using accepted web standards.
As a basis, I will be using tumblr, and it's features, as a guide. It is a simple platform, which has all the basic features of social media without the AI/Algorithm bullshit cluttering up everything. Plus, its future is uncertain. It's unprofitable and its owner often acts erratically. Providing a self-hosted alternative to the community seems like a nice feather in my cap.
Direct Messaging
Lets knock the easy one out of the way already. Direct Messaging is inferior in all ways to email. Email is direct messaging, but works for any other email address, rather than being confined to a single site or network.
As such, I won't be implementing a direct message script. Just use email.
Following and feed aggregation
Under the hood, subscriptions, follows, etcetera all works as an RSS feed. Or at least that used to be the case. Dig around in inspect element in youtube, for example, and you will find an rss link for the channel you are looking at. When you click subscribe or follow, all you are really doing is adding the rss link to a list that tells your machine to take all the items from each of the feeds, and sort them into one big list. Good news, the actual feed can be implemented with simple javascript directly into an html page. You just need some kind of document to reference for the links, and add links to that document. Myself, I just use an rss reader program. But maybe you want to go to your website and see your feed. You don't want that being visible to the public, but you want one click functionality for adding comments, likes, and reblogs. I will be detailing that later. Right now, this means you need some kind of authenticator, which allows you to see your feed and make those comments without any rando surfing through your blog ALSO doing so. I have already written a mostly working authentication script, though I still need to test it properly in action, with all the rest of the scripts. I will detail the authenticator script in its own section as well.
So, how it works is that, once the authenticator does it thing, it gives you an authentication token. This is a session token, meaning it is held by the server, and will expire after a given length of time, and you will have to go through it again if you close your browser. This token tells the website that you are authorized to see the feed. Without it, the aggregator will simply never fire, as authentication is step one of the script.
Same for all other functions that require authorization. You need to have the required token in order for the option to even be displayed, let alone function. Tie in the token with every step of the script.
So, when you follow a blog, you will need the rss link, right click it, copy to clipboard, and go to your site, paste the link into a field for adding it to your feed.
Honestly, though, this is low priority. Normal rss feed aggregators work fine, and it represents way less work to simply use them. May wind up not doing it.
Rss feeds
Now, what even is an RSS feed? It is simply an .xml file with standardized language.
Honestly, it isn't all that different than HTML; which is by design. You need to declare it as rss, and then channel, with its information. Then when a new item is added, you just need the information. Name, link, description, a publish date, etcetera. You could also add tags, like hashtags, right here. Just need a new tag for that. normal rss readers should ignore irrelevant information. I also am unaware at this time of any webstandards for those tags.
guid, is the same as a link in this example, but some platforms will have a permanent link vs a more temporary, changeable link. guid is the permanent link. For our purposes it is the same thing.
You can also add in an author tag. I don't currently use it as everything that comes from the site comes from me. However it might be useful for you.
Right now, I simply manually update the rss feed. It isn't hard, and I get a timestamp from https://timestampgenerator.com/.
You can also get creative here. Say you want to have a site update log, or just send out simple messages to your followers without a blog. This is pretty easy. Have the description contain all the text information you want for the update or message. For the link, just link to your homepage, instead of a blogpost. This can be used for bio's, site changes, or simply pushing out information to anyone who is following you.
Now that RSS feeds have been demystified a little bit, I can get on to implementation. Manually editing a rss feed represents an added hurtle. Yet another barrier of entry. Every time you have to do something extra or use a different program, it represents opportunity cost. Most people using the internet will not see it, like editing the css or html of a page directly, so it is also a thankless chore. There exists plugins and third parties that can do it for you, but that goes against my philosophy on relying on third-party sources. So, you want a script that will detect when you write a new blogpost or push a status update, then update the xml file for you.
There are really two ways you could go about doing this, and I have not decided on the one I want yet.
- The first is simpler. Simply have a script that runs when you visit the site. It will check your blog folder for anything not already in your feed, and if it finds something, adds it to the xml file. that way, all you need to do is drop the file into the folder, and hit refresh on your home page. This could also work for status updates; you just need to point the script at the appropriate folder(s).
- The next is harder. You have a part of the site that, assuming you have the authentication token, allows you to write a post in plain-text, upload images, etcetera. When you hit the post button, it will take that information, format it for you according to a template you designate, and then update your rss feed. This DOES have the advantage of tying into the webmentions-based comment system. You could have it double as the comment system, where it will send off the webmention to any links in a reply-to field. Disadvantage is that it is a LOT harder for me to implement in my spare time, especially if you want it to fit your website. Could I do it? Yes. Will I? We will see.
Webmentions, Comments, Likes, reblogs
Webmentions are a web standard, not unlike RSS is. Unlike RSS, though, they are more complicated, and much newer.
Webmentions allows cross-site comments, likes, and reblogs. They are already built into wordpress, and may come to tumblr, as they are both owned by the same guy, and he has mentioned adding it in as functionality before.
Figuring out how it works, under the hood, has been a pain. Almost all the documentation has been for back-end developers, and what has been written for lay-people essentially boils down to what I said above.
Really, it is pretty simple. You have an inbox, linked in the header of your page. That tells a sender to send any mention to that inbox, as well as the meta-information. Primarily, where it was linking from is important.
The inbox then tells the sender that it got the message, and goes to look at the link. It tries to find details about the author, which is where h-cards come into place, as well as other relevant information. Information like; Is this a comment? A reblog? Just a like?
The inbox then takes that information, and puts it in a file. Maybe it copies the whole thing into a file, or just the who and what, as well as the link. Either way, this information is stored in a .json file. Where a script can retrieve it from for display purposes. Right now, I use a third party for my inbox, and a premade javascript to retrieve the messages from that inbox. Again, this violates the premise of using a third-party service.
The sender is where it gets complicated. When you create a post with a link, you tell a script to look at your post and look for links. It will go to each link and see if there is a inbox set up. To each of those inboxes that it finds, it will then send an alert. This alert needs certain information at a minimum. For example, a link to wherever the message is sent from. This cannot be done in javascript; you need php for this.
Once you have all the information you need stored in a .json, you just need to retrieve it. This can be done pretty easily; you just need to filter out all the stuff that doesn't link to the current page. You can also set it up to display all comments, and what it is commenting on, in a centralized spot on your site; such as your front page.
A reblog really is just a comment that also displays the original post. You just need to copy the contents of the article tag from the linked post, and display it. This can be done with javascript easily enough. It is how I display my contact card across my site after-all.
As for likes; I am hesitant to even add them. Webmentions does support them. You just need an otherwise blank document, a link, and a tag appropriately marked that you are liking it. Then you just tally up a counter of all the likes that the post has from the inbox. However, likes promote, I think, a bad mentality. It doesn't tell you anything more, really, than a reblog. Its also less useful than a reblog. All it really does is ego-stroking. If I get interest as the project continues, I may add it, but I wont use it on my site.
Authentication Script
The Authentication script is mostly done, and it works, but I may need to tweak it as I continue the project.
How it works: It takes a file, such as an image and hashes it. The hash of that file acts as the cryptographic key for the password. The password is combined with the key to create a second hash value. This hash is what is stored on your site.
If the file is different, even by a single pixel, then the resulting key will be different. Thus, even if the password is right, the resulting hash will be different. Likewise, if you get the password wrong, the hash will be different.
It is important to realize, this is pretty amateurish as far as authentication goes. I explicitly didn't want to engage with sql databases, which normally store the password hash, since this is supposed to be a script you could just drop into your website files and just work. This is why I added in the File requirement, as a sort of pseudo-two-factor authentication. This might still be vulnerable to a man-in-the-middle attack, but should be immune to normal password thefts or phishing. I also couldn't figure out how to use email for the two-factor authentication in a drop-in script like this. You need an email to send FROM for the authentication, one tied to the server in some way. I could do it in my own site, but I am unsure about neocities, for example.
Anyway, when you provide both the key and the password to the login, and the resulting hash matches, it generates a session token, and a file with a timestamp on the server. Any authentication operation will look for the token, and compare it to what is in the file. If it matches, but the timestamp is past the preset time difference, then the file is deleted, and thus the token is invalid. Only if you are in the allotted time for your validated token, which is never stored on the browser, but remains on the server as a SESSION token, not a cookie, does the script return TRUE for authorization.
Again, this is amaturish. Do not use it for anything important. Back up data. This is for a limited use-case and should not be used beyond making sure no rando can make posts on your behalf. I CANNOT STRESS THIS ENOUGH