[twitter-dev] [OOT] Hijacking twitter account, is it possible?
Hello All, Is there anyone have an experience to hijack a twitter account? well, the story is really weird. There is a celebrity's account hijacked (password stolen, etc), and then he created a new account, the told the world that he could do something in his old account, e.g. sending a new tweet as usual. This case is the same with: Bob can tweet in Alice's timeline. Can Bob do that? This is almost being very stupid question, and the answer is: IMPOSSIBLE, or possible with an 'if' ...? To make long story short, I am developing a twitter client in C, and I am implementing oauth with liboauth and I feel I do not deeply understood of oauth in the case above (hijack vulnerability). Thanks for your comment, Best regards, DWI
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
On Tue, 13 Oct 2009 23:48:13 -0700 (PDT) ruckuus ruck...@gmail.com wrote: Is there anyone have an experience to hijack a twitter account? The security profile of a Twitter account is no different than that of many other on-line services. The major weaknesses are signing in over HTTP, accepting insecure cookies for account modifications and password 'reminders' (actually replacements) by email. well, the story is really weird. There is a celebrity's account hijacked (password stolen, etc), and then he created a new account, the told the world that he could do something in his old account, e.g. sending a new tweet as usual. This case is the same with: Bob can tweet in Alice's timeline. Can Bob do that? This is almost being very stupid question, and the answer is: IMPOSSIBLE, or possible with an 'if' ...? There are a couple scenarios. The thing that gets overlooked in these discussions is how these situations benefit the attacker. It's not a technical challenge, so there's no Cracker Glory in it. There's no money involved. Twitter could always return control of a hijacked account manually. It's a risk without reward. Most anyone suitably incentivized to run exploits would be better served by attacking the service as a whole anonymously than attacking one account. To make long story short, I am developing a twitter client in C, and I am implementing oauth with liboauth and I feel I do not deeply understood of oauth in the case above (hijack vulnerability). If you use OAuth with a desktop client, you are distributing your secret key with the application. Users should not assume that an authorization request for your app is from their copy of the app unless they initiated the transaction. Chris Babcock
[twitter-dev] Re: Noise-tweet regex repository
I thought the new terms sorted this out Get each user's consent before sending Tweets or other messages on their behalf. A user authenticating with your application does not constitute consent to send a message. On Oct 9, 10:22 am, Sam Street sam...@gmail.com wrote: Please don't forget the Ive just taken the 'WHOSE HOTTER' quiz and voted for Miley fucking Cyrus spam via @reply (and DM also) On Oct 9, 7:03 am, Dave Briccetti da...@davebsoft.com wrote: A Twitter client can do an HTTP get to here: http://talkingpuffin.appspot.com/filters/noise and expect lines of plain text like this: Just joined a twibe. Visit http\://twibes\.com/.* just joined a video chat at http\://tinychat\.com.*
[twitter-dev] Re: Noise-tweet regex repository
Nalin, I appreciate the ideas. Remember, you can’t DM somebody who isn’t following you. I want to maintain a fairly complete collection of filters for the common “noise tweets,” and use it in TalkingPuffin under user control, and invite other application developers to use it as well. Maybe as these ideas evolve it will be useful to categorize the filters, to help end users choose which ones they want in place. For me personally, Twitter is a much nicer experience when I can have fine control over what subset of tweets I see from the people I follow. I have alternatives to unfollowing users when they get “noisy.”
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
On Oct 14, 2:46 pm, Chris Babcock cbabc...@kolonelpanic.org wrote: On Tue, 13 Oct 2009 23:48:13 -0700 (PDT) ruckuus ruck...@gmail.com wrote: Is there anyone have an experience to hijack a twitter account? The security profile of a Twitter account is no different than that of many other on-line services. The major weaknesses are signing in over HTTP, accepting insecure cookies for account modifications and password 'reminders' (actually replacements) by email. well, the story is really weird. There is a celebrity's account hijacked (password stolen, etc), and then he created a new account, the told the world that he could do something in his old account, e.g. sending a new tweet as usual. This case is the same with: Bob can tweet in Alice's timeline. Can Bob do that? This is almost being very stupid question, and the answer is: IMPOSSIBLE, or possible with an 'if' ...? There are a couple scenarios. The thing that gets overlooked in these discussions is how these situations benefit the attacker. It's not a technical challenge, so there's no Cracker Glory in it. There's no money involved. Twitter could always return control of a hijacked account manually. It's a risk without reward. Most anyone suitably incentivized to run exploits would be better served by attacking the service as a whole anonymously than attacking one account. I do agree. But attacking one account will also benefit for the attacker in personal reason, for example. furthermore, It will be a case if I said: I successfully inject someone's timeline using my application. It means, I could do the same to any twitter account in batch, and this what you called attacking the service. To make long story short, I am developing a twitter client in C, and I am implementing oauth with liboauth and I feel I do not deeply understood of oauth in the case above (hijack vulnerability). If you use OAuth with a desktop client, you are distributing your secret key with the application. Users should not assume that an authorization request for your app is from their copy of the app unless they initiated the transaction. From my experience -please correct me if I am wrong-, once an application authorized by the user, it has authenticated oauth_token, and oauth_token secret which are persistent. I can save them and use further on. The application does not know user's credential, but authenticated token. A bit far from the original topic, what will happen in authenticated oauth_token when users change their credentials? Let's say, Bob uses twitter client called foo, he authorized it, and it goes well. Then Bob changed his password for any reason. What will happen with the application? can foo still be used as usual? or Bob has to change his password in foo's setting? Best regards, DWI
[twitter-dev] Re: OAuth wed desktop feedback
Tokens should never expire. However, you can only make that request once. If you try to make it again with the same request request token, then you will get the expired token error. On Wed, Oct 14, 2009 at 12:02 AM, BlueSkies scarter28m-goo...@yahoo.comwrote: When my application requests an OAuth token on behalf of a user trying to login, I have been seeing some errors: Frequently: /oauth/access_token Invalid / expired Token What is the length of time that a token is supposed to be valid for? Is this documented and can it be extended? I'm sure that I probably lose quite a few first time users when this happens. I imagine that they probably bring up my login page, get distracted and then run into this problem when they eventually try to log in. Occasionally: Twitter is over capacity. Would it make any sense to prioritize token handling when Twitter is at capacity? This is also an issue with wanting to allow my new users to login easily, even if they can't tweet right away (to avoid user conversion loss). My existing users probably never experience this issue with tokens when Twitter is at capacity, since my application caches credentials (as most other apps are probably also doing), so they don't normally go through my OAuth login flow very often. Not often: Unknown SSL protocol error in connection to twitter.com: 443 I'm not sure what causes this? I don't see it too often. - Scott
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
Here's another question. User Bob installs OAuth App Foo on his desktop, and he authorizes access to it. Then he installs the app on his laptop and authorizes access to it. Does User Bob see two separate entries for OAuth App Foo in his list of authorized apps in Twitter, or only one? If he sees two, how does he know which one is which? If he sees only one, how will he know that Phishing Dude has also authorized his own slimy copy of OAuth App Foo to work on User Bob's account? Dewald On Oct 14, 4:46 am, Chris Babcock cbabc...@kolonelpanic.org wrote: On Tue, 13 Oct 2009 23:48:13 -0700 (PDT) ruckuus ruck...@gmail.com wrote: Is there anyone have an experience to hijack a twitter account? The security profile of a Twitter account is no different than that of many other on-line services. The major weaknesses are signing in over HTTP, accepting insecure cookies for account modifications and password 'reminders' (actually replacements) by email. well, the story is really weird. There is a celebrity's account hijacked (password stolen, etc), and then he created a new account, the told the world that he could do something in his old account, e.g. sending a new tweet as usual. This case is the same with: Bob can tweet in Alice's timeline. Can Bob do that? This is almost being very stupid question, and the answer is: IMPOSSIBLE, or possible with an 'if' ...? There are a couple scenarios. The thing that gets overlooked in these discussions is how these situations benefit the attacker. It's not a technical challenge, so there's no Cracker Glory in it. There's no money involved. Twitter could always return control of a hijacked account manually. It's a risk without reward. Most anyone suitably incentivized to run exploits would be better served by attacking the service as a whole anonymously than attacking one account. To make long story short, I am developing a twitter client in C, and I am implementing oauth with liboauth and I feel I do not deeply understood of oauth in the case above (hijack vulnerability). If you use OAuth with a desktop client, you are distributing your secret key with the application. Users should not assume that an authorization request for your app is from their copy of the app unless they initiated the transaction. Chris Babcock
[twitter-dev] (411) Length Required error
Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Re: Noise-tweet regex repository
Regex isn't that tough, but it IS one of those things you need to get into the rhythm of, and it's very easy to fall out. Every time I heavily dive back in though, after lots of frustration, you eventually end up with a lot of elegance and power. ∞ Andy Badera ∞ +1 518-641-1280 ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=andrew%20badera On Thu, Oct 8, 2009 at 7:14 PM, Dewald Pretorius dpr...@gmail.com wrote: I think it might be a better idea to publish the regex code somewhere, so that developers can directly include it in their apps if they want to. If you provide a web service, can I send my users to your email address or support system if your regexs reject their tweets as false positives? ;-) I suck at regex. Regex is for super intelligent beings levitating on a much higher and different intellectual stratus than me. So, any kind of regex that can be copied and pasted is always very welcome. Dewald On Oct 8, 6:28 pm, Dave Briccetti da...@davebsoft.com wrote: I detest tweets like these: just joined a video chat athttp://xxxMake your own video chat athttp://xxx#xxx just joined a twibe ... I am thinking of starting a repository of regular expressions matching noise-tweets like these, that Twitter clients could query via a Web Service, and the public could contribute to. Is this a good idea?
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
Does User Bob see two separate entries for OAuth App Foo in his list of authorized apps in Twitter, or only one? Its only one. If he sees only one, how will he know that Phishing Dude has also authorized his own slimy copy of OAuth App Foo to work on User Bob's account? AFAIK there is no way to detect that. On Wed, Oct 14, 2009 at 5:29 PM, Dewald Pretorius dpr...@gmail.com wrote: Here's another question. User Bob installs OAuth App Foo on his desktop, and he authorizes access to it. Then he installs the app on his laptop and authorizes access to it. Does User Bob see two separate entries for OAuth App Foo in his list of authorized apps in Twitter, or only one? If he sees two, how does he know which one is which? If he sees only one, how will he know that Phishing Dude has also authorized his own slimy copy of OAuth App Foo to work on User Bob's account? Dewald On Oct 14, 4:46 am, Chris Babcock cbabc...@kolonelpanic.org wrote: On Tue, 13 Oct 2009 23:48:13 -0700 (PDT) ruckuus ruck...@gmail.com wrote: Is there anyone have an experience to hijack a twitter account? The security profile of a Twitter account is no different than that of many other on-line services. The major weaknesses are signing in over HTTP, accepting insecure cookies for account modifications and password 'reminders' (actually replacements) by email. well, the story is really weird. There is a celebrity's account hijacked (password stolen, etc), and then he created a new account, the told the world that he could do something in his old account, e.g. sending a new tweet as usual. This case is the same with: Bob can tweet in Alice's timeline. Can Bob do that? This is almost being very stupid question, and the answer is: IMPOSSIBLE, or possible with an 'if' ...? There are a couple scenarios. The thing that gets overlooked in these discussions is how these situations benefit the attacker. It's not a technical challenge, so there's no Cracker Glory in it. There's no money involved. Twitter could always return control of a hijacked account manually. It's a risk without reward. Most anyone suitably incentivized to run exploits would be better served by attacking the service as a whole anonymously than attacking one account. To make long story short, I am developing a twitter client in C, and I am implementing oauth with liboauth and I feel I do not deeply understood of oauth in the case above (hijack vulnerability). If you use OAuth with a desktop client, you are distributing your secret key with the application. Users should not assume that an authorization request for your app is from their copy of the app unless they initiated the transaction. Chris Babcock
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
So this is a problem with web apps as well then. If User Bob authorized Web App to work on his account, and Phishing Dude also authorizes his Web App account to work on User Bob's Twitter account because he phished User Bob's Twitter username and password, User Bob is blissfully unaware of that? Dewald On Oct 14, 11:27 am, srikanth reddy srikanth.yara...@gmail.com wrote: Does User Bob see two separate entries for OAuth App Foo in his list of authorized apps in Twitter, or only one? Its only one. If he sees only one, how will he know that Phishing Dude has also authorized his own slimy copy of OAuth App Foo to work on User Bob's account? AFAIK there is no way to detect that. On Wed, Oct 14, 2009 at 5:29 PM, Dewald Pretorius dpr...@gmail.com wrote: Here's another question. User Bob installs OAuth App Foo on his desktop, and he authorizes access to it. Then he installs the app on his laptop and authorizes access to it. Does User Bob see two separate entries for OAuth App Foo in his list of authorized apps in Twitter, or only one? If he sees two, how does he know which one is which? If he sees only one, how will he know that Phishing Dude has also authorized his own slimy copy of OAuth App Foo to work on User Bob's account? Dewald On Oct 14, 4:46 am, Chris Babcock cbabc...@kolonelpanic.org wrote: On Tue, 13 Oct 2009 23:48:13 -0700 (PDT) ruckuus ruck...@gmail.com wrote: Is there anyone have an experience to hijack a twitter account? The security profile of a Twitter account is no different than that of many other on-line services. The major weaknesses are signing in over HTTP, accepting insecure cookies for account modifications and password 'reminders' (actually replacements) by email. well, the story is really weird. There is a celebrity's account hijacked (password stolen, etc), and then he created a new account, the told the world that he could do something in his old account, e.g. sending a new tweet as usual. This case is the same with: Bob can tweet in Alice's timeline. Can Bob do that? This is almost being very stupid question, and the answer is: IMPOSSIBLE, or possible with an 'if' ...? There are a couple scenarios. The thing that gets overlooked in these discussions is how these situations benefit the attacker. It's not a technical challenge, so there's no Cracker Glory in it. There's no money involved. Twitter could always return control of a hijacked account manually. It's a risk without reward. Most anyone suitably incentivized to run exploits would be better served by attacking the service as a whole anonymously than attacking one account. To make long story short, I am developing a twitter client in C, and I am implementing oauth with liboauth and I feel I do not deeply understood of oauth in the case above (hijack vulnerability). If you use OAuth with a desktop client, you are distributing your secret key with the application. Users should not assume that an authorization request for your app is from their copy of the app unless they initiated the transaction. Chris Babcock
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
Yes. The risk is high with Desktop apps as Consumer secret/keys are distributed. On Wed, Oct 14, 2009 at 8:04 PM, Dewald Pretorius dpr...@gmail.com wrote: So this is a problem with web apps as well then. If User Bob authorized Web App to work on his account, and Phishing Dude also authorizes his Web App account to work on User Bob's Twitter account because he phished User Bob's Twitter username and password, User Bob is blissfully unaware of that? Dewald On Oct 14, 11:27 am, srikanth reddy srikanth.yara...@gmail.com wrote: Does User Bob see two separate entries for OAuth App Foo in his list of authorized apps in Twitter, or only one? Its only one. If he sees only one, how will he know that Phishing Dude has also authorized his own slimy copy of OAuth App Foo to work on User Bob's account? AFAIK there is no way to detect that. On Wed, Oct 14, 2009 at 5:29 PM, Dewald Pretorius dpr...@gmail.com wrote: Here's another question. User Bob installs OAuth App Foo on his desktop, and he authorizes access to it. Then he installs the app on his laptop and authorizes access to it. Does User Bob see two separate entries for OAuth App Foo in his list of authorized apps in Twitter, or only one? If he sees two, how does he know which one is which? If he sees only one, how will he know that Phishing Dude has also authorized his own slimy copy of OAuth App Foo to work on User Bob's account? Dewald On Oct 14, 4:46 am, Chris Babcock cbabc...@kolonelpanic.org wrote: On Tue, 13 Oct 2009 23:48:13 -0700 (PDT) ruckuus ruck...@gmail.com wrote: Is there anyone have an experience to hijack a twitter account? The security profile of a Twitter account is no different than that of many other on-line services. The major weaknesses are signing in over HTTP, accepting insecure cookies for account modifications and password 'reminders' (actually replacements) by email. well, the story is really weird. There is a celebrity's account hijacked (password stolen, etc), and then he created a new account, the told the world that he could do something in his old account, e.g. sending a new tweet as usual. This case is the same with: Bob can tweet in Alice's timeline. Can Bob do that? This is almost being very stupid question, and the answer is: IMPOSSIBLE, or possible with an 'if' ...? There are a couple scenarios. The thing that gets overlooked in these discussions is how these situations benefit the attacker. It's not a technical challenge, so there's no Cracker Glory in it. There's no money involved. Twitter could always return control of a hijacked account manually. It's a risk without reward. Most anyone suitably incentivized to run exploits would be better served by attacking the service as a whole anonymously than attacking one account. To make long story short, I am developing a twitter client in C, and I am implementing oauth with liboauth and I feel I do not deeply understood of oauth in the case above (hijack vulnerability). If you use OAuth with a desktop client, you are distributing your secret key with the application. Users should not assume that an authorization request for your app is from their copy of the app unless they initiated the transaction. Chris Babcock
[twitter-dev] Starts with token in Search API
Is it possible to add a simple Starts with token for the Search API? (and maybe an ends with token if people want that, as well). For example, it'd be nice to be able to do ^overheard and only catch those tweets that specifically start with the word instead of having the word appear anywhere in the tweet. Likewise, it'll make it easier to match ^OH (although, I'd prefer to be able to match ^OH: but I know the colons get stripped). Thanks, -Jonathan
[twitter-dev] Re: (411) Length Required error
You may just be hitting different servers in the Twitter server farm, and some of them may be setup to require length and others not to. Dewald On Oct 14, 9:56 am, eclipsed4utoo ryanalford...@gmail.com wrote: Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Re: (411) Length Required error
Can you post your code snippet (in something like pastie or pastebin)? Content-length should almost always be required for POSTs (from HTTP spec). -Chad On Wed, Oct 14, 2009 at 8:56 AM, eclipsed4utoo ryanalford...@gmail.com wrote: Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Re: Starts with token in Search API
I know this is a feature that many people would like to see (including myself). It may be on the Search team's roadmap, but please create a Google Code ticket for it so we can track it: http://code.google.com/p/twitter-api/issues/list -Chad On Wed, Oct 14, 2009 at 10:58 AM, Jonathan Snook jonathan.sn...@gmail.com wrote: Is it possible to add a simple Starts with token for the Search API? (and maybe an ends with token if people want that, as well). For example, it'd be nice to be able to do ^overheard and only catch those tweets that specifically start with the word instead of having the word appear anywhere in the tweet. Likewise, it'll make it easier to match ^OH (although, I'd prefer to be able to match ^OH: but I know the colons get stripped). Thanks, -Jonathan
[twitter-dev] Re: (411) Length Required error
On Wed, Oct 14, 2009 at 11:17 AM, ryan alford ryanalford...@gmail.com wrote: Here is the code... http://pastebin.com/m7ea04ea2 Last night, that code worked(with the content length being commented out). This morning, it gives me the length required error. Ryan I am not extremely familiar with C#, but you might want to run a trace to see what exactly the HTTP request headers are that you are sending. Are you calling this code only for posting an update? Or are there other methods using this code as well? I know for requests like friendship/create you have to set the content-length to 0 for the request to work if you specify the username in the URL... -Chad On Wed, Oct 14, 2009 at 11:09 AM, Chad Etzel c...@twitter.com wrote: Can you post your code snippet (in something like pastie or pastebin)? Content-length should almost always be required for POSTs (from HTTP spec). -Chad On Wed, Oct 14, 2009 at 8:56 AM, eclipsed4utoo ryanalford...@gmail.com wrote: Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Re: /users/show.xml? doesn't return xml string
Hello, I found the problem... the Twitter API does return XML, but on my LAMP system, the PHP var_dump($variable) method strips away the XML tags! This seems ridiculous to me, but then the documentation on var_dump is skimpy... Thanks again for your help. , On Oct 13, 9:51 pm, Scott Haneda talkli...@newgeo.com wrote: I just ran your exact code, and was able to pull an xml string just fine, so I do not believe it is your code. The only thing I can think is you may want to curl_close() the connection, perhaps there is some caching or other similar thing in effect, though that is a big long shot. Maybe try curl on the command line, on the same host, and see what your results are, if that works, you can start looking at your code, otherwise, it may just be an temporary glitch in the API. You may want to look into doing some more testing in your command though, return the headers, and look at the http responses, so you know when you have a 200 ok one, versus some of the others, in which case you will want to be abel to gracefully degrade your application in some way. Sorry I could not be of more help. -- Scott * If you contact me off list replace talklists@ with scott@ * On Oct 13, 2009, at 9:37 PM, ArnieLapinig wrote: Hello, I hope someone can help my query with the REST API /users/show.xml doesn't seem to be returning an xml string... I'm getting strange data back from my query. Here's the code: $twitterHost = 'http://twitter.com/users/show.xml? screen_name=' . urlencode($lookforname); $curl = curl_init(); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_USERPWD, $username: $password); curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_setopt($curl, CURLOPT_URL, $twitterHost); $query = curl_exec($curl); and here's what i'm getting: $twitterHost string(59) http://twitter.com/users/show.xml? screen_name=mandarine_one $query string(2023) 32432559 anton mandarine_one Neuburg an der Donau Mediengestalter, Nerd, Comic- und Musikliebhaber, nörgelt gerne über die Arbeit.http://a3.twimg.com/profile_images/435301043/twitter_normal.jpg http://www.grizzlyfear.defalse 159 EBEBEB 33 99 F3F3F3 DFDFDF 238 Fri Apr 17 14:49:15 + 2009 23 3600 Berlin http://a1.twimg.com/profile_background_images/41257908/8edd7_014-serg... true 2129 false false false false Tue Oct 13 17:19:41 + 2009 4839657896 @_Schnucki_ madame sie gruseln mir die scheisse aus dem leid. du schreibst von stromschlag und bei mir geht das licht aus #scary a target='_blank' href=http://www.atebits.com/; rel=nofollowTweetie/a false 4839540863 50962463 false _Schnucki_ when i paste http://twitter.com/users/show.xml? screen_name=mandarine_one into the browser, i get an xml string: user id32432559/id nameanton/name screen_namemandarine_one/screen_name locationNeuburg an der Donau/location description Mediengestalter, Nerd, Comic- und Musikliebhaber, nörgelt gerne über die Arbeit. /description profile_image_url http://a3.twimg.com/profile_images/435301043/twitter_normal.jpg /profile_image_url urlhttp://www.grizzlyfear.de/url protectedfalse/protected etc etc etc etc... Am I making some sort of basic mistake? Thanks for helping...
[twitter-dev] Re: /users/show.xml? doesn't return xml string
On Wed, Oct 14, 2009 at 11:30 AM, ArnieLapinig arnie.lapi...@gmail.com wrote: Hello, I found the problem... the Twitter API does return XML, but on my LAMP system, the PHP var_dump($variable) method strips away the XML tags! This seems ridiculous to me, but then the documentation on var_dump is skimpy... I bet JDG's theory is correct. If you echo pre before the var_dump and /pre afterward, it will probably display correctly, assuming you are doing this var_dump in a browser. The fact that the string is 2023 bytes as reported by var_dump and not nearly that long in what you pasted is another good indication that the browser is just hiding the xml tags from view. -Chad Thanks again for your help. , On Oct 13, 9:51 pm, Scott Haneda talkli...@newgeo.com wrote: I just ran your exact code, and was able to pull an xml string just fine, so I do not believe it is your code. The only thing I can think is you may want to curl_close() the connection, perhaps there is some caching or other similar thing in effect, though that is a big long shot. Maybe try curl on the command line, on the same host, and see what your results are, if that works, you can start looking at your code, otherwise, it may just be an temporary glitch in the API. You may want to look into doing some more testing in your command though, return the headers, and look at the http responses, so you know when you have a 200 ok one, versus some of the others, in which case you will want to be abel to gracefully degrade your application in some way. Sorry I could not be of more help. -- Scott * If you contact me off list replace talklists@ with scott@ * On Oct 13, 2009, at 9:37 PM, ArnieLapinig wrote: Hello, I hope someone can help my query with the REST API /users/show.xml doesn't seem to be returning an xml string... I'm getting strange data back from my query. Here's the code: $twitterHost = 'http://twitter.com/users/show.xml? screen_name=' . urlencode($lookforname); $curl = curl_init(); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl, CURLOPT_HEADER, false); curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_USERPWD, $username: $password); curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_setopt($curl, CURLOPT_URL, $twitterHost); $query = curl_exec($curl); and here's what i'm getting: $twitterHost string(59) http://twitter.com/users/show.xml? screen_name=mandarine_one $query string(2023) 32432559 anton mandarine_one Neuburg an der Donau Mediengestalter, Nerd, Comic- und Musikliebhaber, nörgelt gerne über die Arbeit.http://a3.twimg.com/profile_images/435301043/twitter_normal.jpg http://www.grizzlyfear.defalse 159 EBEBEB 33 99 F3F3F3 DFDFDF 238 Fri Apr 17 14:49:15 + 2009 23 3600 Berlin http://a1.twimg.com/profile_background_images/41257908/8edd7_014-serg... true 2129 false false false false Tue Oct 13 17:19:41 + 2009 4839657896 @_Schnucki_ madame sie gruseln mir die scheisse aus dem leid. du schreibst von stromschlag und bei mir geht das licht aus #scary a target='_blank' href=http://www.atebits.com/; rel=nofollowTweetie/a false 4839540863 50962463 false _Schnucki_ when i paste http://twitter.com/users/show.xml? screen_name=mandarine_one into the browser, i get an xml string: user id32432559/id nameanton/name screen_namemandarine_one/screen_name locationNeuburg an der Donau/location description Mediengestalter, Nerd, Comic- und Musikliebhaber, nörgelt gerne über die Arbeit. /description profile_image_url http://a3.twimg.com/profile_images/435301043/twitter_normal.jpg /profile_image_url urlhttp://www.grizzlyfear.de/url protectedfalse/protected etc etc etc etc... Am I making some sort of basic mistake? Thanks for helping...
[twitter-dev] Re: (411) Length Required error
Other code uses this snippet also. Now this is even more hilarious. I am testing right now. I am sending the ContentLength no matter what. I now can't post status updates again. If I give it the ContentLength, it just hangs. If I don't give it the ContentLength, I get the error. If I give it the ContentLength, I can send Direct Messages(length = 0). If I don't give it the ContentLength, I get the same error with direct messages. When I view the request header, the only header there is the Content-Type. Ryan On Wed, Oct 14, 2009 at 11:26 AM, Chad Etzel c...@twitter.com wrote: On Wed, Oct 14, 2009 at 11:17 AM, ryan alford ryanalford...@gmail.com wrote: Here is the code... http://pastebin.com/m7ea04ea2 Last night, that code worked(with the content length being commented out). This morning, it gives me the length required error. Ryan I am not extremely familiar with C#, but you might want to run a trace to see what exactly the HTTP request headers are that you are sending. Are you calling this code only for posting an update? Or are there other methods using this code as well? I know for requests like friendship/create you have to set the content-length to 0 for the request to work if you specify the username in the URL... -Chad On Wed, Oct 14, 2009 at 11:09 AM, Chad Etzel c...@twitter.com wrote: Can you post your code snippet (in something like pastie or pastebin)? Content-length should almost always be required for POSTs (from HTTP spec). -Chad On Wed, Oct 14, 2009 at 8:56 AM, eclipsed4utoo ryanalford...@gmail.com wrote: Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Twitter icons
I don't know if I got that information here or somewhere else, but somebody pointed out a location where I could get some Twitter icons.
[twitter-dev] Re: (411) Length Required error
Is there some sort of request.toString() method that will dump the actual request that is being sent? Or is that what you see is only the Content-Type? -chad On Wed, Oct 14, 2009 at 11:58 AM, ryan alford ryanalford...@gmail.com wrote: Other code uses this snippet also. Now this is even more hilarious. I am testing right now. I am sending the ContentLength no matter what. I now can't post status updates again. If I give it the ContentLength, it just hangs. If I don't give it the ContentLength, I get the error. If I give it the ContentLength, I can send Direct Messages(length = 0). If I don't give it the ContentLength, I get the same error with direct messages. When I view the request header, the only header there is the Content-Type. Ryan On Wed, Oct 14, 2009 at 11:26 AM, Chad Etzel c...@twitter.com wrote: On Wed, Oct 14, 2009 at 11:17 AM, ryan alford ryanalford...@gmail.com wrote: Here is the code... http://pastebin.com/m7ea04ea2 Last night, that code worked(with the content length being commented out). This morning, it gives me the length required error. Ryan I am not extremely familiar with C#, but you might want to run a trace to see what exactly the HTTP request headers are that you are sending. Are you calling this code only for posting an update? Or are there other methods using this code as well? I know for requests like friendship/create you have to set the content-length to 0 for the request to work if you specify the username in the URL... -Chad On Wed, Oct 14, 2009 at 11:09 AM, Chad Etzel c...@twitter.com wrote: Can you post your code snippet (in something like pastie or pastebin)? Content-length should almost always be required for POSTs (from HTTP spec). -Chad On Wed, Oct 14, 2009 at 8:56 AM, eclipsed4utoo ryanalford...@gmail.com wrote: Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Re: (411) Length Required error
Another question is, what has changed? This code has been working fine since September 24th(sending the ContentLength). Then on October 11th, I start having issues. Ryan On Wed, Oct 14, 2009 at 11:58 AM, ryan alford ryanalford...@gmail.comwrote: Other code uses this snippet also. Now this is even more hilarious. I am testing right now. I am sending the ContentLength no matter what. I now can't post status updates again. If I give it the ContentLength, it just hangs. If I don't give it the ContentLength, I get the error. If I give it the ContentLength, I can send Direct Messages(length = 0). If I don't give it the ContentLength, I get the same error with direct messages. When I view the request header, the only header there is the Content-Type. Ryan On Wed, Oct 14, 2009 at 11:26 AM, Chad Etzel c...@twitter.com wrote: On Wed, Oct 14, 2009 at 11:17 AM, ryan alford ryanalford...@gmail.com wrote: Here is the code... http://pastebin.com/m7ea04ea2 Last night, that code worked(with the content length being commented out). This morning, it gives me the length required error. Ryan I am not extremely familiar with C#, but you might want to run a trace to see what exactly the HTTP request headers are that you are sending. Are you calling this code only for posting an update? Or are there other methods using this code as well? I know for requests like friendship/create you have to set the content-length to 0 for the request to work if you specify the username in the URL... -Chad On Wed, Oct 14, 2009 at 11:09 AM, Chad Etzel c...@twitter.com wrote: Can you post your code snippet (in something like pastie or pastebin)? Content-length should almost always be required for POSTs (from HTTP spec). -Chad On Wed, Oct 14, 2009 at 8:56 AM, eclipsed4utoo ryanalford...@gmail.com wrote: Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Re: (411) Length Required error
Here is a screenshot right before make the request. http://yfrog.com/8d10142009115958amp You can see that there is only the Content-Type header. But you can also see that the ContentLength is set(to 6...length of my status update). .Net doesn't allow me to add the header manually if the object has a property for that header. Ryan On Oct 14, 12:05 pm, ryan alford ryanalford...@gmail.com wrote: Another question is, what has changed? This code has been working fine since September 24th(sending the ContentLength). Then on October 11th, I start having issues. Ryan On Wed, Oct 14, 2009 at 11:58 AM, ryan alford ryanalford...@gmail.comwrote: Other code uses this snippet also. Now this is even more hilarious. I am testing right now. I am sending the ContentLength no matter what. I now can't post status updates again. If I give it the ContentLength, it just hangs. If I don't give it the ContentLength, I get the error. If I give it the ContentLength, I can send Direct Messages(length = 0). If I don't give it the ContentLength, I get the same error with direct messages. When I view the request header, the only header there is the Content-Type. Ryan On Wed, Oct 14, 2009 at 11:26 AM, Chad Etzel c...@twitter.com wrote: On Wed, Oct 14, 2009 at 11:17 AM, ryan alford ryanalford...@gmail.com wrote: Here is the code... http://pastebin.com/m7ea04ea2 Last night, that code worked(with the content length being commented out). This morning, it gives me the length required error. Ryan I am not extremely familiar with C#, but you might want to run a trace to see what exactly the HTTP request headers are that you are sending. Are you calling this code only for posting an update? Or are there other methods using this code as well? I know for requests like friendship/create you have to set the content-length to 0 for the request to work if you specify the username in the URL... -Chad On Wed, Oct 14, 2009 at 11:09 AM, Chad Etzel c...@twitter.com wrote: Can you post your code snippet (in something like pastie or pastebin)? Content-length should almost always be required for POSTs (from HTTP spec). -Chad On Wed, Oct 14, 2009 at 8:56 AM, eclipsed4utoo ryanalford...@gmail.com wrote: Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Re: List of all verified accounts
Great, thanks for your response. More questions: - Is twitter.com/verified a complete list of all verified accounts? - It looks I'll have to crawl that account. Is there a simple flat list that gives the full real name of the user, plus the twitter account name? Thanks in advance! On Oct 12, 11:40 am, Ben Parr mysta...@gmail.com wrote: It exists already -http://twitter.com/verified Anyone that account follows is verified. On Oct 12, 9:59 am, Kiam kiamc...@gmail.com wrote: Hi, Is there a way to obtain a list of all verified accounts? Or are there plans to expose this in the future? Thanks, Kiam
[twitter-dev] Tweets Dataset for academia?
Hi All, I am curious if there is any Twitter data set already available for research or academia? If it is already not there then can one crawl through the users and build one and release it to the research community without any charge? What would be Twitter's official policy on this? I am sure there will be a lot of interest in academia from the Linguistics perspective and Machine Learning perspective. These questions are just out of curiosity and feasibility study types. -- Regards, Atul Kulkarni www.d.umn.edu/~kulka053 http://www.d.umn.edu/%7Ekulka053
[twitter-dev] Re: Tweets Dataset for academia?
Many people in academia / research have used TwapperKeeper service to capture tweets of interest (that are tagged) and export for analysis. Let me know if you have any questions. v/r, John http://TwapperKeeper.com jobr...@ob3solutions.com @jobrieniii On Oct 14, 2009, at 12:39 PM, Atul Kulkarni wrote: Hi All, I am curious if there is any Twitter data set already available for research or academia? If it is already not there then can one crawl through the users and build one and release it to the research community without any charge? What would be Twitter's official policy on this? I am sure there will be a lot of interest in academia from the Linguistics perspective and Machine Learning perspective. These questions are just out of curiosity and feasibility study types. -- Regards, Atul Kulkarni www.d.umn.edu/~kulka053
[twitter-dev] Re: Tweets Dataset for academia?
Thanks, John. I am not only looking at hash tags, but also other things that go along with tweets. I will keep in mind. I was actually curious about Twitter's policy on this. What is there take on releasing a certain dataset of say some random X number of users. Is it violation of any of their policy or their agreement with the users. Regards, Atul. On Wed, Oct 14, 2009 at 11:43 AM, JOHN OBRIEN john.obr...@twangu.comwrote: Many people in academia / research have used TwapperKeeper service to capture tweets of interest (that are tagged) and export for analysis. Let me know if you have any questions. v/r, John http://TwapperKeeper.com jobr...@ob3solutions.com @jobrieniii On Oct 14, 2009, at 12:39 PM, Atul Kulkarni wrote: Hi All, I am curious if there is any Twitter data set already available for research or academia? If it is already not there then can one crawl through the users and build one and release it to the research community without any charge? What would be Twitter's official policy on this? I am sure there will be a lot of interest in academia from the Linguistics perspective and Machine Learning perspective. These questions are just out of curiosity and feasibility study types. -- Regards, Atul Kulkarni www.d.umn.edu/~kulka053 http://www.d.umn.edu/%7Ekulka053 -- Regards, Atul Kulkarni www.d.umn.edu/~kulka053
[twitter-dev] api down?
Anyone having issues logging in for apps via the api but no issues at all using the twitter web site? What happened to twitter saying they were going to eat their own dog food and use a common system so that issues like this wouldn't happen. Cheers, Dean
[twitter-dev] Updating Twitter Status: Character Escaping and URLs
Hello all, I pass text from a POST variable from a form on my site to Twitter and I save this message on my own site. When I view the entry on my site it is absoultly fine. However, in some cases when there is an apostrophe in the message twitter updates the status of a user but escapes the apostrophes and this can be seen on the users status! This doesn't happen when I update my twitter status on the twitter site. So I am wondering is there a way I need to pass text to twitter? I currently do this and I make use of this awesome Twitter class. http://github.com/jmathai/twitter-async/tree $success = $twitterObj-post_statusesUpdate(array('status' = $_POST ['message'].$URL.$key)); In addition, passing URLs to twitter use to automatically link the URL but now this just appears as text? Has twitter made changes in the past month that would cause the above to happen? If not how can I overcome this? Thanks all
[twitter-dev] rate limit error on status/show only
Hi All, I am hitting the following url: /statuses/show/4843243649.xml And i get: Rate limit exceeded. Clients may not make more than 150 requests per hour. Note that before and after that i can hit any other url without problems with the same user - so i am logged in my application and everything works fine until i hit this url, after i get the error i could continue with other functionality with no problemsstrange huh? Thanks.
[twitter-dev] Re: Duplicate Tweets
Is Twitter crazy?! Have they even looked at their own user, market, and competitor information? Twitter has said they are actively pursuing businesses (and bloggers) and doing away with recurring tweets does away with key business value. Besides, there are technical solutions to this problem, so why implement a blanket policy that will negatively impact Twitter and its users. I just blogged my reasons, based on data, for why this is such a BAD idea. Dear Twitter, please don't kill your market http://bit.ly/1N5AHA On Oct 13, 1:31 pm, JDG ghil...@gmail.com wrote: Yes, and should be treated as such. I personally detest all those stupid twitter-based games. Point is, with Twitter's userbase, some get through the cracks. Don't like it, report it. This is like complaining that cops only pull over SOME speeders. Yeah, some are going to get through the cracks. On Tue, Oct 13, 2009 at 14:29, PJB pjbmancun...@gmail.com wrote: For the sake of argument, let's take this at face value as true. How about the search pollution issue with recurrent tweets in general? You may have a point. But it comes down to uneven enforcement. Twitter smacks down an app because they allow an individual to recur, say, every Monday: Today is Monday and my office hours will be from 2:15-3:30pm. Meanwhile, you have apps which do things like this: http://search.twitter.com/search?q=%23fun140 Aren't those effectively recurring tweets? -- Internets. Serious business.- Hide quoted text - - Show quoted text -
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
The situation in this scenario is that Mallory phished Bob's Twitter credentials and used them to authorize access for himself with an OAuth App that Bob also uses. Mallory can only be detected by the changes he makes in the account; He cannot be detected by viewing the list of OAuth apps with access to the account. Additionally, Mallory's access does not disturb Bob's access to the account via the OAuth consumer App. This scenario is largely equivalent to Mallory's posession of the credentials themselves. The only difference is that Mallory retains certain capabilities even if the credentials he obtained are changed. The real security profile for this scenario is that it adds an extra layer of maintenance to be done by a user if a compromise is suspected. In addition to changing passwords, Bob should cancel all other accesses to his account and reauthorize those that are trusted and necessary. Chris Babcock On Wed, 14 Oct 2009 20:17:48 +0530 srikanth reddy srikanth.yara...@gmail.com wrote: Yes. The risk is high with Desktop apps as Consumer secret/keys are distributed. On Wed, Oct 14, 2009 at 8:04 PM, Dewald Pretorius dpr...@gmail.com wrote: So this is a problem with web apps as well then. If User Bob authorized Web App to work on his account, and Phishing Dude also authorizes his Web App account to work on User Bob's Twitter account because he phished User Bob's Twitter username and password, User Bob is blissfully unaware of that?
[twitter-dev] New spam reporting API now available
On the heels of adding a Report as spam button to twitter.com (http://blog.twitter.com/2009/10/help-us-nail-spammers.html), you can now also simultaneously block and report a user as a spammer via the API. The documentation for the report_spam resource can be found here: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-report_spam As the original announcement mentions, it's important to realize no automated action will be taken as a result of a spam report being created. So don't expect an account to be suspended immediately (or at all). Also you can only create one spam report for a given user, so subsequent requests will have no result. Thanks. -- Marcel Molina Twitter Platform Team http://twitter.com/noradio
[twitter-dev] Re: Duplicate Tweets
What kept me up at night is wondering what is coming down the pike... who knows if feature X, Y, or Z in your new Twitter app might get a stop-work order from Twitter. That's really scary. On Oct 14, 11:13 am, Neicole neic...@trustneicole.com wrote: Is Twitter crazy?! Have they even looked at their own user, market, and competitor information? Twitter has said they are actively pursuing businesses (and bloggers) and doing away with recurring tweets does away with key business value. Besides, there are technical solutions to this problem, so why implement a blanket policy that will negatively impact Twitter and its users. I just blogged my reasons, based on data, for why this is such a BAD idea. Dear Twitter, please don't kill your markethttp://bit.ly/1N5AHA On Oct 13, 1:31 pm, JDG ghil...@gmail.com wrote: Yes, and should be treated as such. I personally detest all those stupid twitter-based games. Point is, with Twitter's userbase, some get through the cracks. Don't like it, report it. This is like complaining that cops only pull over SOME speeders. Yeah, some are going to get through the cracks. On Tue, Oct 13, 2009 at 14:29, PJB pjbmancun...@gmail.com wrote: For the sake of argument, let's take this at face value as true. How about the search pollution issue with recurrent tweets in general? You may have a point. But it comes down to uneven enforcement. Twitter smacks down an app because they allow an individual to recur, say, every Monday: Today is Monday and my office hours will be from 2:15-3:30pm. Meanwhile, you have apps which do things like this: http://search.twitter.com/search?q=%23fun140 Aren't those effectively recurring tweets? -- Internets. Serious business.- Hide quoted text - - Show quoted text -
[twitter-dev] Re: Twitter icons
Here is Twitters logo: https://twitter.com/about#download_logo https://twitter.com/about#download_logoAbraham On Wed, Oct 14, 2009 at 11:02, John Meyre john.l.me...@gmail.com wrote: I don't know if I got that information here or somewhere else, but somebody pointed out a location where I could get some Twitter icons. -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham http://web608.org/geeks/abraham/blogs/2009/10/03/win-google-wave-invite This email is: [ ] blogable [x] ask first [ ] private. Sent from Madison, Wisconsin, United States
[twitter-dev] Re: Duplicate Tweets
I'm encouraged to know that someone from Twitter is reading the posts on this group. Perhaps this post will come to the attention of someone in Twitter who will start a discussion with their legal advisors. When I signed up for Twitter I read the TOS presented carefully (sorry, I used to be a practicing lawyer, so I really DO read the fine print before I sign). I got excited about the power of communicating with potentially large groups of people on Twitter, and decided I would try to get a million followers in a single month, using nothing but free tools. My plan was to create 1,000 accounts and get 1,000 followers on each account. My self-imposed limitation was that I could not follow the same person on more than one account. Prior to launching this admittedly crazy scheme, I re-read the TOS carefully. They contained no restriction about multiple accounts, no restriction about using the same identity on multiple accounts, and no restriction on trying to get followers by following others. To my great surprise, the accounts I began creating in preparation for this challenge started getting shut down. In the email sent by Twitter, reference was made to a TOS that appears on Twitter's Help page, BUT IS NOT THE SAME AS THE TOS DISPLAYED WHEN SIGNING UP FOR A TWITTER ACCOUNT. I carefully read the hidden TOS and began conforming to it to the best of my ability. Further shutdowns followed. It became apparent to me: 1) That Twitter wants to control how its service is used. I have no quarrel with Twitter here, as they are paying the freight -- I pay nothing to use their software, their bandwidth or their servers. 2) Twitter is either poorly organized or downright deceitful (I assume the former, not yet having irrefutable evidence to the contrary) in posting one version of their TOS when someone signs up for a Twitter account, but maintaining and enforcing a second version of the TOS. (NOTE: they have now changed the TOS shown during sign up to refer to the same rules showing on the Help page) 3) Twitter seems to want to shape the service as a tool for two-way conversations between individuals or small groups. There is a large market that sees value in using the service as a one-way broadcast medium. Despite the limits Twitter is trying to put in place to shape the service (the 2,000 follower limit, no duplicate tweets, etc. etc.) Twitter is simultaneously encouraging SOME users of Twitter to develop large followings, but automatically signing new twitter users up to follow certain users with large followings, if the user simply hits the big green NEXT button on each screen of the sign-up process. 4) Twitter does not place a high value on making sure that the rules for using their service are clear and understandable and are consistently applied to all users. I respectfully submit that Twitter needs to provide common ground rules applicable to all users. To actively work to restrict some users from using the service as a broadcast medium, while at the same time actively encouraging the use of the service as a broadcast medium by other users (do you think anyone on twitter is having a two-way conversation with 2,000,000 people?? of course not) is fundamentally unfair. Is it in fact an illegal restraint of trade? Could Twitter end up on the wrong end of a class action lawsuit that bankrupts it or shuts it down before it even begins to monetize its service? I don't know -- that is not my area of expertise. What I DO know, is that my enthusiasm for using twitter for any purpose has waned considerably since it became apparent that I cannot predict with any certainty what their rules will be a week from now, let alone a year from now. If enough other business owners feel like I do, I think Twitter stands to severely limit its monetization possibilities.
[twitter-dev] Counting tweets with no concern for contents
I'm looking for a simple way to count tweets over specific time periods, and I have little concern for the tweet contents at this time. I've taken a quick look at the Search API and I'm not sure this is possible without transferring the tweet contents and counting them based on their timestamps. For example, I'd like to be able to determine the number of tweets with one specific search word each day, and be able to store, and later graph the daily results over several months. It would be nice, but not essential, to be able to do this with hourly granularity also. I'm an embedded systems C programmer, and I can imagine doing this in C or some scripting language run on Linux or Windows. With some time I'm sure I could code this in C myself, but it would be nice if there was some tool(s) already in existence for this. Thanks ! Mike.
[twitter-dev] Help estimating tweets per day...
I am creating a mathematical model based on some results from Twitter's API, but I am missing one critical number in the model. I need to estimate the number of total tweets in the USA each day. The better an estimate I get and the less assumptions I make, the more useful the model will be (it will be published for the public to use). I have been told that this type of information is important and usually kept secret by internet start ups. Understanding this, I have come up with a work around that is not yet accurate enough so I am looking for your advice. Idea: I gather data from Twitter's search API at least once an hour. My idea is to store the first tweet ID I see each day, and subtract it from the ID of the previous day to estimate the number of tweets per day. I have three problems here: 1. How are tweet IDs incremented? Do they increase by a factor of 1, 2, 5, 10...? 2. I need an estimate for the number of private/protected users assuming each private user's tweet gets an ID number. This is required because I am sampling the public tweets. 3. I need to estimate the number of tweets coming from overseas. I am modeling the USA. This is less of a problem than the previous two. Thanks for your time. Any help/advice is appreciated!
[twitter-dev] Checking if a user exists by email
There was a post on this group called API Method for checking if a user exists? a while ago. The method for checking if a user exist described there no longer works. Is there a way for me to use the API to verify if an email address is associated with a twitter account? Thanks.
[twitter-dev] Re: Separate terms using commas?
On Oct 13, 4:09 pm, EastSideDev eastside...@gmail.com wrote: I am using the streaming search API. If I have more than one term to search, do I need to separate those terms with commas? If these are hash tags, do I include the hash symbol? (#test1, #test2, #test3) I am experiencing some random problems, and I would like to eliminate this as the trouble spot before looking for the problem elsewhere. Personally, I have experienced no problems using spaces between the search terms. Be careful what you use because there is a difference between searching all keywords and all occurrences of all keywords. I think you are fine with or without commas though. Here are the search operators from twitter: http://search.twitter.com/operators You can get an idea for url composition by using the advanced search: http://search.twitter.com/advanced
[twitter-dev] Re: Tweets Dataset for academia?
Atul, I am in the same boat as you. I am currently using the APIs that Twitter offers to gather data. However, the more data I have access to, the fewer assumptions I have to make and the better my results. Twitter is very popular though and access to their data from 3rd parties consumes a lot of computing power on their part. Just keep that in mind! Feel free to contact me if you have any specific questions. -Kyle On Oct 14, 12:39 pm, Atul Kulkarni atulskulka...@gmail.com wrote: Hi All, I am curious if there is any Twitter data set already available for research or academia? If it is already not there then can one crawl through the users and build one and release it to the research community without any charge? What would be Twitter's official policy on this? I am sure there will be a lot of interest in academia from the Linguistics perspective and Machine Learning perspective. These questions are just out of curiosity and feasibility study types. -- Regards, Atul Kulkarniwww.d.umn.edu/~kulka053http://www.d.umn.edu/%7Ekulka053
[twitter-dev] Re: Tweets Dataset for academia?
Hi Atul, There is a fairly significant corpus of tweets available, although it is fairly old - see here: http://www.mail-archive.com/twitter-development-talk@googlegroups.com/msg05715.html. I believe that the second part has expired, but you should be unable to use the first part - it is several million tweets worth. All the best, Tom On Wed, Oct 14, 2009 at 5:55 PM, Atul Kulkarni atulskulka...@gmail.comwrote: Thanks, John. I am not only looking at hash tags, but also other things that go along with tweets. I will keep in mind. I was actually curious about Twitter's policy on this. What is there take on releasing a certain dataset of say some random X number of users. Is it violation of any of their policy or their agreement with the users. Regards, Atul. On Wed, Oct 14, 2009 at 11:43 AM, JOHN OBRIEN john.obr...@twangu.comwrote: Many people in academia / research have used TwapperKeeper service to capture tweets of interest (that are tagged) and export for analysis. Let me know if you have any questions. v/r, John http://TwapperKeeper.com jobr...@ob3solutions.com @jobrieniii On Oct 14, 2009, at 12:39 PM, Atul Kulkarni wrote: Hi All, I am curious if there is any Twitter data set already available for research or academia? If it is already not there then can one crawl through the users and build one and release it to the research community without any charge? What would be Twitter's official policy on this? I am sure there will be a lot of interest in academia from the Linguistics perspective and Machine Learning perspective. These questions are just out of curiosity and feasibility study types. -- Regards, Atul Kulkarni www.d.umn.edu/~kulka053 http://www.d.umn.edu/%7Ekulka053 -- Regards, Atul Kulkarni www.d.umn.edu/~kulka053 http://www.d.umn.edu/%7Ekulka053
[twitter-dev] Re: Separate terms using commas?
You may be conflating the Streaming API, which requires commas between keywords, and the search API, which does not. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Oct 14, 9:19 am, Kyle B kylebarn...@gmail.com wrote: On Oct 13, 4:09 pm, EastSideDev eastside...@gmail.com wrote: I am using the streaming search API. If I have more than one term to search, do I need to separate those terms with commas? If these are hash tags, do I include the hash symbol? (#test1, #test2, #test3) I am experiencing some random problems, and I would like to eliminate this as the trouble spot before looking for the problem elsewhere. Personally, I have experienced no problems using spaces between the search terms. Be careful what you use because there is a difference between searching all keywords and all occurrences of all keywords. I think you are fine with or without commas though. Here are the search operators from twitter: http://search.twitter.com/operators You can get an idea for url composition by using the advanced search:http://search.twitter.com/advanced
[twitter-dev] Re: Checking if a user exists by email
no. On Wed, Oct 14, 2009 at 09:50, HAR HAR harsocialme...@gmail.com wrote: There was a post on this group called API Method for checking if a user exists? a while ago. The method for checking if a user exist described there no longer works. Is there a way for me to use the API to verify if an email address is associated with a twitter account? Thanks. -- Internets. Serious business.
[twitter-dev] Re: Counting tweets with no concern for contents
The track parameter on the Streaming API will give you all statuses that match a keyword. When rate-limited, you'll get an accurate count of the limited statuses. You'll only get accurate results for sets of keywords if your stream is not limited. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Oct 14, 12:39 pm, miker mikerei...@gmail.com wrote: I'm looking for a simple way to count tweets over specific time periods, and I have little concern for the tweet contents at this time. I've taken a quick look at the Search API and I'm not sure this is possible without transferring the tweet contents and counting them based on their timestamps. For example, I'd like to be able to determine the number of tweets with one specific search word each day, and be able to store, and later graph the daily results over several months. It would be nice, but not essential, to be able to do this with hourly granularity also. I'm an embedded systems C programmer, and I can imagine doing this in C or some scripting language run on Linux or Windows. With some time I'm sure I could code this in C myself, but it would be nice if there was some tool(s) already in existence for this. Thanks ! Mike.
[twitter-dev] Re: Help estimating tweets per day...
On Oct 14, 2009, at 8:38 AM, Kyle B wrote: I am creating a mathematical model based on some results from Twitter's API, but I am missing one critical number in the model. I need to estimate the number of total tweets in the USA each day. The better an estimate I get and the less assumptions I make, the more useful the model will be (it will be published for the public to use). I have been told that this type of information is important and usually kept secret by internet start ups. Understanding this, I have come up with a work around that is not yet accurate enough so I am looking for your advice. I am very interested in this data, as it is a metric I will need with a service I am working on. I had no idea how to get this accurately, so I was going to look for services that are making educated guesses. Idea: I gather data from Twitter's search API at least once an hour. I do not think this is your best approach. The search API seems to have a lot of flux to it. The public timeline would be better, but still not perfect. I think you want the streaming API, which I will elaborate on below. My idea is to store the first tweet ID I see each day, and subtract it from the ID of the previous day to estimate the number of tweets per day. I have three problems here: 1. How are tweet IDs incremented? Do they increase by a factor of 1, 2, 5, 10...? It does not matter. I would guess they are incremented by one. Just given the 32/64 bit counter issue, it would appear it has to be 1, or they would have breached the 32 bit limits a long time ago. This does not take into account any number of technical things Twitter may do on their end such as distributed databases, completely de- normalized data in order to deal with the massive volume they have, and most importantly, users deleting tweets. 2. I need an estimate for the number of private/protected users assuming each private user's tweet gets an ID number. This is required because I am sampling the public tweets. I am not sure you need this in your calculation, if you only read public tweets, and have a way to count them accurately, there should not be a need to subtract out any private ones. I do not believe you can ever arrive at an accurate count by subtracting first and last tweet. You have time zones to content with as well. 3. I need to estimate the number of tweets coming from overseas. I am modeling the USA. This is less of a problem than the previous two. This will be hard, as there is no mandate stating you must set your location, let alone set it to something accurate. It has been suggested that changing your location to a false one is a good way to trick some politically charged countries from preventing conversational discourse. If you look at the streaming API, you can define a set of parameters that will allow a stream of data to come in. It is a lot of data, in my opinion, a boatload of data. It also sounds just like what you need. Hit the streaming API, open a socket, and start reading in the data. Of course, you will not want to read it all, but determine some batch you want to grab, and some schedule you want to grab it on. You can then extrapolate your numbers from there. Perhaps a 1 minute read of the data every 5 minutes would get you where you need to go. Then you could determine patterns in usage and adjust accordingly. From what I understand about the streaming API, is that it is in fact a full stream, always on. Not only do you have to make sure that stream stays open, and reconnect it if it closes, consider it to be a youtube video playing all day long. Even if you only want a chunk of the data, you are still moving all that data across your wire. If you are in any way bandwidth constrained, be sure to be careful, your bills and resources could go through the roof. This of course is just a small technical hurdle, you could open and close the stream as needed, but you may sacrifice some accuracy by doing so. If there is any chance you could contact me off list, address below, and keep me posted on your data when it goes public, I would be very appreciative. -- Scott * If you contact me off list replace talklists@ with scott@ *
[twitter-dev] Re: Help estimating tweets per day...
On Wed, Oct 14, 2009 at 8:38 AM, Kyle B kylebarn...@gmail.com wrote: 1. How are tweet IDs incremented? Do they increase by a factor of 1, 2, 5, 10...? I've asked that question previously and the answer was a definitive We aren't telling. It seems to be considered a significant enough trade secret that I wouldn't be at all surprised if they are skipping IDs randomly to prevent people from doing exactly what you're seeking to do. Nor would I be surprised if they refuse to say a word about it now. Short of figuring out an indirect approach, I don't think you'll be able to come up with an accurate number. Nick
[twitter-dev] Re: New spam reporting API now available
Awesome work! Let's make those spammers cry. :) On Wed, Oct 14, 2009 at 2:46 PM, Marcel Molina mar...@twitter.com wrote: On the heels of adding a Report as spam button to twitter.com (http://blog.twitter.com/2009/10/help-us-nail-spammers.html), you can now also simultaneously block and report a user as a spammer via the API. The documentation for the report_spam resource can be found here: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-report_spam As the original announcement mentions, it's important to realize no automated action will be taken as a result of a spam report being created. So don't expect an account to be suspended immediately (or at all). Also you can only create one spam report for a given user, so subsequent requests will have no result. Thanks. -- Marcel Molina Twitter Platform Team http://twitter.com/noradio -- Josh
[twitter-dev] Interface for twitter translators
It seems that the interface is not working very well because I hit the Translate Everything button and click on one term and it takes me back to the homepage. That happened on Chrome. It does not even work on IE 8. Regards, Antonio Lopez
[twitter-dev] Re: Interface for twitter translators
Hello, You probably want to use the Google Group for your particular translator language: http://groups.google.com/group/twitter-translators-italian http://groups.google.com/group/twitter-translators-german http://groups.google.com/group/twitter-translators-spanish http://groups.google.com/group/twitter-translators-french -Chad On Wed, Oct 14, 2009 at 5:24 PM, qtnet antoniolopezre...@gmail.com wrote: It seems that the interface is not working very well because I hit the Translate Everything button and click on one term and it takes me back to the homepage. That happened on Chrome. It does not even work on IE 8. Regards, Antonio Lopez
[twitter-dev] Re: Help estimating tweets per day...
Thanks for the info. It helps a lot. Figuring out an accurate number is essential to my model, so much so that I am determined to find some method of estimating it to acceptable margins of error! - Kyle On Oct 14, 5:19 pm, Nick Arnett nick.arn...@gmail.com wrote: On Wed, Oct 14, 2009 at 8:38 AM, Kyle B kylebarn...@gmail.com wrote: 1. How are tweet IDs incremented? Do they increase by a factor of 1, 2, 5, 10...? I've asked that question previously and the answer was a definitive We aren't telling. It seems to be considered a significant enough trade secret that I wouldn't be at all surprised if they are skipping IDs randomly to prevent people from doing exactly what you're seeking to do. Nor would I be surprised if they refuse to say a word about it now. Short of figuring out an indirect approach, I don't think you'll be able to come up with an accurate number. Nick
[twitter-dev] Re: Help estimating tweets per day...
And you don't think the streaming API will answer that for you? -- Scott * If you contact me off list replace talklists@ with scott@ * On Oct 14, 2009, at 3:27 PM, Kyle B wrote: Thanks for the info. It helps a lot. Figuring out an accurate number is essential to my model, so much so that I am determined to find some method of estimating it to acceptable margins of error!
[twitter-dev] Re: Somebody has Experience with Affiliate Marketing using Twitter?
Wow, spam much? ∞ Andy Badera ∞ +1 518-641-1280 ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=andrew%20badera On Wed, Oct 14, 2009 at 5:45 PM, Bolaleman hull...@hotmail.com wrote: Hello, I am a hobby online affiliate marketer making ultimately quite some extra cash with a strategy called Niche Affiliate Marketing. I wonder if I could use Twitter to promote the products but I doubt that this would work out using this platform. As I understant how Twitter works (and I am using it now for several weeks), it has only limited effectivity as marketing tool as people are basically using this platform to chat and to make contacts but for commercial purposes. Somebody has experience using Twitter as tool for marketing their product? Here is an explanation of Niche affiliate marketing I used in an other forum: Niche affiliate marketing is a proven way to identify smaller and more tightly focused segments of a larger market. This method of identifying smaller markets is a key way to make money with a company called Clickbank. Niche affiliate marketers identify whether the customers in that niche are willing to buy and then, in turn, marketing to them in a manner that persuades them to do business with you. These smaller markets are often overlooked by other markets. Niche affiliate marketing means focusing on a certain target market that is smaller and more specific. One main service that successful niche affiliate marketers use for products to promote to their niche is Clickbank. Clickbank offers thousands of digital products that you can sell for VERY high payouts. Signup is completely FREE and there are a lot of free tools teaching you how to start making money promoting others products online (as affiliate) or let others promote your product, only paying a commission when your affiliates (promoters) are making a sell. Best of all: there are really no costs involved with this program. The only cost would be the creation of a digital product (i.e. website hosting) if you decide to start as a promoter of your own online product. This is the link to the clickbank Niche Marketing program for resellers: http://safegate.reseller.hop.clickbank.net If you are really interested in making money online you need to dig into this website and you will be surprised on the potential of the strategies described there. Why is it free? Clickbank makes its money by charging rather small fees for each sale you make or your affiliates make. It’s the quantity of sold products that make these guys richer and richer each day – and if you like – also you. Bolaleman
[twitter-dev] Re: (411) Length Required error
So any thoughts/ideas? Ryan On Oct 14, 12:09 pm, eclipsed4utoo ryanalford...@gmail.com wrote: Here is a screenshot right before make the request. http://yfrog.com/8d10142009115958amp You can see that there is only the Content-Type header. But you can also see that the ContentLength is set(to 6...length of my status update). .Net doesn't allow me to add the header manually if the object has a property for that header. Ryan On Oct 14, 12:05 pm, ryan alford ryanalford...@gmail.com wrote: Another question is, what has changed? This code has been working fine since September 24th(sending the ContentLength). Then on October 11th, I start having issues. Ryan On Wed, Oct 14, 2009 at 11:58 AM, ryan alford ryanalford...@gmail.comwrote: Other code uses this snippet also. Now this is even more hilarious. I am testing right now. I am sending the ContentLength no matter what. I now can't post status updates again. If I give it the ContentLength, it just hangs. If I don't give it the ContentLength, I get the error. If I give it the ContentLength, I can send Direct Messages(length = 0). If I don't give it the ContentLength, I get the same error with direct messages. When I view the request header, the only header there is the Content-Type. Ryan On Wed, Oct 14, 2009 at 11:26 AM, Chad Etzel c...@twitter.com wrote: On Wed, Oct 14, 2009 at 11:17 AM, ryan alford ryanalford...@gmail.com wrote: Here is the code... http://pastebin.com/m7ea04ea2 Last night, that code worked(with the content length being commented out). This morning, it gives me the length required error. Ryan I am not extremely familiar with C#, but you might want to run a trace to see what exactly the HTTP request headers are that you are sending. Are you calling this code only for posting an update? Or are there other methods using this code as well? I know for requests like friendship/create you have to set the content-length to 0 for the request to work if you specify the username in the URL... -Chad On Wed, Oct 14, 2009 at 11:09 AM, Chad Etzel c...@twitter.com wrote: Can you post your code snippet (in something like pastie or pastebin)? Content-length should almost always be required for POSTs (from HTTP spec). -Chad On Wed, Oct 14, 2009 at 8:56 AM, eclipsed4utoo ryanalford...@gmail.com wrote: Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Re: Help estimating tweets per day...
On Wed, Oct 14, 2009 at 3:27 PM, Kyle B kylebarn...@gmail.com wrote: Thanks for the info. It helps a lot. Figuring out an accurate number is essential to my model, so much so that I am determined to find some method of estimating it to acceptable margins of error! It occurs to me that perhaps this might not be so hard... and please do share your results with us. Just test a good-sized sample of IDs and see how many don't exist. That will give you an idea of how many there really are. I'll be curious to see if you get consistent results from one day to the next. I won't be too surprised to see if you don't, which would mean that Twitter is skipping a random (or at least somewhat random) number of IDs each day. However, if you want to continue to know this number, you'll have to continue to sample. And your sample might have to span multiple days to get a reliable answer. And I hate to say this, because if they're not already doing it, this might make them start... Twitter could be monitoring for any process that repeatedly asks for deliberately non-existent IDs, in order to block them, to maintain the obfuscation. Then you're stuck again, unless you can find a way around that defense. Assuming there are millions of IDs a day, you'll need a pretty good sample size if you want to maintain a good number. The good news in all this is that IIRC, Twitter has guaranteed that IDs will increase chronologically. The bad news is that I'm writing this off the top of my head and there's probably an easy defense I haven't thought of, which somebody at Twitter will think of just because they see this conversation. Put 'em on double-secret probation, I say. Nick
[twitter-dev] Re: Help estimating tweets per day...
On Wed, Oct 14, 2009 at 3:56 PM, Scott Haneda talkli...@newgeo.com wrote: And you don't think the streaming API will answer that for you? It can't, can it? It isn't the complete stream, only a sampled subset. There's no way to know which IDs were skipped in order to obfuscate the actual number of tweets. A missing ID could either just have not been sampled or not exist. Nick
[twitter-dev] Re: Help estimating tweets per day...
On Wed, Oct 14, 2009 at 4:10 PM, Nick Arnett nick.arn...@gmail.com wrote: On Wed, Oct 14, 2009 at 3:27 PM, Kyle B kylebarn...@gmail.com wrote: Thanks for the info. It helps a lot. Figuring out an accurate number is essential to my model, so much so that I am determined to find some method of estimating it to acceptable margins of error! Couple of more thoughts dawned on me. If the approach I'm suggesting violates the TOS, please realize that it is not my intention to encourage anybody to violate the TOS. Second, thinking more evil-like, one way about the kind of defense I imagined would be to distribute the problem -- find a bunch of people who would like the same data and coordinate the testing to see what percentage of IDs actually exist. Did I just describe a DDOS? Please, no. Another possible evil defense -- there's a fake tweet generator at Twitter, really messing with the statistics; tweets that are ONLY visible to people who try to retrieve them via IDs that appear nowhere in public. A honey-trap, in other words. I've spent too much time working with intelligence agencies. Nick
[twitter-dev] Re: (411) Length Required error
Ok. nevermind. I have it fixed now. Since I am using OAuth, I am not writing a stream to the request object (like I would do with Basic Auth). So I changed the ContentLength to 0, and it works. Could the response had been waiting for me to stream the content to it since I told it the length? I guess that could have cause the indefinite hanging. Ryan On Oct 14, 6:59 pm, eclipsed4utoo ryanalford...@gmail.com wrote: So any thoughts/ideas? Ryan On Oct 14, 12:09 pm, eclipsed4utoo ryanalford...@gmail.com wrote: Here is a screenshot right before make the request. http://yfrog.com/8d10142009115958amp You can see that there is only the Content-Type header. But you can also see that the ContentLength is set(to 6...length of my status update). .Net doesn't allow me to add the header manually if the object has a property for that header. Ryan On Oct 14, 12:05 pm, ryan alford ryanalford...@gmail.com wrote: Another question is, what has changed? This code has been working fine since September 24th(sending the ContentLength). Then on October 11th, I start having issues. Ryan On Wed, Oct 14, 2009 at 11:58 AM, ryan alford ryanalford...@gmail.comwrote: Other code uses this snippet also. Now this is even more hilarious. I am testing right now. I am sending the ContentLength no matter what. I now can't post status updates again. If I give it the ContentLength, it just hangs. If I don't give it the ContentLength, I get the error. If I give it the ContentLength, I can send Direct Messages(length = 0). If I don't give it the ContentLength, I get the same error with direct messages. When I view the request header, the only header there is the Content-Type. Ryan On Wed, Oct 14, 2009 at 11:26 AM, Chad Etzel c...@twitter.com wrote: On Wed, Oct 14, 2009 at 11:17 AM, ryan alford ryanalford...@gmail.com wrote: Here is the code... http://pastebin.com/m7ea04ea2 Last night, that code worked(with the content length being commented out). This morning, it gives me the length required error. Ryan I am not extremely familiar with C#, but you might want to run a trace to see what exactly the HTTP request headers are that you are sending. Are you calling this code only for posting an update? Or are there other methods using this code as well? I know for requests like friendship/create you have to set the content-length to 0 for the request to work if you specify the username in the URL... -Chad On Wed, Oct 14, 2009 at 11:09 AM, Chad Etzel c...@twitter.com wrote: Can you post your code snippet (in something like pastie or pastebin)? Content-length should almost always be required for POSTs (from HTTP spec). -Chad On Wed, Oct 14, 2009 at 8:56 AM, eclipsed4utoo ryanalford...@gmail.com wrote: Ok, this is really starting to screw with me. On Sunday, I received this error. I put in code to send the content length when making a status update. It worked on Sunday. On Monday, the POST request started hanging. For two days, I tried to figure out what the problem was. So last night, I removed the code to add the content length. IT WORKED!!! Now, this morning, I am getting the error again that the length is required. So which is it? Is the length required or not? Last night it was not required, this morning it is. If I send it and it's not required, it hangs the request indefinitely. If I don't send it and it's required, I get an error message. Any help?
[twitter-dev] Re: Issues I came across migrating to cursors
I'm migrating my code now. I just pulled down 7000 users. If I get a bad response to a call I'll retry it up to 5 times. It took 20 mins and 1 hour, which is going to be troublesome. Tim. On Oct 7, 6:59 pm, jmathai jmat...@gmail.com wrote: So a user comes to the site and I need to build their social graph. I have two options. 1) Use followers/ids and get ids of all their followers 5,000 at a time 2) Use statuses/followers and get profiles of all followers 100 at a time Ids alone don't really do me much good. So option 2 is more efficient for me (unless there's a batch user fetch api I'm unaware of). That being said, if a user has 10,000 followers (not uncommon) then I have to make 100 API calls to fetch profiles for all the followers. Not a big deal. Except, Twitter gives me random errors. Sometimes it's a 502 and other times a 400. I'm not confident that I won't randomly receive a different 4xx or 5xx response. I tried to put code in place so that on 5xx responses that I would *continue* and retry the request. That's when I got a 400 response. I have yet to fetch someone's entire graph using a sample account with 13,000 followers. Has anyone successfully migrated tocursorsand consistently pulled down a large (10k) graph?
[twitter-dev] New cursor methods are way too slow
Hi'ya, I'm migrating my code to use cursors at the moment. It's frustrating that calls need to be synchronous rather than how paged calls could be asynchronous. Retrieving 7000 followers just took 20 minutes for me. I filed an issue that proposes a solution here: http://code.google.com/p/twitter-api/issues/detail?id=1078 If you retrieve friends or followers, please take a look and give it a star if it's important to you. If anyone can suggest a work around for this, I'd be happy to hear it. Cheers, Tim.
[twitter-dev] Re: Counting tweets with no concern for contents
Thanks John. I'm mostly interested in using a single keyword at present, but it would be nice to not have rate-limiting issues with multiple keywords. I've read the Streaming API page, and I guess I get the ideas there, although I'm not familiar with the Twitter API terminology yet. I was hoping to avoid the complexities of dealing with an ongoing persistent stream of data. I'm also disappointed if there is no other way to simply get a count of tweets every hour or day etc. without having to transfer all this content I would simply throw away after counting. It seems like it would be a waste of bandwidth and CPU on my end and yours. I can Google a keyword and get an estimated count of webpages without having to view every result. It would be nice if Twitter could do something similar. I'm also reading the thread on estimating tweets per day and I see that Twitter may want to keep that information confidential. I also find that disappointing because I'd like to compensate my data for the growth in Twitter data. Regards, Mike. On Oct 14, 4:56 pm, John Kalucki jkalu...@gmail.com wrote: The track parameter on the Streaming API will give you all statuses that match a keyword. When rate-limited, you'll get an accurate count of the limited statuses. You'll only get accurate results for sets of keywords if your stream is not limited.
[twitter-dev] Account reversion to May 2009 settings
I'm the author/maintainer of Net::Twitter, the perl library for the Twitter API. I have an account, @net_twitter, I use to communicate with the users of the Net::Twitter module. Several times (most recently, today), the account has been reverted to its state on or about May 30, 2009. I'm posting here in hopes of getting the attention of someone at Twitter who can help. I've reported the problem to Twitter support each time it has occurred, but it always gets handled as a forgotten password issue, which it is not. The handling seems to be almost entirely automated, so I'm not sure anyone has actually read the details of my reports to support. The original author/maintainer of Net::Twitter is Chris Thompson. He established the @net_twitter account. When I rewrote the Net::Twitter module, and Chris handed off maintenance of the Net::Twitter namespace to me, he also changed the password of the @net_twitter account and handed it off to me. I changed the associated email address, password, url, and other settings. But every few weeks, Twitter reverts the account to the values it had back in May. That happened again, today, for at least 4th time. In order to regain access to the account, I have to contact Chris each time this happens and have him reset the password. Then I change the email address, password, url, etc. all over, again. The password reset isn't useful to me, since it doesn't send mail to the address I saved in settings---it's sent to the address Chris Thompson had set back in May. What's causing the account reversion? Can it be fixed? Twitter, please contact me.
[twitter-dev] Re: Issues I came across migrating to cursors
So now that you pulled down 7000 IDs, are you making 7000 user/show calls to get the rest of the details? How's that working out? On 10/14/09 5:03 PM, Tim Haines tmhai...@gmail.com wrote: I'm migrating my code now. I just pulled down 7000 users. If I get a bad response to a call I'll retry it up to 5 times. It took 20 mins and 1 hour, which is going to be troublesome. Tim. On Oct 7, 6:59 pm, jmathai jmat...@gmail.com wrote: So a user comes to the site and I need to build their social graph. I have two options. 1) Use followers/ids and get ids of all their followers 5,000 at a time 2) Use statuses/followers and get profiles of all followers 100 at a time Ids alone don't really do me much good. So option 2 is more efficient for me (unless there's a batch user fetch api I'm unaware of). That being said, if a user has 10,000 followers (not uncommon) then I have to make 100 API calls to fetch profiles for all the followers. Not a big deal. Except, Twitter gives me random errors. Sometimes it's a 502 and other times a 400. I'm not confident that I won't randomly receive a different 4xx or 5xx response. I tried to put code in place so that on 5xx responses that I would *continue* and retry the request. That's when I got a 400 response. I have yet to fetch someone's entire graph using a sample account with 13,000 followers. Has anyone successfully migrated tocursorsand consistently pulled down a large (10k) graph?
[twitter-dev] Re: Issues I came across migrating to cursors
I'm doing statuses/followers (100 at a time) and it's taking me 1.5 minutes per 1,000 followers. Really painful. I implemented the other route using followers/ids and making a profile call for each in as parallel a way as possible and the total time was about the same. I am sticking with statuses/followers since it's lower overhead. On Oct 14, 5:48 pm, Michael Steuer mste...@gmail.com wrote: So now that you pulled down 7000 IDs, are you making 7000 user/show calls to get the rest of the details? How's that working out? On 10/14/09 5:03 PM, Tim Haines tmhai...@gmail.com wrote: I'm migrating my code now. I just pulled down 7000 users. If I get a bad response to a call I'll retry it up to 5 times. It took 20 mins and 1 hour, which is going to be troublesome. Tim. On Oct 7, 6:59 pm, jmathai jmat...@gmail.com wrote: So a user comes to the site and I need to build their social graph. I have two options. 1) Use followers/ids and get ids of all their followers 5,000 at a time 2) Use statuses/followers and get profiles of all followers 100 at a time Ids alone don't really do me much good. So option 2 is more efficient for me (unless there's a batch user fetch api I'm unaware of). That being said, if a user has 10,000 followers (not uncommon) then I have to make 100 API calls to fetch profiles for all the followers. Not a big deal. Except, Twitter gives me random errors. Sometimes it's a 502 and other times a 400. I'm not confident that I won't randomly receive a different 4xx or 5xx response. I tried to put code in place so that on 5xx responses that I would *continue* and retry the request. That's when I got a 400 response. I have yet to fetch someone's entire graph using a sample account with 13,000 followers. Has anyone successfully migrated tocursorsand consistently pulled down a large (10k) graph?
[twitter-dev] Re: Issues I came across migrating to cursors
No - I pulled down the 7000 followers using the cursor calls - not just the ids. Tim. On Oct 15, 1:48 pm, Michael Steuer mste...@gmail.com wrote: So now that you pulled down 7000 IDs, are you making 7000 user/show calls to get the rest of the details? How's that working out? On 10/14/09 5:03 PM, Tim Haines tmhai...@gmail.com wrote: I'm migrating my code now. I just pulled down 7000 users. If I get a bad response to a call I'll retry it up to 5 times. It took 20 mins and 1 hour, which is going to be troublesome. Tim. On Oct 7, 6:59 pm, jmathai jmat...@gmail.com wrote: So a user comes to the site and I need to build their social graph. I have two options. 1) Use followers/ids and get ids of all their followers 5,000 at a time 2) Use statuses/followers and get profiles of all followers 100 at a time Ids alone don't really do me much good. So option 2 is more efficient for me (unless there's a batch user fetch api I'm unaware of). That being said, if a user has 10,000 followers (not uncommon) then I have to make 100 API calls to fetch profiles for all the followers. Not a big deal. Except, Twitter gives me random errors. Sometimes it's a 502 and other times a 400. I'm not confident that I won't randomly receive a different 4xx or 5xx response. I tried to put code in place so that on 5xx responses that I would *continue* and retry the request. That's when I got a 400 response. I have yet to fetch someone's entire graph using a sample account with 13,000 followers. Has anyone successfully migrated tocursorsand consistently pulled down a large (10k) graph?
[twitter-dev] Re: New cursor methods are way too slow
Hi Tim, You said Retrieving 7000 followers just took 20 minutes for me. Can you explain what you meant by that? Are you using the friends/ids, followers/ids methods or the statuses/friends, statuses/followers methods? -Chad On Wed, Oct 14, 2009 at 8:12 PM, Tim Haines tmhai...@gmail.com wrote: Hi'ya, I'm migrating my code to use cursors at the moment. It's frustrating that calls need to be synchronous rather than how paged calls could be asynchronous. Retrieving 7000 followers just took 20 minutes for me. I filed an issue that proposes a solution here: http://code.google.com/p/twitter-api/issues/detail?id=1078 If you retrieve friends or followers, please take a look and give it a star if it's important to you. If anyone can suggest a work around for this, I'd be happy to hear it. Cheers, Tim.
[twitter-dev] Re: New cursor methods are way too slow
Hi Chad, Statuses/followers. I've just timed another attempt - it took 25 minutes to retrieve 17957 followers with statuses/followers. Is there anything I can elaborate on in the filed issue to make it clearer? Tim. On Oct 15, 2:42 pm, Chad Etzel c...@twitter.com wrote: Hi Tim, You said Retrieving 7000 followers just took 20 minutes for me. Can you explain what you meant by that? Are you using the friends/ids, followers/ids methods or the statuses/friends, statuses/followers methods? -Chad On Wed, Oct 14, 2009 at 8:12 PM, Tim Haines tmhai...@gmail.com wrote: Hi'ya, I'm migrating my code to use cursors at the moment. It's frustrating that calls need to be synchronous rather than how paged calls could be asynchronous. Retrieving 7000 followers just took 20 minutes for me. I filed an issue that proposes a solution here: http://code.google.com/p/twitter-api/issues/detail?id=1078 If you retrieve friends or followers, please take a look and give it a star if it's important to you. If anyone can suggest a work around for this, I'd be happy to hear it. Cheers, Tim.
[twitter-dev] Re: New cursor methods are way too slow
If you are pulling down the entire social graph, why not use the social graph calls which would deliver all 7000 ids in 2 calls? You can also parallelize this process by looping through different users on each thread instead of using each thread to grab a different page/cursor of the same user. Regarding the code issue you submitted, if you have the users cached locally, you could use the social graph methods to determine the missing/new 2k users pretty quickly using the social graph methods and comparing ids. -Chad On Wed, Oct 14, 2009 at 9:50 PM, Tim Haines tmhai...@gmail.com wrote: Hi Chad, Statuses/followers. I've just timed another attempt - it took 25 minutes to retrieve 17957 followers with statuses/followers. Is there anything I can elaborate on in the filed issue to make it clearer? Tim. On Oct 15, 2:42 pm, Chad Etzel c...@twitter.com wrote: Hi Tim, You said Retrieving 7000 followers just took 20 minutes for me. Can you explain what you meant by that? Are you using the friends/ids, followers/ids methods or the statuses/friends, statuses/followers methods? -Chad On Wed, Oct 14, 2009 at 8:12 PM, Tim Haines tmhai...@gmail.com wrote: Hi'ya, I'm migrating my code to use cursors at the moment. It's frustrating that calls need to be synchronous rather than how paged calls could be asynchronous. Retrieving 7000 followers just took 20 minutes for me. I filed an issue that proposes a solution here: http://code.google.com/p/twitter-api/issues/detail?id=1078 If you retrieve friends or followers, please take a look and give it a star if it's important to you. If anyone can suggest a work around for this, I'd be happy to hear it. Cheers, Tim.
[twitter-dev] Re: New cursor methods are way too slow
Are you suggesting I should retrieve the 2k users 1 at a time from users/show once I have the ids? I'd essentially like to do this, but 100 at a time. I know I can get the 7000 ids in 2 calls (1 even without the cursors) - but I actually want the whole user objects.. Tim. On Oct 15, 2:56 pm, Chad Etzel c...@twitter.com wrote: If you are pulling down the entire social graph, why not use the social graph calls which would deliver all 7000 ids in 2 calls? You can also parallelize this process by looping through different users on each thread instead of using each thread to grab a different page/cursor of the same user. Regarding the code issue you submitted, if you have the users cached locally, you could use the social graph methods to determine the missing/new 2k users pretty quickly using the social graph methods and comparing ids. -Chad On Wed, Oct 14, 2009 at 9:50 PM, Tim Haines tmhai...@gmail.com wrote: Hi Chad, Statuses/followers. I've just timed another attempt - it took 25 minutes to retrieve 17957 followers with statuses/followers. Is there anything I can elaborate on in the filed issue to make it clearer? Tim. On Oct 15, 2:42 pm, Chad Etzel c...@twitter.com wrote: Hi Tim, You said Retrieving 7000 followers just took 20 minutes for me. Can you explain what you meant by that? Are you using the friends/ids, followers/ids methods or the statuses/friends, statuses/followers methods? -Chad On Wed, Oct 14, 2009 at 8:12 PM, Tim Haines tmhai...@gmail.com wrote: Hi'ya, I'm migrating my code to use cursors at the moment. It's frustrating that calls need to be synchronous rather than how paged calls could be asynchronous. Retrieving 7000 followers just took 20 minutes for me. I filed an issue that proposes a solution here: http://code.google.com/p/twitter-api/issues/detail?id=1078 If you retrieve friends or followers, please take a look and give it a star if it's important to you. If anyone can suggest a work around for this, I'd be happy to hear it. Cheers, Tim.
[twitter-dev] Re: New cursor methods are way too slow
Yeah we really need a way to bulk request user payloads by giving a list of IDs. On Wed, Oct 14, 2009 at 9:19 PM, Tim Haines tmhai...@gmail.com wrote: Are you suggesting I should retrieve the 2k users 1 at a time from users/show once I have the ids? I'd essentially like to do this, but 100 at a time. I know I can get the 7000 ids in 2 calls (1 even without the cursors) - but I actually want the whole user objects.. Tim. On Oct 15, 2:56 pm, Chad Etzel c...@twitter.com wrote: If you are pulling down the entire social graph, why not use the social graph calls which would deliver all 7000 ids in 2 calls? You can also parallelize this process by looping through different users on each thread instead of using each thread to grab a different page/cursor of the same user. Regarding the code issue you submitted, if you have the users cached locally, you could use the social graph methods to determine the missing/new 2k users pretty quickly using the social graph methods and comparing ids. -Chad On Wed, Oct 14, 2009 at 9:50 PM, Tim Haines tmhai...@gmail.com wrote: Hi Chad, Statuses/followers. I've just timed another attempt - it took 25 minutes to retrieve 17957 followers with statuses/followers. Is there anything I can elaborate on in the filed issue to make it clearer? Tim. On Oct 15, 2:42 pm, Chad Etzel c...@twitter.com wrote: Hi Tim, You said Retrieving 7000 followers just took 20 minutes for me. Can you explain what you meant by that? Are you using the friends/ids, followers/ids methods or the statuses/friends, statuses/followers methods? -Chad On Wed, Oct 14, 2009 at 8:12 PM, Tim Haines tmhai...@gmail.com wrote: Hi'ya, I'm migrating my code to use cursors at the moment. It's frustrating that calls need to be synchronous rather than how paged calls could be asynchronous. Retrieving 7000 followers just took 20 minutes for me. I filed an issue that proposes a solution here: http://code.google.com/p/twitter-api/issues/detail?id=1078 If you retrieve friends or followers, please take a look and give it a star if it's important to you. If anyone can suggest a work around for this, I'd be happy to hear it. Cheers, Tim. -- Josh
[twitter-dev] Re: New cursor methods are way too slow
I agree. I'm lobbying the team for something like this. -Chad On Wed, Oct 14, 2009 at 10:21 PM, Josh Roesslein jroessl...@gmail.com wrote: Yeah we really need a way to bulk request user payloads by giving a list of IDs. On Wed, Oct 14, 2009 at 9:19 PM, Tim Haines tmhai...@gmail.com wrote: Are you suggesting I should retrieve the 2k users 1 at a time from users/show once I have the ids? I'd essentially like to do this, but 100 at a time. I know I can get the 7000 ids in 2 calls (1 even without the cursors) - but I actually want the whole user objects.. Tim. On Oct 15, 2:56 pm, Chad Etzel c...@twitter.com wrote: If you are pulling down the entire social graph, why not use the social graph calls which would deliver all 7000 ids in 2 calls? You can also parallelize this process by looping through different users on each thread instead of using each thread to grab a different page/cursor of the same user. Regarding the code issue you submitted, if you have the users cached locally, you could use the social graph methods to determine the missing/new 2k users pretty quickly using the social graph methods and comparing ids. -Chad On Wed, Oct 14, 2009 at 9:50 PM, Tim Haines tmhai...@gmail.com wrote: Hi Chad, Statuses/followers. I've just timed another attempt - it took 25 minutes to retrieve 17957 followers with statuses/followers. Is there anything I can elaborate on in the filed issue to make it clearer? Tim. On Oct 15, 2:42 pm, Chad Etzel c...@twitter.com wrote: Hi Tim, You said Retrieving 7000 followers just took 20 minutes for me. Can you explain what you meant by that? Are you using the friends/ids, followers/ids methods or the statuses/friends, statuses/followers methods? -Chad On Wed, Oct 14, 2009 at 8:12 PM, Tim Haines tmhai...@gmail.com wrote: Hi'ya, I'm migrating my code to use cursors at the moment. It's frustrating that calls need to be synchronous rather than how paged calls could be asynchronous. Retrieving 7000 followers just took 20 minutes for me. I filed an issue that proposes a solution here: http://code.google.com/p/twitter-api/issues/detail?id=1078 If you retrieve friends or followers, please take a look and give it a star if it's important to you. If anyone can suggest a work around for this, I'd be happy to hear it. Cheers, Tim. -- Josh
[twitter-dev] Re: New cursor methods are way too slow
Thanks Chad. On Oct 15, 3:30 pm, Chad Etzel c...@twitter.com wrote: I agree. I'm lobbying the team for something like this. -Chad On Wed, Oct 14, 2009 at 10:21 PM, Josh Roesslein jroessl...@gmail.com wrote: Yeah we really need a way to bulk request user payloads by giving a list of IDs. On Wed, Oct 14, 2009 at 9:19 PM, Tim Haines tmhai...@gmail.com wrote: Are you suggesting I should retrieve the 2k users 1 at a time from users/show once I have the ids? I'd essentially like to do this, but 100 at a time. I know I can get the 7000 ids in 2 calls (1 even without the cursors) - but I actually want the whole user objects.. Tim. On Oct 15, 2:56 pm, Chad Etzel c...@twitter.com wrote: If you are pulling down the entire social graph, why not use the social graph calls which would deliver all 7000 ids in 2 calls? You can also parallelize this process by looping through different users on each thread instead of using each thread to grab a different page/cursor of the same user. Regarding the code issue you submitted, if you have the users cached locally, you could use the social graph methods to determine the missing/new 2k users pretty quickly using the social graph methods and comparing ids. -Chad On Wed, Oct 14, 2009 at 9:50 PM, Tim Haines tmhai...@gmail.com wrote: Hi Chad, Statuses/followers. I've just timed another attempt - it took 25 minutes to retrieve 17957 followers with statuses/followers. Is there anything I can elaborate on in the filed issue to make it clearer? Tim. On Oct 15, 2:42 pm, Chad Etzel c...@twitter.com wrote: Hi Tim, You said Retrieving 7000 followers just took 20 minutes for me. Can you explain what you meant by that? Are you using the friends/ids, followers/ids methods or the statuses/friends, statuses/followers methods? -Chad On Wed, Oct 14, 2009 at 8:12 PM, Tim Haines tmhai...@gmail.com wrote: Hi'ya, I'm migrating my code to use cursors at the moment. It's frustrating that calls need to be synchronous rather than how paged calls could be asynchronous. Retrieving 7000 followers just took 20 minutes for me. I filed an issue that proposes a solution here: http://code.google.com/p/twitter-api/issues/detail?id=1078 If you retrieve friends or followers, please take a look and give it a star if it's important to you. If anyone can suggest a work around for this, I'd be happy to hear it. Cheers, Tim. -- Josh
[twitter-dev] Seeing retweeted_details for user_timeline payload
I'm retrieving the timeline for a specific user: curl http://www.twitter.com/statuses/user_timeline/ev.xml Within that timeline, I see retweeted_status fragment. Is this normal behavior ? Thanks - Martin
[twitter-dev] Re: Seeing retweeted_details for user_timeline payload
Maybe the new retweet functionality has been turned on? Ryan On Wed, Oct 14, 2009 at 10:45 PM, Martin martin.duf...@gmail.com wrote: I'm retrieving the timeline for a specific user: curl http://www.twitter.com/statuses/user_timeline/ev.xml Within that timeline, I see retweeted_status fragment. Is this normal behavior ? Thanks - Martin
[twitter-dev] Re: Seeing retweeted_details for user_timeline payload
I think its been enabled for a select few for testing. I don't think its gone public yet. On Wed, Oct 14, 2009 at 9:56 PM, ryan alford ryanalford...@gmail.com wrote: Maybe the new retweet functionality has been turned on? Ryan On Wed, Oct 14, 2009 at 10:45 PM, Martin martin.duf...@gmail.com wrote: I'm retrieving the timeline for a specific user: curl http://www.twitter.com/statuses/user_timeline/ev.xml Within that timeline, I see retweeted_status fragment. Is this normal behavior ? Thanks - Martin -- Josh
[twitter-dev] Re: Seeing retweeted_details for user_timeline payload
Ahh..just noticed who he was looking at. I would assume that most of the Twitter employees have it turned on for their accounts. Most certainly the CEO of Twitter. Ryan On Wed, Oct 14, 2009 at 10:59 PM, Josh Roesslein jroessl...@gmail.comwrote: I think its been enabled for a select few for testing. I don't think its gone public yet. On Wed, Oct 14, 2009 at 9:56 PM, ryan alford ryanalford...@gmail.com wrote: Maybe the new retweet functionality has been turned on? Ryan On Wed, Oct 14, 2009 at 10:45 PM, Martin martin.duf...@gmail.com wrote: I'm retrieving the timeline for a specific user: curl http://www.twitter.com/statuses/user_timeline/ev.xml Within that timeline, I see retweeted_status fragment. Is this normal behavior ? Thanks - Martin -- Josh
[twitter-dev] Re: Profile Image Update Via API - Access Denied
Most likely the content-type is not being set correctly. What is the value of $new_image? -Chad On Wed, Oct 14, 2009 at 10:29 PM, TylerC tyle...@gmail.com wrote: Hey all I am having trouble getting Twitter to update profile avatars... From what I can tell I have the API calls straight but when I go to Twitter there is no avatar image and when I right click it and then click view image I get the following: Error CodeAccessDenied/Code MessageAccess Denied/Message RequestId5C34DBD155FA0052/RequestId - HostId Rd/SKr0AUrZiiT3K0jLhhVZ3EpVqWRKbP8NSlc26gQn21WIqkl7E9roK/ZaUFEfg /HostId /Error Here is my API call, the image being sent is a gif much smaller than 700kb and its the absolute path... $url = 'http://twitter.com/account/update_profile_image.xml'; $curl_handle = curl_init(); curl_setopt($curl_handle, CURLOPT_URL, $url); curl_setopt($curl_handle, CURLOPT_POST, 1); curl_setopt($curl_handle, CURLOPT_HTTPHEADER, array('Expect:')); curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(image = @ $new_image)); curl_setopt($curl_handle, CURLOPT_USERPWD, $username:$password); $buffer = curl_exec($curl_handle); curl_close($curl_handle); echo $buffer; Everything is returned properly with no errors but yet no image appears for the avatar just a blank space. Oddly enough the image name on the profile page is correct but it will not show... Any ideas this is really pissing me off!? Thanks!
[twitter-dev] The little twitter button
How do I get the little twitter button I see on many blogs and sites? I have set up FaceBook to work with our database of articles but I cannot find on twitter what I need to do. I don't think I need to use the Twitter API and I cannot find any information on this issue. Thanks Dave
[twitter-dev] Re: Profile Image Update Via API - Access Denied
In this case it was /home/49090/domains/***/html/clients// tools/avatars/city_ninja.png On Oct 14, 11:10 pm, Chad Etzel c...@twitter.com wrote: Most likely the content-type is not being set correctly. What is the value of $new_image? -Chad On Wed, Oct 14, 2009 at 10:29 PM, TylerC tyle...@gmail.com wrote: Hey all I am having trouble getting Twitter to update profile avatars... From what I can tell I have the API calls straight but when I go to Twitter there is no avatar image and when I right click it and then click view image I get the following: Error CodeAccessDenied/Code MessageAccess Denied/Message RequestId5C34DBD155FA0052/RequestId - HostId Rd/SKr0AUrZiiT3K0jLhhVZ3EpVqWRKbP8NSlc26gQn21WIqkl7E9roK/ZaUFEfg /HostId /Error Here is my API call, the image being sent is a gif much smaller than 700kb and its the absolute path... $url = 'http://twitter.com/account/update_profile_image.xml'; $curl_handle = curl_init(); curl_setopt($curl_handle, CURLOPT_URL, $url); curl_setopt($curl_handle, CURLOPT_POST, 1); curl_setopt($curl_handle, CURLOPT_HTTPHEADER, array('Expect:')); curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(image = @ $new_image)); curl_setopt($curl_handle, CURLOPT_USERPWD, $username:$password); $buffer = curl_exec($curl_handle); curl_close($curl_handle); echo $buffer; Everything is returned properly with no errors but yet no image appears for the avatar just a blank space. Oddly enough the image name on the profile page is correct but it will not show... Any ideas this is really pissing me off!? Thanks!
[twitter-dev] Re: The little twitter button
http://twitter.com/goodies/widgets Is that what you are looking for? Josh On Wed, Oct 14, 2009 at 9:05 PM, Dawg ad...@sailinganarchy.com wrote: How do I get the little twitter button I see on many blogs and sites? I have set up FaceBook to work with our database of articles but I cannot find on twitter what I need to do. I don't think I need to use the Twitter API and I cannot find any information on this issue. Thanks Dave
[twitter-dev] Re: Separate terms using commas?
It seems as neither is working. I tried #test1, #test2, #test3 and #test1 #test2 #test3, but I got no data (streaming API), and I let it run for hours. When I used only a single term #test1, I immediately started getting data. Was there a change to prevent more than one term from being used? On Oct 14, 1:52 pm, John Kalucki jkalu...@gmail.com wrote: You may be conflating the Streaming API, which requires commas between keywords, and the search API, which does not. -John Kaluckihttp://twitter.com/jkalucki Services, Twitter Inc. On Oct 14, 9:19 am, Kyle B kylebarn...@gmail.com wrote: On Oct 13, 4:09 pm, EastSideDev eastside...@gmail.com wrote: I am using the streaming search API. If I have more than one term to search, do I need to separate those terms with commas? If these are hash tags, do I include the hash symbol? (#test1, #test2, #test3) I am experiencing some random problems, and I would like to eliminate this as the trouble spot before looking for the problem elsewhere. Personally, I have experienced no problems using spaces between the search terms. Be careful what you use because there is a difference between searching all keywords and all occurrences of all keywords. I think you are fine with or without commas though. Here are the search operators from twitter: http://search.twitter.com/operators You can get an idea for url composition by using the advanced search:http://search.twitter.com/advanced
[twitter-dev] Re: Profile Image Update Via API - Access Denied
Try this.. curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(image = @$new_image;type=image/png)); I have never tried this myself, but I have seen some other people say that it is needed on some servers to set the proper content-type. -Chad On Wed, Oct 14, 2009 at 11:15 PM, TylerC tyle...@gmail.com wrote: In this case it was /home/49090/domains/***/html/clients// tools/avatars/city_ninja.png On Oct 14, 11:10 pm, Chad Etzel c...@twitter.com wrote: Most likely the content-type is not being set correctly. What is the value of $new_image? -Chad On Wed, Oct 14, 2009 at 10:29 PM, TylerC tyle...@gmail.com wrote: Hey all I am having trouble getting Twitter to update profile avatars... From what I can tell I have the API calls straight but when I go to Twitter there is no avatar image and when I right click it and then click view image I get the following: Error CodeAccessDenied/Code MessageAccess Denied/Message RequestId5C34DBD155FA0052/RequestId - HostId Rd/SKr0AUrZiiT3K0jLhhVZ3EpVqWRKbP8NSlc26gQn21WIqkl7E9roK/ZaUFEfg /HostId /Error Here is my API call, the image being sent is a gif much smaller than 700kb and its the absolute path... $url = 'http://twitter.com/account/update_profile_image.xml'; $curl_handle = curl_init(); curl_setopt($curl_handle, CURLOPT_URL, $url); curl_setopt($curl_handle, CURLOPT_POST, 1); curl_setopt($curl_handle, CURLOPT_HTTPHEADER, array('Expect:')); curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(image = @ $new_image)); curl_setopt($curl_handle, CURLOPT_USERPWD, $username:$password); $buffer = curl_exec($curl_handle); curl_close($curl_handle); echo $buffer; Everything is returned properly with no errors but yet no image appears for the avatar just a blank space. Oddly enough the image name on the profile page is correct but it will not show... Any ideas this is really pissing me off!? Thanks!
[twitter-dev] Re: Profile Image Update Via API - Access Denied
Thanks Chad it was the content type, I made a quick function to grab the mime type as the avatar is randomly selected from a folder and changed my postfields as follows: curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(image = @ $avatar, type = $mime_type)); All seems to be working now, thanks for the push! On Oct 14, 11:10 pm, Chad Etzel c...@twitter.com wrote: Most likely the content-type is not being set correctly. What is the value of $new_image? -Chad On Wed, Oct 14, 2009 at 10:29 PM, TylerC tyle...@gmail.com wrote: Hey all I am having trouble getting Twitter to update profile avatars... From what I can tell I have the API calls straight but when I go to Twitter there is no avatar image and when I right click it and then click view image I get the following: Error CodeAccessDenied/Code MessageAccess Denied/Message RequestId5C34DBD155FA0052/RequestId - HostId Rd/SKr0AUrZiiT3K0jLhhVZ3EpVqWRKbP8NSlc26gQn21WIqkl7E9roK/ZaUFEfg /HostId /Error Here is my API call, the image being sent is a gif much smaller than 700kb and its the absolute path... $url = 'http://twitter.com/account/update_profile_image.xml'; $curl_handle = curl_init(); curl_setopt($curl_handle, CURLOPT_URL, $url); curl_setopt($curl_handle, CURLOPT_POST, 1); curl_setopt($curl_handle, CURLOPT_HTTPHEADER, array('Expect:')); curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2); curl_setopt($curl_handle, CURLOPT_POSTFIELDS, array(image = @ $new_image)); curl_setopt($curl_handle, CURLOPT_USERPWD, $username:$password); $buffer = curl_exec($curl_handle); curl_close($curl_handle); echo $buffer; Everything is returned properly with no errors but yet no image appears for the avatar just a blank space. Oddly enough the image name on the profile page is correct but it will not show... Any ideas this is really pissing me off!? Thanks!
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
On Thu, Oct 15, 2009 at 2:06 AM, Chris Babcock cbabc...@kolonelpanic.orgwrote: The situation in this scenario is that Mallory phished Bob's Twitter credentials and used them to authorize access for himself with an OAuth App that Bob also uses. Mallory can only be detected by the changes he makes in the account; He cannot be detected by viewing the list of OAuth apps with access to the account. Additionally, Mallory's access does not disturb Bob's access to the account via the OAuth consumer App. Above are valid if only the credentials are not changed, either by Bob or . If in this case, Mallory changed Bob's credentials, will this disturb Bob's access to the account? This scenario is largely equivalent to Mallory's posession of the credentials themselves. The only difference is that Mallory retains certain capabilities even if the credentials he obtained are changed. The real security profile for this scenario is that it adds an extra layer of maintenance to be done by a user if a compromise is suspected. In addition to changing passwords, Bob should cancel all other accesses to his account and reauthorize those that are trusted and necessary. Chris Babcock On Wed, 14 Oct 2009 20:17:48 +0530 srikanth reddy srikanth.yara...@gmail.com wrote: Yes. The risk is high with Desktop apps as Consumer secret/keys are distributed. On Wed, Oct 14, 2009 at 8:04 PM, Dewald Pretorius dpr...@gmail.com wrote: So this is a problem with web apps as well then. If User Bob authorized Web App to work on his account, and Phishing Dude also authorizes his Web App account to work on User Bob's Twitter account because he phished User Bob's Twitter username and password, User Bob is blissfully unaware of that?
[twitter-dev] Re: Separate terms using commas?
Try track=#test1,#test2,#test3 You are searching for #test1, (space)#test2, etc. Nothing will ever match (space)#test2. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Oct 14, 8:38 pm, EastSideDev eastside...@gmail.com wrote: It seems as neither is working. I tried #test1, #test2, #test3 and #test1 #test2 #test3, but I got no data (streaming API), and I let it run for hours. When I used only a single term #test1, I immediately started getting data. Was there a change to prevent more than one term from being used? On Oct 14, 1:52 pm, John Kalucki jkalu...@gmail.com wrote: You may be conflating the Streaming API, which requires commas between keywords, and the search API, which does not. -John Kaluckihttp://twitter.com/jkalucki Services, Twitter Inc. On Oct 14, 9:19 am, Kyle B kylebarn...@gmail.com wrote: On Oct 13, 4:09 pm, EastSideDev eastside...@gmail.com wrote: I am using the streaming search API. If I have more than one term to search, do I need to separate those terms with commas? If these are hash tags, do I include the hash symbol? (#test1, #test2, #test3) I am experiencing some random problems, and I would like to eliminate this as the trouble spot before looking for the problem elsewhere. Personally, I have experienced no problems using spaces between the search terms. Be careful what you use because there is a difference between searching all keywords and all occurrences of all keywords. I think you are fine with or without commas though. Here are the search operators from twitter: http://search.twitter.com/operators You can get an idea for url composition by using the advanced search:http://search.twitter.com/advanced
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
@chris Okay. I was talking about different scenario (using oAuth apps to steal user info) But If credentials are stolen then its all over (it doesn't matter which oAuth app you have authorized) @sasongoko. If Bob manages to change his password after Mallory used Bob's old credentials to authorize an oAuth app (same or different) then Mallory can still have some sort of access to Bob's account. To prevent this , Bob is required to change his password and must revoke the access to all the suspicious oAuth apps. On Thu, Oct 15, 2009 at 9:19 AM, Dwi Sasongko Supriyadi ruck...@gmail.comwrote: On Thu, Oct 15, 2009 at 2:06 AM, Chris Babcock cbabc...@kolonelpanic.orgwrote: The situation in this scenario is that Mallory phished Bob's Twitter credentials and used them to authorize access for himself with an OAuth App that Bob also uses. Mallory can only be detected by the changes he makes in the account; He cannot be detected by viewing the list of OAuth apps with access to the account. Additionally, Mallory's access does not disturb Bob's access to the account via the OAuth consumer App. Above are valid if only the credentials are not changed, either by Bob or . If in this case, Mallory changed Bob's credentials, will this disturb Bob's access to the account? This scenario is largely equivalent to Mallory's posession of the credentials themselves. The only difference is that Mallory retains certain capabilities even if the credentials he obtained are changed. The real security profile for this scenario is that it adds an extra layer of maintenance to be done by a user if a compromise is suspected. In addition to changing passwords, Bob should cancel all other accesses to his account and reauthorize those that are trusted and necessary. Chris Babcock On Wed, 14 Oct 2009 20:17:48 +0530 srikanth reddy srikanth.yara...@gmail.com wrote: Yes. The risk is high with Desktop apps as Consumer secret/keys are distributed. On Wed, Oct 14, 2009 at 8:04 PM, Dewald Pretorius dpr...@gmail.com wrote: So this is a problem with web apps as well then. If User Bob authorized Web App to work on his account, and Phishing Dude also authorizes his Web App account to work on User Bob's Twitter account because he phished User Bob's Twitter username and password, User Bob is blissfully unaware of that?
[twitter-dev] Re: [OOT] Hijacking twitter account, is it possible?
On Thu, Oct 15, 2009 at 11:15 AM, srikanth reddy srikanth.yara...@gmail.com wrote: @chris Okay. I was talking about different scenario (using oAuth apps to steal user info) But If credentials are stolen then its all over (it doesn't matter which oAuth app you have authorized) @sasongoko. If Bob manages to change his password after Mallory used Bob's old credentials to authorize an oAuth app (same or different) then Mallory can still have some sort of access to Bob's account. To prevent this , Bob is required to change his password and must revoke the access to all the suspicious oAuth apps. Okay. If Mallory changed Bob's password after successfully get in, Can Bob still access his account through his application (which is authorized)? From your explanation above, the answer is no, it is impossible. Since Bob cannot sign in anymore, Mallory has changed his password. On Thu, Oct 15, 2009 at 9:19 AM, Dwi Sasongko Supriyadi ruck...@gmail.com wrote: On Thu, Oct 15, 2009 at 2:06 AM, Chris Babcock cbabc...@kolonelpanic.org wrote: The situation in this scenario is that Mallory phished Bob's Twitter credentials and used them to authorize access for himself with an OAuth App that Bob also uses. Mallory can only be detected by the changes he makes in the account; He cannot be detected by viewing the list of OAuth apps with access to the account. Additionally, Mallory's access does not disturb Bob's access to the account via the OAuth consumer App. Above are valid if only the credentials are not changed, either by Bob or . If in this case, Mallory changed Bob's credentials, will this disturb Bob's access to the account? This scenario is largely equivalent to Mallory's posession of the credentials themselves. The only difference is that Mallory retains certain capabilities even if the credentials he obtained are changed. The real security profile for this scenario is that it adds an extra layer of maintenance to be done by a user if a compromise is suspected. In addition to changing passwords, Bob should cancel all other accesses to his account and reauthorize those that are trusted and necessary. Chris Babcock On Wed, 14 Oct 2009 20:17:48 +0530 srikanth reddy srikanth.yara...@gmail.com wrote: Yes. The risk is high with Desktop apps as Consumer secret/keys are distributed. On Wed, Oct 14, 2009 at 8:04 PM, Dewald Pretorius dpr...@gmail.com wrote: So this is a problem with web apps as well then. If User Bob authorized Web App to work on his account, and Phishing Dude also authorizes his Web App account to work on User Bob's Twitter account because he phished User Bob's Twitter username and password, User Bob is blissfully unaware of that?
[twitter-dev] Lots of Couldn't find Status with ID messages
Hello! We regularly fetch feeds from the Twitter API and then take the max id as the sinceid to subsequent calls. The problem is that in the last two days, we suddenly are getting lots of Couldn't find Status with ID=XYZ messages. We weren't seeing these before, but now multiple times a day. Is there a correct way to avoid these messages or deal with them? We're playing with a number of ideas ranging from incrementing the sinceid until it works or just getting the full feed again and discarding. Am I doing something incorrectly? Thanks, mark.