[twitter-dev] Re: Rate Limiting Question
With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/d1664c633972a7c1/9f49c1ad096e9139?lnk=gstq=API+rate+limit#9f49c1ad096e9139 On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: OAuth update return HTTP 401 issue
Hi Nicholas, I have successfully updated status by OAuth, but I have two problems now. Firstly, I failed to update profile image by OAuth. How to OAuth sign the bytes of the image with http content-typemultipart/form-data ? Secondly, As far as I know, there are several ways to to implement OAuth, First is to put oauth parameters in post request body. Second is to put oauth paramters in Authorization header of http request. Can the second way help to successfully update status by OAuth, I tried the second way but failed. Thanks, Best regards, Weijun Shen 2009/8/3 Nicholas Granado ngran...@gmail.com Weijun, These threads (links below) will probably help. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/59ed5372f7c1b623 http://groups.google.com/group/twitter-development-talk/browse_thread/thread/8a598fd042e53ce0/2629fe5160fc8294 If you encounter any problems, I just went through the same problem and successfully updated my Twitter OAuth library for C#/.NET. I'd definitely be down to help you out. Cheers, Nicholas --- Nicholas Granado email: ngran...@gmail.com web: http://nickgranado.com twitter: heatxsink On Mon, Aug 3, 2009 at 3:00 AM, weijun shen swj1984...@gmail.com wrote: Hi everyone, I successfully went through OAuth procedure, and got access token using PIN, but I failed to update status,send direct message such authenticated post method. But my program works several days ago. Thank you for your help:) BR
[twitter-dev] Re: Rate Limiting Question
Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread/thread/d1664c633972a7c1/9f49c1ad096e9139?lnk=gstq=API+rate+limit#9f49c1ad096e9139 On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Tracking Retweets
People using Identi.ca may also be using RD for ReDent. Abraham 2009/8/4 Peter Denton petermden...@gmail.com cool, Thanks! On Tue, Aug 4, 2009 at 3:30 PM, Chad Etzel c...@twitter.com wrote: I would add: Retweet[:]? Retweeting[:]? those aren't being used as often now, but I still see them around. -Chad On Tue, Aug 4, 2009 at 6:18 PM, Andrew Baderaand...@badera.us wrote: Witty I think is using the recycling symbol ... On Tue, Aug 4, 2009 at 6:17 PM, Peter Denton petermden...@gmail.com wrote: Hello, Does anyone have a list of RT conventions they are using to track? Right now, I am seeing: RT via HT (hat tip) c/o Does anyone track anything else? Thanks Peter -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: Updating the APIs authentication limiting policy
Alex, is that *not* estimated or was it an iPhone being daft and changing now to not? On Aug 5, 7:11 pm, Alex Payne a...@twitter.com wrote: The change did not go live yesterday due to some deploy issues. It's not estimated to go out tomorrow. Once again, sorry for the delay. On Wed, Aug 5, 2009 at 07:48, Dewald Pretoriusdpr...@gmail.com wrote: Alex, Did the change go live on Tuesday? I have very irate users due to this issue. There are spam bots out there that got hold of users' credentials. The users have changed their Twitter passwords to get rid of the spam tweets published in their timelines, but now those bots are locking them out 24x7 from all apps that use the API. On Aug 3, 2:56 pm, Alex Payne a...@twitter.com wrote: The rollback should be deployed tomorrow. Sorry for the delay. On Sat, Aug 1, 2009 at 23:36, Jesse Stayjesses...@gmail.com wrote: A timeframe would be very helpful. This is turning out to be a headache as I'm testing. If my own user is having to log in over and over to test my app, I'm quickly hitting the verify_credentials limit (and I'm even using OAuth). I'm getting really frustrated. Jesse On Fri, Jul 31, 2009 at 8:01 PM, Bob Thomson stormid...@googlemail.com wrote: Hi Doug, Is there a timescale for rolling back / making the change to the new scheme? We're just putting the finishing touches to moving to OAuth and we're experiencing the issue when using verify_credentials to get the users basic details once we've got the token back from the authentication process. We're experiencing the issue when: 1. Testing our login and authentication processes 2. When users login and logout of our application frequently A heads up on when these changes will be made would be useful. Thanks, Bob On Jul 29, 6:37 pm, Grant Emsley grant.ems...@gmail.com wrote: Locked out of authenticated resources for that account, or will that IP not be able to login to any account? On Jul 29, 1:14 pm, Doug Williams d...@twitter.com wrote: Ray,For clarity, we will roll back the current restriction of 15 calls per user per hour to account/verify_credentials, and implement the proposed scheme: ... we will limit the total number of unsuccessful attempts to access authenticated resources to 15 an hour per user per IP address. If a single IP address makes 15 attempts to access a protected resource unsuccessfully for a given user (as indicated by an HTTP 401), then the user will be locked out of authenticated resources from that IP address for 1 hour. Thanks, Doug On Wed, Jul 29, 2009 at 9:51 AM, Ray rvizz...@testlabs.com wrote: Doug, I'm in a similar situation as that voiced by TinBlue. This change has affected our iPhone App. We also want to encourage you to rollback this change ASAP. When you say This approach is what we are going to take., do you mean rolling back the fix so as not to affect multiple, successful, authorized logins? I'm hopeful that this approach means that our apps will not be affected yet again by changing to a new auth approach. I appreciate you all keeping this thread informed. Ray On Jul 27, 11:23 am, Doug Williams d...@twitter.com wrote: Thanks to everyone who has contributed feedback. This approach is what we are going to take. Alex will be making this change shortly. I will update this thread when there is timeframe to share. Thanks, Doug On Mon, Jul 27, 2009 at 7:52 AM, TinBlue tinb...@gmail.com wrote: What is happening? This rollback is taking far too long for something that has affected a lot of people! On Jul 25, 2:32 pm, Dewald Pretorius dpr...@gmail.com wrote: Doug, I would prefer to adopt OAuth instead of writing code for Basic Auth. So, you guys need to move OAuth out of public beta into full production sooner rather than later. :-) I manage 100,000+ Twitter accounts, and I simply cannot take on the support workload of answering user tickets when there's a snag with OAuth beta. I monitor these forums and the API Issues and still see too many OAuth issues being reported to give me a level of comfort that I can safely switch over to OAuth. On Jul 24, 5:46 pm, Doug Williams d...@twitter.com wrote: Well said Joshua. Dewald, you have identified the risk of using basic authentication. If your users being locked out due to malicious behavior, you should either implement further user-level
[twitter-dev] Re: Rate Limiting Question
Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Sign in with Twitter
Jesse, Amen to that. When one does customer support for long enough, you quickly realize that: a) People do not read instructions, and b) Many people are not as computer literate as you'd wish them to be. If you send people all over the place, many go, WTF, and abandon the process out of fear or ignorance. With Basic Auth the process is very simple. Enter the username and password on your site, and click the save button. It shouldn't be any more involved or complicated with OAuth. Dewald On Aug 6, 2:22 am, Jesse Stay jesses...@gmail.com wrote: On Wed, Aug 5, 2009 at 7:32 AM, Duane Roelands duane.roela...@gmail.comwrote: If your users don't understand why they're seeing the Twitter login screen, then your application needs to do a better job of explaining it. Duane I don't think this has anything to do with that. Having worked on e-commerce sites for major e-commerce companies, it has been proven that the more steps a user has to register, the more likely they are to abandon the process, and the more likely you are to lose a sale. This is why Amazon patented the one-click sale. The fact is this (Twitter's auth) takes too many steps, and no amount of explaining ahead of time is going to change that. The more you can keep the users on your own site and reduce the steps necessary to log in, the better. Again, as I mentioned earlier - with Facebook this is one step: click a button, enter your credentials (if you haven't already), and you're done, and they never leave your site to do it. I'd love to see the same for Twitter with unauthenticated users, especially removing the need for them to leave my site to make the authentication happen. Jesse
[twitter-dev] Re: Tracking Retweets
I think the better way is matching the @nickname of original message + some words of the tweet But this some words of your tweet can be a link, if it contains one. Caio Ariede http://caioariede.com/ On Thu, Aug 6, 2009 at 4:32 AM, Abraham Williams 4bra...@gmail.com wrote: People using Identi.ca may also be using RD for ReDent. Abraham 2009/8/4 Peter Denton petermden...@gmail.com cool, Thanks! On Tue, Aug 4, 2009 at 3:30 PM, Chad Etzel c...@twitter.com wrote: I would add: Retweet[:]? Retweeting[:]? those aren't being used as often now, but I still see them around. -Chad On Tue, Aug 4, 2009 at 6:18 PM, Andrew Baderaand...@badera.us wrote: Witty I think is using the recycling symbol ... On Tue, Aug 4, 2009 at 6:17 PM, Peter Denton petermden...@gmail.com wrote: Hello, Does anyone have a list of RT conventions they are using to track? Right now, I am seeing: RT via HT (hat tip) c/o Does anyone track anything else? Thanks Peter -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Using twitter for internal enterprise communication
Dear group, some questions for using twitter in a closed group (enterprise): 1) is there already a solution using twitter for a closed group ? 2) is it possible to integrate LDAP for authentication / authorization ? 3) is also possible to communicate via https + client certificate ? Thanks in advance, Michel
[twitter-dev] Re: HTTP 400 Bad Request
Hey Alan, thanks for your answer... you know what, you are right, I don't know exactly why, but I'm not performing an HTTP GET but an HTTP OPTION. This can be related to FireFox 3.5 (see http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/) but even if this is the reason I have no idea on how to solve the problem... Do you guys have any idea? Omar On Aug 5, 11:53 am, Alan alanev...@gmail.com wrote: Hi there, I'm afraid I can't help with the specifics of the prototypejs framework, but I don't see a GET line in your request headers. I can't imagine that prototypejs didn't send it, but a common cause of 400s in general is an invalid path in the GET line itself, so please post the full GET line here too (and see below for comments on access- control requests). A normal set of request headers for this request should look like this (and this request works for me, from browser): (Request-Line) GET /statuses/public_timeline.json HTTP/1.1 Host twitter.com User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729) Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-gb,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 300 Connection keep-alive Furthermore - the access-control and origin headers in your request indicate that this was an access-control pre-request, not the actual GET. Can you maybe post the headers from the GET request itself? Or was it not sent? There is also a JS library listed on the twitter API wiki, and that has a public_timeline method if that's of any interest:http://sources.disruptive-innovations.com/twitterHelper/tags/latest/T... Alan On Aug 4, 10:30 pm, 0m4r omar.adob...@gmail.com wrote: Hi All, I've been reading the API documentation and this support group as well but I can't find an answer, or a solution, to my problem. I've been writing some js code using the Twitter API but every time I perform a call I got back the error in subject: HTTP 400 Bad Request and no response at all. Here follows a pice of the code I am using (with the prototypejs framework): == new Ajax.Request('http://twitter.com/statuses/public_timeline.json', { method: 'GET', encoding: 'UTF-8', onLoading: function(){ debug.update('Loading...'); }, onSuccess: function(transport) { debug.update(SUCCESS: + transport.responseJSON + br/) }, onException: function(transport, exception){ debug.update(EXCEPTION: + exception); }}); == here are the requests headers: == Host: twitter.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv: 1.9.1.1) Gecko/20090715 Firefox/3.5.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ *;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Origin: null Access-Control-Request-Method: GET Access-Control-Request-Headers: x-prototype-version,x-requested-with == and the response headers: == Date: Tue, 04 Aug 2009 20:20:48 GMT Server: hi Last-Modified: Tue, 04 Aug 2009 20:20:48 GMT Status: 400 Bad Request X-RateLimit-Limit: 150 X-RateLimit-Remaining: 135 Pragma: no-cache Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Content-Type: application/json; charset=utf-8 X-RateLimit-Reset: 1249417836 Expires: Tue, 31 Mar 1981 05:00:00 GMT X-Revision: adb502e2c14207f6671fe028e3b31f3ef875fd88 X-Transaction: 1249417248-99305-1720 Set-Cookie: _twitter_sess=BAh7CDoMY3NyZl9pZCIlN2NmZWIyZmU0NTQ3NjMyZGU1MThlNjZjODc0MGY2%250AODM6B2lkIiVlMzg5ZTViMmYzZjkwM2ExZDExMmRhMmM3NDFjNGMwOSIKZmxh %250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK %250AQHVzZWR7AA%253D%253D--5a76f810fb5fde72f43634d7423aff19f28b3aa7; domain=.twitter.com; path=/ Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 99 Connection: close == Thanks to all for your help. 0m4r
[twitter-dev] Re: Sign in with Twitter
It's a subtle distinction: users aim to use the application, not the Twitter website. They expect Twitter to ask for their permission, but they don't expect to start using the Twitter website. So they're a little surprised when Twitter asks them to log in. The page doesn't make it clear that they're moving toward the application; it looks like they're moving toward Twitter's UI. Of course the application can warn the user what's going to happen, but I'd prefer to remove the cognitive dissonance. On Aug 5, 4:32 am, Duane Roelands duane.roela...@gmail.com wrote: If your users don't understand why they're seeing theTwitterlogin screen, then your application needs to do a better job of explaining it.
[twitter-dev] Re: Getting a 500 Error with oAuth Plus Signpost (Java)
Call setRequestMethod before you call sign. The signature is a function of the method, among other things. On Aug 4, 7:18 pm, msea85 carru...@gmail.com wrote: URL url = new URL(http://twitter.com/statuses/update.xml;); HttpURLConnection request = (HttpURLConnection) url.openConnection(); consumer.sign(request); request.setRequestMethod(POST);
[twitter-dev] using twitter images
I am using the twitter REST web service to pull my tweets, but i want to use the twitter logo/icon on my homepage next to my tweets so its obvious to people that im using twitter. How do i get this image/icon? through the api? or can i just go find it at google images?
[twitter-dev] Re: Are the Consumer Token and Secret assigned to a specific Server IP address
http://wiki.oauth.net/ProblemReporting would have been helpful here. On Aug 5, 3:52 am, Michael E. Carluen mecarl...@gmail.com wrote: The problem was actually caused by an incorrect server clock setting on the new server. The server clock was giving a utc offset equivalent to -54000, which is really not valid. The wrong time was then generating an invalid oauth_timestamp, which eventually returned the Failed to validate oAuth signature. message. I'm all-good now!
[twitter-dev] Mentions count parameter
Hi, I'm playing with the statuses/mentions method and I noticed that the count parameters doesn't return the right number of statuses. If I set count=10 it returns me only 7 statuses also if I have a lot more. Is there an explanation? Thanks -- michele
[twitter-dev] Keep Alive in twitter API
Does the Twitter API support keep alive connections so we can send more than a request per connection? Thks, PMD
[twitter-dev] Re: Account Verify Credentials
On Aug 5, 10:15 pm, Jesse Stay jesses...@gmail.com wrote: On Wed, Aug 5, 2009 at 3:04 AM, Chris Babcock cbabc...@kolonelpanic.comwrote: I would strongly recommend OAuth for verifying users, or at least making it an option, as there is a DoS attack possible against service providers who rely on this API for access to their app. Chris Babcock I'm not sure how OAuth helps, as the problem still exists, even with OAuth users. Even with OAuth, it is still 15 requests per user per hour on verify_credentials. Of course, you probably don't have to run verify_credentials as often with OAuth, but the problem still exists, and there are cases where I can see this could become an issue. Jesse No, you *never* use verify_credentials with OAuth because you never handle user passwords. Take for example those users whose accounts are being slammed by SpamBots. They can still log into Twitter, just not those services that rely on verify_credentials service. Because they can still log in on the Twitter site, they could still authorize OAuth tokens. You will know that they have valid credentials on Twitter if the token has been authorized when they return to your site. It's not necessary for your app to obtain and verify the credentials directly. Your app can completely bypass the rate limited service with its DoS potential. Chris Babcock
[twitter-dev] Re: Sign in with Twitter
On Thu, 6 Aug 2009 05:09:48 -0700 (PDT) Dewald Pretorius dpr...@gmail.com wrote: Amen to that. When one does customer support for long enough, you quickly realize that: a) People do not read instructions, and b) Many people are not as computer literate as you'd wish them to be. If you send people all over the place, many go, WTF, and abandon the process out of fear or ignorance. With Basic Auth the process is very simple. Enter the username and password on your site, and click the save button. It shouldn't be any more involved or complicated with OAuth. The problem with Basic Auth is that it doesn't know the difference between Authentication and Authorization. It's an oversimplification. The only way to do something *for* someone is to *be* that someone as far as the target system is concerned. A system that is as smart as it needs to be is going to be a little more complicated and involved than that. You can still do a little animated authorize this screen just like Facebook with OAuth. Just set up a gateway on your server and Ajax the whole work flow through the gateway. There's no need to complicate the UX. The complications can go in the back end so that you can get your authenticalization in one click. Chris Babcock signature.asc Description: PGP signature
[twitter-dev] Problem with in reply to status id
hello there, I have been trying to fix this for so long but It is not working. I am developing a wndows mobile application for twitter in C# am trying to reply to a status id. The message gets posted but it is not posted as a reply but just an update message. I dont know what I am missing... Please help. I am pasting my code too //Code postString = source=MyAppstatus= + Uri.EscapeUriString(message) + in_reply_to_status_id= + Uri.EscapeUriString(inreply); HttpWebRequest webRequest = (HttpWebRequest) WebRequest.Create(sendTweetUrl); NetworkCredential credentials = new NetworkCredential (Username, Password); webRequest.Credentials = credentials; ASCIIEncoding encoding = new ASCIIEncoding(); byte[] postData = encoding.GetBytes(postString); webRequest.Method = POST; webRequest.Timeout = 2; webRequest.ContentLength = postData.Length; webRequest.AllowWriteStreamBuffering = true; webRequest.ProtocolVersion = HttpVersion.Version11; webRequest.ProtocolVersion = HttpVersion.Version10; try { using (Stream outStream = webRequest.GetRequestStream ()) { outStream.Write(postData, 0, postData.Length); outStream.Flush(); } } catch (Exception ex) { throw new customException(Connection unsuccessful., ex); } try { using (HttpWebResponse response = (HttpWebResponse) webRequest.GetResponse()) { using (StreamReader reader = new StreamReader (response.GetResponseStream())) { reader.ReadToEnd(); } } } catch (WebException ex) {throw new customException(Update unsuccessful., ex);} Let me know if there is anything I am missing. in btw I am also including the @username in the reply to the status id. Is there anything else?
[twitter-dev] Re: Using twitter for internal enterprise communication
On Wed, Aug 5, 2009 at 11:15 AM, michel777 laszlo.miha...@gmx.net wrote: Dear group, some questions for using twitter in a closed group (enterprise): 1) is there already a solution using twitter for a closed group ? 2) is it possible to integrate LDAP for authentication / authorization ? 3) is also possible to communicate via https + client certificate ? Thanks in advance, Michel It's called Yammer. Thanks- - Andy Badera - and...@badera.us - Google me: http://www.google.com/search?q=andrew+badera - This email is: [ ] bloggable [x] ask first [ ] private
[twitter-dev] Re: Knowing how to judge Search API rate limits
Josh, It seems that you can accomplish most of your goals by using the / track feature in the Streaming API. You can then make far fewer calls to the Search API to cover dynamic cases, or fill in whatever else is left. I suspect you'll have a better user experience with far fewer coding and rate limiting hassles. Let me know if you have any questions or issues with the Streaming API, or just post to this list. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Aug 5, 12:11 pm, Josh Shabtai joshshab...@gmail.com wrote: Hi there. I was just about to start a thread on this topic myself, as I've developed a Web application that seems to be running into some issues related to the search API. A disclaimer: I'm pretty inexperienced as a developer, so apologies for any redundancy and/or misuse of terminology. I recently launchedhttp://www.twttrpoop.com, a Web application/parody designed to apply relatively sophisticated search and analytical tools to the basest of subjects (the URL is a dead giveaway). We've been whitelisted, but recently, we experienced a surge in traffic and usage that illuminated potential issues with our ability to access the search and REST APIs. Some background on the app, before going into my questions... It revolves around a few key modules: * A search engine that lets users compare the number of people talking about #2 in the last 24 hours (according to a handful of predetermined phrases) against any other keywords * A real-time feed that pulls in live tweets using the same set of predetermined keywords * A leaderboard mechanism that identifies the most active keyword 'abusers' on Twitter and scores their profiles according to frequency of keyword usage Now, even though our taste in subject is questionable, we've made it a priority to ensure that our search engine and leaderboard are as accurate and useful as possible (ideally, we'd like to extend these tools to other applications). To do this, we're making up to 19,000 search API calls/hour. On the search engine front, we've built a database and cron job that stores user-inputted keywords and publicly trending words that max out at 1,500 results (around 1,000 different words). Then, we make a search API call against each word every 5 minutes to ensure reasonably accurate results. Our real-time feed makes a live search API call every 10 seconds (360 API calls/hour) and we also make search API calls related to approximately 20 distinct #2-focused keywords every 5 minutes (240 search API calls/hour). After our initial surge in traffic, we've noticed some strange issues, all of which seem to relate to us being unable to access data. So, after that long-winded explanation, here are my questions: * First of all, are we within an acceptable rate limit for Search API? What's the ballpark? * We are using both REST and Search API calls to access Twitter data. Does using both simultaneously (as we do) cause any problems you are aware of? Do you have any known restrictions we may have missed? * We make quite a few search API requests consecutively. (For example, we will make simultaneous calls against various keywords.) Is there a timing restriction that we should be aware of? * Our site continually updates users who are talking about our topic. Thus the page is almost always dynamic. However, almost always when we refresh the page or reload the page we have problems fetching data which of course distorts the page and often does not load correctly. Could this be the result of using both methods REST and Search to acquire data and doing it from the same IP address? If yes, how do we solve this? If not, any ideas why this is happening? Thanks for the time and apologies for subjecting you to toilet humor.
[twitter-dev] Re: using twitter images
On Thu, Aug 6, 2009 at 9:18 AM, DTANGdtan...@gmail.com wrote: I am using the twitter REST web service to pull my tweets, but i want to use the twitter logo/icon on my homepage next to my tweets so its obvious to people that im using twitter. How do i get this image/icon? through the api? or can i just go find it at google images? The path of your logo is in the response xml. Read it carefully. -- A K M Mokaddim http://talk.cmyweb.net http://twitter.com/shiplu Stop Top Posting !! বাংলিশ লেখার চাইতে বাংলা লেখা অনেক ভাল
[twitter-dev] Re: Keep Alive in twitter API
No it does not. Abraham On Thu, Aug 6, 2009 at 03:42, pmduque pmdu...@gmail.com wrote: Does the Twitter API support keep alive connections so we can send more than a request per connection? Thks, PMD -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Wasilla, Alaska, United States
[twitter-dev] Re: Using twitter for internal enterprise communication
If you are looking to host your own check out http://laconi.ca/trac/ Abraham On Thu, Aug 6, 2009 at 06:09, Andrew Badera and...@badera.us wrote: On Wed, Aug 5, 2009 at 11:15 AM, michel777 laszlo.miha...@gmx.net wrote: Dear group, some questions for using twitter in a closed group (enterprise): 1) is there already a solution using twitter for a closed group ? 2) is it possible to integrate LDAP for authentication / authorization ? 3) is also possible to communicate via https + client certificate ? Thanks in advance, Michel It's called Yammer. Thanks- - Andy Badera - and...@badera.us - Google me: http://www.google.com/search?q=andrew+badera - This email is: [ ] bloggable [x] ask first [ ] private -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Wasilla, Alaska, United States
[twitter-dev] Re: using twitter images
https://twitter.com/about#download_logo On Thu, Aug 6, 2009 at 06:45, shiplu shiplu@gmail.com wrote: On Thu, Aug 6, 2009 at 9:18 AM, DTANGdtan...@gmail.com wrote: I am using the twitter REST web service to pull my tweets, but i want to use the twitter logo/icon on my homepage next to my tweets so its obvious to people that im using twitter. How do i get this image/icon? through the api? or can i just go find it at google images? The path of your logo is in the response xml. Read it carefully. -- A K M Mokaddim http://talk.cmyweb.net http://twitter.com/shiplu Stop Top Posting !! বাংলিশ লেখার চাইতে বাংলা লেখা অনেক ভাল -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Wasilla, Alaska, United States
[twitter-dev] Re: Keep Alive in twitter API
Abraham is correct. Keep-alives are disabled because of the sheer number of requests that the servers must handle. Keeping any connections open longer than necessary is detrimental to performance. Thanks, -Chad On Thu, Aug 6, 2009 at 11:11 AM, Abraham Williams4bra...@gmail.com wrote: No it does not. Abraham On Thu, Aug 6, 2009 at 03:42, pmduque pmdu...@gmail.com wrote: Does the Twitter API support keep alive connections so we can send more than a request per connection? Thks, PMD -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Wasilla, Alaska, United States
[twitter-dev] Current Twitter site status
Hello all, Some of you may already be aware that the main Twitter site is under a DDoS attack. Please keep a close eye on http://status.twitter.com/ and this list for details and updates. Thanks, -Chad Twitter Platform Support
[twitter-dev] Re: Current Twitter site status
Some of you may already be aware that the main Twitter site is under a DDoS attack. Please keep a close eye on http://status.twitter.com/ and this list for details and updates. Brutal. :-( -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- If your happiness depends on anyone else, you've got a problem. -- R. Bach -
[twitter-dev] Re: Current Twitter site status
2009/8/6 Chad Etzel c...@twitter.com: Some of you may already be aware that the main Twitter site is under a DDoS attack. Please keep a close eye on http://status.twitter.com/ and this list for details and updates. Encountered seemingly neverending redirects - that can't be helping!! http://titsup.net/http://twitter.com/ -Stuart -- http://stut.net/
[twitter-dev] Re: Search is no longer indexing Portuguese (pt) tweets
Have you actually opened a support ticket for this? On Thu, Aug 6, 2009 at 09:53, caio ariede caio.ari...@gmail.com wrote: This issue is killing my app! http://307.to/ Caio Ariede http://caioariede.com/ On Sat, Aug 1, 2009 at 10:58 AM, caio ariede caio.ari...@gmail.comwrote: But why this tweet: http://search.twitter.com/search?lang=ptq=framework+from%3Acaioariede Isn't appear in this search: http://search.twitter.com/search?lang=allq=307.to The language is set to all! Anyone can explain? The http://307.to/ just stopped to catch many tweets from API. Caio Ariede http://caioariede.com/ On Sat, Aug 1, 2009 at 10:46 AM, Vincent Nguyenkureik...@gmail.com wrote: Yes, it's just for you! I think it causes by no one post a link with 307.to in Portugese! Looking at bit.ly or so and you see Twitter works fine! 2009/8/1 caio ariede caio.ari...@gmail.com It's just for me? Caio Ariede http://caioariede.com/ On Fri, Jul 31, 2009 at 1:52 PM, caio ariedecaio.ari...@gmail.com wrote: The results in english is fine: - http://search.twitter.com/search?lang=allq=307.to Results in portuguese, simple doesn't return nothing: - http://search.twitter.com/search?lang=ptq=307.to But yes, there is portuguese tweets with 307.to string: - http://search.twitter.com/search?lang=ptq=framework+from%3Acaioariede What's the problem? Thx! Caio Ariede http://caioariede.com/ -- Internets. Serious business.
[twitter-dev] Re: Search is no longer indexing Portuguese (pt) tweets
Hi Caio, If you have not yet opened an issue, please do so here: http://code.google.com/p/twitter-api/issues/list I will also ping the Search team about this. Thanks, -Chad On Thu, Aug 6, 2009 at 11:54 AM, JDGghil...@gmail.com wrote: Have you actually opened a support ticket for this? On Thu, Aug 6, 2009 at 09:53, caio ariede caio.ari...@gmail.com wrote: This issue is killing my app! http://307.to/ Caio Ariede http://caioariede.com/ On Sat, Aug 1, 2009 at 10:58 AM, caio ariede caio.ari...@gmail.com wrote: But why this tweet: http://search.twitter.com/search?lang=ptq=framework+from%3Acaioariede Isn't appear in this search: http://search.twitter.com/search?lang=allq=307.to The language is set to all! Anyone can explain? The http://307.to/ just stopped to catch many tweets from API. Caio Ariede http://caioariede.com/ On Sat, Aug 1, 2009 at 10:46 AM, Vincent Nguyenkureik...@gmail.com wrote: Yes, it's just for you! I think it causes by no one post a link with 307.to in Portugese! Looking at bit.ly or so and you see Twitter works fine! 2009/8/1 caio ariede caio.ari...@gmail.com It's just for me? Caio Ariede http://caioariede.com/ On Fri, Jul 31, 2009 at 1:52 PM, caio ariedecaio.ari...@gmail.com wrote: The results in english is fine: - http://search.twitter.com/search?lang=allq=307.to Results in portuguese, simple doesn't return nothing: - http://search.twitter.com/search?lang=ptq=307.to But yes, there is portuguese tweets with 307.to string: - http://search.twitter.com/search?lang=ptq=framework+from%3Acaioariede What's the problem? Thx! Caio Ariede http://caioariede.com/ -- Internets. Serious business.
[twitter-dev] Re: Account Verify Credentials
Chris, I too thought that one should call verify credentials with Oauth. How are you suggesting we verify that the token is still active, another call to oauth_authenicate/authorize? Thanks -Bob On Thu, Aug 6, 2009 at 7:51 AM, Chris Babcockcbabc...@kolonelpanic.org wrote: On Aug 5, 10:15 pm, Jesse Stay jesses...@gmail.com wrote: On Wed, Aug 5, 2009 at 3:04 AM, Chris Babcock cbabc...@kolonelpanic.comwrote: I would strongly recommend OAuth for verifying users, or at least making it an option, as there is a DoS attack possible against service providers who rely on this API for access to their app. Chris Babcock I'm not sure how OAuth helps, as the problem still exists, even with OAuth users. Even with OAuth, it is still 15 requests per user per hour on verify_credentials. Of course, you probably don't have to run verify_credentials as often with OAuth, but the problem still exists, and there are cases where I can see this could become an issue. Jesse No, you *never* use verify_credentials with OAuth because you never handle user passwords. Take for example those users whose accounts are being slammed by SpamBots. They can still log into Twitter, just not those services that rely on verify_credentials service. Because they can still log in on the Twitter site, they could still authorize OAuth tokens. You will know that they have valid credentials on Twitter if the token has been authorized when they return to your site. It's not necessary for your app to obtain and verify the credentials directly. Your app can completely bypass the rate limited service with its DoS potential. Chris Babcock
[twitter-dev] Re: Sign in with Twitter
Chris, If I understand you correctly, you're saying one should login for the user in the OAuth process? Wouldn't that involve scraping the Twitter web interface? Or am I outside the ballpark with my understanding? Dewald On Aug 6, 10:36 am, Chris Babcock cbabc...@kolonelpanic.com wrote: On Thu, 6 Aug 2009 05:09:48 -0700 (PDT) Dewald Pretorius dpr...@gmail.com wrote: Amen to that. When one does customer support for long enough, you quickly realize that: a) People do not read instructions, and b) Many people are not as computer literate as you'd wish them to be. If you send people all over the place, many go, WTF, and abandon the process out of fear or ignorance. With Basic Auth the process is very simple. Enter the username and password on your site, and click the save button. It shouldn't be any more involved or complicated with OAuth. The problem with Basic Auth is that it doesn't know the difference between Authentication and Authorization. It's an oversimplification. The only way to do something *for* someone is to *be* that someone as far as the target system is concerned. A system that is as smart as it needs to be is going to be a little more complicated and involved than that. You can still do a little animated authorize this screen just like Facebook with OAuth. Just set up a gateway on your server and Ajax the whole work flow through the gateway. There's no need to complicate the UX. The complications can go in the back end so that you can get your authenticalization in one click. Chris Babcock signature.asc 1KViewDownload
[twitter-dev] Re: Rate Limiting Question
Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Account Verify Credentials
What Robert said. You still need to verify. On Thu, Aug 6, 2009 at 12:01 PM, Robert Fishel bobfis...@gmail.com wrote: Chris, I too thought that one should call verify credentials with Oauth. How are you suggesting we verify that the token is still active, another call to oauth_authenicate/authorize? Thanks -Bob On Thu, Aug 6, 2009 at 7:51 AM, Chris Babcockcbabc...@kolonelpanic.org wrote: On Aug 5, 10:15 pm, Jesse Stay jesses...@gmail.com wrote: On Wed, Aug 5, 2009 at 3:04 AM, Chris Babcock cbabc...@kolonelpanic.comwrote: I would strongly recommend OAuth for verifying users, or at least making it an option, as there is a DoS attack possible against service providers who rely on this API for access to their app. Chris Babcock I'm not sure how OAuth helps, as the problem still exists, even with OAuth users. Even with OAuth, it is still 15 requests per user per hour on verify_credentials. Of course, you probably don't have to run verify_credentials as often with OAuth, but the problem still exists, and there are cases where I can see this could become an issue. Jesse No, you *never* use verify_credentials with OAuth because you never handle user passwords. Take for example those users whose accounts are being slammed by SpamBots. They can still log into Twitter, just not those services that rely on verify_credentials service. Because they can still log in on the Twitter site, they could still authorize OAuth tokens. You will know that they have valid credentials on Twitter if the token has been authorized when they return to your site. It's not necessary for your app to obtain and verify the credentials directly. Your app can completely bypass the rate limited service with its DoS potential. Chris Babcock
[twitter-dev] Re: Rate Limiting Question
Good questions. I agree the phrasing surrounding this topic in the documentation is not extremely clear. I am digging for answers. -Chad On Thu, Aug 6, 2009 at 12:44 PM, Jesse Stayjesses...@gmail.com wrote: Chad, did that change recently? I was told by Alex and others there that it was 20,000 calls per hour, period, per IP. When did that change and why weren't we notified? This will save me a lot of money if it is indeed true. Jesse On Thu, Aug 6, 2009 at 12:37 PM, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
Chad, did that change recently? I was told by Alex and others there that it was 20,000 calls per hour, period, per IP. When did that change and why weren't we notified? This will save me a lot of money if it is indeed true. Jesse On Thu, Aug 6, 2009 at 12:37 PM, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: Rate Limiting Question
That would be the same as having no rate limit at all, because really, which app would beed to make 20,000 GET calls per hour on one Twitter account? If that's how it is enforced currently, then that is the reason why the API often gets so overloaded and slow. Dewald On Aug 6, 2:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] What Twitter account is used for important announcements?
I used to subscribe to SMS notifications from the @twitter account, which was used to send notifications about blog updates and site downtime. That was great. Then a few weeks some idiot in PR apparently took over the account and now it sends frequent postings about asteroid strikes, celebrities, and how often people at Twitter HQ wash their clothes. Just the kind of thing I want texted to my phone. The final straw. Today Twitter is down for half the day from a DoS attack. Do I get a text notification of the problem (which should be doable even if you're under attack)? Nope. Do I get an explanation afterwards? Nope. I get a text message about how it's quiet but lots of sun at Twitter HQ, complete with a picture. Talk about complete disregard for your customers. I've sent multiple complaints to the @twitter account, but evidently nobody actually *reads* the responses. Perhaps we should send @comcast_cares over to Twitter HQ to give a lesson on how to use Twitter? Is anyone there taking the service seriously? Are you going to force several hundred thousand followers to switch to following a different account if they want to get useful information? Or are you going to start using @twitter for it's original purpose? Or do you think that sending customers urgent information isn't important? Come on guys. Stop drinking the koolaid and start acting like a responsible company providing a responsible service.
[twitter-dev] Re: API converting + text character to white space...
+ is the RFC-defined way to send a space. You have to encode your parameters using the API, so + will become %xx, where xx is the hex ascii code for +. On Thu, Aug 6, 2009 at 11:15, HatMan webmas...@metromilwaukee.com wrote: John+Jane will appear as John Jane when the text is sent via the API but remains John+Jane when the text is sent via the web. Is this an API bug or some API policy intentionally imposed to support certain text characters and not others when text is sent via API? -- Internets. Serious business.
[twitter-dev] Re: Rate Limiting Question
Just some background. I talked with Doug about this a few months ago, because I observed in the Rate Limit Header of get calls that the 20,000 number decremented by user, not by IP address in aggregate. Doug informed me that he was going to hand the issue over to Matt, who was on vacation at that point, to look into when he got back from vacation. Doug specifically said that the intended behavior was for the 20,000 rate limit to be by IP address only. So, the point I'm trying to make is, at one point the API did count the 20,000 rate limit per IP address per user, but that was a bug that should have been fixed. I have not checked whether it is actually fixed. But, it's easy to check. Just do a GET call from a whitelisted IP with one user's credentials, check the remaining rate limit number, and then do the same call with another user's credentials. If each call gives you 19,999 remaining, then you know the bug still exists, and consequently no IP rate limiting is currently being done. Dewald On Aug 6, 2:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the site. Would this limit me to 1 call per minute per user or would it fall over to the user limit of 150 an hour once I hit my 20k? If so how can I tell it has fallen over besides for simply keeping track of the number of calls per hour my server has made. Thanks -Bob
[twitter-dev] Re: What Twitter account is used for important announcements?
Hey Kee, @apiannounce was recently created for changes to the api. On Thu, Aug 6, 2009 at 10:15 AM, Kee Hinckley naz...@somewhere.com wrote: I used to subscribe to SMS notifications from the @twitter account, which was used to send notifications about blog updates and site downtime. That was great. Then a few weeks some idiot in PR apparently took over the account and now it sends frequent postings about asteroid strikes, celebrities, and how often people at Twitter HQ wash their clothes. Just the kind of thing I want texted to my phone. The final straw. Today Twitter is down for half the day from a DoS attack. Do I get a text notification of the problem (which should be doable even if you're under attack)? Nope. Do I get an explanation afterwards? Nope. I get a text message about how it's quiet but lots of sun at Twitter HQ, complete with a picture. Talk about complete disregard for your customers. I've sent multiple complaints to the @twitter account, but evidently nobody actually *reads* the responses. Perhaps we should send @comcast_cares over to Twitter HQ to give a lesson on how to use Twitter? Is anyone there taking the service seriously? Are you going to force several hundred thousand followers to switch to following a different account if they want to get useful information? Or are you going to start using @twitter for it's original purpose? Or do you think that sending customers urgent information isn't important? Come on guys. Stop drinking the koolaid and start acting like a responsible company providing a responsible service.
[twitter-dev] Re: What Twitter account is used for important announcements?
Don't know if there is an @twitterstatus account, but there is the Twitter Status Blog at http://status.twitter.com/. - h
[twitter-dev] Re: Rate Limiting Question
I got the same response from Alex awhile back (and I think confirmed by Doug). And I'm seeing the same results, as well. I'm pretty sure it's 20,000 per IP without regard to user. Jesse On Thu, Aug 6, 2009 at 1:24 PM, Dewald Pretorius dpr...@gmail.com wrote: Just some background. I talked with Doug about this a few months ago, because I observed in the Rate Limit Header of get calls that the 20,000 number decremented by user, not by IP address in aggregate. Doug informed me that he was going to hand the issue over to Matt, who was on vacation at that point, to look into when he got back from vacation. Doug specifically said that the intended behavior was for the 20,000 rate limit to be by IP address only. So, the point I'm trying to make is, at one point the API did count the 20,000 rate limit per IP address per user, but that was a bug that should have been fixed. I have not checked whether it is actually fixed. But, it's easy to check. Just do a GET call from a whitelisted IP with one user's credentials, check the remaining rate limit number, and then do the same call with another user's credentials. If each call gives you 19,999 remaining, then you know the bug still exists, and consequently no IP rate limiting is currently being done. Dewald On Aug 6, 2:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob On Thu, Aug 6, 2009 at 2:53 AM, srikanth reddysrikanth.yara...@gmail.com wrote: With a whitelisted IP you can make 20k auth calls per hour for each user. Once you reach this limit for a user you cannot make any auth calls from that IP in that duration. But the user can still use his 150 limit from other apps. http://groups.google.com/group/twitter-development-talk/browse_thread... On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel b...@bobforthejob.com wrote: From the Rate Limiting documentation: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. Say for example I wanted to simply replicate the twitter website. One page per user that just monitors for new statuses with authenticated (to catch protected users) calls to http://twitter.com/statuses/friends_timeline.json Say I was very popular and had 20k people on the
[twitter-dev] Re: Updating the APIs authentication limiting policy
We've just heard from our operations and deploy staff that we won't be able to deploy any code (for the API or otherwise) until Monday due to the DDoS attack and other issues. That means that the revert to the old rate limiting policy for this method won't go out this week. My apologies. On Thu, Aug 6, 2009 at 02:43, Goblinstu...@abovetheinternet.org wrote: Alex, is that *not* estimated or was it an iPhone being daft and changing now to not? On Aug 5, 7:11 pm, Alex Payne a...@twitter.com wrote: The change did not go live yesterday due to some deploy issues. It's not estimated to go out tomorrow. Once again, sorry for the delay. On Wed, Aug 5, 2009 at 07:48, Dewald Pretoriusdpr...@gmail.com wrote: Alex, Did the change go live on Tuesday? I have very irate users due to this issue. There are spam bots out there that got hold of users' credentials. The users have changed their Twitter passwords to get rid of the spam tweets published in their timelines, but now those bots are locking them out 24x7 from all apps that use the API. On Aug 3, 2:56 pm, Alex Payne a...@twitter.com wrote: The rollback should be deployed tomorrow. Sorry for the delay. On Sat, Aug 1, 2009 at 23:36, Jesse Stayjesses...@gmail.com wrote: A timeframe would be very helpful. This is turning out to be a headache as I'm testing. If my own user is having to log in over and over to test my app, I'm quickly hitting the verify_credentials limit (and I'm even using OAuth). I'm getting really frustrated. Jesse On Fri, Jul 31, 2009 at 8:01 PM, Bob Thomson stormid...@googlemail.com wrote: Hi Doug, Is there a timescale for rolling back / making the change to the new scheme? We're just putting the finishing touches to moving to OAuth and we're experiencing the issue when using verify_credentials to get the users basic details once we've got the token back from the authentication process. We're experiencing the issue when: 1. Testing our login and authentication processes 2. When users login and logout of our application frequently A heads up on when these changes will be made would be useful. Thanks, Bob On Jul 29, 6:37 pm, Grant Emsley grant.ems...@gmail.com wrote: Locked out of authenticated resources for that account, or will that IP not be able to login to any account? On Jul 29, 1:14 pm, Doug Williams d...@twitter.com wrote: Ray,For clarity, we will roll back the current restriction of 15 calls per user per hour to account/verify_credentials, and implement the proposed scheme: ... we will limit the total number of unsuccessful attempts to access authenticated resources to 15 an hour per user per IP address. If a single IP address makes 15 attempts to access a protected resource unsuccessfully for a given user (as indicated by an HTTP 401), then the user will be locked out of authenticated resources from that IP address for 1 hour. Thanks, Doug On Wed, Jul 29, 2009 at 9:51 AM, Ray rvizz...@testlabs.com wrote: Doug, I'm in a similar situation as that voiced by TinBlue. This change has affected our iPhone App. We also want to encourage you to rollback this change ASAP. When you say This approach is what we are going to take., do you mean rolling back the fix so as not to affect multiple, successful, authorized logins? I'm hopeful that this approach means that our apps will not be affected yet again by changing to a new auth approach. I appreciate you all keeping this thread informed. Ray On Jul 27, 11:23 am, Doug Williams d...@twitter.com wrote: Thanks to everyone who has contributed feedback. This approach is what we are going to take. Alex will be making this change shortly. I will update this thread when there is timeframe to share. Thanks, Doug On Mon, Jul 27, 2009 at 7:52 AM, TinBlue tinb...@gmail.com wrote: What is happening? This rollback is taking far too long for something that has affected a lot of people! On Jul 25, 2:32 pm, Dewald Pretorius dpr...@gmail.com wrote: Doug, I would prefer to adopt OAuth instead of writing code for Basic Auth. So, you guys need to move OAuth out of public beta into full production sooner rather than later. :-) I manage 100,000+ Twitter accounts, and I simply cannot take on the support workload of answering user tickets when there's a snag with OAuth beta. I monitor these forums and the API Issues and still see too many OAuth issues being reported to give me a
[twitter-dev] Re: Current Twitter site status
Is the Search API being effected? I thought at first that I had messed up my code, but I rolled back pretty far and I'm still getting really odd errors /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:56:in `setup_raw_request': undefined method `request_uri' for #URI::Generic: 0x7ff36a8295f0 (NoMethodError) from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb: 39:in `perform' from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb: 99:in `handle_response' from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb: 40:in `perform' from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:156:in `perform_request' from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:122:in `get' from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb: 100:in `fetch' from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb: 108:in `each' On Aug 6, 11:45 am, Stuart stut...@gmail.com wrote: 2009/8/6 Chad Etzel c...@twitter.com: Some of you may already be aware that the main Twitter site is under a DDoS attack. Please keep a close eye onhttp://status.twitter.com/ and this list for details and updates. Encountered seemingly neverending redirects - that can't be helping!! http://titsup.net/http://twitter.com/ -Stuart --http://stut.net/
[twitter-dev] Re: Current Twitter site status
I see. Thats the reason why I can register my new app ! ! ! :( -- A K M Mokaddim http://talk.cmyweb.net http://twitter.com/shiplu Stop Top Posting !! বাংলিশ লেখার চাইতে বাংলা লেখা অনেক ভাল Sent from Dhaka, Bangladesh
[twitter-dev] Re: Current Twitter site status
Monitor the Twitter Blog, but yes, various services are still recovering and/or flapping. For the next few hours, I'd assume it's a problem on Twitter's side, not on your side. On Aug 6, 11:43 am, David Fisher tib...@gmail.com wrote: Is the Search API being effected? I thought at first that I had messed up my code, but I rolled back pretty far and I'm still getting really odd errors /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:56:in `setup_raw_request': undefined method `request_uri' for #URI::Generic: 0x7ff36a8295f0 (NoMethodError) from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb: 39:in `perform' from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb: 99:in `handle_response' from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb: 40:in `perform' from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:156:in `perform_request' from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:122:in `get' from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb: 100:in `fetch' from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb: 108:in `each' On Aug 6, 11:45 am, Stuart stut...@gmail.com wrote: 2009/8/6 Chad Etzel c...@twitter.com: Some of you may already be aware that the main Twitter site is under a DDoS attack. Please keep a close eye onhttp://status.twitter.com/ and this list for details and updates. Encountered seemingly neverending redirects - that can't be helping!! http://titsup.net/http://twitter.com/ -Stuart --http://stut.net/
[twitter-dev] Tutorial article posted - Twitter OAuth using Perl
I just posted an article that goes into quite a bit of detail about how to create your own Twitter OAuth solution using Perl. http://www.bigtweet.com/twitter-oauth-using-perl.html I included quite a few code samples and several references. Hopefully this might save a fellow Perl hacker some time in putting together their own implementation. BTW - are there any fellow Twitter Perl developers in the Boston area? - Scott @scott_carter
[twitter-dev] Re: Updating the APIs authentication limiting policy
Perhaps a better approach to the lockout: Lock the account for x minutes after 15 *unique* bad passwords. So if the user changes their password, and another program keeps trying with their old password, that only counts as 1 attempt. It still only gives them 15 guesses, but would cause fewer lockouts because of badly behaved programs like the spam bots mentioned above.
[twitter-dev] Re: Sign in with Twitter
Some users aren't comfortable giving their Twitter password to another website. For them, it's sort of a good thing to be sent to Twitter's I would hazard a guess that they really are the long tail. Only a small percentage of people would care, most would not but they are going to be penalized with a more complicated system ... seems a bit backward to me. One possibility is for your application (which is what I will do in twitcher) to offer both methods. Then both sets of users are covered, most people can get in quickly and easily by entering name and password; but those that are more careful/concerened can go the more complicated oauth route. Problem is, twitter are going to shut off Basic Auth at some point which is a big mistake IMHO, but hey ho.
[twitter-dev] Re: Rate Limiting Question
@Dewald Pretorius For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! I believe 20k limit per user is the desirable behavior, but i don't think twitter will allow you to make infinite calls in which case they will black list you. I have not checked whether it is actually fixed. But, it's easy to check. Just do a GET call from a whitelisted IP with one user's credentials, check the remaining rate limit number, and then do the same call with another user's credentials. If each call gives you 19,999 remaining, then you know the bug still exists, and consequently no IP rate limiting is currently being done. You can verify this here http://twxlate.com This bug was closed very recently (about a month and a half ago) as working as intended http://code.google.com/p/twitter-api/issues/detail?id=617 That would be the same as having no rate limit at all, because really, which app would beed to make 20,000 GET calls per hour on one Twitter account? we dont know the rationale behind that number but if the limit is per IP then your app is easily susceptible to DOS attacks. I believe there are many apps (not whitelisted) out there which make more than 20k calls/hour (150 users /hour and 150 calls) The limit should always be per user(whether IP is whitelisted or not) On Thu, Aug 6, 2009 at 10:54 PM, Dewald Pretorius dpr...@gmail.com wrote: Just some background. I talked with Doug about this a few months ago, because I observed in the Rate Limit Header of get calls that the 20,000 number decremented by user, not by IP address in aggregate. Doug informed me that he was going to hand the issue over to Matt, who was on vacation at that point, to look into when he got back from vacation. Doug specifically said that the intended behavior was for the 20,000 rate limit to be by IP address only. So, the point I'm trying to make is, at one point the API did count the 20,000 rate limit per IP address per user, but that was a bug that should have been fixed. I have not checked whether it is actually fixed. But, it's easy to check. Just do a GET call from a whitelisted IP with one user's credentials, check the remaining rate limit number, and then do the same call with another user's credentials. If each call gives you 19,999 remaining, then you know the bug still exists, and consequently no IP rate limiting is currently being done. Dewald On Aug 6, 2:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does sound too good to be true :) -Chad On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretoriusdpr...@gmail.com wrote: Chad, Are you 100% sure of that? I mean, in terms of rate limiting that simply does not make sense. For my site, TweetLater.com, it would mean I have an effective hourly rate limit, per IP address, of 2 BILLION IP GET calls per hour! (20,000 per user for 100,000 users). It sounds wrong to me. Dewald On Aug 6, 1:37 pm, Chad Etzel c...@twitter.com wrote: Hi Inspector Gadget, er... Bob, Yes, the current whitelisted IP rate-limit allows 20k calls per hour *per user* on Basic Auth or OAuth or a combination thereof. Go, go gadget data! -Chad Twitter Platform Support On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishelbobfis...@gmail.com wrote: Well it seems as though Twitter is saying that 20k calls per user is the intended functionality. Chad or someone else can you confirm this? Also if the correct functionality is 20k per ip per hour will you then fail over to 150 per user per hour or is it cut off? Thanks -Bob On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretoriusdpr...@gmail.com wrote: Bob, Don't base your app on the assumption that it is 20,000 calls per hour per user. You get 20,000 GET calls per whitelisted IP address, period. It does not matter if you use those calls for one Twitter account or 10,000 Twitter accounts. If the API is currently behaving differently, then it is a bug. I have had discussions with Twitter engineers about this, and the intended behavior is an aggregate 20,000 calls per whitelisted IP address as I mentioned above. Dewald On Aug 6, 4:09 am, Robert Fishel bobfis...@gmail.com wrote: Wowzers (bonus points for getting the reference) It appears as if each user does get 20k (according to the linked threads) this is I think what they intended and makes apps a LOT easier to develop as you can now do rate limiting (ie caching and sleeping etc...) based on each user and not on an entire server pool, makes sessions much cleaner. I am whitelisted and I'll test this tomorrow evening to make double sure but this sounds great!. Thanks -Bob
[twitter-dev] API Calls During DoS Attack
Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald
[twitter-dev] friends timeline change: Temporary or permanent?
I just tried this curl -D - -s --netrc 'http://twitter.com/statuses/friends_timeline.xml?since_id=3166251802count=200' and got back this: HTTP/1.1 302 Moved Temporarily Content-Length: 0 Location: /statuses/friends_timeline.xml?since_id=3166251802count=200?0115dfe8 Since my program is designed to look for HTTP Status 200, it's failing. I can re-code it to deal with the 302, but if this IS just a temporary change (hence the 302) I might just wait it out. TjL
[twitter-dev] Re: What Twitter account is used for important announcements?
Hello, For API related issues, there is the @twitterAPI account. For overall Twitter related issues, http://status.twitter.com/ and/or http://blog.twitter.com/ should be your first stop for information when the site/service itself is having problems. It is hard to send out information through Twitter accounts when the site itself is down. We appreciate your patience, and please know that we are doing everything we can to restore everything to normal. Thanks, -Chad On Thu, Aug 6, 2009 at 1:32 PM, Howard Siegelhsie...@gmail.com wrote: Don't know if there is an @twitterstatus account, but there is the Twitter Status Blog at http://status.twitter.com/. - h
[twitter-dev] Re: What Twitter account is used for important announcements?
On Thu, Aug 6, 2009 at 4:05 PM, Chad Etzel c...@twitter.com wrote: Hello, For API related issues, there is the @twitterAPI account. For overall Twitter related issues, http://status.twitter.com/ and/or http://blog.twitter.com/ should be your first stop for information when the site/service itself is having problems. It is hard to send out information through Twitter accounts when the site itself is down. We appreciate your patience, and please know that we are doing everything we can to restore everything to normal. Thanks, -Chad It would be nice if those sources were updated in a more timely fashion. An attack or other similar situation was pretty obvious early on, but no official announcement on the given Twitter channels. Why did I have to get confirmation via Biz's memo to CNN? --ab
[twitter-dev] Re: friends timeline change: Temporary or permanent?
This is an artifact from the current DDoS situation. We're working hard to restore everything back to normal. Thanks, -Chad On Thu, Aug 6, 2009 at 3:57 PM, TjLluo...@gmail.com wrote: I just tried this curl -D - -s --netrc 'http://twitter.com/statuses/friends_timeline.xml?since_id=3166251802count=200' and got back this: HTTP/1.1 302 Moved Temporarily Content-Length: 0 Location: /statuses/friends_timeline.xml?since_id=3166251802count=200?0115dfe8 Since my program is designed to look for HTTP Status 200, it's failing. I can re-code it to deal with the 302, but if this IS just a temporary change (hence the 302) I might just wait it out. TjL
[twitter-dev] Re: Tutorial article posted - Twitter OAuth using Perl
Scott, I am for this week. Leaving back to my home in Salt Lake on Monday though. Jesse On Thu, Aug 6, 2009 at 3:03 PM, Scott Carter scarter28m-goo...@yahoo.comwrote: I just posted an article that goes into quite a bit of detail about how to create your own Twitter OAuth solution using Perl. http://www.bigtweet.com/twitter-oauth-using-perl.html I included quite a few code samples and several references. Hopefully this might save a fellow Perl hacker some time in putting together their own implementation. BTW - are there any fellow Twitter Perl developers in the Boston area? - Scott @scott_carter
[twitter-dev] Re: Knowing how to judge Search API rate limits
I will start investigating the streaming API - thanks. steve On Aug 5, 3:18 pm, John Kalucki jkalu...@gmail.com wrote: Steve, It sounds like you should consider the /follow method in the streaming API. You'll get similar results with no latency or rate limits. If you need to follow more users, apply for the /shadow method. If you also want mentions, you can use /track. -John Kaluckihttp://twitter.com/jkalucki Services, Inc. On Aug 4, 9:50 am, steve steveb...@googlemail.com wrote: There are a lot of messages and details around saying that the REST API is 150 per hour, with whitelisting up to 20k per hour. The Search API is more than the 150, but no specifics. Note that the Search API is not limited by the same 150 requests per hour limit as the REST API. The number is quite a bit higher and we feel it is both liberal and sufficient for most applications. My question is this, I have just soft launchedwww.twitparade.co.uk, and although the site is in early days, a lot of work is in the scheduler that grabs, stores and publishes individual tweets. The way I am doing it is as follows: 1. Load a list of people in a specific time slice to check 2. Loop through each person on list, pausing for 5 seconds after each person (except the last) 3. Pause for 20 seconds at the end of the list 4. Pick up the next time slice and start again The time slicing allows me to prioritise the people how have tweeted more recently, by checking them more frequently. With the pauses I am currently using, assuming each search is instant, then in any 1 minute, I am carrying out a maximum of 12 searches, equating to 720 an hour. If the minute spans a list change, then there is a 20 second pause, so I would only carry out 8 searches, equating to 480 an hour. This can mean that it takes 20 minutes for some Tweets to be picked up, if that person hasn't tweeted for a while (as I check them less often) - I would like to improve that. The gatherer is desktop application, so doesn't have a referrer, but I have set the User-Agent to list my app name and the URL of the final site that the data is gathered for, so hopefully Twitter can ID my app (aside: How can we tell that our User-Agent makes it through?). I am also on a fixed IP address, so should be identifiable to the back-end systems at Twitter's end. So how aggressive with cutting my pauses can I be? The Search API numbers are not publicized so I have no idea if I'm knocking on the limits, or whether I can with much lower pauses. If I cut step 2 down to 1 and step 3 to 5 seconds, then my max rate would be 60 per minute = 3600 per hour, or 2700 per hour. Is this within the unknown limits? If someone from Twitter could confirm/deny that my use of caching, user-agent and shorter pauses all works together, I'd appreciate it. Thanks, Steve -- Quick Web Ltd UK
[twitter-dev] Twitter API Wiki Ruby example
I would like to know if I am the only one not being able to see the Ruby OAuth Example on the twitter API wiki. When going here: http://twitterapi.pbworks.com/OAuth+Example+-+Ruby Path: twitter.com - API - OAuth Examples - The official Twitter Ruby on Rails OAuth tutorial I get this: Access Denied You don't have permission to look at OAuth Example - Ruby. I am logged in and can access any othe examples (most of them redirects to external though)
[twitter-dev] Re: Getting a 500 Error with oAuth Plus Signpost (Java)
Tried that, tried moving sign() all over the place to no avail. for what its worth, I seem to be able to do GETS just fine. URL url = new URL(http://twitter.com/statuses/friends_timeline.xml;); HttpURLConnection request = (HttpURLConnection) url.openConnection(); consumer.sign(request); request.connect(); Works perfectly. On Aug 5, 3:55 pm, John Kristian jmkrist...@gmail.com wrote: Call setRequestMethod before you call sign. The signature is a function of the method, among other things. On Aug 4, 7:18 pm, msea85 carru...@gmail.com wrote: URL url = new URL(http://twitter.com/statuses/update.xml;); HttpURLConnection request = (HttpURLConnection) url.openConnection(); consumer.sign(request); request.setRequestMethod(POST);- Hide quoted text - - Show quoted text -
[twitter-dev] local dev + sub-domains and oauth
I am running a site where I use sub-domains for the different languages I support on the site. e.g. en.example.com/.. for English and fr.example.com/.. for French I just wonder if I go from my en.example.com/twitter site to the twitter to have my user accept my site as a consumer do I have to have a callback URL to en.example.com/twitter_callback or do I in the best way solve this. I assume there must be a better way since I am not to eager of creating one app for each language. Any tips welcome. Also today when I created a new app on the twitter site and added a callback URL and app URL that are local to my machine. I got a pin code instead of a callback. I tried to remove the app with and adding it again with the same result. Is there a temporary glitch in the twitter API or am I missing something? And this afternoon I am unable to update my Twitter App: I go to http://twitter.com/apps, enter my app that I want to edit. I do my changes but when I click save It does not work. Any ideas on these topics are welcome
[twitter-dev] Read Status in API
I'm sorry if this has already been discussed. I have a hard time believing this hasn't already been discussed. Is there a way to add a flag in the API on whether a tweet/reply/dm has been read or not? This would allow syncing of read status across various devices. It would be a nice addition.
[twitter-dev] Re: API Calls During DoS Attack
I would also appreciate an answer to this question. My calls to the Search API are failing because of circular redirection, and curl http://twitter.com returns nothing at all from my production server, which seems like a sign that its IP has been blocked. My app works fine from my dev box. -jonathan On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald
[twitter-dev] OAuth and twitter.com home authentication strange behavior
It's probably linked to the current DDOS but the authentication flow shows some strange behavior : 1 - I try to initiate an OAuth authentication from www.twazzup.com - twazzup server gets a timeout trying to connect to twitter for oauth token (ApplicationError 5 on appengine) 3 - I go to twitter.com click sign-in - strangely twitter redirects me to the oauth authorization form (do you want to allow twazzup blabla ...) So I have to questions there : A / did you block incoming OAuth reqs from appengine ? B/ is the strange behavior (twitter home authentication mixing with another OAuth flow) something we, 3rd party app developers, can or should take care of ? Cheers, Stephane www.twazzup.com
[twitter-dev] HTTP 409 on status update via API
This just started today. It was working fine before and early this morning. I'm send in user updates from a widget via API. My server is whitelisted and I've got a registered service. I get a HTTP 409 on every attempt to submit a status. Not sure why... You can try it here: http://briantroy.com/blog/about I know a 409 should mean timed out... but the response comes back in one second (or just really really fast). Any help appreciated... Brian Roy justSignal
[twitter-dev] Re: Problem with in reply to status id
I hate to bump this... but I need help... anybody On Aug 6, 9:39 am, digi ishmeetah...@gmail.com wrote: hello there, I have been trying to fix this for so long but It is not working. I am developing a wndows mobile application for twitter in C# am trying to reply to a status id. The message gets posted but it is not posted as a reply but just an update message. I dont know what I am missing... Please help. I am pasting my code too //Code postString = source=MyAppstatus= + Uri.EscapeUriString(message) + in_reply_to_status_id= + Uri.EscapeUriString(inreply); HttpWebRequest webRequest = (HttpWebRequest) WebRequest.Create(sendTweetUrl); NetworkCredential credentials = new NetworkCredential (Username, Password); webRequest.Credentials = credentials; ASCIIEncoding encoding = new ASCIIEncoding(); byte[] postData = encoding.GetBytes(postString); webRequest.Method = POST; webRequest.Timeout = 2; webRequest.ContentLength = postData.Length; webRequest.AllowWriteStreamBuffering = true; webRequest.ProtocolVersion = HttpVersion.Version11; webRequest.ProtocolVersion = HttpVersion.Version10; try { using (Stream outStream = webRequest.GetRequestStream ()) { outStream.Write(postData, 0, postData.Length); outStream.Flush(); } } catch (Exception ex) { throw new customException(Connection unsuccessful., ex); } try { using (HttpWebResponse response = (HttpWebResponse) webRequest.GetResponse()) { using (StreamReader reader = new StreamReader (response.GetResponseStream())) { reader.ReadToEnd(); } } } catch (WebException ex) {throw new customException(Update unsuccessful., ex);} Let me know if there is anything I am missing. in btw I am also including the @username in the reply to the status id. Is there anything else?
[twitter-dev] Re: API Calls During DoS Attack
I turned our crons off, just to be safe. Plus there isn't much of a point of running them when the majority of the api calls still aren't getting through. On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald
[twitter-dev] Re: API Calls During DoS Attack
We're talking to our operations team about it, who in turn is talking to our hosting provider. It seems that some aggressive IP filtering may have been catching some web-based third-party Twitter applications, as well as data centers used by mobile providers. On Thu, Aug 6, 2009 at 12:52, Jonathantwitcaps.develo...@gmail.com wrote: I would also appreciate an answer to this question. My calls to the Search API are failing because of circular redirection, and curl http://twitter.com returns nothing at all from my production server, which seems like a sign that its IP has been blocked. My app works fine from my dev box. -jonathan On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...
Even worse... IPs are showing 0/150 remaining hits constantly, thus bringing my app to a total HALT. On Aug 6, 1:39 pm, chinaski007 chinaski...@gmail.com wrote: UGH! All of my whitelisted IPs have reverted from 20k/hour limit to a 150/hour limit. Anyone else?? What the heck?!
[twitter-dev] rate limit has reverted from 20000 to 150 for my IPs...
UGH! All of my whitelisted IPs have reverted from 20k/hour limit to a 150/hour limit. Anyone else?? What the heck?!
[twitter-dev] Re: HTTP 409 on status update via API
Sorry... these are HTTP 408s... On Aug 6, 1:20 pm, briantroy brian.cosin...@gmail.com wrote: This just started today. It was working fine before and early this morning. I'm send in user updates from a widget via API. My server is whitelisted and I've got a registered service. I get a HTTP 409 on every attempt to submit a status. Not sure why... You can try it here:http://briantroy.com/blog/about I know a 409 should mean timed out... but the response comes back in one second (or just really really fast). Any help appreciated... Brian Roy justSignal
[twitter-dev] Re: Problem with in reply to status id
Difficult to spot the error without knowing the values of message and in inreply. Are you sure these values are correctly populated when this code executes? On Aug 6, 4:25 pm, digi ishmeetah...@gmail.com wrote: I hate to bump this... but I need help... anybody On Aug 6, 9:39 am, digi ishmeetah...@gmail.com wrote: hello there, I have been trying to fix this for so long but It is not working. I am developing a wndows mobile application for twitter in C# am trying to reply to a status id. The message gets posted but it is not posted as a reply but just an update message. I dont know what I am missing... Please help. I am pasting my code too //Code postString = source=MyAppstatus= + Uri.EscapeUriString(message) + in_reply_to_status_id= + Uri.EscapeUriString(inreply); HttpWebRequest webRequest = (HttpWebRequest) WebRequest.Create(sendTweetUrl); NetworkCredential credentials = new NetworkCredential (Username, Password); webRequest.Credentials = credentials; ASCIIEncoding encoding = new ASCIIEncoding(); byte[] postData = encoding.GetBytes(postString); webRequest.Method = POST; webRequest.Timeout = 2; webRequest.ContentLength = postData.Length; webRequest.AllowWriteStreamBuffering = true; webRequest.ProtocolVersion = HttpVersion.Version11; webRequest.ProtocolVersion = HttpVersion.Version10; try { using (Stream outStream = webRequest.GetRequestStream ()) { outStream.Write(postData, 0, postData.Length); outStream.Flush(); } } catch (Exception ex) { throw new customException(Connection unsuccessful., ex); } try { using (HttpWebResponse response = (HttpWebResponse) webRequest.GetResponse()) { using (StreamReader reader = new StreamReader (response.GetResponseStream())) { reader.ReadToEnd(); } } } catch (WebException ex) {throw new customException(Update unsuccessful., ex);} Let me know if there is anything I am missing. in btw I am also including the @username in the reply to the status id. Is there anything else?
[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...
me, too. In my case, one of 10 IPs has reverted. On Aug 7, 5:43 am, chinaski007 chinaski...@gmail.com wrote: Even worse... IPs are showing 0/150 remaining hits constantly, thus bringing my app to a total HALT. On Aug 6, 1:39 pm, chinaski007 chinaski...@gmail.com wrote: UGH! All of my whitelisted IPs have reverted from 20k/hour limit to a 150/hour limit. Anyone else?? What the heck?!
[twitter-dev] Re: HTTP 409 on status update via API
Getting the same thing using the track function of the API. On Thu, Aug 6, 2009 at 9:43 PM, briantroy brian.cosin...@gmail.com wrote: Sorry... these are HTTP 408s... On Aug 6, 1:20 pm, briantroy brian.cosin...@gmail.com wrote: This just started today. It was working fine before and early this morning. I'm send in user updates from a widget via API. My server is whitelisted and I've got a registered service. I get a HTTP 409 on every attempt to submit a status. Not sure why... You can try it here:http://briantroy.com/blog/about I know a 409 should mean timed out... but the response comes back in one second (or just really really fast). Any help appreciated... Brian Roy justSignal -- Jennie Lees Founder, Affect Labs jen...@affectlabs.com http://twitter.com/jennielees
[twitter-dev] Re: API Calls During DoS Attack
Thanks Alex - just to confirm, no requests from twitterfeed have been getting though ever since the DOS attack. It does appear to be IP based, as requests from non-production machines (ironically the non-whitelisted IPs) get through, but all production IPs appear to be blocked. On Thu, Aug 6, 2009 at 9:40 PM, Alex Payne a...@twitter.com wrote: We're talking to our operations team about it, who in turn is talking to our hosting provider. It seems that some aggressive IP filtering may have been catching some web-based third-party Twitter applications, as well as data centers used by mobile providers. On Thu, Aug 6, 2009 at 12:52, Jonathantwitcaps.develo...@gmail.com wrote: I would also appreciate an answer to this question. My calls to the Search API are failing because of circular redirection, and curl http://twitter.com returns nothing at all from my production server, which seems like a sign that its IP has been blocked. My app works fine from my dev box. -jonathan On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: HTTP 409 on status update via API
Same here. 408's on all production servers. Tested on dev servers and thats ok. Might be related to accidental bans from the ddos carpet bombing blocks. On Aug 6, 4:20 pm, briantroy brian.cosin...@gmail.com wrote: This just started today. It was working fine before and early this morning. I'm send in user updates from a widget via API. My server is whitelisted and I've got a registered service. I get a HTTP 409 on every attempt to submit a status. Not sure why... You can try it here:http://briantroy.com/blog/about I know a 409 should mean timed out... but the response comes back in one second (or just really really fast). Any help appreciated... Brian Roy justSignal
[twitter-dev] Re: API Calls During DoS Attack
Hi Alex, Same thing happening to twitscoop. Our production IP is being blocked for all streaming apis, oAuth api etc. Do we need to send an email to the usual api address or have you identified the third-parties being affected ? Please let us know if there is anything we can do to help. Many thanks in advance. Regards, Pierre co-founder twitscoop.com On Aug 6, 10:40 pm, Alex Payne a...@twitter.com wrote: We're talking to our operations team about it, who in turn is talking to our hosting provider. It seems that some aggressive IP filtering may have been catching some web-based third-party Twitter applications, as well as data centers used by mobile providers. On Thu, Aug 6, 2009 at 12:52, Jonathantwitcaps.develo...@gmail.com wrote: I would also appreciate an answer to this question. My calls to the Search API are failing because of circular redirection, and curlhttp://twitter.com returns nothing at all from my production server, which seems like a sign that its IP has been blocked. My app works fine from my dev box. -jonathan On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x
[twitter-dev] Streaming API -- Recheck your clients -- post DDoS cleanup
Some users were unable to connect to the Streaming API at various times during the DDoS. This has been fixed for the majority of Streaming API clients. The connection count is now approaching yesterday's count. If your Streaming API client is still receiving 409 redirects, connection timeouts, or any other issue that started today, please contact me with your account name and IP address, and I'll work to resolve the issue. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc.
[twitter-dev] Re: HTTP 409 on status update via API
This should be fixed for the Streaming API. -John On Aug 6, 1:59 pm, Jennie Lees trin...@gmail.com wrote: Getting the same thing using the track function of the API. On Thu, Aug 6, 2009 at 9:43 PM, briantroy brian.cosin...@gmail.com wrote: Sorry... these are HTTP 408s... On Aug 6, 1:20 pm, briantroy brian.cosin...@gmail.com wrote: This just started today. It was working fine before and early this morning. I'm send in user updates from a widget via API. My server is whitelisted and I've got a registered service. I get a HTTP 409 on every attempt to submit a status. Not sure why... You can try it here:http://briantroy.com/blog/about I know a 409 should mean timed out... but the response comes back in one second (or just really really fast). Any help appreciated... Brian Roy justSignal -- Jennie Lees Founder, Affect Labs jen...@affectlabs.comhttp://twitter.com/jennielees
[twitter-dev] Re: Twitter API Wiki Ruby example
Yes http://twitterapi.pbworks.com/OAuth+Example+-+Ruby Has been busted for me for about a week now. On Thu, Aug 6, 2009 at 9:11 AM, peter_tellgren peter.tellg...@gmail.comwrote: I would like to know if I am the only one not being able to see the Ruby OAuth Example on the twitter API wiki. When going here: http://twitterapi.pbworks.com/OAuth+Example+-+Ruby Path: twitter.com - API - OAuth Examples - The official Twitter Ruby on Rails OAuth tutorial I get this: Access Denied You don't have permission to look at OAuth Example - Ruby. I am logged in and can access any othe examples (most of them redirects to external though)
[twitter-dev] Re: OAuth and twitter.com home authentication strange behavior
I can't get oAuth to authenticate on any of my clients either. It works when the client has previously authenticated... but trying to get a new token it fails when clicking 'Allow' On Aug 6, 7:42 pm, stephane stephane.philipa...@gmail.com wrote: It's probably linked to the current DDOS but the authentication flow shows some strange behavior : 1 - I try to initiate an OAuth authentication fromwww.twazzup.com - twazzup server gets a timeout trying to connect to twitter for oauth token (ApplicationError 5 on appengine) 3 - I go to twitter.com click sign-in - strangely twitter redirects me to the oauth authorization form (do you want to allow twazzup blabla ...) So I have to questions there : A / did you block incoming OAuth reqs from appengine ? B/ is the strange behavior (twitter home authentication mixing with another OAuth flow) something we, 3rd party app developers, can or should take care of ? Cheers, Stephanewww.twazzup.com
[twitter-dev] Re: API Calls During DoS Attack
I'm also seeing this same behavior for my whitelisted production IPs for CheapTweet.com and TweetReach.com. (Those were whitelisted under the @CheapTweet and @appozite accounts, respectively.) It works in development, but no requests are getting through to twitter.com on our production servers. I know you all have a lot on your plate right now but let us know what we can do to get un-blocked. Hayes -- Hayes Davis Founder, Appozite http://cheaptweet.com http://tweetreach.com On Thu, Aug 6, 2009 at 3:56 PM, Mario Menti mme...@gmail.com wrote: Thanks Alex - just to confirm, no requests from twitterfeed have been getting though ever since the DOS attack. It does appear to be IP based, as requests from non-production machines (ironically the non-whitelisted IPs) get through, but all production IPs appear to be blocked. On Thu, Aug 6, 2009 at 9:40 PM, Alex Payne a...@twitter.com wrote: We're talking to our operations team about it, who in turn is talking to our hosting provider. It seems that some aggressive IP filtering may have been catching some web-based third-party Twitter applications, as well as data centers used by mobile providers. On Thu, Aug 6, 2009 at 12:52, Jonathantwitcaps.develo...@gmail.com wrote: I would also appreciate an answer to this question. My calls to the Search API are failing because of circular redirection, and curl http://twitter.com returns nothing at all from my production server, which seems like a sign that its IP has been blocked. My app works fine from my dev box. -jonathan On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: OAuth and twitter.com home authentication strange behavior
The same behaviour for my application. When the app wants to start the oAuth workflow in order to authenticate and login the user, the server returns a timeout from https://twitter.com/oauth/authenticate?parameters On Thu, Aug 6, 2009 at 11:24 PM, Rich rhyl...@gmail.com wrote: I can't get oAuth to authenticate on any of my clients either. It works when the client has previously authenticated... but trying to get a new token it fails when clicking 'Allow' On Aug 6, 7:42 pm, stephane stephane.philipa...@gmail.com wrote: It's probably linked to the current DDOS but the authentication flow shows some strange behavior : 1 - I try to initiate an OAuth authentication fromwww.twazzup.com - twazzup server gets a timeout trying to connect to twitter for oauth token (ApplicationError 5 on appengine) 3 - I go to twitter.com click sign-in - strangely twitter redirects me to the oauth authorization form (do you want to allow twazzup blabla ...) So I have to questions there : A / did you block incoming OAuth reqs from appengine ? B/ is the strange behavior (twitter home authentication mixing with another OAuth flow) something we, 3rd party app developers, can or should take care of ? Cheers, Stephanewww.twazzup.com
[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...
Okay, IPs now appear to be back to 20k. On Aug 6, 1:51 pm, Haewoon haewoon.k...@gmail.com wrote: me, too. In my case, one of 10 IPs has reverted. On Aug 7, 5:43 am, chinaski007 chinaski...@gmail.com wrote: Even worse... IPs are showing 0/150 remaining hits constantly, thus bringing my app to a total HALT. On Aug 6, 1:39 pm, chinaski007 chinaski...@gmail.com wrote: UGH! All of my whitelisted IPs have reverted from 20k/hour limit to a 150/hour limit. Anyone else?? What the heck?!
[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...
Things are going to be a little wonky until we're out of the woods on this DDoS attack. On Thu, Aug 6, 2009 at 13:51, Haewoonhaewoon.k...@gmail.com wrote: me, too. In my case, one of 10 IPs has reverted. On Aug 7, 5:43 am, chinaski007 chinaski...@gmail.com wrote: Even worse... IPs are showing 0/150 remaining hits constantly, thus bringing my app to a total HALT. On Aug 6, 1:39 pm, chinaski007 chinaski...@gmail.com wrote: UGH! All of my whitelisted IPs have reverted from 20k/hour limit to a 150/hour limit. Anyone else?? What the heck?! -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] API Calls to unauthenticated methods
Seems like calls to account/rate_limit_status are throwing errors (presumably all unauthenticated calls are too), is this due to the ddos attack? If so when/will they be back up again?
[twitter-dev] Re: HTTP 409 on status update via API
I'm getting 408s trying to authenticate with OAuth On Aug 6, 10:20 pm, John Kalucki jkalu...@gmail.com wrote: This should be fixed for the Streaming API. -John On Aug 6, 1:59 pm, Jennie Lees trin...@gmail.com wrote: Getting the same thing using the track function of the API. On Thu, Aug 6, 2009 at 9:43 PM, briantroy brian.cosin...@gmail.com wrote: Sorry... these are HTTP 408s... On Aug 6, 1:20 pm, briantroy brian.cosin...@gmail.com wrote: This just started today. It was working fine before and early this morning. I'm send in user updates from a widget via API. My server is whitelisted and I've got a registered service. I get a HTTP 409 on every attempt to submit a status. Not sure why... You can try it here:http://briantroy.com/blog/about I know a 409 should mean timed out... but the response comes back in one second (or just really really fast). Any help appreciated... Brian Roy justSignal -- Jennie Lees Founder, Affect Labs jen...@affectlabs.comhttp://twitter.com/jennielees
[twitter-dev] Re: Streaming API -- Recheck your clients -- post DDoS cleanup
Not specific to only developers but at the moment http://search.twitter.com is not loading on my iPhone though search via an iPhone app (twitterfon is what I tried) is working. Shannon Sent from my iPhone On Aug 6, 2009, at 2:19 PM, John Kalucki jkalu...@gmail.com wrote: Some users were unable to connect to the Streaming API at various times during the DDoS. This has been fixed for the majority of Streaming API clients. The connection count is now approaching yesterday's count. If your Streaming API client is still receiving 409 redirects, connection timeouts, or any other issue that started today, please contact me with your account name and IP address, and I'll work to resolve the issue. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc.
[twitter-dev] Re: API Calls During DoS Attack
Same thing here on google appengine side for www.twazzup.com Stephane @sphilipakis www.twazzup.com On Aug 6, 2:30 pm, Hayes Davis ha...@appozite.com wrote: I'm also seeing this same behavior for my whitelisted production IPs for CheapTweet.com and TweetReach.com. (Those were whitelisted under the @CheapTweet and @appozite accounts, respectively.) It works in development, but no requests are getting through to twitter.com on our production servers. I know you all have a lot on your plate right now but let us know what we can do to get un-blocked. Hayes -- Hayes Davis Founder, Appozitehttp://cheaptweet.comhttp://tweetreach.com On Thu, Aug 6, 2009 at 3:56 PM, Mario Menti mme...@gmail.com wrote: Thanks Alex - just to confirm, no requests from twitterfeed have been getting though ever since the DOS attack. It does appear to be IP based, as requests from non-production machines (ironically the non-whitelisted IPs) get through, but all production IPs appear to be blocked. On Thu, Aug 6, 2009 at 9:40 PM, Alex Payne a...@twitter.com wrote: We're talking to our operations team about it, who in turn is talking to our hosting provider. It seems that some aggressive IP filtering may have been catching some web-based third-party Twitter applications, as well as data centers used by mobile providers. On Thu, Aug 6, 2009 at 12:52, Jonathantwitcaps.develo...@gmail.com wrote: I would also appreciate an answer to this question. My calls to the Search API are failing because of circular redirection, and curlhttp://twitter.com returns nothing at all from my production server, which seems like a sign that its IP has been blocked. My app works fine from my dev box. -jonathan On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: API Calls to unauthenticated methods
I did have similar problems, occasionally I still get some problems with this though. oAuth still down for me though. Personally I hope the little that caused this gets brought to justice. On Aug 6, 10:22 pm, Matthew F mcf1...@gmail.com wrote: Seems like calls to account/rate_limit_status are throwing errors (presumably all unauthenticated calls are too), is this due to the ddos attack? If so when/will they be back up again?
[twitter-dev] Re: API Calls to unauthenticated methods
On Thu, Aug 6, 2009 at 5:40 PM, Rich rhyl...@gmail.com wrote: I did have similar problems, occasionally I still get some problems with this though. oAuth still down for me though. Personally I hope the little that caused this gets brought to justice. Without damages, it's hard to pursue this kind of case. With no, or a limited, revenue model, it's tough to show damages ... but depending on the resources used to bring the ddos, maybe electronic trespass or botnet-related charges may, eventually, some day, years down the road, be filed ...
[twitter-dev] Re: OAuth and twitter.com home authentication strange behavior
Especially annoying seeing as I've gone totally oAuth now. I don't blame Twitter, just the idiots that initiated the DDoS attack On Aug 6, 10:33 pm, Andreu Pere andreup...@gmail.com wrote: The same behaviour for my application. When the app wants to start the oAuth workflow in order to authenticate and login the user, the server returns a timeout fromhttps://twitter.com/oauth/authenticate?parameters On Thu, Aug 6, 2009 at 11:24 PM, Rich rhyl...@gmail.com wrote: I can't get oAuth to authenticate on any of my clients either. It works when the client has previously authenticated... but trying to get a new token it fails when clicking 'Allow' On Aug 6, 7:42 pm, stephane stephane.philipa...@gmail.com wrote: It's probably linked to the current DDOS but the authentication flow shows some strange behavior : 1 - I try to initiate an OAuth authentication fromwww.twazzup.com - twazzup server gets a timeout trying to connect to twitter for oauth token (ApplicationError 5 on appengine) 3 - I go to twitter.com click sign-in - strangely twitter redirects me to the oauth authorization form (do you want to allow twazzup blabla ...) So I have to questions there : A / did you block incoming OAuth reqs from appengine ? B/ is the strange behavior (twitter home authentication mixing with another OAuth flow) something we, 3rd party app developers, can or should take care of ? Cheers, Stephanewww.twazzup.com
[twitter-dev] my question re: DDoS is ...
Given that DDoS is typically motivated by a) efforts at hacker cred or b) efforts at extortion ... has Twitter HQ received a ransom note during all of this mess? Thanks- - Andy Badera - and...@badera.us - Google me: http://www.google.com/search?q=andrew+badera - This email is: [ ] bloggable [x] ask first [ ] private
[twitter-dev] Re: OAuth and twitter.com home authentication strange behavior
My app also dies straight during auth http://twicli.com/auth On Aug 6, 10:45 pm, Rich rhyl...@gmail.com wrote: Especially annoying seeing as I've gone totally oAuth now. I don't blame Twitter, just the idiots that initiated the DDoS attack On Aug 6, 10:33 pm, Andreu Pere andreup...@gmail.com wrote: The same behaviour for my application. When the app wants to start the oAuth workflow in order to authenticate and login the user, the server returns a timeout fromhttps://twitter.com/oauth/authenticate?parameters On Thu, Aug 6, 2009 at 11:24 PM, Rich rhyl...@gmail.com wrote: I can't get oAuth to authenticate on any of my clients either. It works when the client has previously authenticated... but trying to get a new token it fails when clicking 'Allow' On Aug 6, 7:42 pm, stephane stephane.philipa...@gmail.com wrote: It's probably linked to the current DDOS but the authentication flow shows some strange behavior : 1 - I try to initiate an OAuth authentication fromwww.twazzup.com - twazzup server gets a timeout trying to connect to twitter for oauth token (ApplicationError 5 on appengine) 3 - I go to twitter.com click sign-in - strangely twitter redirects me to the oauth authorization form (do you want to allow twazzup blabla ...) So I have to questions there : A / did you block incoming OAuth reqs from appengine ? B/ is the strange behavior (twitter home authentication mixing with another OAuth flow) something we, 3rd party app developers, can or should take care of ? Cheers, Stephanewww.twazzup.com
[twitter-dev] Re: Problem with in reply to status id
The message will not include 'in reply to X' if you are 1. replying to an invalid status id 2. replying to a status id that you posted yourself from the same account On Aug 6, 9:50 pm, Duane Roelands duane.roela...@gmail.com wrote: Difficult to spot the error without knowing the values of message and in inreply. Are you sure these values are correctly populated when this code executes? On Aug 6, 4:25 pm, digi ishmeetah...@gmail.com wrote: I hate to bump this... but I need help... anybody On Aug 6, 9:39 am, digi ishmeetah...@gmail.com wrote: hello there, I have been trying to fix this for so long but It is not working. I am developing a wndows mobile application for twitter in C# am trying to reply to a status id. The message gets posted but it is not posted as a reply but just an update message. I dont know what I am missing... Please help. I am pasting my code too //Code postString = source=MyAppstatus= + Uri.EscapeUriString(message) + in_reply_to_status_id= + Uri.EscapeUriString(inreply); HttpWebRequest webRequest = (HttpWebRequest) WebRequest.Create(sendTweetUrl); NetworkCredential credentials = new NetworkCredential (Username, Password); webRequest.Credentials = credentials; ASCIIEncoding encoding = new ASCIIEncoding(); byte[] postData = encoding.GetBytes(postString); webRequest.Method = POST; webRequest.Timeout = 2; webRequest.ContentLength = postData.Length; webRequest.AllowWriteStreamBuffering = true; webRequest.ProtocolVersion = HttpVersion.Version11; webRequest.ProtocolVersion = HttpVersion.Version10; try { using (Stream outStream = webRequest.GetRequestStream ()) { outStream.Write(postData, 0, postData.Length); outStream.Flush(); } } catch (Exception ex) { throw new customException(Connection unsuccessful., ex); } try { using (HttpWebResponse response = (HttpWebResponse) webRequest.GetResponse()) { using (StreamReader reader = new StreamReader (response.GetResponseStream())) { reader.ReadToEnd(); } } } catch (WebException ex) {throw new customException(Update unsuccessful., ex);} Let me know if there is anything I am missing. in btw I am also including the @username in the reply to the status id. Is there anything else?
[twitter-dev] Re: Tracking Retweets
Andrew Badera wrote: Witty I think is using the recycling symbol ... As is Gwibber. On Tue, Aug 4, 2009 at 6:17 PM, Peter Denton petermden...@gmail.com mailto:petermden...@gmail.com wrote: Hello, Does anyone have a list of RT conventions they are using to track? Right now, I am seeing: * RT * via * HT (hat tip) * c/o Does anyone track anything else? Part of this will depend on what you want to count as a retweet. If I take a link you posted and tweet it, with my own text, and possibly my own shortening, and use HT or via to credit you as the source, do you want that to count as a retweet? Or is it only supposed to be a retweet if I use some of your text too? What if I got the link from your blog post rather than a tweet, but use HT or via to credit you? The use case you have for tracking retweets will likely affect how you want to handle these. - Michael -- mouse, n: A device for pointing at the xterm in which you want to type. Confused by the strange files? I cryptographically sign my messages. For more information see http://www.elehack.net/resources/gpg. signature.asc Description: OpenPGP digital signature