Post · bonfire.cafe

Post

Recently, there was a discussion about generic #ActivityPub servers. Several people claimed that they were working on one, but it turned out that their "generic" servers only support activities defined in the ActivityPub specification. Such a server shouldn't be called generic. It is not difficult to build, neither it is an interesting concept because competing protocols (e.g. Nostr) already offer much more.

I've been writing a #FEP that describes how to build a real generic server. It is not finished yet, but I feel like now is a good time to publish it:

FEP-fc48: Generic ActivityPub server

This kind of server:

- Can process any object type, and can process non-standard activities like EmojiReact.
- Compatible with FEP-ae97 clients.
- Does not require JSON-LD.

I attempted to implement it when I was researching security properties of FEP-ae97 API: https://codeberg.org/silverpill/fep-ae97-server. Back then I didn't know what to do with side effects, but now I think that we can simply force clients to specify them.

Special thanks to @mariusor and @trwnh for their input.

#C2S

Codeberg.org

fep/fep/fc48/fep-fc48.md at main

fep - Fediverse Enhancement Proposals

Codeberg.org

fep-ae97-server

julian

@julian@activitypub.space · 3 hours ago

@silverpill@mitra.social I find it curious that this needs to be spelled out in an FEP.

Isn't a generic AP server one that ingests anything and shoves it into the outbox... like a mail transfer agent?

... then delivers it dutifully?

I mean, sure, you can do stuff in between, like spam detection, blocklists, etc etc etc...

My quick read through of the FEP (and it was quick, because it was a short FEP ) seems to confirm this.

silverpill

@silverpill@mitra.social · 2 hours ago

@julian It looks simple on the surface, but in reality it is much more complicated than a non-generic server. In addition to activity transfer, generic server needs to maintain collections. First of all, a followers collection, which is often used as a delivery target. Then likes, shares etc. It needs to enforce permissions, to prevent actors on the same server from deleting each other posts.

This is doable if you only care about activities defined in ActivityPub. But then you want to introduce context collection. And then 50 other extensions. How to do that without special-casing every one of them?

This is where duck typing (FEP-2277) and unified security model (FEP-fe34) become really handy. No matter what the client sends, you can figure out what it is (an object, an actor, or a collection), and enforce permissions.

silverpill

@silverpill@mitra.social · 2 hours ago

marius

@mariusor@metalhead.club · 4 hours ago

@silverpill lol, based on the "claims" at the begining, why do I feel like the "thanks" at the end should be in quotations?

Also I take umbrage with calling what I've been doing for the past 8 years as "being not difficult to build nor an interesting concept". I feel like, you and other developers having the benefit of dynamically typed programming languages, underestimate how that can be worked into robust APIs when you're limited by less versatile stacks.

silverpill

@silverpill@mitra.social · 2 hours ago

@mariusor Mastodon supports all standard activities and has a wide variety of clients. I don't find softwares with similar capabilities impressive, although I respect your work (the only ActivityPub server-client project that is not a vaporware).

I doubt that language choice makes much difference, and Rust is not a dynamically typed language anyway. The difficulty you might be facing is likely due to JSON-LD.

The thanks was for your input with regards to collection management.

Raphael Lullis

@raphael@mastodon.communick.com · 1 hour ago

@silverpill

> Mastodon supports all standard activities and has a wide variety of clients.

What happens when you send a "Offer" message to an actor on Mastodon? Can they accept it?

Can I create a group actor on Mastodon? Can I use this actor to boost other actor's posts and have it visible on a Lemmy client?

How can a Mastodon client ask the server to get a collection of all images with an specific tag?

@mariusor

silverpill

@silverpill@mitra.social · 40 minutes ago

@raphael

What happens when you send a "Offer" message to an actor on Mastodon?

The behavior of Offer activity is not described in ActivityPub, so Mastodon is not required to support it. Curiously, ActivityPub mentions Offer when it talks about the side effects of Accept:

The side effect of receiving this in an inbox is determined by the type of the object received, and it is possible to accept types not described in this document (for example, an Offer).

...This statement is not compatible with the idea of a generic server.

Can I create a group actor on Mastodon?

I don't know. But it can create Service actors, I guess it can be easily patched to allow creation of Group actors too.

Can I use this actor to boost other actor's posts and have it visible on a Lemmy client?

I think FEP-1b12 Announce is not compatible with ActivityPub. It has different side effects, doesn't update shares collection.

How can a Mastodon client ask the server to get a collection of all images with an specific tag?

Maybe something like /api/v1/timelines/tag/{tag}?only_media=true ?

@mariusor

Raphael Lullis

@raphael@mastodon.communick.com · 24 minutes ago

@silverpill @mariusor

> The behavior of Offer activity is not described in ActivityPub

You can still take the document and place in the target inboxes, leaving to the *client* to figure out what to do with it.

You don't need to describe the specific case if the general case (activities must be placed in the target inbox) is enough.

Is this your objection when you are talking about "Generic Servers"? Because if that is the case then I can definitely argue that my server is it.

silverpill

@silverpill@mitra.social · 9 minutes ago

@raphael Placing activities in the target inbox is not always enough, sometimes there are side effects.

In my FEP I discuss how we can deal with that.

There is more to it, see my response to @julian:

https://mitra.social/objects/019ca012-a698-5c2a-a6fa-a547373294cc

@mariusor

silverpill

@silverpill@mitra.social · 9 minutes ago

@raphael Placing activities in the target inbox is not always enough, sometimes there are side effects.

In my FEP I discuss how we can deal with that.

There is more to it, see my response to @julian:

https://mitra.social/objects/019ca012-a698-5c2a-a6fa-a547373294cc

@mariusor

silverpill

@silverpill@mitra.social · 40 minutes ago

@raphael

What happens when you send a "Offer" message to an actor on Mastodon?

The behavior of Offer activity is not described in ActivityPub, so Mastodon is not required to support it. Curiously, ActivityPub mentions Offer when it talks about the side effects of Accept:

The side effect of receiving this in an inbox is determined by the type of the object received, and it is possible to accept types not described in this document (for example, an Offer).

...This statement is not compatible with the idea of a generic server.

Can I create a group actor on Mastodon?

I don't know. But it can create Service actors, I guess it can be easily patched to allow creation of Group actors too.

Can I use this actor to boost other actor's posts and have it visible on a Lemmy client?

I think FEP-1b12 Announce is not compatible with ActivityPub. It has different side effects, doesn't update shares collection.

How can a Mastodon client ask the server to get a collection of all images with an specific tag?

Maybe something like /api/v1/timelines/tag/{tag}?only_media=true ?

@mariusor

Raphael Lullis

@raphael@mastodon.communick.com · 43 minutes ago

@silverpill

@mariusor

Also, reading FEP-aea97 and I don't see anything there that my modest little server made with a "dynamic language" doesn't do already.

And It's not even like what I am doing is novel or incredibly diffiicult. If you spent a little time embracing RDF and JSON-LD, you could take a look at what Vocata did and you'd see how easy it can be implement the AP API.

silverpill

@silverpill@mitra.social · 24 minutes ago

@raphael

what Vocata did

This project is often brought up as an example of a generic server, but it never reached production stage. The last commit was in 2023.

It is one thing to have an idea and build a prototype, and a completely different thing to build an application that is secure and interoperates with the rest of the network.

@mariusor