Rob CannonWe added #verified links for #WashingtonPost journalists a little while ago, but check out this excellent write-up from @zubakskees on some of the unexpected hurdles we had to overcome, which was just published to #medium
jwz@robpc Your Mastodon link debugger is very nice! Slight bug, though: it says that my site does not have a link back to the profile, which probably means you're only checking A tags and not LINK tags, which also work.
@jwz Thanks for trying it out and reporting the issue. Looking at the backend calls this tool is making it's actually getting a 403. You can see that with a curl command as well. I noticed that it is verified on your instance, but not mine and presumably others because of this issue. I wonder if maybe there is some bot detection going on there like the one we talk about in our article. Either way, I think this tool could message this issue better so thank you again for reporting it.
@robpc Oh, yeah, that's probably it, I should have thought of that. I block the default curl UA (for reasons) and also the Mastodon server UA (because of the link preview stampede problem).
https://www.jwz.org/blog/2022/11/mastodon-stampede/
https://www.jwz.org/blog/2022/11/mastodon-stampede/
Mastodon stampede
"Federation" now apparently means "DDoS yourself." Every time I do a new blog post, within a second I have over a thousand simultaneous hits of that URL on my web server from unique IPs. Load goes over 100, and mariadb stops responding. The server is basically unusable for 30 to 60 seconds until the stampede of Mastodons slows down. Presumably each of those IPs is an instance, none of which ...
@jwz That makes sense, I totally understand the sentiment in your blog post. When debugging our issues and just looking at tiny sample size of the requests for verification, it was a completely unexpected volume of servers from all just over the place.