Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote: Yeh but John, who is going to install MySQL for a desktop client? 1) John was responding to someone who said a database wouldn't work for [him] since I do not have a desktop app, end I do not store anything in a database. If he doesn't have a desktop app, then he's talking about a web app and, as John said, pretty much every web host out there gives you MySQL, no installation required. 2) MySQL isn't the only RDBMS out there... If I were writing a desktop app which needed to handle significant amounts of data, I'd use SQLite. The SQLite libraries in every language I'm aware of aren't just interfaces to the database, but rather contain the entire database engine, so there's no external application to install. This is a well- proven approach, with Firefox probably being the biggest-name application using an embedded SQLite database engine to handle its data. http://en.wikipedia.org/wiki/SQLite -- Dave Sherohman -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
On 04/27/2010 12:11 AM, Dave Sherohman wrote: On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote: Yeh but John, who is going to install MySQL for a desktop client? 1) John was responding to someone who said a database wouldn't work for [him] since I do not have a desktop app, end I do not store anything in a database. If he doesn't have a desktop app, then he's talking about a web app and, as John said, pretty much every web host out there gives you MySQL, no installation required. 2) MySQL isn't the only RDBMS out there... If I were writing a desktop app which needed to handle significant amounts of data, I'd use SQLite. The SQLite libraries in every language I'm aware of aren't just interfaces to the database, but rather contain the entire database engine, so there's no external application to install. This is a well- proven approach, with Firefox probably being the biggest-name application using an embedded SQLite database engine to handle its data. http://en.wikipedia.org/wiki/SQLite Fortunately, SQLite is small enough that having dozens of applications, each with its own embedded binary of SQLite, doesn't run you out of RAM. ;-) -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: one application authentication
I'll see if there's anything we can do about offering a give me /my/ access yes, please let us know. That is why I wrote this qyuestion. I think this option should be somewhere within 'my account' settings on Twitter On Apr 26, 6:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Obtaining a single access token for your application without necessarily implementing the entire OAuth dance shouldn't be too difficult -- there are many OAuth libraries that include command-line tools to acquire access tokens in this way. You could also use Twurl (http://github.com/marcel/twurl). My OAuth Dancer (http://bit.ly/oauth-dancer) tool also lets you do this through a server interface your run on your own machine. I don't recommend sharing your consumer key or secret to any third-party website to acquire this information, but using a tool locally on your own machine is likely the best method. I'll see if there's anything we can do about offering a give me /my/ access token access token secret for my application feature on dev.twitter.comto help with this. It'd then be as simple as porting those two pieces of information into whatever database, configuration file, or otherwise you would use to store the access token and access token secret. As with any of these kind of keys though, it wouldn't be appropriate to distribute access tokens of any kind with your software -- whether on github, in a desktop application, or in plaintext in a Javascript file. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Mon, Apr 26, 2010 at 5:29 AM, Ken k...@cimas.ch wrote: With OAuthcalypse looming, there is an urgent need for your service. I doubt that every API user with a Twitter-spitter even knows about the deadline. If you can convince them of your benign intent, great. If you have thought of a way to make it pay, even better! On Apr 26, 10:26 am, Harshad RJ harshad...@gmail.com wrote: On Mon, Apr 26, 2010 at 1:50 PM, Ken k...@cimas.ch wrote: For security reasons this service should be left to Twitter, but a third party could deliver the same tokens if provided with the app's Consumer key and secret. A bit messy though - need to change the requesting app's callback URL - but it's doable. Is someone already doing this? Would that violate ToS? Just FYI, I am working on a similar concept. Waiting for clarifications from Twitter before releasing it publicly. -- Harshad RJhttp://hrj.wikidot.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
@Dave Thanks for your suggestion. I do indeed have a mysql, but haven't seen the need to implement it in my app (http://twimply.com) since it basicly only offers an alternative web interface for using twitter. The only mentioned using a database as a possible solution: creating a desktop app that let's my users allow permission through xAuth, Then I would have to access the the same database from the web app, and re- use those tokens. Another problem with that is that the tokens will be bound to the desktop app, and not to the web app. So to make that work, Twitter would have to make it possible to link the tokens of a desktop app and a web app. For me this is purely hypothetical, since I do not have the skills nor the resources to create a desktop app. jarón On Apr 27, 9:11 am, Dave Sherohman d...@fishtwits.com wrote: On Mon, Apr 26, 2010 at 11:09:38AM -0400, Dean Collins wrote: Yeh but John, who is going to install MySQL for a desktop client? 1) John was responding to someone who said a database wouldn't work for [him] since I do not have a desktop app, end I do not store anything in a database. If he doesn't have a desktop app, then he's talking about a web app and, as John said, pretty much every web host out there gives you MySQL, no installation required. 2) MySQL isn't the only RDBMS out there... If I were writing a desktop app which needed to handle significant amounts of data, I'd use SQLite. The SQLite libraries in every language I'm aware of aren't just interfaces to the database, but rather contain the entire database engine, so there's no external application to install. This is a well- proven approach, with Firefox probably being the biggest-name application using an embedded SQLite database engine to handle its data. http://en.wikipedia.org/wiki/SQLite -- Dave Sherohman -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: What tools do you use?
I use ruby, the twitter-text library, yajl for json processing, and mongodb for storage. -- Glenn http://glenngillen.com/ -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Schedule for API call rate increases with oAuth?
Anytime you enter your credentials, regardless of where, you open yourself to being snooped. I believe that is far less likely when communicating with YOUR app on YOUR computer, than it is via a browser over the open Internet to a 3rd party that may or may not be who you think it is... Supporting this option though Twitter is dependent on the security procedures of every 3rd party to maintain the integrity of an account. With OAuth at least should an individual 3rd party have their security breached then access to just that 3rd party can be terminated. Also with basic auth developers are required to store passwords in plain-text (or at least in some retrievable form) and as someone else has already pointed out with the propensity for users to use the same password on many services this exposes them to undue risk from a breach of a 3rd party or via a malicious developer. I'd sleep much easier at night if I didn't know anybody else's password, I'm sure the Twitter team would prefer if only a user knew their own password too. -- Glenn http://glenngillen.com/ -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: detecting hashtag spam
On Apr 26, 11:34 pm, kprobe goo...@kprobe.com wrote: To help the algorithms detect this type of hashtag spam, what he is doing is varying the content slightly, with different numbers of hashtags, and different goo.gl shortened links that loop back to twitter status messages and provide no content whatsoever. Appears to be an attempt to get lots of different links to his website via I wonder if this problem could be solved simply by integrating the results from search with a filter from a service such as twase to exclude tweets from users that don't meet a likely non-spammy user threshold that you define? I'll see if I can whip up a prototype over the weekend (unless someone beats me to it). -- Glenn http://glenngillen.com/ -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Testing Twitter API webapps
On Apr 24, 6:31 am, Patrick Kennedy kenned...@gmail.com wrote: My explaination is more language agnostic, and works for an oauth web flow. But I like your RoR idea, and it sounds like there is support for localhost development to some extent. I suppose /authenticated I wouldn't say it's a RoR specific idea, personally I consider it just good development practice. Regardless of the language I develop in, I always have a locally running version of the code that I can access in a method comparable to how I'd access it on a production server (e.g., over HTTP). In the instances where I don't do that (like I don't want to taint my OSX install with PHP dependencies or I'm using ASP.Net) then I'll setup a virtual machine on my laptop that is nearly identical to my production server. It's usually quite easy to do and can save a lot of hassle in the long run. -- Glenn http://glenngillen.com/ -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote: On 04/26/2010 05:16 PM, Cameron Kaiser wrote: xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to bulk convert all their users over to oauth tokens. and 3. Browserless environments. I'm pretty sure that was one of the initial motivators way back when the crud was flying. Yeah ... but I *like* having the browser involved. Which is fine. However, there are other people who don't like getting the browser involved (people making command line Linux programs, for instance, or people exposing their own APIs that interact with Twitter). -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] friends/ids missing cursor information with oAuth?
Hi all I've been working with the friends/ids endpoint and it seems that the next_cursor and previous_cursor are missing from the json response if oAuth is used to authenticate. The cursors are present using simple auth. Is anyone else seeing this, or am I missing something? Thanks in advance, Andrew Horn -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: 401 Unauthorised - Unable to post
I have just met the same situation. I created my app with Read only, then I used with that for a while. Later, I wanted to post, so I switched to Read and Write. I kept re-requesting the access token, but that didn't work. The user still have read-only in their Setting/Connection tab. Revoke, then authorize app again. Problem solved. (This make sense, because user didn't give app the permission to write at first place.) Hope this helps. On Apr 23, 8:17 pm, Jeremy jehe...@gmail.com wrote: Hi all! I am having an issue with one of my apps. I set it up correctly I think, when I do tests through the API console onhttp://dev.twitter.com/console, it posts just fine, and my app has read/write access level. However on my site, whenever I try to post a new tweet, the tweet process seems to go without any error messages, but nothing gets posted on my twitter account. I have checked it with Firebug, there is in fact an error, I get a 401 Unauthorised status forhttps://api.twitter.com/1/statuses/update.json. It says Read-only application cannot POST. I consequently changed my app settings, and indeed it was read only at first, but even after changing it to read/write, the problem remains. Any idea where it could come from? What can I do to solve the issue? Thank you! -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
Hi, This is probably a basic question - but what is the best option if you have written an integration for a web-based application that is installed on multiple sites? The URL is going to change per installation (and won't be publicly accessible), and I would really like to minimise the impact to the application's administrators and users. thanks, Eoin On Apr 24, 4:40 pm, Raffi Krikorian ra...@twitter.com wrote: hi all. you're going to be hearing a lot from me over the next 9 weeks. our plan is to turn off basic authorization on the API by june 30, 2010 -- developers will have to switch over to OAuth by that time. between now and then, there will be a *lot* of information coming along with tips on how to use OAuth Echo, xAuth, etc. we really want to make this transition as easy as we can for everybody. as always, please feel free to reach out to this group, or to @twitterapi directly. if you need help remembering the date -http://bit.ly/twcountdown . -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Avatar change - JSON issue
Thank you. That's all I needed to know :) On Apr 26, 7:41 pm, Mark McBride mmcbr...@twitter.com wrote: It's in the bug tracker, and on my list of stuff to look at. Caching in general is a high priority issue at the moment. ---Mark http://twitter.com/mccv -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Hovercards without Follow Button?
Hello everyone, Is is possible to disable the follow button on the hovercard using Twitter Anywhere? My issue is that I want the user just to see the user's hovercard - not to follow them. Thanks, Greg -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Twitter Source Stats gets some JSON output love
Just as a little micro-update, Twitter Source Stats now has it's own domain: http://twittersource.info I've done a bit of tuning on the code, so things might be a little faster. Or not. Anyway, if you're using the JSON data, I'd be interested to hear about it! Drop me a line. -- Ed Finkler http://funkatron.com @funkatron AIM: funka7ron / ICQ: 3922133 / XMPP:funkat...@gmail.com On Apr 25, 1:54 am, funkatron funkat...@gmail.com wrote: Some of you may be familiar with my Twitter Source Stats project: http://funkatron.com/tss/ I've recently added the ability to get the ranking data back as JSON. You can just add .json to the end of the URL, and it'll spit it out. For example: http://funkatron.com/tss/lasthourhttp://funkatron.com/tss/lasthour.json I have pushed most of this code to github, although the code for stats collection isn't there right now -- it's done on another site atm. I'll try to pull that together soon, as well as clean up a bunch of unused code and scripts that are in there now. http://github.com/funkatron/twitter-stats-tracker Hit me up on Twitter if you have q's; I don't check in here a lot. Enjoy! -- Ed Finklerhttp://funkatron.com @funkatron AIM: funka7ron / ICQ: 3922133 / XMPP:funkat...@gmail.com -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: countdown to OAuth / basic auth removal / OAuthcalypse
On 4/27/2010 5:52 AM, Eoin wrote: Hi, This is probably a basic question - but what is the best option if you have written an integration for a web-based application that is installed on multiple sites? The URL is going to change per installation (and won't be publicly accessible), and I would really like to minimise the impact to the application's administrators and users. thanks, Eoin If the app stores twitter usernames/passwords in combo, one solution may be to use xAuth and run a batch job to convert. Once you've converted over to tokens, ditch the passwords and you're done. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] API Tracking inaccuracy
Dear all, Good morning! I have been experiencing some problems when I was trying to use streaming api to get filtered tweets, and I have no idea why they happened :( Specifically I wanted to get tweets from specific users within specified locations. I got some advices here and I proceeded successfully with this command: curl -d @following -d @locations http://stream.twitter.com/1/statuses/filter.json -u The problem is that when I was checking the filtered results, there are still quite a lot tweets appeared without geographical information, and tweets from users that I didn't include in the following list. So there seems some inaccuracy in this filtering function. Any ideas or suggestions? Thanks! Best, epomqo -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] API Tracking inaccuracy
There isn't quite enough information in this email to provide a definitive answer. Providing a predicate list and an example of an unexpected match would be helpful in describing the Streaming API behavior. Note that the predicates are logical ORs, so that any match will cause a delivery. These are not logical ANDs. So, if a user in your following file tweets without geodata, you'll get a tweet without geodata. The only known issues with track are around non-space-separated languages, such as Chinese, Japanese and, I think, Arabic, language representations. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Apr 27, 2010 at 6:17 AM, epomqo wenzi0...@gmail.com wrote: Dear all, Good morning! I have been experiencing some problems when I was trying to use streaming api to get filtered tweets, and I have no idea why they happened :( Specifically I wanted to get tweets from specific users within specified locations. I got some advices here and I proceeded successfully with this command: curl -d @following -d @locations http://stream.twitter.com/1/statuses/filter.json -u The problem is that when I was checking the filtered results, there are still quite a lot tweets appeared without geographical information, and tweets from users that I didn't include in the following list. So there seems some inaccuracy in this filtering function. Any ideas or suggestions? Thanks! Best, epomqo -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: 401 Unauthorised - Unable to post
Thanks for the help everyone. It seems to take a bit to fall out of our caches right now. We'll be sussing out a bug fix when it's possible. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 27, 2010 at 2:06 AM, livibetter livibet...@gmail.com wrote: I have just met the same situation. I created my app with Read only, then I used with that for a while. Later, I wanted to post, so I switched to Read and Write. I kept re-requesting the access token, but that didn't work. The user still have read-only in their Setting/Connection tab. Revoke, then authorize app again. Problem solved. (This make sense, because user didn't give app the permission to write at first place.) Hope this helps. On Apr 23, 8:17 pm, Jeremy jehe...@gmail.com wrote: Hi all! I am having an issue with one of my apps. I set it up correctly I think, when I do tests through the API console onhttp:// dev.twitter.com/console, it posts just fine, and my app has read/write access level. However on my site, whenever I try to post a new tweet, the tweet process seems to go without any error messages, but nothing gets posted on my twitter account. I have checked it with Firebug, there is in fact an error, I get a 401 Unauthorised status forhttps://api.twitter.com/1/statuses/update.json. It says Read-only application cannot POST. I consequently changed my app settings, and indeed it was read only at first, but even after changing it to read/write, the problem remains. Any idea where it could come from? What can I do to solve the issue? Thank you! -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: API Tracking inaccuracy
Thanks for the advice. I checked some of the results, this is indeed the case. Then is there a way to make it logical ANDs? If we cannot do it with the same command, maybe I could try to put these two kinds of parameters in a single file and separate them with ? Example file (locandfollow): locations=-122.75,36.8,-121.75,37.8 follow=...,...,... command: curl -d @locandfollow http://stream.twitter.com/1/statuses/filter.json -uAnyTwitterUser:Password Best Regards, epomqo On Apr 27, 3:21 pm, John Kalucki j...@twitter.com wrote: There isn't quite enough information in this email to provide a definitive answer. Providing a predicate list and an example of an unexpected match would be helpful in describing the Streaming API behavior. Note that the predicates are logical ORs, so that any match will cause a delivery. These are not logical ANDs. So, if a user in your following file tweets without geodata, you'll get a tweet without geodata. The only known issues with track are around non-space-separated languages, such as Chinese, Japanese and, I think, Arabic, language representations. -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Apr 27, 2010 at 6:17 AM, epomqo wenzi0...@gmail.com wrote: Dear all, Good morning! I have been experiencing some problems when I was trying to use streaming api to get filtered tweets, and I have no idea why they happened :( Specifically I wanted to get tweets from specific users within specified locations. I got some advices here and I proceeded successfully with this command: curl -d @following -d @locationshttp://stream.twitter.com/1/statuses/filter.json -u The problem is that when I was checking the filtered results, there are still quite a lot tweets appeared without geographical information, and tweets from users that I didn't include in the following list. So there seems some inaccuracy in this filtering function. Any ideas or suggestions? Thanks! Best, epomqo -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] friends/ids missing cursor information with oAuth?
Hi Andrew, I just did a few ad hoc tests and was able to get the fields to show up in JSON and XML responses, both with OAuth and using Basic Auth. Is it possible that when the value is zero to JSON key/pair, your implementation might be hiding the result from you in some way? Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Mon, Apr 26, 2010 at 11:47 PM, Andrew Horn uberar...@gmail.com wrote: Hi all I've been working with the friends/ids endpoint and it seems that the next_cursor and previous_cursor are missing from the json response if oAuth is used to authenticate. The cursors are present using simple auth. Is anyone else seeing this, or am I missing something? Thanks in advance, Andrew Horn -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Overloaded/Rated on Update
I've been having a problem I can't get work out. When sending a status update or direct message - I often get a 0, 502, 503 or 420 response code. Yet the API suggests that status updates aren't limited. The annoying thing is that I'm assuming if I get one of those codes that it was a failure - but in fact, the posts make it through. This means I report falsely and people will try and post again - often ended up with double/triple posts. Any ideas? Spode -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: API Tracking inaccuracy
You can't do logical ANDs between predicate types. The assumption is that you can do post processing on your end to further filter your results. We over deliver, you de-duplication, reorder and filter. Streaming results are not display-ready. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Apr 27, 2010 at 6:52 AM, epomqo wenzi0...@gmail.com wrote: Thanks for the advice. I checked some of the results, this is indeed the case. Then is there a way to make it logical ANDs? If we cannot do it with the same command, maybe I could try to put these two kinds of parameters in a single file and separate them with ? Example file (locandfollow): locations=-122.75,36.8,-121.75,37.8 follow=...,...,... command: curl -d @locandfollow http://stream.twitter.com/1/statuses/filter.json -uAnyTwitterUser:Password Best Regards, epomqo On Apr 27, 3:21 pm, John Kalucki j...@twitter.com wrote: There isn't quite enough information in this email to provide a definitive answer. Providing a predicate list and an example of an unexpected match would be helpful in describing the Streaming API behavior. Note that the predicates are logical ORs, so that any match will cause a delivery. These are not logical ANDs. So, if a user in your following file tweets without geodata, you'll get a tweet without geodata. The only known issues with track are around non-space-separated languages, such as Chinese, Japanese and, I think, Arabic, language representations. -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Apr 27, 2010 at 6:17 AM, epomqo wenzi0...@gmail.com wrote: Dear all, Good morning! I have been experiencing some problems when I was trying to use streaming api to get filtered tweets, and I have no idea why they happened :( Specifically I wanted to get tweets from specific users within specified locations. I got some advices here and I proceeded successfully with this command: curl -d @following -d @locationshttp://stream.twitter.com/1/statuses/filter.json -u The problem is that when I was checking the filtered results, there are still quite a lot tweets appeared without geographical information, and tweets from users that I didn't include in the following list. So there seems some inaccuracy in this filtering function. Any ideas or suggestions? Thanks! Best, epomqo -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: API Tracking inaccuracy
I see. Thanks for the prompt replies! I will do post-processing then. I already noticed that the streaming results were not well-structured and displayed :( epomqo On Apr 27, 4:06 pm, John Kalucki j...@twitter.com wrote: You can't do logical ANDs between predicate types. The assumption is that you can do post processing on your end to further filter your results. We over deliver, you de-duplication, reorder and filter. Streaming results are not display-ready. -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Apr 27, 2010 at 6:52 AM, epomqo wenzi0...@gmail.com wrote: Thanks for the advice. I checked some of the results, this is indeed the case. Then is there a way to make it logical ANDs? If we cannot do it with the same command, maybe I could try to put these two kinds of parameters in a single file and separate them with ? Example file (locandfollow): locations=-122.75,36.8,-121.75,37.8 follow=...,...,... command: curl -d @locandfollowhttp://stream.twitter.com/1/statuses/filter.json -uAnyTwitterUser:Password Best Regards, epomqo On Apr 27, 3:21 pm, John Kalucki j...@twitter.com wrote: There isn't quite enough information in this email to provide a definitive answer. Providing a predicate list and an example of an unexpected match would be helpful in describing the Streaming API behavior. Note that the predicates are logical ORs, so that any match will cause a delivery. These are not logical ANDs. So, if a user in your following file tweets without geodata, you'll get a tweet without geodata. The only known issues with track are around non-space-separated languages, such as Chinese, Japanese and, I think, Arabic, language representations. -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. On Tue, Apr 27, 2010 at 6:17 AM, epomqo wenzi0...@gmail.com wrote: Dear all, Good morning! I have been experiencing some problems when I was trying to use streaming api to get filtered tweets, and I have no idea why they happened :( Specifically I wanted to get tweets from specific users within specified locations. I got some advices here and I proceeded successfully with this command: curl -d @following -d @locationshttp://stream.twitter.com/1/statuses/filter.json -u The problem is that when I was checking the filtered results, there are still quite a lot tweets appeared without geographical information, and tweets from users that I didn't include in the following list. So there seems some inaccuracy in this filtering function. Any ideas or suggestions? Thanks! Best, epomqo -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: search.twitter.com/trends* is moving to api.twitter.com/1/trends*
Hi Rich, Probably not at the same time. We're working on unifying the worlds of search and the Twitter API. It's a bigger project. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Thu, Apr 22, 2010 at 3:46 PM, Rich rhyl...@gmail.com wrote: Hi Taylor I also see that http://api.twitter.com/1/search.format also works, is this also going to be removed at the same time? Richard On Apr 22, 11:27 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Developers, In the interests of bringing more consistency to your Twitter developer experience, you can *now* access the trends API endpoints at alternate, versioned addresses under the api.twitter.com domain. In the past, you've been accessing trends resources at search.twitter.com: http://search.twitter.com/trends.json http://search.twitter.com/trends/current.json http://search.twitter.com/trends/daily.json http://search.twitter.com/trends/weekly.json But now you can access the corresponding endpoints with the same payloads at: http://api.twitter.com/1/trends.json http://api.twitter.com/1/trends/current.json http://api.twitter.com/1/trends/daily.json http://api.twitter.com/1/trends/weekly.json *We'll be keeping the search.twitter.com endpoints available until on or around July 1st, 2010. After that date, you should use the new versioned endpoints exclusively.* * * Documentation resources will be updated with these changes soon. * * Thanks everyone! * * Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: 401 Unauthorised - Unable to post
I got your reply and I replied. But I have an input to add. If an application developer switch to ReadWrite from Read-only. I don't think twitter should apply it (ReadWrite) to all users who have granted the app to read-only. This could be seen as a (slight) security issue only, though I don't think this will cause any problem, but you never know. One could happen is, some user grant a app for reading and the user pretty sure, the app is Read-only. If the developer of app decides to switch to RW, then post to user's timeline? Or what if the app gets hacked? The hacker can switch to RW, then current app users will all be affected. Just my thoughts to add. On Apr 27, 9:27 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Thanks for the help everyone. It seems to take a bit to fall out of our caches right now. We'll be sussing out a bug fix when it's possible. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 27, 2010 at 2:06 AM, livibetter livibet...@gmail.com wrote: I have just met the same situation. I created my app with Read only, then I used with that for a while. Later, I wanted to post, so I switched to Read and Write. I kept re-requesting the access token, but that didn't work. The user still have read-only in their Setting/Connection tab. Revoke, then authorize app again. Problem solved. (This make sense, because user didn't give app the permission to write at first place.) Hope this helps. On Apr 23, 8:17 pm, Jeremy jehe...@gmail.com wrote: Hi all! I am having an issue with one of my apps. I set it up correctly I think, when I do tests through the API console onhttp:// dev.twitter.com/console, it posts just fine, and my app has read/write access level. However on my site, whenever I try to post a new tweet, the tweet process seems to go without any error messages, but nothing gets posted on my twitter account. I have checked it with Firebug, there is in fact an error, I get a 401 Unauthorised status forhttps://api.twitter.com/1/statuses/update.json. It says Read-only application cannot POST. I consequently changed my app settings, and indeed it was read only at first, but even after changing it to read/write, the problem remains. Any idea where it could come from? What can I do to solve the issue? Thank you! -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Schedule for API call rate increases with oAuth?
Some of you talk about an app as if it were a person. Sure, apps could be malicious, but that includes every app on your computer - doesn't it? Why should you assume some of the apps handling your credentials can be more trustworthy than others? Any app that is on your computer while you type your username/password can potentially obtain that information. And what about the app at the far end of the Internet that may be pretending to be Twitter's authorization page? Frankly, I think the whole argument about malicious apps is a little over the top for an OAuth discussion. Why would you believe that basic auth developers are required to store passwords in plain-text...? I'm a basic auth developer, and I have always stored username/passwords encrypted in a access protected keychain file. I do not know of a single developer of any platform that would be so irresponsible as to store username/passwords in plain text - well until now. :) Twitter's only interest in OAuth (like any other platform provider) is to control access to their platform at an application level, and to allow other platform providers access to their users' data. This altruistic nonsense about Twitter being more interested in your personal password protection than your bank, your online stock trading company, or the IRS, is just that - nonsense. There's nothing wrong with Twitter's decision to implement OAuth. I makes perfect sense. I'd do it, if I were in their shoes. Why are so many of you rushing to their defense with these manufactured alternative reasons for why they are implementing it? On Apr 27, 5:52 am, glenn gillen gl...@rubypond.com wrote: Anytime you enter your credentials, regardless of where, you open yourself to being snooped. I believe that is far less likely when communicating with YOUR app on YOUR computer, than it is via a browser over the open Internet to a 3rd party that may or may not be who you think it is... Supporting this option though Twitter is dependent on the security procedures of every 3rd party to maintain the integrity of an account. WithOAuthat least should an individual 3rd party have their security breached then access to just that 3rd party can be terminated. Also with basic auth developers are required to store passwords in plain-text (or at least in some retrievable form) and as someone else has already pointed out with the propensity for users to use the same password on many services this exposes them to undue risk from a breach of a 3rd party or via a malicious developer. I'd sleep much easier at night if I didn't know anybody else's password, I'm sure the Twitter team would prefer if only a user knew their own password too. -- Glennhttp://glenngillen.com/ -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: 401 Unauthorised - Unable to post
Your thoughts are welcome and I can help reassure you that what you describe is actually the case. The area where there's some question and bugs is that once you've gone through the process of re-establishing a r/w capable access token, it might take a bit for the cache to cough out the access token with the elevated privileges. Our implementation is such that each access token issued has the r/w flag on it, based on the state of the client application at the time of issuance. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 27, 2010 at 7:22 AM, livibetter livibet...@gmail.com wrote: I got your reply and I replied. But I have an input to add. If an application developer switch to ReadWrite from Read-only. I don't think twitter should apply it (ReadWrite) to all users who have granted the app to read-only. This could be seen as a (slight) security issue only, though I don't think this will cause any problem, but you never know. One could happen is, some user grant a app for reading and the user pretty sure, the app is Read-only. If the developer of app decides to switch to RW, then post to user's timeline? Or what if the app gets hacked? The hacker can switch to RW, then current app users will all be affected. Just my thoughts to add. On Apr 27, 9:27 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Thanks for the help everyone. It seems to take a bit to fall out of our caches right now. We'll be sussing out a bug fix when it's possible. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 27, 2010 at 2:06 AM, livibetter livibet...@gmail.com wrote: I have just met the same situation. I created my app with Read only, then I used with that for a while. Later, I wanted to post, so I switched to Read and Write. I kept re-requesting the access token, but that didn't work. The user still have read-only in their Setting/Connection tab. Revoke, then authorize app again. Problem solved. (This make sense, because user didn't give app the permission to write at first place.) Hope this helps. On Apr 23, 8:17 pm, Jeremy jehe...@gmail.com wrote: Hi all! I am having an issue with one of my apps. I set it up correctly I think, when I do tests through the API console onhttp:// dev.twitter.com/console, it posts just fine, and my app has read/write access level. However on my site, whenever I try to post a new tweet, the tweet process seems to go without any error messages, but nothing gets posted on my twitter account. I have checked it with Firebug, there is in fact an error, I get a 401 Unauthorised status forhttps:// api.twitter.com/1/statuses/update.json. It says Read-only application cannot POST. I consequently changed my app settings, and indeed it was read only at first, but even after changing it to read/write, the problem remains. Any idea where it could come from? What can I do to solve the issue? Thank you! -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Major access_token issues when using valid PIN as verifier
Hey everyone, I am developing a desktop twitter client in Python and Qt4 using python-oauth2 for authentication. I am having issues getting an access token using the verifier that the user enters via a dialog. I have checked to make sure everything entered was correctly passed and correctly type casted. The twitter server returns invalid oauth_verifier parameter and the code for this function is as follows: @staticmethod def sendRequest(method, httpmethod, args, auth=False): settings = QSettings(Constants.COMPANY, Constants.PRODUCT) params = urllib.urlencode(args) if auth: if not settings.value(oauth_token).toPyObject(): # Get request token from server consumer = oauth2.Consumer(Constants.OAUTH_CONSUMER_KEY, \ Constants.OAUTH_CONSUMER_SECRET) client = oauth2.Client(consumer) response, content = client.request(http://api.twitter.com/oauth/ request_token, GET) request_token = dict(urlparse.parse_qsl(content)) if response['status'] != 200: print request_token raise Exception(Failed to get request token, server returned: %s %s % (response['status'], content)) # Open twitter authorization dialog and get PIN if needed if not settings.value(oauth_verifier).toPyObject(): dialog = TwitterAuthorizeDialog(request_token) dialog.exec_() settings.setValue(oauth_verifier, dialog.getVerifier()) # Create new token with oauth verifier and initialize the client token = oauth2.Token(request_token['oauth_token'], request_token['oauth_token_secret']) token.set_verifier(settings.value(oauth_verifier).toPyObject()) client = oauth2.Client(consumer, token) # Lastly, get the access token from the server response, content = client.request(http://api.twitter.com/oauth/ access_token, POST) access_token = dict(urlparse.parse_qsl(content)) if response['status'] != 200: print access_token raise Exception(Failed to get access token, server returned: %s %s % (response['status'], content)) # Reinitialize client using access token and store the token token = oauth2.Token(access_token['oauth_token'], access_token['oauth_token_secret']) settings.setValue(oauth_token, token) client = oauth2.Client(consumer, settings.value(oauth_token).toPyObject()) response, content = client.request(http://api.twitter.com%s.json; % method, httpmethod, params) return json.loads(response.read(), encoding=utf-8) else: try: http = httplib.HTTPConnection(api.twitter.com) http.request(GET, method + .json, params) response = http.getresponse() if response.status != 200: raise Exception(Failed to download data, server returned: %d %s % (response.status, response.reason)) return None return json.loads(response.read(), encoding=utf-8) except: raise Exception(Failed to connect to the twitter service.) return None Any help or suggestions would be greatly appreciated. -- Alec Hussey -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: 401 Unauthorised - Unable to post
It seems to me that if a developer changes the permissions an app requests ALL previous users should be asked to reauthorize on their next usage (if the app typically worked on a server or without user interaction then the developer will have to recontact users. As a user I don't want applications I authorize to change permissions without my knowledge. I can see an argument that if an app changes to lesser permissions (to READ ONLY say) then this might not be necessary but even then that could signal that the app has changed functionally and some users might no longer wish to use it (might for example have relied on it for messages via Twitter). Just my 2 cents. Shannon Sent from my iPhone On Apr 27, 2010, at 7:22 AM, livibetter livibet...@gmail.com wrote: I got your reply and I replied. But I have an input to add. If an application developer switch to ReadWrite from Read-only. I don't think twitter should apply it (ReadWrite) to all users who have granted the app to read-only. This could be seen as a (slight) security issue only, though I don't think this will cause any problem, but you never know. One could happen is, some user grant a app for reading and the user pretty sure, the app is Read-only. If the developer of app decides to switch to RW, then post to user's timeline? Or what if the app gets hacked? The hacker can switch to RW, then current app users will all be affected. Just my thoughts to add. On Apr 27, 9:27 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Thanks for the help everyone. It seems to take a bit to fall out of our caches right now. We'll be sussing out a bug fix when it's possible. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 27, 2010 at 2:06 AM, livibetter livibet...@gmail.com wrote: I have just met the same situation. I created my app with Read only, then I used with that for a while. Later, I wanted to post, so I switched to Read and Write. I kept re-requesting the access token, but that didn't work. The user still have read-only in their Setting/Connection tab. Revoke, then authorize app again. Problem solved. (This make sense, because user didn't give app the permission to write at first place.) Hope this helps. On Apr 23, 8:17 pm, Jeremy jehe...@gmail.com wrote: Hi all! I am having an issue with one of my apps. I set it up correctly I think, when I do tests through the API console onhttp:// dev.twitter.com/console, it posts just fine, and my app has read/write access level. However on my site, whenever I try to post a new tweet, the tweet process seems to go without any error messages, but nothing gets posted on my twitter account. I have checked it with Firebug, there is in fact an error, I get a 401 Unauthorised status forhttps://api.twitter.com/1/statuses/ update.json. It says Read-only application cannot POST. I consequently changed my app settings, and indeed it was read only at first, but even after changing it to read/write, the problem remains. Any idea where it could come from? What can I do to solve the issue? Thank you! -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] How to: Create a “send this to twitt er” button on my website
Hi I have been searching for a tool like twitthis twitme to impliment on my dynamic website. Lots of little pluggin for WP or other blog, but I don't find a way to impliment it to my stadard website without the multiple popup and redirection like with http://twitthis.com/ I just want to get the URL and injected it directly into the Twitter of the people that browse my site, to allowd them to twitt the page that interest them Can somone redirect me to a site where I can find those info's... many thanks -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] How to: Create a “send this to t witter” button on my website
www.google.com ∞ Andy Badera ∞ +1 518-641-1280 Google Voice ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=andrew%20badera On Tue, Apr 27, 2010 at 11:13 AM, Benelux bene...@gmail.com wrote: Hi I have been searching for a tool like twitthis twitme to impliment on my dynamic website. Lots of little pluggin for WP or other blog, but I don't find a way to impliment it to my stadard website without the multiple popup and redirection like with http://twitthis.com/ I just want to get the URL and injected it directly into the Twitter of the people that browse my site, to allowd them to twitt the page that interest them Can somone redirect me to a site where I can find those info's... many thanks -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] How to: Create a “send this to t witter” button on my website
https://twitter.com/?status=text+here On Tue, Apr 27, 2010 at 08:20, Andrew Badera and...@badera.us wrote: www.google.com ∞ Andy Badera ∞ +1 518-641-1280 Google Voice ∞ This email is: [ ] bloggable [x] ask first [ ] private ∞ Google me: http://www.google.com/search?q=andrew%20badera On Tue, Apr 27, 2010 at 11:13 AM, Benelux bene...@gmail.com wrote: Hi I have been searching for a tool like twitthis twitme to impliment on my dynamic website. Lots of little pluggin for WP or other blog, but I don't find a way to impliment it to my stadard website without the multiple popup and redirection like with http://twitthis.com/ I just want to get the URL and injected it directly into the Twitter of the people that browse my site, to allowd them to twitt the page that interest them Can somone redirect me to a site where I can find those info's... many thanks -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Hovercards without Follow Button?
Why would you not want to give the user the option to follow the account? Abraham On Tue, Apr 27, 2010 at 06:05, Greg gregory.av...@gmail.com wrote: Hello everyone, Is is possible to disable the follow button on the hovercard using Twitter Anywhere? My issue is that I want the user just to see the user's hovercard - not to follow them. Thanks, Greg -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Overloaded/Rated on Update
A hack is to pull their latest update and do a text comparison of the status. This is not ideal though. Abraham On Tue, Apr 27, 2010 at 07:01, Spode sp...@justfdi.com wrote: I've been having a problem I can't get work out. When sending a status update or direct message - I often get a 0, 502, 503 or 420 response code. Yet the API suggests that status updates aren't limited. The annoying thing is that I'm assuming if I get one of those codes that it was a failure - but in fact, the posts make it through. This means I report falsely and people will try and post again - often ended up with double/triple posts. Any ideas? Spode -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Correction in GET users/lookup Documentation
For the GET users/lookup documentation at http://dev.twitter.com/doc/get/users/lookup, the example URLs under Parameters Optional look like http://api.twitter.com/1/users/lookup.xml?user_ids=user_id=1401881,1401882 and http://api.twitter.com/1/users/lookup.xml?screen_names=screen_name=dougw,raffi but, SHOULD BE http://api.twitter.com/1/users/lookup.xml?user_id=1401881,1401882 and http://api.twitter.com/1/users/lookup.xml?screen_name=dougw,raffi Thx http://www.pay4tweet.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Correction in GET users/lookup Documentation
Hi Mo, This is now updated. Sorry about the confusion. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 27, 2010 at 9:10 AM, Mo maur...@moluv.com wrote: For the GET users/lookup documentation at http://dev.twitter.com/doc/get/users/lookup, the example URLs under Parameters Optional look like http://api.twitter.com/1/users/lookup.xml?user_ids=user_id=1401881,1401882 and http://api.twitter.com/1/users/lookup.xml?screen_names=screen_name=dougw,raffi but, SHOULD BE http://api.twitter.com/1/users/lookup.xml?user_id=1401881,1401882 and http://api.twitter.com/1/users/lookup.xml?screen_name=dougw,raffi Thx http://www.pay4tweet.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Schedule for API call rate increases with oAuth?
hi ron. i'm just seeing you respond to every message in this thread lambasting oauth, so i figured it may be time to say something. i suggest you read up on the history of oauth? there are two reasons, that i care about, that oauth is important: 1. *minimizing the exposure of user's usernames and passwords*: in the base case, no - i don't trust random applications to have access to user's passwords. this is similar to the argument i made in this blog post: http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap. there are a few applications i trust more than i trust other apps: mail.app on my mac, for example, safari and chrome, for example. sure, its possible to attack those applications -- but, i believe, the probability of somebody managing an attack on those applications is significantly greater than the probability of an application, malicious or not, exposing a password. the password could be exposed for malicious means, or simply a bug. mail.app, safari, chrome, etc. have massive corporations who are very much incentivized to patch/update them if there is a security problem. random-twitter-app? not so much. (a different argument on this theme, however, is whether users care about this) 2. *providing differing levels of access*: twitter implements read and read/write as access profiles on applications. it is possible to give an application only read access to your account, which means that it cannot post a status update -- only read your timeline and such. this is not possible in a world where you are handing out your password. if a user's password is giving to a third party application, then all the permissions of a user is exposed. sure - i also have interests regarding visibility into the platform (if an application has a bug, we can trivially figure out which application it is; if a user is curious which app is reading my DMs we will be able to tell them, etc.). but i also really do care about the security of users. Some of you talk about an app as if it were a person. Sure, apps could be malicious, but that includes every app on your computer - doesn't it? Why should you assume some of the apps handling your credentials can be more trustworthy than others? Any app that is on your computer while you type your username/password can potentially obtain that information. And what about the app at the far end of the Internet that may be pretending to be Twitter's authorization page? Frankly, I think the whole argument about malicious apps is a little over the top for an OAuth discussion. Why would you believe that basic auth developers are required to store passwords in plain-text...? I'm a basic auth developer, and I have always stored username/passwords encrypted in a access protected keychain file. I do not know of a single developer of any platform that would be so irresponsible as to store username/passwords in plain text - well until now. :) Twitter's only interest in OAuth (like any other platform provider) is to control access to their platform at an application level, and to allow other platform providers access to their users' data. This altruistic nonsense about Twitter being more interested in your personal password protection than your bank, your online stock trading company, or the IRS, is just that - nonsense. There's nothing wrong with Twitter's decision to implement OAuth. I makes perfect sense. I'd do it, if I were in their shoes. Why are so many of you rushing to their defense with these manufactured alternative reasons for why they are implementing it? On Apr 27, 5:52 am, glenn gillen gl...@rubypond.com wrote: Anytime you enter your credentials, regardless of where, you open yourself to being snooped. I believe that is far less likely when communicating with YOUR app on YOUR computer, than it is via a browser over the open Internet to a 3rd party that may or may not be who you think it is... Supporting this option though Twitter is dependent on the security procedures of every 3rd party to maintain the integrity of an account. WithOAuthat least should an individual 3rd party have their security breached then access to just that 3rd party can be terminated. Also with basic auth developers are required to store passwords in plain-text (or at least in some retrievable form) and as someone else has already pointed out with the propensity for users to use the same password on many services this exposes them to undue risk from a breach of a 3rd party or via a malicious developer. I'd sleep much easier at night if I didn't know anybody else's password, I'm sure the Twitter team would prefer if only a user knew their own password too. -- Glennhttp://glenngillen.com/ -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform
[twitter-dev] Re: Schedule for API call rate increases with oAuth?
Hi Raffi, Didn't mean to sound like lambasting. I have read the history on OAuth, which is why I commented as I did. I agree with both of your points. Both are very good reasons to implement OAuth. I just don't believe protecting users against their own app is a fundamental reason to implement OAuth, nor is safeguarding user credential databases against hacker attacks. The suggestion that these were some of the primary benefits of implementing OAuth sounded like spin to me, so I said so. I've implemented OAuth some time ago, with no real issues. For the environment Twitter is in, I think it makes perfect sense. My BS sensors went off at some of the comments I saw circulating as to what OAuth's principal benefits are. But if you'd rather not see any dissenting opinions expressed on this forum, I can happily keep my thoughts to myself. Ron On Apr 27, 11:29 am, Raffi Krikorian ra...@twitter.com wrote: hi ron. i'm just seeing you respond to every message in this thread lambasting oauth, so i figured it may be time to say something. i suggest you read up on the history of oauth? there are two reasons, that i care about, that oauth is important: 1. *minimizing the exposure of user's usernames and passwords*: in the base case, no - i don't trust random applications to have access to user's passwords. this is similar to the argument i made in this blog post: http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap. there are a few applications i trust more than i trust other apps: mail.app on my mac, for example, safari and chrome, for example. sure, its possible to attack those applications -- but, i believe, the probability of somebody managing an attack on those applications is significantly greater than the probability of an application, malicious or not, exposing a password. the password could be exposed for malicious means, or simply a bug. mail.app, safari, chrome, etc. have massive corporations who are very much incentivized to patch/update them if there is a security problem. random-twitter-app? not so much. (a different argument on this theme, however, is whether users care about this) 2. *providing differing levels of access*: twitter implements read and read/write as access profiles on applications. it is possible to give an application only read access to your account, which means that it cannot post a status update -- only read your timeline and such. this is not possible in a world where you are handing out your password. if a user's password is giving to a third party application, then all the permissions of a user is exposed. sure - i also have interests regarding visibility into the platform (if an application has a bug, we can trivially figure out which application it is; if a user is curious which app is reading my DMs we will be able to tell them, etc.). but i also really do care about the security of users. Some of you talk about an app as if it were a person. Sure, apps could be malicious, but that includes every app on your computer - doesn't it? Why should you assume some of the apps handling your credentials can be more trustworthy than others? Any app that is on your computer while you type your username/password can potentially obtain that information. And what about the app at the far end of the Internet that may be pretending to be Twitter's authorization page? Frankly, I think the whole argument about malicious apps is a little over the top for an OAuth discussion. Why would you believe that basic auth developers are required to store passwords in plain-text...? I'm a basic auth developer, and I have always stored username/passwords encrypted in a access protected keychain file. I do not know of a single developer of any platform that would be so irresponsible as to store username/passwords in plain text - well until now. :) Twitter's only interest in OAuth (like any other platform provider) is to control access to their platform at an application level, and to allow other platform providers access to their users' data. This altruistic nonsense about Twitter being more interested in your personal password protection than your bank, your online stock trading company, or the IRS, is just that - nonsense. There's nothing wrong with Twitter's decision to implement OAuth. I makes perfect sense. I'd do it, if I were in their shoes. Why are so many of you rushing to their defense with these manufactured alternative reasons for why they are implementing it? On Apr 27, 5:52 am, glenn gillen gl...@rubypond.com wrote: Anytime you enter your credentials, regardless of where, you open yourself to being snooped. I believe that is far less likely when communicating with YOUR app on YOUR computer, than it is via a browser over the open Internet to a 3rd party that may or may not be
Re: [twitter-dev] xAuth Approval?
On 04/27/2010 04:53 AM, John Meyer wrote: On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote: Yeah ... but I *like* having the browser involved. Which is fine. However, there are other people who don't like getting the browser involved (people making command line Linux programs, for instance, or people exposing their own APIs that interact with Twitter). Well ... there's Lynx. ;-) But seriously, I make command-line Linux Twitter programs for my own use all the time, and I released four of them as open source projects. *But*: 1. Those only use API calls that don't require authentication. 2. They are free as in beer as well as in freedom. There are exactly *zero* potential *paying* customers for a command-line Linux program. Let me quote two paragraphs from the Twitter Security Best Practices web page: Be sure that you're not exposing sensitive information through debugging screens/logs. Some web frameworks make it easy to access debugging information if your application is not properly configured. For desktop and mobile developers, it's easy to accidentally ship a build with debugging flags or symbols enabled. Build checks for these configurations into your deployment/build process. As aforementioned, for optimal security you should be using OAuth. But once you have a token with which to make requests on behalf of a user, where do you put it? Ideally, in an encrypted store managed by your operating system. On Mac OS X, this would be the Keychain. In the GNOME desktop environment, there's the Keyring. In the KDE desktop environment, there's KWallet. If you're building desktop applications that you are going to ask people to pay for, you 1. *Must* have a better user interface than a command line, 2. *Must* adhere to the Twitter security best practices, including the two I've highlighted, and 3. In all probability *shouldn't* waste your time building a Linux version. Windows is 89-90 percent of the desktop market, Macintosh is 9 - 10 percent, and Linux is 1 percent. -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
On Apr 26, 2010, at 8:54 PM, Raffi Krikorian wrote: xAuth is a method for which to exchange usernames and passwords for those tokens, without send the user through the workflow. this is for two reasons: 1. mobile/desktop application authors have complained that it makes their UX fugly when they bring up a web browser (i'll hold my opinions on this); and 2. web applications that have been storing usernames and passwords need a method to bulk convert all their users over to oauth tokens. and 3. Browserless environments. I'm pretty sure that was one of the initial motivators way back when the crud was flying. Yeah ... but I *like* having the browser involved. +1 ! It's so tempting to respond in kind to that sort of professionalism. Isaiah -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Mudança, OAuth
Olá eu estou desenvolvendo um aplicativo utilizando os XMLs (Timeline resourses) do Twitter, como trabalho de graduação de faculdade, onde nenhum deles requer autentificação... gostaria de saber se esta mudança que irá ocorrer no dia 30/06 irá afetar a utilização destes XMLs.. Aguardo retorno. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Schedule for API call rate increases with oAuth?
I've implemented OAuth some time ago, with no real issues. For the environment Twitter is in, I think it makes perfect sense. My BS sensors went off at some of the comments I saw circulating as to what OAuth's principal benefits are. But if you'd rather not see any dissenting opinions expressed on this forum, I can happily keep my thoughts to myself. dissenting opinions are ALWAYS WELCOME. i just wanted to provide some of my opinion to the story. i think, like everything, there are shades of gray. On Apr 27, 11:29 am, Raffi Krikorian ra...@twitter.com wrote: hi ron. i'm just seeing you respond to every message in this thread lambasting oauth, so i figured it may be time to say something. i suggest you read up on the history of oauth? there are two reasons, that i care about, that oauth is important: 1. *minimizing the exposure of user's usernames and passwords*: in the base case, no - i don't trust random applications to have access to user's passwords. this is similar to the argument i made in this blog post: http://mehack.com/xauth-and-perhaps-the-need-for-socializing-ap. there are a few applications i trust more than i trust other apps: mail.app on my mac, for example, safari and chrome, for example. sure, its possible to attack those applications -- but, i believe, the probability of somebody managing an attack on those applications is significantly greater than the probability of an application, malicious or not, exposing a password. the password could be exposed for malicious means, or simply a bug. mail.app, safari, chrome, etc. have massive corporations who are very much incentivized to patch/update them if there is a security problem. random-twitter-app? not so much. (a different argument on this theme, however, is whether users care about this) 2. *providing differing levels of access*: twitter implements read and read/write as access profiles on applications. it is possible to give an application only read access to your account, which means that it cannot post a status update -- only read your timeline and such. this is not possible in a world where you are handing out your password. if a user's password is giving to a third party application, then all the permissions of a user is exposed. sure - i also have interests regarding visibility into the platform (if an application has a bug, we can trivially figure out which application it is; if a user is curious which app is reading my DMs we will be able to tell them, etc.). but i also really do care about the security of users. Some of you talk about an app as if it were a person. Sure, apps could be malicious, but that includes every app on your computer - doesn't it? Why should you assume some of the apps handling your credentials can be more trustworthy than others? Any app that is on your computer while you type your username/password can potentially obtain that information. And what about the app at the far end of the Internet that may be pretending to be Twitter's authorization page? Frankly, I think the whole argument about malicious apps is a little over the top for an OAuth discussion. Why would you believe that basic auth developers are required to store passwords in plain-text...? I'm a basic auth developer, and I have always stored username/passwords encrypted in a access protected keychain file. I do not know of a single developer of any platform that would be so irresponsible as to store username/passwords in plain text - well until now. :) Twitter's only interest in OAuth (like any other platform provider) is to control access to their platform at an application level, and to allow other platform providers access to their users' data. This altruistic nonsense about Twitter being more interested in your personal password protection than your bank, your online stock trading company, or the IRS, is just that - nonsense. There's nothing wrong with Twitter's decision to implement OAuth. I makes perfect sense. I'd do it, if I were in their shoes. Why are so many of you rushing to their defense with these manufactured alternative reasons for why they are implementing it? On Apr 27, 5:52 am, glenn gillen gl...@rubypond.com wrote: Anytime you enter your credentials, regardless of where, you open yourself to being snooped. I believe that is far less likely when communicating with YOUR app on YOUR computer, than it is via a browser over the open Internet to a 3rd party that may or may not be who you think it is... Supporting this option though Twitter is dependent on the security procedures of every 3rd party to maintain the integrity of an account. WithOAuthat least should an individual 3rd party have their security
Re: [twitter-dev] xAuth Approval?
On 4/27/2010 10:59 AM, M. Edward (Ed) Borasky wrote: On 04/27/2010 04:53 AM, John Meyer wrote: On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote: Yeah ... but I *like* having the browser involved. Which is fine. However, there are other people who don't like getting the browser involved (people making command line Linux programs, for instance, or people exposing their own APIs that interact with Twitter). Well ... there's Lynx. ;-) But seriously, I make command-line Linux Twitter programs for my own use all the time, and I released four of them as open source projects. *But*: 1. Those only use API calls that don't require authentication. 2. They are free as in beer as well as in freedom. There are exactly *zero* potential *paying* customers for a command-line Linux program. Yours might, but as you know about Open Source, the whole point is that people can choose and some may choose to use certain calls that require authentication. And what does charging money have to do with anything? -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Correction in GET users/lookup Documentation
Nice! That was fast. Thanks Taylor. -Mo On Apr 27, 12:16 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Mo, This is now updated. Sorry about the confusion. Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 27, 2010 at 9:10 AM, Mo maur...@moluv.com wrote: For the GET users/lookup documentation at http://dev.twitter.com/doc/get/users/lookup, the example URLs under Parameters Optional look like http://api.twitter.com/1/users/lookup.xml?user_ids=user_id=1401881,14... and http://api.twitter.com/1/users/lookup.xml?screen_names=screen_name=do... but, SHOULD BE http://api.twitter.com/1/users/lookup.xml?user_id=1401881,1401882 and http://api.twitter.com/1/users/lookup.xml?screen_name=dougw,raffi Thx http://www.pay4tweet.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Chirp Streaming API Slides -- Streaming API Architecture Thinking In Streams
I've posted the slides from my two #chirp talks on the Streaming API on slideshare.net: Twitter Streaming API Architecture: http://bit.ly/chirpstreamarch Thinking In Streams: http://bit.ly/chirpthinkstream2 -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
On 04/27/2010 10:18 AM, John Meyer wrote: On 4/27/2010 10:59 AM, M. Edward (Ed) Borasky wrote: On 04/27/2010 04:53 AM, John Meyer wrote: On 4/26/2010 8:59 PM, M. Edward (Ed) Borasky wrote: Yeah ... but I *like* having the browser involved. Which is fine. However, there are other people who don't like getting the browser involved (people making command line Linux programs, for instance, or people exposing their own APIs that interact with Twitter). Well ... there's Lynx. ;-) But seriously, I make command-line Linux Twitter programs for my own use all the time, and I released four of them as open source projects. *But*: 1. Those only use API calls that don't require authentication. 2. They are free as in beer as well as in freedom. There are exactly *zero* potential *paying* customers for a command-line Linux program. Yours might, but as you know about Open Source, the whole point is that people can choose and some may choose to use certain calls that require authentication. And what does charging money have to do with anything? Charging money is how we pay our expenses and earn enough profit to invest in research and development for the next generation applications. ;-) -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] countdown to OAuth / basic auth removal / OAuthcalypse
For your amusement: http://cheezburger.com/View/3463514112 -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
On 4/27/2010 11:35 AM, M. Edward (Ed) Borasky wrote: ours might, but as you know about Open Source, the whole point is that people can choose and some may choose to use certain calls that require authentication. And what does charging money have to do with anything? I presume that we are talking about the difference and relative advantages of being able to log in browserlessly vs logging in with a system that requires opening a browser, at least on the initial use. Again, what dose money have to do with that one way or another? -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Mudança, OAuth
If Google translated your text correctly I understand you to be asking if the deprecation of BasicAuth in June will affect your use of non-authenticated timeline API methods. The answer would be no. Non-authenticated timelines will remain accessible without authentication. Se o Google traduziu o texto corretamente eu entendo que você esteja perguntando se a desaprovação de BasicAuth de Junho, irá afectar a sua utilização de métodos não-autenticadas cronograma API. A resposta seria não. Linha do tempo não-autenticadas permanecerá acessível sem autenticação. Traduzido usando http://translate.google.com/ Abraham 2010/4/27 gust4vo gust4v...@gmail.com Olá eu estou desenvolvendo um aplicativo utilizando os XMLs (Timeline resourses) do Twitter, como trabalho de graduação de faculdade, onde nenhum deles requer autentificação... gostaria de saber se esta mudança que irá ocorrer no dia 30/06 irá afetar a utilização destes XMLs.. Aguardo retorno. -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Re: Chirp Streaming API Slides -- Streaming API Architecture Thinking In Streams
Awesome! I've been looking forward to it. Any word on the other's slides? I was told they would all be posted after @chirp. Jonathon On Apr 27, 1:29 pm, John Kalucki j...@twitter.com wrote: I've posted the slides from my two #chirp talks on the Streaming API on slideshare.net: Twitter Streaming API Architecture:http://bit.ly/chirpstreamarch Thinking In Streams:http://bit.ly/chirpthinkstream2 -John Kaluckihttp://twitter.com/jkalucki Infrastructure, Twitter Inc. -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Re: Chirp Streaming API Slides -- Streaming API Architecture Thinking In Streams
On Apr 27, 2010, at 10:51 AM, Jonathon Hill wrote: Awesome! I've been looking forward to it. Any word on the other's slides? I was told they would all be posted after @chirp. Many slides from Chirp are on www.slideshare.net Mine's here: http://www.slideshare.net/netik/billions-of-hits-scaling-twitter The rest are available through a search: http://www.slideshare.net/search/slideshow?q=chirp -j -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
[twitter-dev] Re: Is /users/show broken or is it just me?
Thanks. Posted. R. On Apr 25, 3:51 pm, Mark McBride mmcbr...@twitter.com wrote: I can reproduce this, so we should be good to go. Can one of you open an issue on the code tracker so we can track it? ---Mark http://twitter.com/mccv On Sun, Apr 25, 2010 at 11:25 AM, Ryan Rosario uclamath...@gmail.com wrote: Here are the ones I have found so far. For the first one, I am able to reproduce the error on this one cursor. http://api.twitter.com/1/statuses/followers/pothos.json?cursor=129860... User numeric ID: 3598791 (cursor unknown) R. On Apr 25, 10:26 am, Raffi Krikorian ra...@twitter.com wrote: this shouldn't happen - feel free to give a sample of the poison user IDs, and we'll investigate them. we already have one, and we'll look into more. On Sun, Apr 25, 2010 at 10:16 AM, Ryan Rosario uclamath...@gmail.comwrote: I've found that all of my 500 isses are related to poison users. For whatever reason, I can never get their followers. I retry on 500, so I end up with an infinite loop of 500s for these users. When 500s happen with other users, my program usually succeeds after 1 or 2 retries. The only way to resolve it is to kill my process, add the user to a blacklist, and start over. It's really frustrating. Ryan On Apr 25, 5:31 am, Dossy Shiobara do...@panoptic.com wrote: From my logged errors ... here's an example: http://api.twitter.com/1/users/show.xml?id=4583991 On 4/25/10 12:37 AM, Mark McBride wrote: Without more details this is going to be really hard to troubleshoot. Can you reliably reproduce this? What are the exact URIs you're calling that return 500s? What user are you using to make these calls? What authentication method? -- Dossy Shiobara | do...@panoptic.com |http://dossy.org/ Panoptic Computer Network |http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70) -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
[twitter-dev] dev.twitter.com usability - FAIL
The new dev.twitter.com website that launched at Chirp a few weeks ago is very nice and attractive but there are several major usability issues: * The new API documentation does not provide return values of the API calls. The old wiki provided this information, along with usage notes that are not present either on the new site. * It is difficult to look up API endpoints required for a given type of functionality. If you don't remember the exact endpoint to look for, it can be frustrating trying to find the right one. This would easily be fixed using a more descriptive list of endpoints, and/or more visual contrast between headings and list items. * I tend to overlook the endpoint description in the blue header section. My eyes expect it in the white area below. Please move it, and make it stand out more. * The Supported formats, Supported request methods, Requires Authentication, and Rate Limited sections use up an awful lot of vertical space on the page unnecessarily. Making each one of these a heading also dilutes the visual hierarchy on the page and takes away from more detailed and important information on the page, from a reference standpoint. I think these would be more effectively presented as a list under a Metadata heading, or as a small table. * The API console is very restricted without login and registration of an app. I think this is a mistake. Login should be required only for those calls that require authentication. * The API console would be much easier to use if there were parameter hints for each call on the page somewhere. Prepopulating the parameter list would be awesome! These are all things that have been kindof in my face as I've tried to use dev.twitter.com in my day to day development work. I would be delighted if you would address these issues. Thanks! Jonathon Hill Company52 http://company52.com @compwright
Re: [twitter-dev] dev.twitter.com usability - FAIL
Thanks for the feedback, Jonathon. We're working to address all these pain points on an ongoing basis. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 27, 2010 at 2:17 PM, Jonathon Hill jhill9...@gmail.com wrote: The new dev.twitter.com website that launched at Chirp a few weeks ago is very nice and attractive but there are several major usability issues: * The new API documentation does not provide return values of the API calls. The old wiki provided this information, along with usage notes that are not present either on the new site. * It is difficult to look up API endpoints required for a given type of functionality. If you don't remember the exact endpoint to look for, it can be frustrating trying to find the right one. This would easily be fixed using a more descriptive list of endpoints, and/or more visual contrast between headings and list items. * I tend to overlook the endpoint description in the blue header section. My eyes expect it in the white area below. Please move it, and make it stand out more. * The Supported formats, Supported request methods, Requires Authentication, and Rate Limited sections use up an awful lot of vertical space on the page unnecessarily. Making each one of these a heading also dilutes the visual hierarchy on the page and takes away from more detailed and important information on the page, from a reference standpoint. I think these would be more effectively presented as a list under a Metadata heading, or as a small table. * The API console is very restricted without login and registration of an app. I think this is a mistake. Login should be required only for those calls that require authentication. * The API console would be much easier to use if there were parameter hints for each call on the page somewhere. Prepopulating the parameter list would be awesome! These are all things that have been kindof in my face as I've tried to use dev.twitter.com in my day to day development work. I would be delighted if you would address these issues. Thanks! Jonathon Hill Company52 http://company52.com @compwright
[twitter-dev] TwitterVB now supports xAuth
http://twittervb.codeplex.com Thanks to the Twitter team and Duane for all the help implementing this just as I was about to give up on it.
[twitter-dev] Re: Major access_token issues when using valid PIN as verifier
Okay well I have figured out the issue, so I will post my findings for those out there who come across similar issues with this library. The library assumes that the verifier is of type integer and if it is a string will attempt to iterate through it causing the library to produce an oauth_verifier parameter for each digit in the PIN number. This was discovered via packet analysis made by Wireshark. Hope this information is of use to someone. On Apr 27, 11:02 am, Alec Hussey admin.maddo...@gmail.com wrote: Hey everyone, I am developing a desktop twitter client in Python and Qt4 using python-oauth2 for authentication. I am having issues getting an access token using the verifier that the user enters via a dialog. I have checked to make sure everything entered was correctly passed and correctly type casted. The twitter server returns invalid oauth_verifier parameter and the code for this function is as follows: �...@staticmethod def sendRequest(method, httpmethod, args, auth=False): settings = QSettings(Constants.COMPANY, Constants.PRODUCT) params = urllib.urlencode(args) if auth: if not settings.value(oauth_token).toPyObject(): # Get request token from server consumer = oauth2.Consumer(Constants.OAUTH_CONSUMER_KEY, \ Constants.OAUTH_CONSUMER_SECRET) client = oauth2.Client(consumer) response, content = client.request(http://api.twitter.com/oauth/ request_token, GET) request_token = dict(urlparse.parse_qsl(content)) if response['status'] != 200: print request_token raise Exception(Failed to get request token, server returned: %s %s % (response['status'], content)) # Open twitter authorization dialog and get PIN if needed if not settings.value(oauth_verifier).toPyObject(): dialog = TwitterAuthorizeDialog(request_token) dialog.exec_() settings.setValue(oauth_verifier, dialog.getVerifier()) # Create new token with oauth verifier and initialize the client token = oauth2.Token(request_token['oauth_token'], request_token['oauth_token_secret']) token.set_verifier(settings.value(oauth_verifier).toPyObject()) client = oauth2.Client(consumer, token) # Lastly, get the access token from the server response, content = client.request(http://api.twitter.com/oauth/ access_token, POST) access_token = dict(urlparse.parse_qsl(content)) if response['status'] != 200: print access_token raise Exception(Failed to get access token, server returned: %s %s % (response['status'], content)) # Reinitialize client using access token and store the token token = oauth2.Token(access_token['oauth_token'], access_token['oauth_token_secret']) settings.setValue(oauth_token, token) client = oauth2.Client(consumer, settings.value(oauth_token).toPyObject()) response, content = client.request(http://api.twitter.com%s.json; % method, httpmethod, params) return json.loads(response.read(), encoding=utf-8) else: try: http = httplib.HTTPConnection(api.twitter.com) http.request(GET, method + .json, params) response = http.getresponse() if response.status != 200: raise Exception(Failed to download data, server returned: %d %s % (response.status, response.reason)) return None return json.loads(response.read(), encoding=utf-8) except: raise Exception(Failed to connect to the twitter service.) return None Any help or suggestions would be greatly appreciated. -- Alec Hussey -- Subscription
[twitter-dev] SSL for anywhere.js
Hi there, Are you planning to support SSL for loading anywhere.js (https:// platform.twitter.com/anywhere.js... would be great and particularly helpful). Thanks! Brian
[twitter-dev] To Raffi or Taylor re: xAuth
On the xAuth page you say Storage of Twitter usernames and passwords is forbidden. Now given that you don't want applications needlessly querying the system and you've encouraged caching of information that isn't likely to change overtime (such as a username, screenname, etc), would I be incorrect in presuming that you are more focused in not having the password stored than the username?
Re: [twitter-dev] To Raffi or Taylor re: xAuth
The twitter screen name is less of a concern, yes John. But a Twitter username can take an email address also, which isn't information otherwise provided by the API and is personally identifiable and especially dangerous when stored in conjunction with a password. A screen name, in context with data we return to you falls under our rather liberal caching policies -- you get the screen name along with the user id as a response to a valid access token request. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Tue, Apr 27, 2010 at 3:28 PM, John Meyer john.l.me...@gmail.com wrote: On the xAuth page you say Storage of Twitter usernames and passwords is forbidden. Now given that you don't want applications needlessly querying the system and you've encouraged caching of information that isn't likely to change overtime (such as a username, screenname, etc), would I be incorrect in presuming that you are more focused in not having the password stored than the username?
Re: [twitter-dev] To Raffi or Taylor re: xAuth
On 4/27/2010 4:38 PM, Taylor Singletary wrote: The twitter screen name is less of a concern, yes John. But a Twitter username can take an email address also, which isn't information otherwise provided by the API and is personally identifiable and especially dangerous when stored in conjunction with a password. A screen name, in context with data we return to you falls under our rather liberal caching policies -- you get the screen name along with the user id as a response to a valid access token request. but you're more concerned with the two being stored in such a manner (i.e. together) that a person could use that information to access a Twitter account outside of the oAuth? and as far as the e-mail is concerned, a lot of sites also register their users through e-mail addresses on their own.
[twitter-dev] statuses/friends cursor parameter
Hi all, I working on statuses/friends with cursor parameters. I want pagination my followings in website. my request is : http://twitter.com/statuses/friends.xml?cursor=-1 and return data is: ... next_cursor1329477546142748864/next_cursor previous_cursor-1331116572085043462/previous_cursor ... Everything is OK! but previous_cursor not working. my previous_cursor URL is : http://twitter.com/statuses/friends.xml?cursor=-1331116572085043462 and return data is: users_list users type=array /users next_cursor0/next_cursor previous_cursor0/previous_cursor /users_list oops! is it normal? I try removed minus sign but arrived data yet another page.
[twitter-dev] Properties and Methods of T object of @anywhere
I was wondering what the properties and methods of the T object are in @anywhere? I'm looking at the documentation and I see t.currentUser and t.isConnected but a full list of the properties is not in the @anywhere documentation. Also I am using @anywhere to login but I also have some server side code with java. Is there a way that I can pass the credentials of the @anywhere logged in user to the server side code? Or does that happen automatically (once someone authorizes the Twitter application via @anywhere a server side library with the same apikey and secretkey is authorized). Thanks.
Re: [twitter-dev] xAuth Approval?
On Tue, Apr 27, 2010 at 2:35 PM, M. Edward (Ed) Borasky zn...@comcast.net wrote: Charging money is how we pay our expenses and earn enough profit to invest in research and development for the next generation applications. ;-) Just because it's open source it doesn't mean you can't charge for it. So I'm guessing that's what John Meyer asked what open source have to with money. As a matter of fact, Richard Stallman, to fund the development of the GNU system, was selling copies of Emacs. Of course, it was not licenses (like every big company do these days), but his work and the media. -- Julio Biason julio.bia...@gmail.com Twitter: http://twitter.com/juliobiason
Re: [twitter-dev] xAuth Approval?
On 4/27/2010 5:53 PM, Julio Biason wrote: se it's open source it doesn't mean you can't charge for it. So I'm guessing that's what John Meyer asked what open source have to with money. Actually what I was asking is what did money have to do with the way that our applications authenticate themselves to Twitter (either through Basic, oAuth or xAuth) and the method that we preferred based upon our application. I never intended an open source vs money arguement; what I was trying to say is that while he had one way of doing a CLI client I may have another that does require authentication. So why should mine have to potentially break the application by using a browser?
[twitter-dev] @anywhere Current user properties are undefined
I'm working with the @anywhere api and trying to do a authcomplete span id=twitter-login-box/span script type=text/javascript twttr.anywhere(function (T) { if(T.isConnected()){ twttr.anywhere.signOut(); } T(#twitter-login-box).connectButton({ size: large, authComplete: function(user) { // triggered when auth completed successfully window.location.href = /twitter/twitterlogin.jsp? twitterid=+T.currentUser.id; } }); }); /script It keeps saying id is undefined and I tried other properties as well. Anyone have an idea what is going on? Thanks
Re: [twitter-dev] xAuth Approval?
On 04/27/2010 04:53 PM, Julio Biason wrote: On Tue, Apr 27, 2010 at 2:35 PM, M. Edward (Ed) Borasky zn...@comcast.net wrote: Charging money is how we pay our expenses and earn enough profit to invest in research and development for the next generation applications. ;-) Just because it's open source it doesn't mean you can't charge for it. So I'm guessing that's what John Meyer asked what open source have to with money. As a matter of fact, Richard Stallman, to fund the development of the GNU system, was selling copies of Emacs. Of course, it was not licenses (like every big company do these days), but his work and the media. I wasn't saying you couldn't charge for open source software. I was saying you'd have a tough time getting people to pay for *command line* tools. Sorry if I wasn't clear about that. -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős
Re: [twitter-dev] xAuth Approval?
On 04/27/2010 05:00 PM, John Meyer wrote: On 4/27/2010 5:53 PM, Julio Biason wrote: se it's open source it doesn't mean you can't charge for it. So I'm guessing that's what John Meyer asked what open source have to with money. Actually what I was asking is what did money have to do with the way that our applications authenticate themselves to Twitter (either through Basic, oAuth or xAuth) and the method that we preferred based upon our application. I never intended an open source vs money arguement; what I was trying to say is that while he had one way of doing a CLI client I may have another that does require authentication. So why should mine have to potentially break the application by using a browser? It shouldn't. But mine will use the browser. And I will charge money for it. It may or may not be open source - as people have pointed out, there are precedents for charging money for open source software. -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős
[twitter-dev] server app publishing twitter status updates with oauth?
Hi All, We currently have a java application running on a server (no user interface) that publishes twitter status updates about new special deals to one single twitter account. Users follow this account to receive info about these specials. This app currently uses basic authentication, so we'll need to update it to use oauth. However I'm a little confused about what steps I need to take. Advice will be appreciated. Currently the code uses standard Java APIs to open a connection and manually build a POST request (including basic-auth headers); this is about 15 lines of Java code. The sole twitter account name and password are stored in a configuration file on the server. Questions: (1) Do I need to register an application here? http://twitter.com/oauth_clients/new Note that this app isn't something that users can download or directly interact with. (2) Do I need to define a connection for the twitter account for this app? As I understand it, the option to allow a connection from the twitter account only pops up after I have used a browser to log in using the url generated by a getRequestToken call from my app. But my app doesn't have a UI, and doesn't expect any users to log in via browsers. Is there perhaps some tool that I can paste the consumer key into, and which will then do the getRequestToken + print the resulting URL so I can then define a connection from the target twitter account? (3) Is xAuth the correct protocol to use here? There is only one user (twitter account) used by this app. (4) Is there a good example of doing xauth followed by a simple status- update in Java? Libraries like twitter4j or signpost seem like overkill for this situation, given that the current basic-auth implementation is about 15 lines of java. Thanks, Simon
Re: [twitter-dev] xAuth Approval?
On 4/27/2010 8:29 PM, M. Edward (Ed) Borasky wrote: On 04/27/2010 05:00 PM, John Meyer wrote: On 4/27/2010 5:53 PM, Julio Biason wrote: se it's open source it doesn't mean you can't charge for it. So I'm guessing that's what John Meyer asked what open source have to with money. Actually what I was asking is what did money have to do with the way that our applications authenticate themselves to Twitter (either through Basic, oAuth or xAuth) and the method that we preferred based upon our application. I never intended an open source vs money arguement; what I was trying to say is that while he had one way of doing a CLI client I may have another that does require authentication. So why should mine have to potentially break the application by using a browser? It shouldn't. But mine will use the browser. And I will charge money for it. It may or may not be open source - as people have pointed out, there are precedents for charging money for open source software. Okay do you mean that it shouldn't as in you don't think that I should have to use a browser to access it, or do you mean that it shouldn't in taht you don't think that me having to use a browser will break the interface?
[twitter-dev] Re: Increasing 502/503 errors on Search API
My program that uses the search API has over the past couple of days been getting a lot of 502 errors. On Apr 26, 5:15 pm, mikawhite mikawh...@me.com wrote: Unit = an 'internal tweet' for each null/502/503 result from the Search API. -- Subscription settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] xAuth Approval?
On 04/27/2010 08:00 PM, John Meyer wrote: On 4/27/2010 8:29 PM, M. Edward (Ed) Borasky wrote: On 04/27/2010 05:00 PM, John Meyer wrote: On 4/27/2010 5:53 PM, Julio Biason wrote: se it's open source it doesn't mean you can't charge for it. So I'm guessing that's what John Meyer asked what open source have to with money. Actually what I was asking is what did money have to do with the way that our applications authenticate themselves to Twitter (either through Basic, oAuth or xAuth) and the method that we preferred based upon our application. I never intended an open source vs money arguement; what I was trying to say is that while he had one way of doing a CLI client I may have another that does require authentication. So why should mine have to potentially break the application by using a browser? It shouldn't. But mine will use the browser. And I will charge money for it. It may or may not be open source - as people have pointed out, there are precedents for charging money for open source software. Okay do you mean that it shouldn't as in you don't think that I should have to use a browser to access it, or do you mean that it shouldn't in taht you don't think that me having to use a browser will break the interface? You shouldn't have to use a browser to access the Twitter allow/deny dialogue. But IIRC that's considered a best practice. I've never tried it with Lynx, either. ;-) -- M. Edward (Ed) Borasky borasky-research.net/m-edward-ed-borasky A mathematician is a device for turning coffee into theorems. ~ Paul Erdős
Re: [twitter-dev] Re: Is /users/show broken or is it just me?
And... now this user works. Can you still reproduce this issue? If so, can you get me a new set of user IDs? ---Mark http://twitter.com/mccv On Tue, Apr 27, 2010 at 1:47 PM, Ryan Rosario uclamath...@gmail.com wrote: Thanks. Posted. R. On Apr 25, 3:51 pm, Mark McBride mmcbr...@twitter.com wrote: I can reproduce this, so we should be good to go. Can one of you open an issue on the code tracker so we can track it? ---Mark http://twitter.com/mccv On Sun, Apr 25, 2010 at 11:25 AM, Ryan Rosario uclamath...@gmail.com wrote: Here are the ones I have found so far. For the first one, I am able to reproduce the error on this one cursor. http://api.twitter.com/1/statuses/followers/pothos.json?cursor=129860... User numeric ID: 3598791 (cursor unknown) R. On Apr 25, 10:26 am, Raffi Krikorian ra...@twitter.com wrote: this shouldn't happen - feel free to give a sample of the poison user IDs, and we'll investigate them. we already have one, and we'll look into more. On Sun, Apr 25, 2010 at 10:16 AM, Ryan Rosario uclamath...@gmail.comwrote: I've found that all of my 500 isses are related to poison users. For whatever reason, I can never get their followers. I retry on 500, so I end up with an infinite loop of 500s for these users. When 500s happen with other users, my program usually succeeds after 1 or 2 retries. The only way to resolve it is to kill my process, add the user to a blacklist, and start over. It's really frustrating. Ryan On Apr 25, 5:31 am, Dossy Shiobara do...@panoptic.com wrote: From my logged errors ... here's an example: http://api.twitter.com/1/users/show.xml?id=4583991 On 4/25/10 12:37 AM, Mark McBride wrote: Without more details this is going to be really hard to troubleshoot. Can you reliably reproduce this? What are the exact URIs you're calling that return 500s? What user are you using to make these calls? What authentication method? -- Dossy Shiobara | do...@panoptic.com |http://dossy.org/ Panoptic Computer Network |http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70) -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi