Free Bird: moving to Mastodon

There’s plenty of guides to getting going on Mastodon, aimed at people leaving Twitter. I just wanted to post a couple of technical points about making the switch that might be of interest to people who maintain webpages with Twitter content (feeds, embeds).

Mastodon status updates (feed/timeline)

Twitter provided a widget that meant that an account’s timeline could be embedded on a website. Migration means replacing it with a mastodon equivalent.

I found this project by idotj which is a fantastic replacement. The author has a codepen which means that you can test drive the code with your account to see how it would look. The instructions are straightforward so that you can switch to your desired account. There is a css and js file which can be easily tweaked to match the look of the page where you place it. Recommended.

Mastodon feed on WordPress

The above example works great on a page where you have direct access to the source code. For a wordpress site it is slightly more complicated. I previously used a Twitter widget in the sidebar of this site and obviously needed a replacement. I couldn’t see how the solution above would work. What’s more, there was only one plugin for embedding a Mastodon timeline, in the wordpress directory (which wasn’t maintained).

So one alternative would be to use the mastodon account as an rss feed and pipe that into an rss widget. Each mastodon account URL is actually an rss feed and can be accessed by appending .rss to the URL. I didn’t investigate this option because I found mastofeed. Mastofeed will generate a timeline which can be inserted into a page as an iFrame. To use, simply generate the code by altering the parameters on the page, then copy the HTML and paste into a Custom HTML Widget in your wordpress page sidebar. It works and was quick to update.

Note that using an iFrame means that the content is served up by a 3rd party. It is possible that this may go rogue or break in some way. For this reason, I prefer the idotj option as a general solution.

Embedded Tweets

WordPress offered a neat block to embed a tweet into a post. The great thing about these blocks is that the tweets were “live”. This meant they always looked up-to-date and also let users click through to interact with the tweet author. The bad thing about them was… they were “live”. This meant if the author changed their screen name, it showed on your post. If they protect their tweets, close their account, or Twitter goes down etc. then the embed fails. Given the current situation, I decided to go through and replace all embeds on this site with screenshots of the tweets as they stand currently.

A simple export of posts as xml allowed me to identify where they were on the site. There was quite a few!

Given the nature of the fediverse, it’s unlikely that an alternative method for embedding toots would work. So, sticking to screenshots (bearing in mind Mastodon etiquette of not publicising the toots of others without asking) seems the way to go.

Automated posting to Mastodon

I previously used a nice WP to Twitter widget to post tweets when a post went live. This was handy, because I often schedule the posts on quantixed and this meant that they got publicised, regardless of when they went live.

There are several plugins in WordPress for this purpose. This post will be my first using the one I installed, so I will update if it works OK!

EDIT: it worked great! I used this one, by Simon Frey.

Securing a Twitter account

The extent to which you deactivate your account is obviously a personal choice. I know many people who have simply deleted their Twitter account outright. Others are unliking posts, deleting tweets and deleting DMs or other content that they do not wish to be exposed in the case of a hack. Account deletion is extreme, because it means (potential) loss of the username.

At the time of writing, I judge the risk of a leak, hack or disruption of service to be significant. So to maintain an account but keep it secure, the most prudent things to do are to:

  • disconnect any apps from your account
  • turn off team tweeting
  • make sure the password on it is unique and strong
  • secure your account with 2FA

Additionally, protecting your tweets seems prudent until the current situation becomes a bit more clear. There’s been an increase in strange activity on the site, and account protection to some extent isolates the account from any weirdness.

Finally, just to underscore that this is my current opinion (which is subject to change).

The post title comes from “Free Bird” by Lynyrd Skynyrd from their album “pronounced’lĕh-‘nérd’skin-‘nérd)”. Ah, the joy of shouting Free Bird in a crowded theatre.