[twitter-dev] Re: Why is Biz saying things are back in action?
The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.comwrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: oauth redirects fail....
I have the same issue, After 'allow' it simply times out so no new users can login to their new Twitter client. On Aug 7, 3:07 am, hansamann sven.hai...@googlemail.com wrote: I experience the same, hope this is just the Twitter DOS attack aftermath. My app cannot request a requestToken for example, which results in a time out on my pages as this is the first thing you do before you redirect to twitter. Also, I cannot seem to get the friends timeline, friends and followers at least not regularly I believe. Anyone else? Cheers Sven On Aug 6, 5:31 pm, Howard Siegel hsie...@gmail.com wrote: If this has only been happening since this morning, then it is likely this is just part of the aftermath of the DOS attack on Twitter. - h On Thu, Aug 6, 2009 at 15:53, yuf kyl...@gmail.com wrote: I have yet to get oAuth callbacks to work properly. After clicking Allow, I end up on a completely blank twittter.com/oauth/authorize page. If I try to look at the source, it asked if should resend. If I do, the source comes back that contains the redirect. But if I'm not looking at the source, the page just hangs for a while, and then ends up blank. What is up here? I've tried a variety of callback urls, from localhost, to the actual domain I'm using for development. Any one experience similar?
[twitter-dev] Re: Gardenhose API
The DDoS continues. Your stream could dry up due to any number of network components hitting saturation. Upstream, created tweets could go to zero if users can't get in to update their status. Downstream, there are many causes of congestion and/or failure that could cause your stream to become quite slow and or stop. Please feel free to disconnect and reconnect if the stream appears too slow. I've eased the anti-abuse system, and I'll ease it more if needed to allow clients to ride this out. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Aug 6, 10:12 pm, Kris Jirapinyo krispyj...@gmail.com wrote: Anybody experiencing trouble connecting to gardenhose? My app connects fine for an hour then gets throttled to 0. Do I need to give the machine's IP to someone to whitelist it? Thanks, Kris.
[twitter-dev] Re: Gardenhose API
My whitelisted IPs were 20k limit, then blocked, then 20k limit, and now blocked again. Can't you somehow sync the API whitelist ips with the host? On Aug 6, 11:18 pm, John Kalucki jkalu...@gmail.com wrote: The DDoS continues. Your stream could dry up due to any number of network components hitting saturation. Upstream, created tweets could go to zero if users can't get in to update their status. Downstream, there are many causes of congestion and/or failure that could cause your stream to become quite slow and or stop. Please feel free to disconnect and reconnect if the stream appears too slow. I've eased the anti-abuse system, and I'll ease it more if needed to allow clients to ride this out. -John Kaluckihttp://twitter.com/jkalucki Services, Twitter Inc. On Aug 6, 10:12 pm, Kris Jirapinyo krispyj...@gmail.com wrote: Anybody experiencing trouble connecting to gardenhose? My app connects fine for an hour then gets throttled to 0. Do I need to give the machine's IP to someone to whitelist it? Thanks, Kris.
[twitter-dev] Re: /statuses/user_timeline.json is redirecting
I would imagine since it started with the DDOS attacks it will subside with them or shortly thereafter. Abraham 2009/8/6 Jonathan twitcaps.develo...@gmail.com Anthony - My app is seeing the same thing (circular redirection) on calls to search.twitter.com/search.json. It seems as if in the past hour I've had a few calls succeed though, so I don't know if that means we'll all be fixed eventually, or whether the API team will need to reinstate third-party app access on an ad-hoc basis. -jonathan On Aug 6, 4:08 pm, Anthony Eden anthonye...@gmail.com wrote: Since the DDoS attack, OAuthed calls to /statuses/user_timeline.json are redirecting to the same URL with a string after it, like so: /statuses/user_timeline.json?c6b33390 I'm using John Nunemaker's ruby twitter library which is choking because it doesn't handle the redirect. Thoughts? Thanks! Sincerely, Anthony Eden -- GMU/IT d- s: a32 C++()$ UL@ P--- L+(++) !E W+++$ !N o? K? w--- !O M++ V PS+ PE Y PGP t+ !5 X- R tv b++ DI+ D++ G- e++ h r+++ y** http://anthony.mp -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: local dev + sub-domains and oauth
You will want to use oauth_callback that was added in OAuth 1.0a: http://groups.google.com/group/twitter-api-announce/browse_frm/thread/472500cfe9e7cdb9?hl=en Abraham 2009/8/6 Robert Fishel bobfis...@gmail.com Perhaps set a cookie when they come to your site noting their preferred language then check for the cookie on the callback page. -Bob On Thu, Aug 6, 2009 at 12:35 PM, peter_tellgrenpeter.tellg...@gmail.com wrote: I am running a site where I use sub-domains for the different languages I support on the site. e.g. en.example.com/.. for English and fr.example.com/.. for French I just wonder if I go from my en.example.com/twitter site to the twitter to have my user accept my site as a consumer do I have to have a callback URL to en.example.com/twitter_callback or do I in the best way solve this. I assume there must be a better way since I am not to eager of creating one app for each language. Any tips welcome. Also today when I created a new app on the twitter site and added a callback URL and app URL that are local to my machine. I got a pin code instead of a callback. I tried to remove the app with and adding it again with the same result. Is there a temporary glitch in the twitter API or am I missing something? And this afternoon I am unable to update my Twitter App: I go to http://twitter.com/apps, enter my app that I want to edit. I do my changes but when I click save It does not work. Any ideas on these topics are welcome -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Wasilla, Alaska, United States
[twitter-dev] Re: Problem with in reply to status id
2009/8/6 Sam Street sam...@gmail.com 2. replying to a status id that you posted yourself from the same account This is actually incorrect. I've posted replies to myself from the web interface. Abraham -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Wasilla, Alaska, United States
[twitter-dev] Re: Streaming API -- Recheck your clients -- post DDoS cleanup
What about those using the regular API, via both Basic Auth and OAuth, is there anything at all we can do to stop getting endless 408's ? I'm guessing that since even twitter.com itself is still very inconsistent, for lack of a better word, theres probably nothing much more we can do than just wait. On Aug 7, 7:22 am, Shannon Clark shannon.cl...@gmail.com wrote: Not specific to only developers but at the momenthttp://search.twitter.com is not loading on my iPhone though search via an iPhone app (twitterfon is what I tried) is working. Shannon Sent from my iPhone On Aug 6, 2009, at 2:19 PM, John Kalucki jkalu...@gmail.com wrote: Some users were unable to connect to the Streaming API at various times during the DDoS. This has been fixed for the majority of Streaming API clients. The connection count is now approaching yesterday's count. If your Streaming API client is still receiving 409 redirects, connection timeouts, or any other issue that started today, please contact me with your account name and IP address, and I'll work to resolve the issue. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc.
[twitter-dev] Re: Question About Post Commands
On Thu, Aug 6, 2009 at 11:33 PM, Dan Kurszewski dan.kurszew...@gmail.comwrote: Does anyone know if there is a way with VB.Net or C# to login to twitter, call 100 post commands, and then logout? Here is my code for making a single post command in VB.Net. As you can see every time I call this function it has to login. I would love to have an array of url's and/or data that need to be processed for the same username and password and having only one login. I have tried rearranging things several different ways with no luck. Any help would be greatly appreciated. --- Public Function ExecutePostCommand(ByVal url As String, ByVal username As String, ByVal password As String, _ ByVal data As String) As String *snip* End Function You're not logging in to anything -- there's no concept of a session in play. What is your concern about supplying credentials with every call? No, you can't batch your requests on the API side -- you're going to have to make a call to the API for every post. Have you looked into OAuth? You retrieve a single token for access, which along with your consumer token you use over and over again to make requests on behalf of a specific account. You still need to make an API call for every POST action however. Thanks- - Andy Badera - and...@badera.us - Google me: http://www.google.com/search?q=andrew+badera - This email is: [ ] bloggable [x] ask first [ ] private
[twitter-dev] Re: Why is Biz saying things are back in action?
My app http://twicli.com is unavailable. Looks like the ?oauth_token isnt being created properly. Hope things come back soon. Thanks On Aug 7, 7:06 am, Rich rhyl...@gmail.com wrote: The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.comwrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: Why is Biz saying things are back in action?
I know this is a me too, but twollo is entierly down (From Google App Engine). The frustrating this is that everyone thinks Twitter is working on now, an annoucement saying everything but the API is working would be better.\ Paul 2009/8/7 Sam Street sam...@gmail.com My app http://twicli.com is unavailable. Looks like the ?oauth_token isnt being created properly. Hope things come back soon. Thanks On Aug 7, 7:06 am, Rich rhyl...@gmail.com wrote: The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.com wrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: Problem with in reply to status id
Oh yeah. This just worked for me through web. My mistake! On Aug 7, 7:59 am, Abraham Williams 4bra...@gmail.com wrote: 2009/8/6 Sam Street sam...@gmail.com 2. replying to a status id that you posted yourself from the same account This is actually incorrect. I've posted replies to myself from the web interface. Abraham -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Wasilla, Alaska, United States
[twitter-dev] Re: Why is Biz saying things are back in action?
My oAuth authentications seem to be back up again, well at least they were through the iPhone simulator! On Aug 7, 9:21 am, Paul Kinlan paul.kin...@gmail.com wrote: I know this is a me too, but twollo is entierly down (From Google App Engine). The frustrating this is that everyone thinks Twitter is working on now, an annoucement saying everything but the API is working would be better.\ Paul 2009/8/7 Sam Street sam...@gmail.com My apphttp://twicli.comis unavailable. Looks like the ?oauth_token isnt being created properly. Hope things come back soon. Thanks On Aug 7, 7:06 am, Rich rhyl...@gmail.com wrote: The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.com wrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: Why is Biz saying things are back in action?
Oh great now timeouts from all clients again! On Aug 7, 9:27 am, Rich rhyl...@gmail.com wrote: My oAuth authentications seem to be back up again, well at least they were through the iPhone simulator! On Aug 7, 9:21 am, Paul Kinlan paul.kin...@gmail.com wrote: I know this is a me too, but twollo is entierly down (From Google App Engine). The frustrating this is that everyone thinks Twitter is working on now, an annoucement saying everything but the API is working would be better.\ Paul 2009/8/7 Sam Street sam...@gmail.com My apphttp://twicli.comisunavailable. Looks like the ?oauth_token isnt being created properly. Hope things come back soon. Thanks On Aug 7, 7:06 am, Rich rhyl...@gmail.com wrote: The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.com wrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: Why is Biz saying things are back in action?
I think we're all feeling the same way. End-users have the impression that things are getting back to norm because of what 'chosen' communication they've been receiving from Biz and team. yet all of our apps are down and no Official word comes from Twitter that the work-in-progress stuff are to the 3rd party apps that rely on the API. We are all having to individually explain to our users the situation, with no educated info to go by. Yes defending against the DoS attack is first priority. but please communicate something official to the users in behalf of all the 3rd party developers. Michael TwitWall.com XLTweet.com _ From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of Paul Kinlan Sent: Friday, August 07, 2009 1:21 AM To: twitter-development-talk@googlegroups.com Subject: [twitter-dev] Re: Why is Biz saying things are back in action? I know this is a me too, but twollo is entierly down (From Google App Engine). The frustrating this is that everyone thinks Twitter is working on now, an annoucement saying everything but the API is working would be better.\ Paul 2009/8/7 Sam Street sam...@gmail.com My app http://twicli.com is unavailable. Looks like the ?oauth_token isnt being created properly. Hope things come back soon. Thanks On Aug 7, 7:06 am, Rich rhyl...@gmail.com wrote: The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.comwrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: API Calls During DoS Attack
I concur with stephane, all request from the app engine fail for twollo too. Paul 2009/8/6 stephane stephane.philipa...@gmail.com Same thing here on google appengine side for www.twazzup.com Stephane @sphilipakis www.twazzup.com On Aug 6, 2:30 pm, Hayes Davis ha...@appozite.com wrote: I'm also seeing this same behavior for my whitelisted production IPs for CheapTweet.com and TweetReach.com. (Those were whitelisted under the @CheapTweet and @appozite accounts, respectively.) It works in development, but no requests are getting through to twitter.com on our production servers. I know you all have a lot on your plate right now but let us know what we can do to get un-blocked. Hayes -- Hayes Davis Founder, Appozitehttp://cheaptweet.comhttp://tweetreach.com On Thu, Aug 6, 2009 at 3:56 PM, Mario Menti mme...@gmail.com wrote: Thanks Alex - just to confirm, no requests from twitterfeed have been getting though ever since the DOS attack. It does appear to be IP based, as requests from non-production machines (ironically the non-whitelisted IPs) get through, but all production IPs appear to be blocked. On Thu, Aug 6, 2009 at 9:40 PM, Alex Payne a...@twitter.com wrote: We're talking to our operations team about it, who in turn is talking to our hosting provider. It seems that some aggressive IP filtering may have been catching some web-based third-party Twitter applications, as well as data centers used by mobile providers. On Thu, Aug 6, 2009 at 12:52, Jonathantwitcaps.develo...@gmail.com wrote: I would also appreciate an answer to this question. My calls to the Search API are failing because of circular redirection, and curlhttp://twitter.com returns nothing at all from my production server, which seems like a sign that its IP has been blocked. My app works fine from my dev box. -jonathan On Aug 6, 1:35 pm, Dewald Pretorius dpr...@gmail.com wrote: Chad, I know it's a little late in asking, but should we switch off cron jobs that make a lot of API calls while this DoS is going on, or while you are recovering from it? I don't want my IP addresses to be blocked because they are making a lot of calls! I've seen in the past that Ops lay down carpet bombing with cluster munitions when under attack. Will it help you to recover if we switched off the cron jobs? Right now most of my connections are just being refused. Do you guys at least check against the list of white listed IP addresses before you block an IP address in times like these? Will there be innocent bystanders caught in the cross-fire again? This is the kind of info that we developers need... Dewald -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Why is Biz saying things are back in action?
Totally agree with you, if only @twitter could post something, it would be a help! On Aug 7, 9:36 am, Michael E. Carluen mecarl...@gmail.com wrote: I think we're all feeling the same way. End-users have the impression that things are getting back to norm because of what 'chosen' communication they've been receiving from Biz and team. yet all of our apps are down and no Official word comes from Twitter that the work-in-progress stuff are to the 3rd party apps that rely on the API. We are all having to individually explain to our users the situation, with no educated info to go by. Yes defending against the DoS attack is first priority. but please communicate something official to the users in behalf of all the 3rd party developers. Michael TwitWall.com XLTweet.com _ From: twitter-development-talk@googlegroups.com [mailto:twitter-development-t...@googlegroups.com] On Behalf Of Paul Kinlan Sent: Friday, August 07, 2009 1:21 AM To: twitter-development-talk@googlegroups.com Subject: [twitter-dev] Re: Why is Biz saying things are back in action? I know this is a me too, but twollo is entierly down (From Google App Engine). The frustrating this is that everyone thinks Twitter is working on now, an annoucement saying everything but the API is working would be better.\ Paul 2009/8/7 Sam Street sam...@gmail.com My apphttp://twicli.comis unavailable. Looks like the ?oauth_token isnt being created properly. Hope things come back soon. Thanks On Aug 7, 7:06 am, Rich rhyl...@gmail.com wrote: The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.comwrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: API Calls During DoS Attack
They are definitely still actively blocking all volume requests. I noticed this morning that my website was working. Checked, and my rate limit was back to 20,000. So, I switched on one of my cron jobs, and within less than 5 minutes all requests from my IP were being completely blocked again. Wonder just how big are these woods that Twitter has to come out of. Dewald
[twitter-dev] Requests from AppEngine still failing.
Good morning, Requests from my application running on AppEngine (using the urlfetch API to make requests) are failing 100%. The error looks like a timeout; speaking to a few people on Twitter suggests many previously whitelisted IP addresses were blackholed. Is this a known issue for AppEngine clients? Thanks, David
[twitter-dev] Re: Requests from AppEngine still failing.
Yep, I think I replied to you on Twitter, but yes I've got the same issue. Curl is reporting timeouts but if I switch IPs it's fine. Looks like the w/list IPs have been blocked. I've emailed the api@ email address but who knows! On Aug 7, 11:47 am, David W meepmeepmeepena...@gmail.com wrote: Good morning, Requests from my application running on AppEngine (using the urlfetch API to make requests) are failing 100%. The error looks like a timeout; speaking to a few people on Twitter suggests many previously whitelisted IP addresses were blackholed. Is this a known issue for AppEngine clients? Thanks, David
[twitter-dev] Re: Requests from AppEngine still failing.
I'm getting occasional bouts of being able to connect. It looks like the server IP has been rate limited quite low (even though it's a whitelisted IP) and even though I'm using the user's own Rate Limit checking. On Aug 7, 11:49 am, Rich rhyl...@gmail.com wrote: Yep, I think I replied to you on Twitter, but yes I've got the same issue. Curl is reporting timeouts but if I switch IPs it's fine. Looks like the w/list IPs have been blocked. I've emailed the api@ email address but who knows! On Aug 7, 11:47 am, David W meepmeepmeepena...@gmail.com wrote: Good morning, Requests from my application running on AppEngine (using the urlfetch API to make requests) are failing 100%. The error looks like a timeout; speaking to a few people on Twitter suggests many previously whitelisted IP addresses were blackholed. Is this a known issue for AppEngine clients? Thanks, David
[twitter-dev] Re: Search is no longer indexing Portuguese (pt) tweets
Thank you Chad Etzel, for your attention. I submitted a ticket, here: http://code.google.com/p/twitter-api/issues/detail?id=913 I think this problem can be totally reproduced with the examples that I specified. Now, only waiting for a API Team answer. Thanks! Caio Ariede http://caioariede.com/ On Thu, Aug 6, 2009 at 12:56 PM, Chad Etzel c...@twitter.com wrote: Hi Caio, If you have not yet opened an issue, please do so here: http://code.google.com/p/twitter-api/issues/list I will also ping the Search team about this. Thanks, -Chad On Thu, Aug 6, 2009 at 11:54 AM, JDGghil...@gmail.com wrote: Have you actually opened a support ticket for this? On Thu, Aug 6, 2009 at 09:53, caio ariede caio.ari...@gmail.com wrote: This issue is killing my app! http://307.to/ Caio Ariede http://caioariede.com/ On Sat, Aug 1, 2009 at 10:58 AM, caio ariede caio.ari...@gmail.com wrote: But why this tweet: http://search.twitter.com/search?lang=ptq=framework+from%3Acaioariede Isn't appear in this search: http://search.twitter.com/search?lang=allq=307.to The language is set to all! Anyone can explain? The http://307.to/ just stopped to catch many tweets from API. Caio Ariede http://caioariede.com/ On Sat, Aug 1, 2009 at 10:46 AM, Vincent Nguyenkureik...@gmail.com wrote: Yes, it's just for you! I think it causes by no one post a link with 307.to in Portugese! Looking at bit.ly or so and you see Twitter works fine! 2009/8/1 caio ariede caio.ari...@gmail.com It's just for me? Caio Ariede http://caioariede.com/ On Fri, Jul 31, 2009 at 1:52 PM, caio ariedecaio.ari...@gmail.com wrote: The results in english is fine: - http://search.twitter.com/search?lang=allq=307.to Results in portuguese, simple doesn't return nothing: - http://search.twitter.com/search?lang=ptq=307.to But yes, there is portuguese tweets with 307.to string: - http://search.twitter.com/search?lang=ptq=framework+from%3Acaioariede What's the problem? Thx! Caio Ariede http://caioariede.com/ -- Internets. Serious business.
[twitter-dev] Re: Requests from AppEngine still failing.
The situation is getting beyond a Joke now I have paying customer who I am issuing refunds and credit notes to because twollo is unable to access Twitter. Did the denial of service attack come from the app engine or something? Paul 2009/8/7 Rich rhyl...@gmail.com I'm getting occasional bouts of being able to connect. It looks like the server IP has been rate limited quite low (even though it's a whitelisted IP) and even though I'm using the user's own Rate Limit checking. On Aug 7, 11:49 am, Rich rhyl...@gmail.com wrote: Yep, I think I replied to you on Twitter, but yes I've got the same issue. Curl is reporting timeouts but if I switch IPs it's fine. Looks like the w/list IPs have been blocked. I've emailed the api@ email address but who knows! On Aug 7, 11:47 am, David W meepmeepmeepena...@gmail.com wrote: Good morning, Requests from my application running on AppEngine (using the urlfetch API to make requests) are failing 100%. The error looks like a timeout; speaking to a few people on Twitter suggests many previously whitelisted IP addresses were blackholed. Is this a known issue for AppEngine clients? Thanks, David
[twitter-dev] Re: API Calls During DoS Attack
Yes seems like this is some sort of IP based blocking that they introduced, since one of my production servers started failing yesterday, then the other server, on a different IP, which was consistantly working, started failing later in the evening. Any suggestions on who can I contact directly to get this resolved? I filled out the 'whitelisting form' just now, but never had to worry about it in the past as my application is not abusive with rate limits, and not sure if this is the best channel anyway, since its more of an incorrect / misapplied blacklisting issue, it would seem? Hedley On Fri, Aug 7, 2009 at 3:42 AM, Dewald Pretorius dpr...@gmail.com wrote: They are definitely still actively blocking all volume requests. I noticed this morning that my website was working. Checked, and my rate limit was back to 20,000. So, I switched on one of my cron jobs, and within less than 5 minutes all requests from my IP were being completely blocked again. Wonder just how big are these woods that Twitter has to come out of. Dewald
[twitter-dev] Re: Twitter API Outage Caused Massive Boost in Kit Kat Sales
On Fri, Aug 7, 2009 at 10:09 AM, Dewald Pretorius dpr...@gmail.com wrote: New York, August 7th, 2009: Convenience stores from around the world have reported a massive jump in Kit Kat sales during the shutdown of the Twitter API, after Twitter experienced the denial-of-service attack on Thursday, August 6th, 2009. Anxious developers, who are running independent services that rely on the Twitter API, have been taking frequent breaks from chewing their nails, tearing their hair out, and watching their services come to a grinding halt, and have been relying solely on the calming break- taking magic of Kit Kat to soothe their frayed nerves. One developer, who preferred to remain anonymous due to the sudden increase in the size of his bank overdraft, told our reporter that he had commandeered the neighborhood kids to form a human chain between his study and the convenience store, so that the Kit Kats he required for his frequent breaks could be supplied without interruption. Even though some conspiracy theorists immediately alluded to a collusion between Twitter and the makers of Kit Kat, our investigations could not uncover any truth to that rumor. Normal patrons of convenience stores are cautioned to send to the front of the line any raggedy looking person that mumbles in PHP or Perl, and whose fingernails are chewed into the raw flesh. PS. This is an obligatory satire warning. Lame and offtopic. Save this for your friends.
[twitter-dev] Re: Requests from AppEngine still failing.
Don't think it's related to app engine, probably just some heavy traffic ip addresses. Twitterfeed is hosted on multiple servers and services (none of them app engine) and all our whitelisted ips don't work, so we've been dead for the last 24 hours. Sent from my iPhone On 7 Aug 2009, at 13:41, Paul Kinlan paul.kin...@gmail.com wrote: The situation is getting beyond a Joke now I have paying customer who I am issuing refunds and credit notes to because twollo is unable to access Twitter. Did the denial of service attack come from the app engine or something? Paul 2009/8/7 Rich rhyl...@gmail.com I'm getting occasional bouts of being able to connect. It looks like the server IP has been rate limited quite low (even though it's a whitelisted IP) and even though I'm using the user's own Rate Limit checking. On Aug 7, 11:49 am, Rich rhyl...@gmail.com wrote: Yep, I think I replied to you on Twitter, but yes I've got the same issue. Curl is reporting timeouts but if I switch IPs it's fine. Looks like the w/list IPs have been blocked. I've emailed the api@ email address but who knows! On Aug 7, 11:47 am, David W meepmeepmeepena...@gmail.com wrote: Good morning, Requests from my application running on AppEngine (using the urlfetch API to make requests) are failing 100%. The error looks like a timeout; speaking to a few people on Twitter suggests many previously whitelisted IP addresses were blackholed. Is this a known issue for AppEngine clients? Thanks, David
[twitter-dev] Re: Requests from AppEngine still failing.
Yes, seems they just simply restrict large requests from same IP to avoid DDoS attacks, for I can run my app in local, but can't do anything in AppEngine... On Aug 7, 9:13 pm, Mario Menti mme...@gmail.com wrote: Don't think it's related to app engine, probably just some heavy traffic ip addresses. Twitterfeed is hosted on multiple servers and services (none of them app engine) and all our whitelisted ips don't work, so we've been dead for the last 24 hours. Sent from my iPhone On 7 Aug 2009, at 13:41, Paul Kinlan paul.kin...@gmail.com wrote: The situation is getting beyond a Joke now I have paying customer who I am issuing refunds and credit notes to because twollo is unable to access Twitter. Did the denial of service attack come from the app engine or something? Paul 2009/8/7 Rich rhyl...@gmail.com I'm getting occasional bouts of being able to connect. It looks like the server IP has been rate limited quite low (even though it's a whitelisted IP) and even though I'm using the user's own Rate Limit checking. On Aug 7, 11:49 am, Rich rhyl...@gmail.com wrote: Yep, I think I replied to you on Twitter, but yes I've got the same issue. Curl is reporting timeouts but if I switch IPs it's fine. Looks like the w/list IPs have been blocked. I've emailed the api@ email address but who knows! On Aug 7, 11:47 am, David W meepmeepmeepena...@gmail.com wrote: Good morning, Requests from my application running on AppEngine (using the urlfetch API to make requests) are failing 100%. The error looks like a timeout; speaking to a few people on Twitter suggests many previously whitelisted IP addresses were blackholed. Is this a known issue for AppEngine clients? Thanks, David
[twitter-dev] Re: API Calls During DoS Attack
I'm getting the ame problem with bullsonwallstreet.com - previous whitelisted rates of 2 now down to 150... not recovered yet. And I throttle all requests to a pretty low level for the REST API... but still down at 150! Let's hope that this attack ends soon, and honest users can have the performance needed back again soon! Simon On Aug 7, 7:48 am, Hedley Robertson hedley.robert...@gmail.com wrote: Yes seems like this is some sort of IP based blocking that they introduced, since one of my production servers started failing yesterday, then the other server, on a different IP, which was consistantly working, started failing later in the evening. Any suggestions on who can I contact directly to get this resolved? I filled out the 'whitelisting form' just now, but never had to worry about it in the past as my application is not abusive with rate limits, and not sure if this is the best channel anyway, since its more of an incorrect / misapplied blacklisting issue, it would seem? Hedley On Fri, Aug 7, 2009 at 3:42 AM, Dewald Pretorius dpr...@gmail.com wrote: They are definitely still actively blocking all volume requests. I noticed this morning that my website was working. Checked, and my rate limit was back to 20,000. So, I switched on one of my cron jobs, and within less than 5 minutes all requests from my IP were being completely blocked again. Wonder just how big are these woods that Twitter has to come out of. Dewald- Hide quoted text - - Show quoted text -
[twitter-dev] Re: Twitter API Outage Caused Massive Boost in Kit Kat Sales
Lame and off-topic, but I still read it and had a good laugh. Pass me one of those Kit Kats. On Aug 7, 10:13 am, Andrew Badera and...@badera.us wrote: On Fri, Aug 7, 2009 at 10:09 AM, Dewald Pretorius dpr...@gmail.com wrote: New York, August 7th, 2009: Convenience stores from around the world have reported a massive jump in Kit Kat sales during the shutdown of the Twitter API, after Twitter experienced the denial-of-service attack on Thursday, August 6th, 2009. Anxious developers, who are running independent services that rely on the Twitter API, have been taking frequent breaks from chewing their nails, tearing their hair out, and watching their services come to a grinding halt, and have been relying solely on the calming break- taking magic of Kit Kat to soothe their frayed nerves. One developer, who preferred to remain anonymous due to the sudden increase in the size of his bank overdraft, told our reporter that he had commandeered the neighborhood kids to form a human chain between his study and the convenience store, so that the Kit Kats he required for his frequent breaks could be supplied without interruption. Even though some conspiracy theorists immediately alluded to a collusion between Twitter and the makers of Kit Kat, our investigations could not uncover any truth to that rumor. Normal patrons of convenience stores are cautioned to send to the front of the line any raggedy looking person that mumbles in PHP or Perl, and whose fingernails are chewed into the raw flesh. PS. This is an obligatory satire warning. Lame and offtopic. Save this for your friends.
[twitter-dev] Re: API Calls During DoS Attack
I have a site on app engine twivert.com, api calls are failing and my requests are less than 2 every hour at this stage On Aug 7, 7:47 am, Zaudio si...@z-audio.co.uk wrote: I'm getting the ame problem with bullsonwallstreet.com - previous whitelisted rates of 2 now down to 150... not recovered yet. And I throttle all requests to a pretty low level for the REST API... but still down at 150! Let's hope that this attack ends soon, and honest users can have the performance needed back again soon! Simon On Aug 7, 7:48 am, Hedley Robertson hedley.robert...@gmail.com wrote: Yes seems like this is some sort of IP based blocking that they introduced, since one of my production servers started failing yesterday, then the other server, on a different IP, which was consistantly working, started failing later in the evening. Any suggestions on who can I contact directly to get this resolved? I filled out the 'whitelisting form' just now, but never had to worry about it in the past as my application is not abusive with rate limits, and not sure if this is the best channel anyway, since its more of an incorrect / misapplied blacklisting issue, it would seem? Hedley On Fri, Aug 7, 2009 at 3:42 AM, Dewald Pretorius dpr...@gmail.com wrote: They are definitely still actively blocking all volume requests. I noticed this morning that my website was working. Checked, and my rate limit was back to 20,000. So, I switched on one of my cron jobs, and within less than 5 minutes all requests from my IP were being completely blocked again. Wonder just how big are these woods that Twitter has to come out of. Dewald- Hide quoted text - - Show quoted text -
[twitter-dev] Re: API Calls During DoS Attack
We have seen the rates for our app go from 20,000 to 150 and back to 20,000 over a short interval. It is causing complete havoc to our traffic as 150 requests are used up in a matter of minutes and we have no notice about the change happening. This is not affecting an optional cron job, this is for normal usage to make requests on behalf of our users. If we are limited then the user feels it immediately. Can you ring fence those white-listed addresses that you recognise as totally legitimate - even if it requires an intensive manual exercise - and then just stabilise things for these sites? Is that being attempted at all? The IP addresses of every app for users of this thread would be a great start! The IP address I am most concerned about is for Twibbon.com: 174.129.249.253 I appreciate these are difficult times. Anything you can do would be much appreciated. Jonathan Founder - Twibbon.com
[twitter-dev] Better White Listed IP Handling?
I'm writing this without knowing the challenges that the API team faces with cooperating with the Operations team and hosting provider. Nevertheless, I would like to ask if it would be possible, in the future, to allow API traffic from white listed IPs even during situations like these. At an application level, a table of white listed IPs would make it possible to filter out everything except from those IPs. And even at a firewall or network switch level, these exclusions can also be built in. It is not right that perfectly valid calls from perfectly valid and verified IP addresses should be denied for so long because someone else decided to mess with Twitter. I know it cannot be done right now, but it will be a massive improvement if it can be done in the near future. Dewald
[twitter-dev] Re: Question About Post Commands
My issue is the amount of time it takes to do a certain number of friendship/destroy and friendship/create calls. Right now I am using the code from the original post. Would the oAuth speed this up versus the posts that I am doing? Does anyone else know a way to speed up a larger group of API calls? Thanks, Dan
[twitter-dev] Re: Question About Post Commands
If it's a desktop app, you could spawn some number of threads (say 10) and make 10 post calls in each simultaneously. On Fri, Aug 7, 2009 at 10:35, Dan Kurszewski dan.kurszew...@gmail.comwrote: My issue is the amount of time it takes to do a certain number of friendship/destroy and friendship/create calls. Right now I am using the code from the original post. Would the oAuth speed this up versus the posts that I am doing? Does anyone else know a way to speed up a larger group of API calls? Thanks, Dan -- Internets. Serious business.
[twitter-dev] Re: Question About Post Commands
On Fri, Aug 7, 2009 at 12:47 PM, JDG ghil...@gmail.com wrote: If it's a desktop app, you could spawn some number of threads (say 10) and make 10 post calls in each simultaneously. Why does it have to be a desktop app? Most real web frameworks support asynchronous calls. Desktop app, web app, whichever, spin off some threads and go asynchronous. Thanks- - Andy Badera - and...@badera.us - Google me: http://www.google.com/search?q=andrew+badera - This email is: [ ] bloggable [x] ask first [ ] private
[twitter-dev] Re: Better White Listed IP Handling?
I would just like to add my support for this well articulated suggestion. It looks to me to be exactly what is required, offering a substantial and immediate benefit to a significant end-user community reliant on the twitter API. Jonathan Joyce Founder - T
[twitter-dev] Re: /statuses/user_timeline.json is redirecting
I'm getting the same thing. I patched my library to follow the redirect, but that just results in a 403. The addition of the mysterious token actually creates an invalid URL, because it ends up with two ?s I have two api keys for my app. One for my local dev server, and a different one for deploying to live. My dev calls work fine. the problem only occurs on the live server. My live server IP is whitelisted, so I don't know if that's relevant. On Aug 6, 11:24 pm, Jonathan twitcaps.develo...@gmail.com wrote: Anthony - My app is seeing the same thing (circular redirection) on calls to search.twitter.com/search.json. It seems as if in the past hour I've had a few calls succeed though, so I don't know if that means we'll all be fixed eventually, or whether the API team will need to reinstate third-party app access on an ad-hoc basis. -jonathan On Aug 6, 4:08 pm, Anthony Eden anthonye...@gmail.com wrote: Since the DDoS attack, OAuthed calls to /statuses/user_timeline.json are redirecting to the same URL with a string after it, like so: /statuses/user_timeline.json?c6b33390 I'm using John Nunemaker's ruby twitter library which is choking because it doesn't handle the redirect. Thoughts? Thanks! Sincerely, Anthony Eden -- GMU/IT d- s: a32 C++()$ UL@ P--- L+(++) !E W+++$ !N o? K? w--- !O M++ V PS+ PE Y PGP t+ !5 X- R tv b++ DI+ D++ G- e++ h r+++ y** http://anthony.mp
[twitter-dev] Re: New blocks still happening
We are having the same issue. Everything came back online OK after the DDoS but about an hour ago one of our whitelisted servers got banned. I've taken this server out of the loop but we've only got a limited number of whitelisted IPs so I don't know how long this will last. Can't find any information on any of the relevant websites, blogs or twitter accounts which is quite frustrating, although I appreciate that the team at Twitter has had a long hard day. Any additional info welcome, Bob Twibbon.com On Aug 7, 2:16 am, Jesse Stay jesses...@gmail.com wrote: This is also another nick against OAuth. My users can't even log in right now because we're relying on OAuth for login. Jesse On Thu, Aug 6, 2009 at 8:45 PM, Dewald Pretorius dpr...@gmail.com wrote: I have seen the same thing. So, if you have white listed IPs that are still showing a rate limit of 20,000, DO NOT use them right now. After a few minutes of use their rate limits are cut down to 150 per hour. Dewald On Aug 6, 8:58 pm, Tinychat tinycha...@gmail.com wrote: So, like everyone else I was receiving 408's from all our production servers. Wasnt sure what was causing it, but it turned out to be that twitter is blocking the IPs. Ok, must be related to the ddos stuff from earlier on- Must have gotten caught in the crossfire. So I go ahead and use some development servers to start sending requests- All is fine, for about a hour. They are blocked now. So to anyone out there, there is no point using a new IP- It will get blocked within a hour or so. I guess we have to wait for twitters host to fix it, or use actionscript/ajax to have the end user request the data himself (Which is what I am going to do) so its always a unique IP
[twitter-dev] Re: oauth redirects fail....
i'm getting timeouts when requesting tokens also...seems like it's probably something on their end...i don't envy the twitter team right now... On Aug 6, 7:07 pm, hansamann sven.hai...@googlemail.com wrote: I experience the same, hope this is just the Twitter DOS attack aftermath. My app cannot request a requestToken for example, which results in a time out on my pages as this is the first thing you do before you redirect to twitter. Also, I cannot seem to get the friends timeline, friends and followers at least not regularly I believe. Anyone else? Cheers Sven On Aug 6, 5:31 pm, Howard Siegel hsie...@gmail.com wrote: If this has only been happening since this morning, then it is likely this is just part of the aftermath of the DOS attack on Twitter. - h On Thu, Aug 6, 2009 at 15:53, yuf kyl...@gmail.com wrote: I have yet to get oAuth callbacks to work properly. After clicking Allow, I end up on a completely blank twittter.com/oauth/authorize page. If I try to look at the source, it asked if should resend. If I do, the source comes back that contains the redirect. But if I'm not looking at the source, the page just hangs for a while, and then ends up blank. What is up here? I've tried a variety of callback urls, from localhost, to the actual domain I'm using for development. Any one experience similar?
[twitter-dev] Re: Sign in with Twitter
On Thu, 6 Aug 2009 08:50:05 -0700 (PDT) Dewald Pretorius dpr...@gmail.com wrote: If I understand you correctly, you're saying one should login for the user in the OAuth process? Wouldn't that involve scraping the Twitter web interface? Or am I outside the ballpark with my understanding? I'm saying that, for those who are more worried about losing users with an OAuth login than they are worried about losing them by asking for their Twitter password, it is still possible and desirable to use OAuth. There is a complexity cost, but you can pay it in the back end instead of passing it on to the user interface. The benefits are that the application isn't subject to the verify credentials DoS attack and the app will already be using OAuth if/when basic is discontinued. With OAuth, you authenticate the user, but you never use the verify credentials service to do so. Even if you set up a gateway so that you can use Ajax to log the user into Twitter and verify your own token, you don't verify credentials so much as use them. The API documentation is saying that the OAuth calls aren't rate limited. They don't need to be for security, but they may need to be limited by IP address for performance. The main point is that a user outside of your service can't trip the limit in order to run a DoS attack on your users. Chris Babcock
[twitter-dev] Re: oauth redirects fail....
I'm not able to even post updates on my twitter account from web. May be this is the case after the DOS attack and will be remedied soon. On Aug 7, 7:07 am, hansamann sven.hai...@googlemail.com wrote: I experience the same, hope this is just the Twitter DOS attack aftermath. My app cannot request a requestToken for example, which results in a time out on my pages as this is the first thing you do before you redirect to twitter. Also, I cannot seem to get the friends timeline, friends and followers at least not regularly I believe. Anyone else? Cheers Sven On Aug 6, 5:31 pm, Howard Siegel hsie...@gmail.com wrote: If this has only been happening since this morning, then it is likely this is just part of the aftermath of the DOS attack on Twitter. - h On Thu, Aug 6, 2009 at 15:53, yuf kyl...@gmail.com wrote: I have yet to get oAuth callbacks to work properly. After clicking Allow, I end up on a completely blank twittter.com/oauth/authorize page. If I try to look at the source, it asked if should resend. If I do, the source comes back that contains the redirect. But if I'm not looking at the source, the page just hangs for a while, and then ends up blank. What is up here? I've tried a variety of callback urls, from localhost, to the actual domain I'm using for development. Any one experience similar?
[twitter-dev] Re: Account Verify Credentials
On Thu, 6 Aug 2009 12:01:14 -0400 Robert Fishel bobfis...@gmail.com wrote: I too thought that one should call verify credentials with Oauth. How are you suggesting we verify that the token is still active, another call to oauth_authenicate/authorize? The oauth_authenicate and oauth_authorize calls are not rate limited. They can't be used to hack user credentials, so they don't need to be. Authentication is a once per session event. Once authenticated, a user remains authenticated to your app until your own session controls expire. This is independent of the user's Twitter session, except that the user needs to be authenticated with Twitter in order for Twitter to authenticate the user to your app. This happens once, at the beginning of the user's session with your app and it is not subject to a DoS attack on the account/verify_credentials service. It may be useful to verify that an authorization token has been activated, but checking authorization before a call that will fail if the authorization is not available is wasted bandwidth. You should check after the call to see if the action succeeded. It's more reliable and lower bandwidth. Chris Babcock
[twitter-dev] Re: HTTP 409 on status update via API
Same here 408 on all OAuth authenticate attempts. Is it safe to assume this is fallout from DDOS? Any official word on we can expect our apps to work again? On Aug 6, 2:30 pm, Matthew F mcf1...@gmail.com wrote: I'm getting 408s trying to authenticate with OAuth On Aug 6, 10:20 pm, John Kalucki jkalu...@gmail.com wrote: This should be fixed for the Streaming API. -John On Aug 6, 1:59 pm, Jennie Lees trin...@gmail.com wrote: Getting the same thing using the track function of the API. On Thu, Aug 6, 2009 at 9:43 PM, briantroy brian.cosin...@gmail.com wrote: Sorry... these are HTTP 408s... On Aug 6, 1:20 pm, briantroy brian.cosin...@gmail.com wrote: This just started today. It was working fine before and early this morning. I'm send in user updates from a widget via API. My server is whitelisted and I've got a registered service. I get a HTTP 409 on every attempt to submit a status. Not sure why... You can try it here:http://briantroy.com/blog/about I know a 409 should mean timed out... but the response comes back in one second (or just really really fast). Any help appreciated... Brian Roy justSignal -- Jennie Lees Founder, Affect Labs jen...@affectlabs.comhttp://twitter.com/jennielees
[twitter-dev] Re: verify_credentials limit
Try like this http://twitter.com/users/show.xml; On 8월7일, 오전11시04분, J.D. jeremy.d.mul...@gmail.com wrote: Any news as to why a call with valid credentials does not reset this limit? I've optimized my application to only call this API once each time it is used, but people can still run in to the 15 calls per hour limit. Is there really a security issue with resetting it after a valid call?
[twitter-dev] Problem with URL format in Twitter 'favorite status' option.
I am making small Twitter client in Java. Currently I make options: 'farourite status' and 'unfavourite status' and I have a strange problem. I always use format of url like this (for example for 'follow user'): http://twitter.com/friendships/create.json?id= It works well in almost all cases. However it doesn't work in 'favourite status'. If I try: http://twitter.com/favorites/create.json?id=11 I will get error. But if I try: http://twitter.com/favorites/create/11.json everything works well. Could somebody tell me why I can't use first way of the URL? I would like to use link with parameters after '?' character. Why doesn't it work in 'favorite status' and 'unfavorite status'? Mariusz
[twitter-dev] Re: Why is Biz saying things are back in action?
For some reason there is a redirect response (302) from twitter from morning. I changed my php to follow redirection. It works fine now. On Fri, Aug 7, 2009 at 1:48 PM, Sam Street sam...@gmail.com wrote: My app http://twicli.com is unavailable. Looks like the ?oauth_token isnt being created properly. Hope things come back soon. Thanks On Aug 7, 7:06 am, Rich rhyl...@gmail.com wrote: The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.com wrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: API Calls During DoS Attack
All API calls from LinksAlpha.com are also failing. Please let us know if there is a way to get IP address whitelisted. Thanks
[twitter-dev] Re: Why is Biz saying things are back in action?
I am not able to post any twits. I get an over capacity error. On Fri, Aug 7, 2009 at 1:51 PM, Paul Kinlan paul.kin...@gmail.com wrote: I know this is a me too, but twollo is entierly down (From Google App Engine). The frustrating this is that everyone thinks Twitter is working on now, an annoucement saying everything but the API is working would be better.\ Paul 2009/8/7 Sam Street sam...@gmail.com My app http://twicli.com is unavailable. Looks like the ?oauth_token isnt being created properly. Hope things come back soon. Thanks On Aug 7, 7:06 am, Rich rhyl...@gmail.com wrote: The most frustrating thing is oAuth being down, meaning new users can't sign in to oAuth apps! On Aug 7, 6:40 am, Jesse Stay jesses...@gmail.com wrote: The more communication, to both us and the public, the better. That's the best thing Twitter can do right now - I definitely feel their pain, as we're all going through it right now. It's just harder on us because we're not privy to what Twitter knows right now (nor do we have the control they have). Communication is key. (and tell Rodney I said hi Sean!) Jesse On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan seancalla...@gmail.comwrote: Yeah Jesse, I hear you and am super bummed out. My service, TweetPhoto.com, is also down in terms of users being able to login through basic auth. It's been like that all day. No one has been able to upload photos. I emailed Doug at Twitter and he requested my server's IP address which I provided. I guess they are slowly trying to bring apps back online. I just wish this happened a little sooner. I feel totally helpless at the moment. What are your thoughts? On Aug 6, 6:25 pm, Jesse Stay jesses...@gmail.com wrote: Why is Biz saying things are back in action when apps like mine, and many other very large names are still broken from it. Sending this message to users sends a false message to them stating they should expect we should be up as well. At a very minimum, please state the API is still having issues so users can know what to expect: http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html Jesse
[twitter-dev] Re: Question About Post Commands
Hi All, I get the Twitter is over capacity page when I try to post a status. Is it working for others now? or is it blocked following hte outage yesterday? Prashanth On Fri, Aug 7, 2009 at 1:16 PM, Andrew Badera and...@badera.us wrote: On Thu, Aug 6, 2009 at 11:33 PM, Dan Kurszewski dan.kurszew...@gmail.comwrote: Does anyone know if there is a way with VB.Net or C# to login to twitter, call 100 post commands, and then logout? Here is my code for making a single post command in VB.Net. As you can see every time I call this function it has to login. I would love to have an array of url's and/or data that need to be processed for the same username and password and having only one login. I have tried rearranging things several different ways with no luck. Any help would be greatly appreciated. --- Public Function ExecutePostCommand(ByVal url As String, ByVal username As String, ByVal password As String, _ ByVal data As String) As String *snip* End Function You're not logging in to anything -- there's no concept of a session in play. What is your concern about supplying credentials with every call? No, you can't batch your requests on the API side -- you're going to have to make a call to the API for every post. Have you looked into OAuth? You retrieve a single token for access, which along with your consumer token you use over and over again to make requests on behalf of a specific account. You still need to make an API call for every POST action however. Thanks- - Andy Badera - and...@badera.us - Google me: http://www.google.com/search?q=andrew+badera - This email is: [ ] bloggable [x] ask first [ ] private
[twitter-dev] Re: OAuth and twitter.com home authentication strange behavior
Same issue here. The username/password version of my client works, but not the oAuth version. It just times out when redirecting back. It's weird because some of my users can get through, but none of my accounts can. On Thu, Aug 6, 2009 at 5:00 PM, Sam Street sam...@gmail.com wrote: My app also dies straight during auth http://twicli.com/auth On Aug 6, 10:45 pm, Rich rhyl...@gmail.com wrote: Especially annoying seeing as I've gone totally oAuth now. I don't blame Twitter, just the idiots that initiated the DDoS attack On Aug 6, 10:33 pm, Andreu Pere andreup...@gmail.com wrote: The same behaviour for my application. When the app wants to start the oAuth workflow in order to authenticate and login the user, the server returns a timeout fromhttps://twitter.com/oauth/authenticate?parameters On Thu, Aug 6, 2009 at 11:24 PM, Rich rhyl...@gmail.com wrote: I can't get oAuth to authenticate on any of my clients either. It works when the client has previously authenticated... but trying to get a new token it fails when clicking 'Allow' On Aug 6, 7:42 pm, stephane stephane.philipa...@gmail.com wrote: It's probably linked to the current DDOS but the authentication flow shows some strange behavior : 1 - I try to initiate an OAuth authentication fromwww.twazzup.com - twazzup server gets a timeout trying to connect to twitter for oauth token (ApplicationError 5 on appengine) 3 - I go to twitter.com click sign-in - strangely twitter redirects me to the oauth authorization form (do you want to allow twazzup blabla ...) So I have to questions there : A / did you block incoming OAuth reqs from appengine ? B/ is the strange behavior (twitter home authentication mixing with another OAuth flow) something we, 3rd party app developers, can or should take care of ? Cheers, Stephanewww.twazzup.com
[twitter-dev] Getting 404 for twitter search since yesterday(everything else works), anything changed?
example search http://search.twitter.com/search.json??rpp=50q=test
[twitter-dev] statuses/friends_timeline method circular redirection
Hi All, When I try to make the following OAuth request GET http://twitter.com/statuses/friends_timeline.json? it results in Circular redirect to 'http://twitter.com:80/statuses/ friends_timeline.json' Any ETA on when this issue might be resolved? Thanks in advance.
[twitter-dev] Re: Requests from AppEngine still failing.
I submitted a ticket, here: http://code.google.com/p/twitter-api/issues/detail?id=914 Waiting for a API Team answer.
[twitter-dev] Continuous oAuth Issues
Our app is still experiencing oAuth denial issues since the DDOS problem yesterday. Has anyone heard any update to this problem? or is there some action that app developers need to take to get back in business? Thanks, brian
[twitter-dev] You have been rate limited. Enhance your calm.
Hi, I use the Twitter search api, e.g: - http://search.twitter.com/search.rss?q=iphone and I now get: - You have been rate limited. Enhance your calm. I rely on this for my application. Anything I can do to stop it? Thanks!
[twitter-dev] Re: API Calls During DoS Attack
Our site (tunein.com) is getting 408s from the OAuth API; also, our daemons that do friend timeline calls have been getting empty results since 11 PM last night.
[twitter-dev] Re: New blocks still happening
It appears that I am getting the 408 error as well. Is there any way to be added to a whitelist? My twitter followers for my script aren't too happy. On Aug 7, 1:06 am, Sean Callahan seancalla...@gmail.com wrote: Users on our site Jesse provide username and password and still can't login. It has been like that all day. I feel your pain and wish we could get back online quicker. On Aug 6, 6:16 pm, Jesse Stay jesses...@gmail.com wrote: This is also another nick against OAuth. My users can't even log in right now because we're relying on OAuth for login. Jesse On Thu, Aug 6, 2009 at 8:45 PM, Dewald Pretorius dpr...@gmail.com wrote: I have seen the same thing. So, if you have white listed IPs that are still showing a rate limit of 20,000, DO NOT use them right now. After a few minutes of use their rate limits are cut down to 150 per hour. Dewald On Aug 6, 8:58 pm, Tinychat tinycha...@gmail.com wrote: So, like everyone else I was receiving 408's from all our production servers. Wasnt sure what was causing it, but it turned out to be that twitter is blocking the IPs. Ok, must be related to the ddos stuff from earlier on- Must have gotten caught in the crossfire. So I go ahead and use some development servers to start sending requests- All is fine, for about a hour. They are blocked now. So to anyone out there, there is no point using a new IP- It will get blocked within a hour or so. I guess we have to wait for twitters host to fix it, or use actionscript/ajax to have the end user request the data himself (Which is what I am going to do) so its always a unique IP- Hide quoted text - - Show quoted text -
[twitter-dev] Re: Requests from AppEngine still failing.
This is also a problem for Twibes, hosted on App Engine. Users can't log in due to OAuth calls failing. On Aug 7, 7:48 am, chenyuejie chenyue...@gmail.com wrote: Yes, seems they just simply restrict large requests from same IP to avoid DDoS attacks, for I can run my app in local, but can't do anything in AppEngine... On Aug 7, 9:13 pm, Mario Menti mme...@gmail.com wrote: Don't think it's related to app engine, probably just some heavy traffic ip addresses. Twitterfeed is hosted on multiple servers and services (none of them app engine) and all our whitelisted ips don't work, so we've been dead for the last 24 hours. Sent from my iPhone On 7 Aug 2009, at 13:41, Paul Kinlan paul.kin...@gmail.com wrote: The situation is getting beyond a Joke now I have paying customer who I am issuing refunds and credit notes to because twollo is unable to access Twitter. Did the denial of service attack come from the app engine or something? Paul 2009/8/7 Rich rhyl...@gmail.com I'm getting occasional bouts of being able to connect. It looks like the server IP has been rate limited quite low (even though it's a whitelisted IP) and even though I'm using the user's own Rate Limit checking. On Aug 7, 11:49 am, Rich rhyl...@gmail.com wrote: Yep, I think I replied to you on Twitter, but yes I've got the same issue. Curl is reporting timeouts but if I switch IPs it's fine. Looks like the w/list IPs have been blocked. I've emailed the api@ email address but who knows! On Aug 7, 11:47 am, David W meepmeepmeepena...@gmail.com wrote: Good morning, Requests from my application running on AppEngine (using the urlfetch API to make requests) are failing 100%. The error looks like a timeout; speaking to a few people on Twitter suggests many previously whitelisted IP addresses were blackholed. Is this a known issue for AppEngine clients? Thanks, David
[twitter-dev] Re: Problem with in reply to status id
Thanks Sam... Your post did help me ... i was sending it to wrong id (user) and status id. I dont know why dint I checked that earlier. Now its fine. other thing which I am working on Setting the source. I figure out that we have to register our application now before it can appear as source. Do we also have to use oauth to update status with the correct source. Although my app name is OpenTweet it always posts as web. is oauth necessary ? Thanks for all the help i Got :) On Aug 7, 4:24 am, Sam Street sam...@gmail.com wrote: Oh yeah. This just worked for me through web. My mistake! On Aug 7, 7:59 am, Abraham Williams 4bra...@gmail.com wrote: 2009/8/6 Sam Street sam...@gmail.com 2. replying to a status id that you posted yourself from the same account This is actually incorrect. I've posted replies to myself from the web interface. Abraham -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private. Sent from Wasilla, Alaska, United States
[twitter-dev] API call doesn't work anymore
I am using http://twitter.com/statuses/update.json to update status for twitter. It was working until yesterday's DOS attack. API call return 1 now. It used to return status of api call such as success or failed None of the updates when through API since yesterday Anyone get any ideas? Did Twitter change their API? Thanks
[twitter-dev] Re: You have been rate limited. Enhance your calm.
If you're getting that then you're getting more than me.
I'm just doing:
require 'rubygems'
gem 'twitter'
require 'twitter'
Twitter::Search.new('foo').each do |r|
puts r.inspect
end
And I get only this back now:
/var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:56:in
`setup_raw_request': undefined method `request_uri' for #URI::Generic:
0x7f99f9516ea0 (NoMethodError)
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
39:in `perform'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
99:in `handle_response'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
40:in `perform'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:156:in
`perform_request'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:122:in
`get'
from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb:
100:in `fetch'
from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb:
108:in `each'
from searchtest.rb:5
My search is totally borked. Its just the API though I think, give it
some time
On Aug 7, 11:20 am, diddy david.barrowcl...@gmail.com wrote:
Hi,
I use the Twitter search api, e.g: -
http://search.twitter.com/search.rss?q=iphone
and I now get: -
You have been rate limited. Enhance your calm.
I rely on this for my application. Anything I can do to stop it?
Thanks!
[twitter-dev] Re: You have been rate limited. Enhance your calm.
Is your library following redirects?
On Aug 7, 10:18 am, David Fisher tib...@gmail.com wrote:
If you're getting that then you're getting more than me.
I'm just doing:
require 'rubygems'
gem 'twitter'
require 'twitter'
Twitter::Search.new('foo').each do |r|
puts r.inspect
end
And I get only this back now:
/var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:56:in
`setup_raw_request': undefined method `request_uri' for #URI::Generic:
0x7f99f9516ea0 (NoMethodError)
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
39:in `perform'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
99:in `handle_response'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
40:in `perform'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:156:in
`perform_request'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:122:in
`get'
from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb:
100:in `fetch'
from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb:
108:in `each'
from searchtest.rb:5
My search is totally borked. Its just the API though I think, give it
some time
On Aug 7, 11:20 am, diddy david.barrowcl...@gmail.com wrote:
Hi,
I use the Twitter search api, e.g: -
http://search.twitter.com/search.rss?q=iphone
and I now get: -
You have been rate limited. Enhance your calm.
I rely on this for my application. Anything I can do to stop it?
Thanks!
[twitter-dev] Re: /statuses/user_timeline.json is redirecting
On Thu, Aug 6, 2009 at 3:10 PM, timwhitlocktim.whitl...@publicreative.com wrote: I'm getting the same thing. I patched my library to follow the redirect, but that just results in a 403. The addition of the mysterious token actually creates an invalid URL, because it ends up with two ?s I have two api keys for my app. One for my local dev server, and a different one for deploying to live. My dev calls work fine. the problem only occurs on the live server. My live server IP is whitelisted, so I don't know if that's relevant. I don't think it is relevant because the addresses my queries are coming from are not whitelisted. I'm also still seeing this behavior this morning. It'd be nice just to know that someone at Twitter knows why this is happening and is going to get it fixed at some point. Sincerely, Anthony Eden -- GMU/IT d- s: a32 C++()$ UL@ P--- L+(++) !E W+++$ !N o? K? w--- !O M++ V PS+ PE Y PGP t+ !5 X- R tv b++ DI+ D++ G- e++ h r+++ y** http://anthony.mp
[twitter-dev] Re: oauth redirects fail....
Me too! My App can request a oauth token but can not do anything when redirecting to Twitter! And I even can not login to my account from web! All is broken:(! 2009/8/7 Muthu Ramadoss muthu.ramad...@gmail.com I'm not able to even post updates on my twitter account from web. May be this is the case after the DOS attack and will be remedied soon. On Aug 7, 7:07 am, hansamann sven.hai...@googlemail.com wrote: I experience the same, hope this is just the Twitter DOS attack aftermath. My app cannot request a requestToken for example, which results in a time out on my pages as this is the first thing you do before you redirect to twitter. Also, I cannot seem to get the friends timeline, friends and followers at least not regularly I believe. Anyone else? Cheers Sven On Aug 6, 5:31 pm, Howard Siegel hsie...@gmail.com wrote: If this has only been happening since this morning, then it is likely this is just part of the aftermath of the DOS attack on Twitter. - h On Thu, Aug 6, 2009 at 15:53, yuf kyl...@gmail.com wrote: I have yet to get oAuth callbacks to work properly. After clicking Allow, I end up on a completely blank twittter.com/oauth/authorize page. If I try to look at the source, it asked if should resend. If I do, the source comes back that contains the redirect. But if I'm not looking at the source, the page just hangs for a while, and then ends up blank. What is up here? I've tried a variety of callback urls, from localhost, to the actual domain I'm using for development. Any one experience similar?
[twitter-dev] Re: oauth redirects fail....
My app fails when requesting tokens. I still cant even login to Twitter.com through web - it just freezes. Anyway, nope its solved soon. Thanks On Aug 7, 6:28 pm, Vincent Nguyen kureik...@gmail.com wrote: Me too! My App can request a oauth token but can not do anything when redirecting to Twitter! And I even can not login to my account from web! All is broken:(! 2009/8/7 Muthu Ramadoss muthu.ramad...@gmail.com I'm not able to even post updates on my twitter account from web. May be this is the case after the DOS attack and will be remedied soon. On Aug 7, 7:07 am, hansamann sven.hai...@googlemail.com wrote: I experience the same, hope this is just the Twitter DOS attack aftermath. My app cannot request a requestToken for example, which results in a time out on my pages as this is the first thing you do before you redirect to twitter. Also, I cannot seem to get the friends timeline, friends and followers at least not regularly I believe. Anyone else? Cheers Sven On Aug 6, 5:31 pm, Howard Siegel hsie...@gmail.com wrote: If this has only been happening since this morning, then it is likely this is just part of the aftermath of the DOS attack on Twitter. - h On Thu, Aug 6, 2009 at 15:53, yuf kyl...@gmail.com wrote: I have yet to get oAuth callbacks to work properly. After clicking Allow, I end up on a completely blank twittter.com/oauth/authorize page. If I try to look at the source, it asked if should resend. If I do, the source comes back that contains the redirect. But if I'm not looking at the source, the page just hangs for a while, and then ends up blank. What is up here? I've tried a variety of callback urls, from localhost, to the actual domain I'm using for development. Any one experience similar?
[twitter-dev] Re: Continuous oAuth Issues
Mine has re-occured... if you're going to force people to use oAuth from now on, at least get it running again fast! On Aug 7, 2:22 pm, Brian b.kn...@gmail.com wrote: Our app is still experiencing oAuth denial issues since the DDOS problem yesterday. Has anyone heard any update to this problem? or is there some action that app developers need to take to get back in business? Thanks, brian
[twitter-dev] Re: Account Verify Credentials
Except that this case fails for calls such as statuses/friends if the user isn't authenticated but you think he is you get a completely valid (from one point of view) set of results back but they do not include any protected users. Therefore a call to verify_credentials is necessary to ensure that you are processing the correct data. -Bob On Thu, Aug 6, 2009 at 10:36 PM, Chris Babcockcbabc...@asciiking.com wrote: On Thu, 6 Aug 2009 12:01:14 -0400 Robert Fishel bobfis...@gmail.com wrote: I too thought that one should call verify credentials with Oauth. How are you suggesting we verify that the token is still active, another call to oauth_authenicate/authorize? The oauth_authenicate and oauth_authorize calls are not rate limited. They can't be used to hack user credentials, so they don't need to be. Authentication is a once per session event. Once authenticated, a user remains authenticated to your app until your own session controls expire. This is independent of the user's Twitter session, except that the user needs to be authenticated with Twitter in order for Twitter to authenticate the user to your app. This happens once, at the beginning of the user's session with your app and it is not subject to a DoS attack on the account/verify_credentials service. It may be useful to verify that an authorization token has been activated, but checking authorization before a call that will fail if the authorization is not available is wasted bandwidth. You should check after the call to see if the action succeeded. It's more reliable and lower bandwidth. Chris Babcock
[twitter-dev] Re: oauth redirects fail....
Sam Street! I have the same issue when loging on Twitter.com through web while my friends are able to login! Dunno why! It seems not every account can not login! Hope this issues will be fixed soon! We totatly don't know what is going on! 2009/8/7 Sam Street sam...@gmail.com My app fails when requesting tokens. I still cant even login to Twitter.com through web - it just freezes. Anyway, nope its solved soon. Thanks On Aug 7, 6:28 pm, Vincent Nguyen kureik...@gmail.com wrote: Me too! My App can request a oauth token but can not do anything when redirecting to Twitter! And I even can not login to my account from web! All is broken:(! 2009/8/7 Muthu Ramadoss muthu.ramad...@gmail.com I'm not able to even post updates on my twitter account from web. May be this is the case after the DOS attack and will be remedied soon. On Aug 7, 7:07 am, hansamann sven.hai...@googlemail.com wrote: I experience the same, hope this is just the Twitter DOS attack aftermath. My app cannot request a requestToken for example, which results in a time out on my pages as this is the first thing you do before you redirect to twitter. Also, I cannot seem to get the friends timeline, friends and followers at least not regularly I believe. Anyone else? Cheers Sven On Aug 6, 5:31 pm, Howard Siegel hsie...@gmail.com wrote: If this has only been happening since this morning, then it is likely this is just part of the aftermath of the DOS attack on Twitter. - h On Thu, Aug 6, 2009 at 15:53, yuf kyl...@gmail.com wrote: I have yet to get oAuth callbacks to work properly. After clicking Allow, I end up on a completely blank twittter.com/oauth/authorize page. If I try to look at the source, it asked if should resend. If I do, the source comes back that contains the redirect. But if I'm not looking at the source, the page just hangs for a while, and then ends up blank. What is up here? I've tried a variety of callback urls, from localhost, to the actual domain I'm using for development. Any one experience similar?
[twitter-dev] rate limit status API not working!
hi, since yesterday when the DOS attack happened, this http://twitter.com/account/rate_limit_status.json API call returns an empty response. This stops my site, that is Twitter IP white listed, since I use this API for self-throttling. Is there any resolution planned? Thank Echeyde
[twitter-dev] Getting 400 Bad Request when I try to update my application settings
Whenever I try to update my application's settings—in this case, I was trying to enable Use Twitter for login—my browser hangs for some time, then gives me a 400 error. Is anyone else experiencing this problem?
[twitter-dev] Can't change application settings
I'm trying to enable Use Twitter for login, but whenever I check the box and click Save, my browser just hangs and I am redirected to a blank /oauth_clients/update page. Is anyone else experiencing this problem?
[twitter-dev] Re: HTTP 409 on status update via API
I've restored all of my services by doing 3 things: 1) Follow redirects (HTTP 302s) 2) Send UserAgent 3) Send Referer On Aug 6, 9:56 pm, cestre...@gmail.com cestre...@gmail.com wrote: Same here 408 on all OAuth authenticate attempts. Is it safe to assume this is fallout from DDOS? Any official word on we can expect our apps to work again? On Aug 6, 2:30 pm, Matthew F mcf1...@gmail.com wrote: I'm getting 408s trying to authenticate with OAuth On Aug 6, 10:20 pm, John Kalucki jkalu...@gmail.com wrote: This should be fixed for the Streaming API. -John On Aug 6, 1:59 pm, Jennie Lees trin...@gmail.com wrote: Getting the same thing using the track function of the API. On Thu, Aug 6, 2009 at 9:43 PM, briantroy brian.cosin...@gmail.com wrote: Sorry... these are HTTP 408s... On Aug 6, 1:20 pm, briantroy brian.cosin...@gmail.com wrote: This just started today. It was working fine before and early this morning. I'm send in user updates from a widget via API. My server is whitelisted and I've got a registered service. I get a HTTP 409 on every attempt to submit a status. Not sure why... You can try it here:http://briantroy.com/blog/about I know a 409 should mean timed out... but the response comes back in one second (or just really really fast). Any help appreciated... Brian Roy justSignal -- Jennie Lees Founder, Affect Labs jen...@affectlabs.comhttp://twitter.com/jennielees
[twitter-dev] Re: You have been rate limited. Enhance your calm.
im having the same problem. im just lucky my app is still in test. RT @twitter Due to defense measures some Twitter clients are unable to communicate with our API, and many users are unable to tweet via SMS. I think we can only wait for twitter to normalize de api. On 7 ago, 12:20, diddy david.barrowcl...@gmail.com wrote: Hi, I use the Twitter search api, e.g: - http://search.twitter.com/search.rss?q=iphone and I now get: - You have been rate limited. Enhance your calm. I rely on this for my application. Anything I can do to stop it? Thanks!
[twitter-dev] Re: Continuous oAuth Issues
Ours recurred this morning, as well. On Aug 7, 10:49 am, Rich rhyl...@gmail.com wrote: Mine has re-occured... if you're going to force people to use oAuth from now on, at least get it running again fast! On Aug 7, 2:22 pm, Brian b.kn...@gmail.com wrote: Our app is still experiencing oAuth denial issues since the DDOS problem yesterday. Has anyone heard any update to this problem? or is there some action that app developers need to take to get back in business? Thanks, brian
[twitter-dev] Re: New blocks still happening
Any update on the 408 situation twitter? On Aug 7, 11:58 am, Tony Blyler tonybly...@gmail.com wrote: It appears that I am getting the 408 error as well. Is there any way to be added to a whitelist? My twitter followers for my script aren't too happy. On Aug 7, 1:06 am, Sean Callahan seancalla...@gmail.com wrote: Users on our site Jesse provide username and password and still can't login. It has been like that all day. I feel your pain and wish we could get back online quicker. On Aug 6, 6:16 pm, Jesse Stay jesses...@gmail.com wrote: This is also another nick against OAuth. My users can't even log in right now because we're relying on OAuth for login. Jesse On Thu, Aug 6, 2009 at 8:45 PM, Dewald Pretorius dpr...@gmail.com wrote: I have seen the same thing. So, if you have white listed IPs that are still showing a rate limit of 20,000, DO NOT use them right now. After a few minutes of use their rate limits are cut down to 150 per hour. Dewald On Aug 6, 8:58 pm, Tinychat tinycha...@gmail.com wrote: So, like everyone else I was receiving 408's from all our production servers. Wasnt sure what was causing it, but it turned out to be that twitter is blocking the IPs. Ok, must be related to the ddos stuff from earlier on- Must have gotten caught in the crossfire. So I go ahead and use some development servers to start sending requests- All is fine, for about a hour. They are blocked now. So to anyone out there, there is no point using a new IP- It will get blocked within a hour or so. I guess we have to wait for twitters host to fix it, or use actionscript/ajax to have the end user request the data himself (Which is what I am going to do) so its always a unique IP- Hide quoted text - - Show quoted text -
[twitter-dev] Re: /statuses/user_timeline.json is redirecting
We're getting the same thing on friends_timeline requests. On Aug 7, 10:26 am, Anthony Eden anthonye...@gmail.com wrote: On Thu, Aug 6, 2009 at 3:10 PM, timwhitlocktim.whitl...@publicreative.com wrote: I'm getting the same thing. I patched my library to follow the redirect, but that just results in a 403. The addition of the mysterious token actually creates an invalid URL, because it ends up with two ?s I have two api keys for my app. One for my local dev server, and a different one for deploying to live. My dev calls work fine. the problem only occurs on the live server. My live server IP is whitelisted, so I don't know if that's relevant. I don't think it is relevant because the addresses my queries are coming from are not whitelisted. I'm also still seeing this behavior this morning. It'd be nice just to know that someone at Twitter knows why this is happening and is going to get it fixed at some point. Sincerely, Anthony Eden -- GMU/IT d- s: a32 C++()$ UL@ P--- L+(++) !E W+++$ !N o? K? w--- !O M++ V PS+ PE Y PGP t+ !5 X- R tv b++ DI+ D++ G- e++ h r+++ y** http://anthony.mp
[twitter-dev] Re: DDoS Status Update
Thanks for the update, however PLEASE get oAuth back up and running ASAP please! On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
OAuth is working fine for my site. To be honest, for something that does nothing but interact with Twitter I haven't seen much of a drop in activity. On Aug 7, 7:28 pm, Rich rhyl...@gmail.com wrote: Thanks for the update, however PLEASE get oAuth back up and running ASAP please! On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
Applications in cloud hosting environments may be unable to throttle anything, due to the fact that if it's IP based checking, the cloud IPs are stlll going to be sending a lot of requests. ie: Appengine applications. On Aug 7, 2:28 pm, Rich rhyl...@gmail.com wrote: Thanks for the update, however PLEASE get oAuth back up and running ASAP please! On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
oAuth worked for me on testing this morning, but trying to authenticate three seperate accounts, right now... all of them timeout on clicking the 'Allow' button On Aug 7, 7:32 pm, Goblin stu...@abovetheinternet.org wrote: OAuth is working fine for my site. To be honest, for something that does nothing but interact with Twitter I haven't seen much of a drop in activity. On Aug 7, 7:28 pm, Rich rhyl...@gmail.com wrote: Thanks for the update, however PLEASE get oAuth back up and running ASAP please! On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Whitelisted IPs blocked for 12+ hours
Okay, my high-volume app has been dead in the water for the past 12 hours. My formerly whitelisted IPs have been limited to 150 calls. API calls ARE getting through... but are limited to 150/hour rather than 20k/hour. This suggests to me that the problem is on Twitter's side (rather than with the host). HELP?!?
[twitter-dev] Re: DDoS Status Update
This is happening all my applications. Clicking Allow - just causes the App to timeout. This reminds of the OAuth outage we had last time - which begs the question, is OAuth ready for production applications? On Aug 7, 2:38 pm, Rich rhyl...@gmail.com wrote: oAuth worked for me on testing this morning, but trying to authenticate three seperate accounts, right now... all of them timeout on clicking the 'Allow' button On Aug 7, 7:32 pm, Goblin stu...@abovetheinternet.org wrote: OAuth is working fine for my site. To be honest, for something that does nothing but interact with Twitter I haven't seen much of a drop in activity. On Aug 7, 7:28 pm, Rich rhyl...@gmail.com wrote: Thanks for the update, however PLEASE get oAuth back up and running ASAP please! On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
Yes! Me too! I think we must stop out service temporarily while waitng twitter team solve it! Be patient for all of us! 2009/8/7 Greg Avola gregory.av...@gmail.com This is happening all my applications. Clicking Allow - just causes the App to timeout. This reminds of the OAuth outage we had last time - which begs the question, is OAuth ready for production applications? On Aug 7, 2:38 pm, Rich rhyl...@gmail.com wrote: oAuth worked for me on testing this morning, but trying to authenticate three seperate accounts, right now... all of them timeout on clicking the 'Allow' button On Aug 7, 7:32 pm, Goblin stu...@abovetheinternet.org wrote: OAuth is working fine for my site. To be honest, for something that does nothing but interact with Twitter I haven't seen much of a drop in activity. On Aug 7, 7:28 pm, Rich rhyl...@gmail.com wrote: Thanks for the update, however PLEASE get oAuth back up and running ASAP please! On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was well http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
Except if you want from [source] on your posts for 'newer' apps you can only use oAuth! On Aug 7, 7:49 pm, Greg Avola gregory.av...@gmail.com wrote: This is happening all my applications. Clicking Allow - just causes the App to timeout. This reminds of the OAuth outage we had last time - which begs the question, is OAuth ready for production applications? On Aug 7, 2:38 pm, Rich rhyl...@gmail.com wrote: oAuth worked for me on testing this morning, but trying to authenticate three seperate accounts, right now... all of them timeout on clicking the 'Allow' button On Aug 7, 7:32 pm, Goblin stu...@abovetheinternet.org wrote: OAuth is working fine for my site. To be honest, for something that does nothing but interact with Twitter I haven't seen much of a drop in activity. On Aug 7, 7:28 pm, Rich rhyl...@gmail.com wrote: Thanks for the update, however PLEASE get oAuth back up and running ASAP please! On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
Thanks for the update Ryan. One thing I don't quite understand is why it's not an option to allow whitelisted applications to post. I will try and throttle our ( twitterfeed.com) service back, but with nearly half a million of active feeds in the system, I can't quite see how this will help, as even a fraction of requests will be way over any non-whitelist limits you have in place. Mario.
[twitter-dev] Re: DDoS Status Update
Is there an insight into the hanging (posts, favorites) that is happening on the twitter.com website?
[twitter-dev] Re: DDoS Status Update
All my oauth requests are failing with an invalid token exception, and the response to the request for the token appears to be null. This is using the twitter python client and from appengine. I don't even get to the point of redirecting users to the login page. On Aug 7, 2:53 pm, Mario Menti mme...@gmail.com wrote: Thanks for the update Ryan. One thing I don't quite understand is why it's not an option to allow whitelisted applications to post. I will try and throttle our ( twitterfeed.com) service back, but with nearly half a million of active feeds in the system, I can't quite see how this will help, as even a fraction of requests will be way over any non-whitelist limits you have in place. Mario.
[twitter-dev] Re: You have been rate limited. Enhance your calm.
I can't be sure if my client is following redirects. Probably not. I'm just using the Ruby Twitter Gem which haven't been updated for a month or so I think dave On Aug 7, 1:15 pm, lucasnicolato eternitya...@gmail.com wrote: im having the same problem. im just lucky my app is still in test. RT @twitter Due to defense measures some Twitter clients are unable to communicate with our API, and many users are unable to tweet via SMS. I think we can only wait for twitter to normalize de api. On 7 ago, 12:20, diddy david.barrowcl...@gmail.com wrote: Hi, I use the Twitter search api, e.g: - http://search.twitter.com/search.rss?q=iphone and I now get: - You have been rate limited. Enhance your calm. I rely on this for my application. Anything I can do to stop it? Thanks!
[twitter-dev] Re: DDoS Status Update
I agree with this, although it's not just the US economy... hurts many other countries too... well businesses within those countries anyway! On Aug 7, 8:02 pm, Jesse Stay jesses...@gmail.com wrote: Thanks for the communication - this is good. Just curious - with entire businesses being put out of place, and rumors that the Russian Gov't may be behind such attacks, is Twitter communicating with Homeland Security about this? To me this seems like a matter of national security even more than it is a Twitter issue. The US economy is being attacked because of this. Not to sound too radical - I'm just genuinely curious when the Government is going to get involved. (and thank you for doing what you can - I'm sure I speak for all when I say we feel your pain) Jesse On Fri, Aug 7, 2009 at 2:05 PM, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
I'm sure they would let you know first... Get real. Sent from my iPhone On 07.08.2009, at 21:02, Jesse Stay jesses...@gmail.com wrote: Thanks for the communication - this is good. Just curious - with entire businesses being put out of place, and rumors that the Russian Gov't may be behind such attacks, is Twitter communicating with Homeland Security about this? To me this seems like a matter of national security even more than it is a Twitter issue. The US economy is being attacked because of this. Not to sound too radical - I'm just genuinely curious when the Government is going to get involved. (and thank you for doing what you can - I'm sure I speak for all when I say we feel your pain) Jesse On Fri, Aug 7, 2009 at 2:05 PM, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. Whats been happening As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was well, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. Known Issues - HTTP 300 response codes - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. - General throttling - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. - Streaming API - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - Unexpected HTTP response codes - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. Moving forward We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver
[twitter-dev] Re: DDoS Status Update
Ryan, First, thanks for finally posting such a message. It has been pretty frustrating when there is no communication for you guys. Especially when we developers rely on your service and you also rely on us promoting your service. It makes us third party developers look stupid when Biz/Twitter tells half truths to the public says that everything is running great when in reality it is not. I understand you want to look like things are fine so people don't loose confidence in your service but it doesn't say much to us developers and give us much confidence about your transparency and what the actual truth you tell us is. If anyone should be updated it should be your developer community first then the users, you owe us that much as we have built your service up ever user we send your way. How about you make a more public announcement to all your users to let them know that your issues are affecting all the third party vendors and the issues is not fixed. Now that I have been able to finally get a message through to someone at Twitter, how about getting oAuth working so that our users can at least login consistently to our applications. Right now oAuth login works some times and not others. You make us move over to something that obviously is not production ready. Also why are us white listed apps having troubles and getting a rate limit of 150 like average users. I understand you want us to throttle it back but, can't you give us more than that? Basically your idea of throttling is cutting our usual allowed consumption down to less than 1%!? Serious, why not just shut it off entirely. Chris- On Aug 7, 2:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
Hello Ryan, Thanks for that update. currently I can ping twitter.com but I can't access http on it tpi...@vm:~/app$ ping twitter.com -c4 PING twitter.com (168.143.162.116) 56(84) bytes of data. 64 bytes from 168.143.162.116: icmp_seq=1 ttl=241 time=212 ms 64 bytes from 168.143.162.116: icmp_seq=2 ttl=241 time=243 ms 64 bytes from 168.143.162.116: icmp_seq=3 ttl=241 time=216 ms 64 bytes from 168.143.162.116: icmp_seq=4 ttl=241 time=214 ms --- twitter.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3017ms rtt min/avg/max/mdev = 212.389/221.455/243.174/12.611 ms tpi...@vm:~/app$ curl http://twitter.com curl: (7) couldn't connect to host This app/ip is whitelisted and we're using mbleigh's twitter-auth. Any thoughts on this one? Is it a problem on our end (i.e. our network, dns cache etc.)? Thanks, Tiago On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
Thank you for updating us! I have still a problem with getting search results via curl like described here: http://apiwiki.twitter.com/Twitter-Search-API-Method%3A-search This was working pretty good before the DDoS attack, but now I don't get any results just http_code of 302. An example url, I'm trying to get is: http://search.twitter.com/search.atom?q=twitterlang=derpp=15since_id=3170060360show_user=true Can you give me a hint what I'm doing wrong or is this part of the API still not working correct? Thanks and best regards, Chris
[twitter-dev] Re: Can't change application settings
Yeah I get this trying to update my app's image, and also my twitter user_image_url On Aug 7, 6:31 pm, adamsinger adamsi...@gmail.com wrote: I'm trying to enable Use Twitter for login, but whenever I check the box and click Save, my browser just hangs and I am redirected to a blank /oauth_clients/update page. Is anyone else experiencing this problem?
[twitter-dev] Re: DDoS Status Update
DMs seem to be down as well. Haven't been able to get any to go out. Tweets seem to be fine though. On Aug 7, 1:53 pm, Mario Menti mme...@gmail.com wrote: Thanks for the update Ryan. One thing I don't quite understand is why it's not an option to allow whitelisted applications to post. I will try and throttle our ( twitterfeed.com) service back, but with nearly half a million of active feeds in the system, I can't quite see how this will help, as even a fraction of requests will be way over any non-whitelist limits you have in place. Mario.
[twitter-dev] Re: DDoS Status Update
I have a php/memcache based Twitter Throttle if anyone needs a reference implementation. Just drop me an email at brian dot roy at cosinity dot com On Aug 7, 11:49 am, Greg Avola gregory.av...@gmail.com wrote: This is happening all my applications. Clicking Allow - just causes the App to timeout. This reminds of the OAuth outage we had last time - which begs the question, is OAuth ready for production applications? On Aug 7, 2:38 pm, Rich rhyl...@gmail.com wrote: oAuth worked for me on testing this morning, but trying to authenticate three seperate accounts, right now... all of them timeout on clicking the 'Allow' button On Aug 7, 7:32 pm, Goblin stu...@abovetheinternet.org wrote: OAuth is working fine for my site. To be honest, for something that does nothing but interact with Twitter I haven't seen much of a drop in activity. On Aug 7, 7:28 pm, Rich rhyl...@gmail.com wrote: Thanks for the update, however PLEASE get oAuth back up and running ASAP please! On Aug 7, 7:05 pm, Ryan Sarver rsar...@twitter.com wrote: I wanted to send everyone an update to let you know what has been happening, the known issues, some suggestions on how to resolve them and some idea of how to move forward. *Whats been happening* As you know all too well Twitter, among other services, has been getting hit pretty hard with a DDoS attack over the past 24+ hours. Yesterday we saw the attack come in a number of waves and from a number of different vectors increasing in intensity along the way. We were able to stabilize our own service for a bit, hence Biz's post saying all was wellhttp://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html, but that didn't mean the attacks had ceased. In fact, at around 3am PST today the attacks intensified to almost 10x of what it was yesterday. In order for us to defend from the attack we have had to put a number of services in place and we know that some of you have gotten caught in the crossfire. Please know we are as frustrated as you are and wish there was more we could have communicated along the way. *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. * - Streaming API* - as part of the edge throttling we know requests to the Streaming API with lists of keywords or uses are getting dropped because the request is too large. We are working to get this filter removed and will update the list when we know more. - *Unexpected HTTP response codes* - we know people are seeing a lot of other weirdness and we aren't exactly sure what to attribute the various issues to, but know that you aren't alone. As the attacks change our tactics for defense will likely need to change as well, so stay active on the list and let us know what problems you are seeing and we will do our best to help guide you along. *Moving forward * We will try to communicate as much as we can so you guys are up to speed as things change and progress. I personally apologize for not communicating more in the mean time but there hasn't been much guidance we have been able to give other than hold tight with us. We fully appreciate all the long hours you are putting in to keep your apps running and supporting your users and know we are frustrated with you. Continue to watch this list, status.twitter.com and @twitterapi for updates Thanks for your patience, Ryan PM, Platform Team @rsarver http://twitter.com/rsarver
[twitter-dev] Re: DDoS Status Update
Same with me. OAuth doesn't work at all. Even the login page is showed up =\ On Aug 7, 4:00 pm, Joe Bowman bowman.jos...@gmail.com wrote: All my oauth requests are failing with an invalid token exception, and the response to the request for the token appears to be null. This is using the twitter python client and from appengine. I don't even get to the point of redirecting users to the login page. On Aug 7, 2:53 pm, Mario Menti mme...@gmail.com wrote: Thanks for the update Ryan. One thing I don't quite understand is why it's not an option to allow whitelisted applications to post. I will try and throttle our ( twitterfeed.com) service back, but with nearly half a million of active feeds in the system, I can't quite see how this will help, as even a fraction of requests will be way over any non-whitelist limits you have in place. Mario.
[twitter-dev] Re: Can't change application settings
Yup, except I'm trying to create a new application. On Aug 7, 1:31 pm, adamsinger adamsi...@gmail.com wrote: I'm trying to enable Use Twitter for login, but whenever I check the box and click Save, my browser just hangs and I am redirected to a blank /oauth_clients/update page. Is anyone else experiencing this problem?
[twitter-dev] Re: DDoS Status Update
Comments inline. On Aug 7, 12:05 pm, Ryan Sarver rsar...@twitter.com wrote: *Known Issues* * - HTTP 300 response codes* - One of the measures in thwarting the onslaught requires that all traffic respect HTTP 30x response codes. This will help us identify the good traffic from the bad. Does this affect POST as well as GET? The issue here is the way clients handle 30x after POST. Most clients (now by convention) do not respect the RFC (http://www.w3.org/Protocols/rfc2616/rfc2616- sec10.html#sec10.3) and will send a GET after POST always. Some clients will respect the method, but not re-post any data. We need to be sure we are all expecting the right things. How does this affect OAuth signed requests? OAuth requires knowing the HTTP Method as well as the full URI and parameters to generate signatures a priori. Most (all?) clients and libraries do not know how to handle changes in these during a redirect. * - General throttling* - Try to throttle your services back as much as possible for you to continue operating. We are working on our end to better understand the logic used in throttling traffic on the edge of the network and will communicate what we can, but the best idea is to just throttle back as much as you can in the mean time. Is there anything else we can do on the protocol level? Keepalives on/ off? Specific headers? Thanks for all your hard work. Having spent yesterday battling a rash of spambots is nothing compared to what you guys are doing. --Justin
[twitter-dev] Re: DDoS Status Update
As stated in Ryan's email, you should respect 302 responses. In curl this can be accomplished with the --location flag. See the man page for more details. -Chad On Fri, Aug 7, 2009 at 3:10 PM, Chriskiraili...@gmail.com wrote: Thank you for updating us! I have still a problem with getting search results via curl like described here: http://apiwiki.twitter.com/Twitter-Search-API-Method%3A-search This was working pretty good before the DDoS attack, but now I don't get any results just http_code of 302. An example url, I'm trying to get is: http://search.twitter.com/search.atom?q=twitterlang=derpp=15since_id=3170060360show_user=true Can you give me a hint what I'm doing wrong or is this part of the API still not working correct? Thanks and best regards, Chris
