Anyone familiar with the way Mastodon handles verifying URLs? At the Washington Post we're working on adding verified rel="me" and Mastodon links in our author profiles, but we're seeing mixed results on verification actually going through. It seems non-deterministic(?)
@dylan (me): works
@jeremybmerrill: does not work even though he's on the same server as me
@zubakskees : works
(+ more)
The author pages on the Post are identical in terms of linking back to Mastodon. #mastodon
@brandonhorst @dylan @jeremybmerrill @zubakskees IMO Brandon's got it. Jeremy should remove the link, save, then add it back, and save. (note: URL *must* include https)
Source: lots of testing while writing the "Simple Mastodon Verification" plugin for Wordpress.
@opendna @brandonhorst @dylan @jeremybmerrill @zubakskees
Bah... Guess I need to letsencrypt my nearly-abandoned, long fallow vanity domain's homepage. :p
Maybe over the holidays.
@dylan @jeremybmerrill @zubakskees I had this issue with links not verifying for a little while. My problem ended up being that the link verification only seems to work if it's https:// and does not work with an http:// link.
That solved my issue and my links page was verified. Looking at the profiles you linked shows the links pointing to https:// though. So I'm not sure. Maybe on the front end Mastodon sends all links through https:// ?
@darnell @dylan @jeremybmerrill @zubakskees while this isn't a bad suggestion, it is a limiting one.
The argument I've seen against it is if the reporters move to another publication, they don't get to keep their social media without having to move instances, which means they leave their old content behind even if they are allowed to initiate a move and take their followers.
There are pros and cons of both, to be fair.
@darnell That's a lot of work though. As I said, there's pros and cons to having a newsroom run instance vs anywhere else on the fediverse, so mostly just wanted to squeak up so it's an informed choice.
Personally, I'd like to see the news sites post their articles on a long form activitypub compatible front end, and verify the reporters and other staff on whatever instance they're on.
Then people can follow the journos and the publication directly as they prefer.
@darnell That would be awesome. I installed the activitypub plugin on my wp, but need to poke at it more.
I need to figure out how I broke it, as I got it so people can find *this* account searching any handle @ my domain on mastodon, but not finding my blog when searching the handle the plugin says should find it.
@darnell I wouldn't be surprised, since 99% of the time when something breaks with WP it's from plugin conflict. I just need to find time and spoons to troubleshoot it.
For now, wp automagically toots to this account when I make a new post*, and I don't post all that often, so it's good enough.
* I wouldn't be surprised if this plugin is where the problem lies, and I'll probably start there when troubleshooting. 🤞
@dylan @jeremybmerrill @zubakskees I used a GPG key for my verification.
https://www.redhat.com/sysadmin/mastodon-verification-cryptography
@dylan I just tried doing a request with curl, and I noticed I had to ensure curl followed redirects and stored cookies somewhere before it gave me a proper response.
I wonder if it's some weird inconsistent "anti-bot" thing, and that's what's causing the issue.
@dylan @jeremybmerrill @zubakskees
In my case my instance verified @jeremybmerrill correctly
@fuomag9 @dylan @jeremybmerrill @zubakskees
Weird, didn't happen when I looked at his profile on your server:
@dylan Also can anyone list the steps to add "rel=me" and do everything to verify the links.
Or maybe point me to somewhere, from where I can read and follow the steps.
@dylan @jeremybmerrill @zubakskees
There are a variety of hiccups with link verification (see https://github.com/mastodon/mastodon/issues/22418 and linked issues).
@info @e_urq I don't suppose y'all could take a look at the logs for the fetch requests for Jeremy's verified link? I did a spot check on the linked page and it looks valid, if potentially a bit challenging to parse.
Steps to reproduce the problem Run a PHP site on Apache HTTP Server Add Options MultiViews to your .htaccess file, but don't add MultiviewsMatch Any and instead configure AddType application/x-...
@e_urq @dylan @jeremybmerrill @zubakskees @info
Thanks, Evan.
I've been lobbying @Gargron and the other wonderful folks developing Mastodon to surface more information about what's going on with link validation in the UI, because so many people are trying to do it (which is great) and sometimes it mysteriously doesn't with (which isn't).
I'd be happy to pay a moderate bounty to get it done.
@e_urq @dylan @jeremybmerrill @zubakskees @info @Gargron
@robpc to the rescue!
Jeremy, that link isn't being verified because the page it's on is bigger than 1MB. Check this out:
https://mstdn.social/@[email protected]ocial/109604273331298601
https://mastodon-link-debugger.vercel.app/profile/@[email protected]
At work, we've been experimenting with link validation and there were several more hurdles than I expected. I put together this link debugger tool as a way to show the problems we found that can prevent validation, and as an excuse to start to play around with the Mastodon API. If you are interested in giving it a spin, just enter your username or profile link and it will evaluate the the links in your profile. https://mastodon-link-debugger.vercel.app/ #Mastodon #LinkVerification #Vercel #SvelteKit
@dylan @jeremybmerrill @zubakskees
No noticeable differences between your pages and rel="me" links. Sometimes, it can take a few hours to be picked up. If possible, see if the following format can be added instead to make the link cleaner (without any css refs:
<a rel="me" href="https://journa.host/@jeremybmerrill"></a>
This format tends to be picked up in minutes I've noticed.
EDIT: Make sure to include full https - my link above was truncated
@sugan @dylan @jeremybmerrill @zubakskees
Suganthan Mohanadasan, I believe your suggestion made it into an article and a tool check.
🔗 Here’s how The Washington Post verified its journalists on Mastodon https://washpost.engineering/heres-how-the-washington-post-verified-its-journalists-on-mastodon-7b5dbc96985c
🔗 Mastodon Link Debugger https://mastodon-link-debugger.vercel.app/
Dylan Freedman
Brandon Horst
OpenDNA⚙️
Thomas H Jones II
Damon Kiesow
Katma
Glenn Fleishman
That Blair Guy
ryan
Jack Daniel (often offline)
Anthony Niximacco
Darnell Clayton 
Amy (she/her)
Marcus "MajorLinux" Summers
Nick Istre
Rairii
fuomag9
Russ
[shrisec@parrot]─[~]: $
Tim Nolte
Guinness
Evan Urquhart 🏳️⚧️
Jeremy B. Merrill
Simon Fondrie-Teitler
Chris Zubak-Skees
cybrkyd
Robert McNees
Suganthan Mohanadasan
Rubicon
Paul Chambers🚧
Tim Carmody