[twitter-dev] Re: Draft of List API documentation
Hi Marcel - First, thanks for the preview, this is very helpful. Second, a question: When retrieving an existing timeline such as / statuses/friends_timeline, or a list of friends from /statuses/ friends, will there be any indication in the output as to which list (s) the authenticated user is subscribed to that each friend is on? The use case I'm thinking of is list management from the timeline interface, where an end user might be able to see right there which list(s) a friend is on, or (more interestingly) which friends aren't on any of their lists yet. Thanks...
[twitter-dev] Re: OAuth client set to Read Write, but write access is denied
Access tokens that were obtained while the app was configured as read- only will remain read-only. They don't get converted to read/write when the app does. To obtain read/write tokens you'll have to revoke access to the app, then re-authenticate to it to get a read/write access token, as Abraham noted. On Sep 29, 1:03 pm, Spataro spat...@lexia.it wrote: Yes me too, now, 29-9-2009. My app was registered as read only, after I've changed in Read and Write, and it is correctly saved as read and write. But If I try to post I receive read only.
[twitter-dev] Re: HUGE PROBLEM with Direct Messages!
Also, go here: http://twitter.com/account/connections and see if there are any applications that you've authenticated to via OAuth that might be doing it. (That's the other way this can happen.) On Sep 5, 3:14 pm, Dewald Pretorius dpr...@gmail.com wrote: Change your Twitter password immediately. That can only happen if some rogue service has your password and sends DMs on your account. Changing your password should stop them dead in their tracks. Dewald On Sep 5, 12:02 pm, amylou61 aleach6...@gmail.com wrote: I've tried and tried for several MONTHS through all channels I can find, to get Twitter to fix this issue, but all I've gotten are automated mssages, and dropped problem tickets. I get Direct Messages that are shown to be from MYSELF, but I didn't send them. They are coming from a blog called The Way I See It, Too. I get them every day, sometimes several. I wish someone would help me.
[twitter-dev] Re: legal issues - is tweet an official verb in the US language?
On Aug 19, 8:59 am, David Fisher tib...@gmail.com wrote: Unless someone here is a lawyer, we should probably avoid legal debate- consult with each our own counsels, and move on to doing what we do best (coding). I find these debates are often filled with FUD, misinformation, speculation, a misunderstanding of law, etcOkay, Dad. I have another idea - you discuss what you wish, and I'll discuss what I wish, and you can maybe stop trying to tell others in this group what to do, which, I don't mean to be harsh, but you've been doing kind of a lot of lately and I doubt I'm the only one who's getting a little sick of it. I wasn't debating anything. Nicole asked about common words being trademarked, I noted two examples where it's happened. Thanks for jumping in there to save me from myself.
[twitter-dev] Re: storing access tokens
Storing access tokens - safely - is a generally accepted practice. On Aug 18, 8:32 am, AArruda arrud...@gmail.com wrote: I'm developing a mobile app for Twitter and i am thinking about storing the access tokens internally so the user won't have to go through the whole web authentication process every time the program is used. Is that a good practice, or are there any issues with this solution? Thanks!
[twitter-dev] Re: legal issues - is tweet an official verb in the US language?
On Aug 17, 8:06 am, Nicole Simon nee...@gmail.com wrote: Question: is to tweet an official word in the english language both american and english? as in widely used? does the US and UK trademark system reject such applications? Microsoft has a registered trademark on Windows. Apple Computer has a registered trademark on Apple.
Re: Absurd Misunderstanding of Open Anything (Was: [twitter-dev] Re: Open Auth)
On Aug 17, 4:55 pm, Chris Babcock cbabc...@kolonelpanic.org wrote: Silly me. I thought someone was talking about distributing source code. Building an enduser distribution is somewhat to entirely different. That's what I was getting at when I said a desktop or mobile device application - open source or closed. I think you're seeing the same challenge now that many of the rest of us are. Distributing an OSS server-side app is a cinch; as you said, you put Go get yourself some Twitter OAuth credentials in the README for developers who are using your code as the basis for their app. The hard part is distributing an end-user ready desktop app. OAuth's out-of-band auth flow is intended to solve this for non- browser based applications, but I think how the developer of such an app protects their client credentials was sort of left as an exercise for the reader. The trouble is, it's pretty much impossible. The problem we were left to solve appears unsolvable. This means someone has to go back to the drawing board. This is a really big, fatal flaw in OAuth that's going to have to be fixed somehow.
[twitter-dev] Re: When is whitelisting necessary?
I think the number of So how does whitelisting really work? threads that have taken place, and continue to take place on this list indicate a lack of clarity in documentation. Perhaps someone from Twitter can take the task of updating the rate limiting docs to more explicitly spell out how it actually works? Boaz - as the thread Srikanth referenced states, official word from Twitter is that you get 20,000 calls per hour *per user* from your whitelisted IP. (Of course, it's not that cut and dried - POSTs are different than GETs are different than searches, but in a nutshell you can expect to make 20,000 authenticated GETs per user per hour regardless of how many simultaneous users are on your site if your IP is whitelisted; they're not all sharing a single pool of 20,000 requests.) I'll leave it to you to decide if you need that or not. Most apps that are just acting as a client probably don't, but there are some edge cases where it's useful. For a long time I had no intentions of having Ambeur whitelisted, but now there's a feature I want to offer my users that I'll need it for, so I've applied. And no, I'm not telling you what the feature is. ;) On Aug 16, 1:22 pm, srikanth reddy srikanth.yara...@gmail.com wrote: http://groups.google.co.in/group/twitter-development-talk/browse_thre... On Sun, Aug 16, 2009 at 7:37 PM, Sam Street sam...@gmail.com wrote: Necessary, for example, if you use a particular account to notify your users of a certain event (sending them notifications). Large apps with high traffic might need to send over 150 alerts from the bot account per hour. Im thinking it's also used for apps that try to deliver tweets in 'realtime' by requesting the REST API very frequently rather than use the streaming APIs. Perhaps it's also used to make multiple requests to /users/show via a cronjob that makes sure all the user's of the site have an up to date profile image and background image cached. (If a user changes their profile picture on Twitter, your cached URL 404's) Anyway I've only used whitelisting for the first (notifying users when they are tagged into photos - or when they are invited to events on twappening.com) -Sam @sampiclihttp://twicli.com On Aug 16, 12:16 pm, boaz sapirb...@gmail.com wrote: Hello, I am new to Twitter API and I am trying to understand whether I should apply for whitelisting my application. The documentation says: IP whitelisting takes precedence to account rate limits. GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users. Therefore, IP-based whitelisting is a best practice for applications that request many users' data. However if for example 200 users are accessing twitter through my application in one hour, and each access from my app to twitter is done with the relevant end user as the twitter authenticated user, I can do 200*150=3 API calls in one hours without whitelisting the IP address, which is more than the 2 I could do with whitelisting. Can anyone give a counter example where whitelisting is absolutely necessary? Thank you, Boaz
[twitter-dev] Re: Rate Limiting Question
Holy Thanks, Chad. :) On Aug 13, 4:58 pm, Chad Etzel c...@twitter.com wrote: Hi There, What you all have been confirming is correct. The intended behavior is 20k per IP unauthenticated, and 20k per IP *per user* authenticated. This is not a bug. -Chad On Thu, Aug 13, 2009 at 4:43 PM, Abraham Williams4bra...@gmail.com wrote: I've been reading I have confirmed emails from 5 different threads for the last 2 weeks. Can we hold off until Chad gets back to us with an official answer. :) Thanks Abraham 2009/8/13 Dewald Pretorius dpr...@gmail.com Craig, I just ran a test, and I can also confirm what you have found. Unauthenticated calls decrease per IP 20,000 Authenticated calls decrease per-IP per-user 20,000 Dewald On Aug 13, 4:27 pm, CaMason stasisme...@googlemail.com wrote: The behaviour at the moment is definitely as-described above: Unauthenticated calls decrease IP 20,000 Authenticated calls decrease per-user 20,000 My app only uses authenticated calls during normal use, and the IP- based limit isn't decreasing at-all 20,000 per-user is pretty silly - With 1000 users, I would be allowed to make 5,555 calls per second. A max of say 500 authenticated calls per-user would be more sensible, and would allow apps with many users to scale :) -Craig -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: FW: Twitter is Suing me!!!
On Aug 12, 12:27 am, Jeremy Darling jeremy.darl...@gmail.com wrote: Seems lil twitter grew up and found lawyers. While I don't agree or like the product that Dean sells, I dis-agree more with the misuse of legal representation by a corporation even more. I remember when MS started this everyone threw stones (and courts threw it out), now twitter starts it and its OK!? I'm not expressing an opinion on this one way or the other, but what a lot of people don't realize about US trademark law is this: Twitter doesn't have a choice in this matter. They are *required* to actively defend their trademark, or they will lose it. This is how the law works, and it's why you often see companies taking seemingly unnecessary action against seemingly minor violations (not that I'm quantifying this as minor). They have to, that's all there is to it.
[twitter-dev] Re: Rate Limiting Question
Hi Chad - Now that the DDoS attacks are (sort of) behind us, can we seek some closure on this? I'm dying to know the official, undisputed, written- in-stone, we-can-finally-stop-arguing-about-it answer to the following (which I think simplifies the question): If my IP is whitelisted and I have 20 simultaneous users logged in to my app for 1 hour and each user generates 1,000 requests, have I used up my rate limit for that hour or could each user send 19,000 more requests? If it's the latter, is that a bug that's going to be fixed, or does Twitter really love us that much? :) On Aug 6, 1:04 pm, Chad Etzel c...@twitter.com wrote: Hi Dewald, I asked The Powers That Be about it, and that was the response I got. However, I am double and triple checking because that does soundtoogoodto betrue:)
[twitter-dev] Re: Weird oAuth behavior
Are you passing a callback_url parameter when you retrieve the request token? On Aug 8, 8:56 pm, Andy andyarn...@gmail.com wrote: My web app now thinks it's a desktop app and gives me a numeric code. I've tried switching the setting from one to the other, and then back again to see if that would help. No luck, I'm still given a code rather then being re-directed back to our web app. Anyone else with this issue?
[twitter-dev] Re: The silence is deafening....
On Aug 8, 6:33 pm, Dewald Pretorius dpr...@gmail.com wrote: However, I would hope that Twitter engineers are all in force at the office on a day like this to solve this issue and get our applications back up and running, regardless of whether it is Saturday, Sunday, or Christmas Day. I think you're making the assumption that because Chad is off the clock today, all of Twitter engineering is as well. Hint: Chad isn't Twitter engineering (or operations, for that matter), he's part-time support for API consumers. He's also in North Carolina, not SFO. Chad is not the one working to fend off the DDoS. I imagine there are a whole bunch of people on the West Coast running on very little sleep and way too much coffee trying to fight this thing. (None of this is meant to indict or vindicate anyone - I'm simply saying, don't take Chad has today off to mean Twitter's not doing anything.)
[twitter-dev] Re: The silence is deafening....
On Aug 9, 2:28 am, chinaski007 chinaski...@gmail.com wrote: You're wrong. If you check the tweets of the other main Twitter developers, you will see that they are doing sushi, rock concerts, weddings, watching movies on Saturday afternoon, etc. And while getting married is certainly a legitimate excuse, some of the other activities, during this major upheaval, are certainly questionable! Oh...I get it, you think that the developers are the right people to handle a DDoS attack. I'm afraid I have some bad news for you: you're wrong. And because not *all* the developers are sweating it out at Twitter HQ, that means no one's working on it. I can't argue with that logic. Seriously, I can't.
[twitter-dev] Re: The silence is deafening....
On Aug 9, 2:51 am, chinaski007 chinaski...@gmail.com wrote: And, by the way, if you're a deckhand on a submarine going down, you think you would go to a movie because it's your time off, or do whatever you can to help out? Submarines are supposed to go down. And I don't think you can really go to a movie if you're on one. See what I did there? I completely missed your point - as you missed mine. Mine was that Chad is not the one working on the problem, and that his being off has no bearing on how soon solutions will arive; he's not even in (either of) the right department(s). What was yours?
[twitter-dev] Re: The silence is deafening....
On Aug 9, 3:03 am, chinaski007 chinaski...@gmail.com wrote: Yep, for sure. And maybe the rash of new 200 errors I remember seeing 200 errors somewhere, but I didn't read the details. 200 means status okay, what's the indication of error? But WHO in API is day on to communicate with us? Now *that's* a fair question.
[twitter-dev] Re: The silence is deafening....
On Aug 9, 3:19 am, chinaski007 chinaski...@gmail.com wrote: My point was that my browsing of the tweetstreams of the Twitter engineers I am familiar with, ops and otherwise, reveals another normal weekend, with all the loveliness that the Bay Area has to offer... and while there may be a bunch of Keebler elves drinking coffee and working hard, I don't see much evidence of that from my sampling. Do you? If you mean sampling of their tweets, I don't follow any of them. If you mean sampling of the current API behavior, I have to admit I've been extremely lucky. I haven't really seen any issues since Thursday other than inability to initiate new sessions via OAuth - and everyone who uses my app already has a live session open, so as long as they don't hit the sign out button they should be fine. I'll say that I'm damn glad I didn't send out a bunch of beta invites Wednesday night as I was on the verge of doing, but instead decided to wait until Thursday morning. Now I'm waiting 'til Monday, or until things are back online, whichever comes later. I guess I'd actually have to say that yes, I have seen evidence of their work, though, in that the service has managed to make some considerable comebacks while the DDoS intensity has increased (or so we're told). Does that mean they're huddled around glowing monitors right this minute? No, it doesn't, and I don't think we've seen significant improvement since things largely came back on Friday. But honestly, I don't know what they can do in short order (mostly because I'm just a simple software engineer with a background in Unix systems administration, not a network guy).
[twitter-dev] Re: Something we CAN do
On Aug 9, 1:07 pm, Jesse Stay jesses...@gmail.com wrote: I'm really surprised at all the people having issues with 30* redirects when it's an HTTP standard in the first place. Don't be so quick to judge - Twitter's been sending 302's with a Location header that specifies a relative URL, which goes against the standard you speak of (RFC 1945). There's also the issue that many clients (including most or all browsers) incorrectly handle 302's, turning POSTs into GETs. This is why we now have 303 and 307. It's not as simple as you pretend. :) All that said, I agree with the spirit of your post. It would be good if our Twitter API-wrapping libraries were able to handle all of this in stride (or at least the 302's...not much you can do about 408's and such).
[twitter-dev] Re: Twitter Update, 8/9 noon PST
On Aug 9, 3:13 pm, Ryan Sarver rsar...@twitter.com wrote: Please test your apps from their standard configs to see what results you get and let us know. I am primarily interested in unexpected throttling and issues with OAuth. OAuth appears to be working for my app. Thanks!
[twitter-dev] Pending follow requests for protected users
If a user is protected, any attempt to follow them creates a request they must approve. Is there any API for retrieving these pending requests, and approving or denying them? I don't see anything in the docs, so I'm guessing not, but thought it couldn't hurt to ask. Thanks...
[twitter-dev] Re: Pending follow requests for protected users
Ahh - next time I'll be sure to look at the roadmap first. Thanks, Abraham. On Jul 30, 3:49 pm, Abraham Williams 4bra...@gmail.com wrote: Planned:http://code.google.com/p/twitter-api/issues/detail?id=8 On Thu, Jul 30, 2009 at 13:39, Bill Kocik bko...@gmail.com wrote: If a user is protected, any attempt to follow them creates a request they must approve. Is there any API for retrieving these pending requests, and approving or denying them? I don't see anything in the docs, so I'm guessing not, but thought it couldn't hurt to ask. Thanks... -- Abraham Williams | Community Evangelist |http://web608.org Hacker |http://abrah.am|http://twitter.com/abraham Project |http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: API limit confusion
On Jul 25, 4:47 am, srikanth reddy srikanth.yara...@gmail.com wrote: @Bill Kocik 3. Repeat step 1. Do both users now see 19,999? Or does one see 19,999 and one see 20,000? jim renkel and sjepers have already tested this.I also verified with two different accounts. onhttp://twxlate.com Guess what ? it is working as intended :) (20k for each user) Well I'll be. I've been wrong all this time. I wish someone had told me. And I still really wish someone from Twitter would step in and definitively say Yes, it's 20K per whitelisted IP for EACH user before I go apply for whitelisting, but that kind of test is difficult to argue with.
[twitter-dev] Re: API limit confusion
If this is correct (and I don't think it is), then it's very different from what has always been my understanding. I've stated a few times on this list my belief that if you're going to be supporting a significant number of simultaneous users, whitelisting works against you. No one has ever challenged that assertion. This is in the rate limit documentation Abraham linked to: Each whitelisted entity, whether an account or IP address, is allowed 2 requests per hour. It is my understanding that if your IP is whitelisted, you get one pool of 20,000 requests per each hour to divide up amongst all your users - NOT 20,000 requests for each of them. I could be wrong, but I don't think I am. If you have a whitelisted IP, here's an experiment you can run: 1. Check the current rate limit using two different Twitter accounts from your IP (using curl or whichever tool you choose). You should get the same number (probably 20,000 unless you've been making requests recently from that IP) 2. Make a request that counts against the rate limit from ONE and only ONE of the two accounts (grab their statuses/friends_timeline, for example) 3. Repeat step 1. Do both users now see 19,999? Or does one see 19,999 and one see 20,000? If one user still sees 20,000, then I'm wrong, and you've got 20,000 requests per hour per user (and I'm gonna go apply for whitelisting :). If they both see 19,999, then I'm right - your IP has a single pool of 20,000 requests from which all of your users draw. On Jul 24, 2:36 am, srikanth reddy srikanth.yara...@gmail.com wrote: @jim.renkel. Thanks a ton. I think now it is clear. It appears to me that each user of a white-listed site gets 20k requests per hour, independent of any other users of that site or *any other uses of the twitter API at other sites by that user * probably this is what they mean by *IP whitelisting takes precedence to account rate limits*. *GET requests from a whitelisted IP address made on a user's behalf will be deducted from the whitelisted IP's limit, not the users*. If the IP limit is for the consumer then it will lead to denial of service attacks. This is how we wanted it to work. Srikanth On Fri, Jul 24, 2009 at 12:52 AM, jim.renkel james.ren...@gmail.com wrote: My experience with this is, I think, a little bit different than what you describe. It appears to me that each user of a white-listed site gets 20k requests per hour, independent of any other users of that site or any other uses of the twitter API at other sites by that user. I didn't think this was what twitter intended and reported it as a bug (See:http://code.google.com/p/twitter-api/issues/detail?id=617), but the twitter folk said Yup, working as intended. After you log in athttp://twxlate.com, the site reports rate limit information on every page view, so you can see how this works there. Comments expected and welcome. Jim Renkel On Jul 23, 3:48 am, jmathai jmat...@gmail.com wrote: In other words, you have a web app running on a single server with a single IP. You make authenticated requests using each user's account. If your IP is whitelisted, the calls go towards your 20k limit, if it is not whitelisted, it goes against the current 150 limit for the respective accounts. That's what it means by IP whitelisting takes precedence to account rate limits. I don't believe that is true. If your web app is running on a whitelisted IP then you get up to 20k GET calls per hour. POST requests (status or DM) are counted against the user being authenticated. You CANNOT retrieve a user's rate limit status.
[twitter-dev] Re: API limit confusion
On Jul 24, 4:13 am, Hwee-Boon Yar hweeb...@gmail.com wrote: Isn't this what I said? I don't think it is. I think your take is correct. What's telling is this bit of text from up the chain: It appears to me that each user of a white-listed site gets 20k requests per hour. I don't believe it's true that each user on a site whitelisted by IP gets their own 20k requests to use. I think it's true that *all* users of that whitelisted site are drawing from the *same single pool* of 20k requests allocated to that IP. I think that's where Srikanth is confused. But I'm always willing concede that I might be wrong. I'm wrong a lot. I would actually like to be wrong on this one.
[twitter-dev] Re: Keep getting suspended
On Jul 21, 3:48 am, sjespers se...@webkitchen.be wrote: Because there is no AS2 Twitter API, I'm using a server side API proxy. So, the Flash Lite app connects to mtwit.net mtwit.net connects to Twitter.com mtwit returns XML data to my app. Is there some reason the app cannot connect directly to Twitter? I understand there's no API (by which I think you mean existing library), but Twitter's XML and JSON API isn't difficult to deal with directly. I don't know enough about ActionScript to know if there's some technical limitation requiring you to run a proxying app in the middle. In theory, a limit of 2 means I can only support 133 concurrent users (if they all leave the app running for an hour). I don't speak for Twitter, but that topic has come up on this list a few times before, and it's easy to demonstrate mathematically (as you've just done) that if you're doing auth'd requests on behalf of a significant number of users, then there's an excellent chance whitelisting is going to work against you rather than in your favor.
[twitter-dev] Re: API Limits
On Jul 15, 11:22 am, iUpdateStatus iupdatesta...@gmail.com wrote: As a general question related to this topic: For all the developers who are working on a solution that involves authenticated users, would it be more convenient to get removed from the whitelist (or never apply for it) and use the authenticated user's 150 requests/hour limit? For me, yes. When the user rate limit was 100, as few as 200 simultaneous users have, collectively, the same rate limit as a whitelisted IP. Now that the limit is 150, it only takes 133.3 simultaneous users. If you anticipate having about 130 or more simultaneous users, whitelisting can work against you, but it's not completely black and white. If I have 50 really active users and 100 that aren't so active, whitelisting might be in my favor, because it means I can spend more requests on each of those 50 users than their 150/hr limit would otherwise allow. It really depends on how many simultaneous authenticated users you expect to have, what kind of users they are, and what kind of API requests your application is making on their behalf. For my application, whitelisting doesn't make sense. For yours it might.
[twitter-dev] Re: Searching for tweets that refer to an URL still impossible with bit.ly (and others)
On Jul 15, 11:21 am, Bjoern bjoer...@googlemail.com wrote: Argh, except that Twitter rate limits will bite me :-( What I have implemented is a search web site that shows associated tweets to the URLs, so potentially it would generate a lot of requests (one page of search results is 10 URLs to check). Better apply for whitelisting now... Not so fast... If I'm understanding you, the proposed solution is that for each non- shortened URL you want to search Twitter for, you send it in a status update, and then retrieve the shortened version by reading back that status, and then search Twitter for the shortened version. You can actually process 10 (or more) URLs with only one hit against your rate limit. How? Status updates don't count toward your rate limit (although Twitter may separately notice a large number of updates which are nothing more than URLs and mark you a spammer or something, but that's another discussion). So for 10 URLs, you post 10 status updates, then retrieve your own last 10 updates in one call by retrieving your own timeline via / statuses/user_timeline(and that's the one hit against your rate limit).
[twitter-dev] Re: OAuth related bug with signature Woah there!
I've seen this same (I believe) bug manifested in different ways, and it's come up on this list before. Twitter are apparently storing some sort of return_to URL or similar in your session, and sending you to it at inopportune times. A great way to see it in action is to click on the Block this user link when you get a new follower email; after confirming the block, you wind up at some random page you visited in the past (well, not completely random, it'll generally be the most recent page you visited besides the block page). On Jul 15, 9:52 am, Scott Carter scarter28m-goo...@yahoo.com wrote: I believe that I have discovered a reproducible OAuth related bug. 1. Sign out of your Twitter account (from Twitter.com). 2. Authenticate an app using OAuth (haven't tried authorize flow with this issue). 3. Go to Twitter.com and login to a different account than used in step 2. I see the message: Woah there! This page requires some information that was not provided. Please return to the site that sent you to this page and try again … it was probably an honest mistake. with the page URL showing: https://twitter.com/oauth/authenticate When I revisit twitter.com, I am logged into the account from step 3. - Scott @scott_carter
[twitter-dev] Re: Releasing a dormat screenname
It turns out they respond very quickly. Unforunately its with an email that includes: Twitter is not currently releasing inactive user names. Unless your user name issue involves Terms of Service violations, you'll have to wait until all inactive user names are released. We're working on a better long term solution for this, and we should have more news soon. Ahh well. :) On Jun 24, 8:15 pm, Matt Sanford m...@twitter.com wrote: Hi Mark, Email usern...@twitter.com (literally 'username', not the name you want). It usually takes some time since, as you can imagine, it's a lower priority than spam and other issues. Thanks; – Matt Sanford / @mzsanford Twitter Dev On Jun 24, 2009, at 1:54 PM, kprobe wrote: Doug has been just talking about spammers related to acct suspensions and just gave the rules for releasing a screen name. Who do we contact @twitter to get a dormant screen name released? Mark
[twitter-dev] Caching strategies
My app will have multiple users logged in accessing their Twitter accounts simultaneously. I'm using Hayes Davis' Grackle gem (http:// github.com/hayesdavis/grackle/tree/master) because I like that it's very thin wrapper atop the API - really more a set of convenience methods. I typically call methods on it directly in my controllers, rather than pass calls to retrieve (for example) a user's friends list through a User model of some sort. Lately I've been trying to figure out the best way to handle caching. I've realized that I need to cache some endpoints for individual users (because Twitter responds differently based on the authenticated user), while caching others endpoints once for all users (such as the public timeline), and caching different endpoints for varying amounts of time. I'm having a heck of a time figuring out at which level to locate my caching code. I'm sort of leaning toward creating wrapper objects that directly call Grackle, and calling those wrappers from the controllers, so that the wrappers can employ the caching strategy. I'm curious to hear how others implemented their caching. -Bill
[twitter-dev] Invalid JSON
Consider this status: http://twitter.com/primerano/status/1784283306 The JSON for this, as found at http://twitter.com/statuses/show/1784283306.json, is below (prettified by JSONLint - which, by the way, calls it valid). Both Crack and ActiveSupport::JSON refuse to parse it, returning the error Invalid JSON string. Can anyone see why? My first thought was the emoticon in the status text, :-\, but even with that removed the parsers fail. Console: json_string = EOS { text: loving that I turned my 22 inch monitor sideways. great for reading pdfs but the sta nd doesn't support this configuration., in_reply_to_status_id: null, user: { description: web geek, accomplishment junkie, parent and System Architect at AOL, time_zone: Eastern Time (US Canada), utc_offset: -18000, profile_sidebar_fill_color: e0ff92, following: 0, favourites_count: 0, profile_sidebar_border_color: 87bc44, profile_background_tile: true, followers_count: 146, url: http:\/\/tonycode.com\/, name: Tony Primerano, protected: false, friends_count: 112, profile_background_color: 9ae4e8, created_at: Fri Jun 22 20:36:59 + 2007, notifications: false, statuses_count: 1973, profile_background_image_url: http:\/\/s3.amazonaws.com\/ twitter_production\/profile_bac kground_images\/1259422\/pattern2.JPG, profile_text_color: 00, profile_image_url: http:\/\/s3.amazonaws.com\/ twitter_production\/profile_images\/745684 29\/fire-1_normal.jpg, location: DC Area, id: 7023582, profile_link_color: ff, screen_name: primerano }, in_reply_to_user_id: null, favorited: false, in_reply_to_screen_name: null, created_at: Wed May 13 13:33:03 + 2009, id: 1784283306, truncated: false, source: a href=\http:\/\/www.tweetdeck.com\/\TweetDeck\/ a } EOS Crack::JSON.parse(json_string) Crack::ParseError: Invalid JSON string from /usr/lib/ruby/gems/1.8/gems/crack-0.1.1/lib/crack/json.rb: 14:in `parse' from (irb):40 ActiveSupport::JSON.decode(json_string) ActiveSupport::JSON::ParseError: Invalid JSON string from /usr/lib/ruby/gems/1.8/gems/activesupport-2.3.2/lib/ active_support/json/decoding.rb:14:in `decode' from (irb):41
[twitter-dev] Re: Invalid JSON
Yeah, JSONLint calls it valid, and every JS person I've talked to says it should be valid - so it seems there's a bug in ActiveSupport. In any case, this isn't Twitter's problem. Thanks... On May 13, 1:42 pm, Cameron Kaiser spec...@floodgap.com wrote: I'm waiting on a JS expert I know to get back to his desk to tell me whether {a:b\\} is valid JSON or not (as before, JSONLint says it is). I read it as valid (i.e., DOUBLEQUOTE b BACKSLASH DOUBLEQUOTE). -- personal:http://www.cameronkaiser.com/-- Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com -- Those are my principles. If you don't like them, I have others. -- G. Marx -
[twitter-dev] Totally baffling issue with Opera and OAuth
I'm stumped. My app is up and running locally, and I have an /etc/ hosts entry pointing local.mydomain.com to 127.0.0.1. My configuration at Twitter has my callback at http://local.mydomain.com/auth/complete. My starting point is http://local.mydomain.com/auth/start. When I run through the process with Firefox, Internet Explorer, or Safari (all on Windows), everything works beautifully. When I try with Opera, I get to the Twitter allow/deny page, and when I click the Allow button I can see that the browser briefly does something, but then it doesn't go anywhere. I'm left staring at the allow/deny page. The deny button, though, works fine. This behavior is the same whether I'm already signed into Twitter or not. Looking at my app log, I can plainly see the browser never came back to my /auth/complete method, it stayed with Twitter. But when I run through authentication using Opera with any of the live demo apps listed at http://apiwiki.twitter.com/OAuth-Examples, they work fine. Why the heck would the allow button not work only with my app and only with Opera? I've tried clearing out all caches and cookies and nothing has made a difference. I'm grasping at straws here. Anybody got one?
[twitter-dev] Re: Question on Whitelisting
On Apr 25, 9:08 pm, Cameron Kaiser spec...@floodgap.com wrote: This has changed and I stand corrected; it is documented also on http://apiwiki.twitter.com/Rate-limiting Thanks for the documentation pointer, I hadn't realized that was there. It's surprising, it turns out that if you're going to be making lots of auth'd requests on behalf of users, there's a tipping point at which whitelisting begins to work against you, and it's at only 200 simultaneous users. If you're gonna be above that, you're better off not being whitelisted.
[twitter-dev] Re: Totally baffling issue with Opera and OAuth
On Apr 26, 8:34 am, Chad Etzel jazzyc...@gmail.com wrote: Does Opera use its own DNS servers and/or skip local hostfile lookups? I know Chrome does some DNS trickery like this, but I'm not sure about Opera. Opera has no trouble finding the starting point (local.mydomain.com/ auth/start) and redirecting to Twitter. It just won't come back. Taking a cue from jmathai, I set my app's callback to http://www.aol.com and went through the auth process. This time the Allow button sent me to AOL. My guess: Opera doesn't like being redirected to 127.0.0.1. I'll ask in the Opera forums and report back here for interested parties. I theorized about that at one point, but since when I clicked Allow I never saw my app amongst the apps I'd authorized in my account settings I assumed that wasn't it. I would think the POST to Twitter that button performs would have set that app as authorized even if the subsequent redirect didn't work.
[twitter-dev] Re: Totally baffling issue with Opera and OAuth
The official word from Opera is that it's an Opera thing: A host having an IP address that is either in the intranet range, or in the public network range (that is, not localhost) cannot access or automatically initiate resources on localhost, this includes redirects. The action have to be manual. (additionally, if the localhost server refuse access, requests to a hostname that is not localhost will just result in a blank resource, as that method is used for adbusting) Similarly, a host on a public network cannot automatically access resources on servers in the intranet range. Both these are implemented for security reasons, as this type access and redirects can be used to attack servers that are not otherwise available to the public network, and which as a result may have reduced defences against attacks (after all, they are behind the firewall). http://my.opera.com/community/forums/findpost.pl?id=2968737 Sorry for polluting the Twitter API thread with what turns out to be a browser feature, but at least now we all know. This really threw me last night.
[twitter-dev] Re: Question on Whitelisting
On Apr 25, 10:44 am, Cameron Kaiser spec...@floodgap.com wrote: Like I asked above, will twitter look at the ip address of the request when it comes in or the authenticated user? Unauthenticated: IP Authenticated: user You sure about that? I got quite a different answer on that subject yesterday from Doug Williams: Your application's IP-based whitelisting will apply to all calls originating from the IP address. This includes unauthenticated and authenticated methods, regardless of user. Additionally, your application's authenticated calls made on behalf of a user will not count toward their 100 credits elsewhere. http://groups.google.com/group/twitter-development-talk/msg/f6f332065a3cd2ba?hl=en
[twitter-dev] Re: OAuth whitelisting?
Thanks, Doug. This was what I was originally thinking, but somehow I convinced myself I was wrong. Hypothetical: It kinda sounds like if I have a large number of simultaneous users, I'm better off not being whitelisted. Say I have 1000 simultaneous users (humor me). If I'm not whitelisted, I can make up to 100 authenticated queries per hour per user, since I'm using their individual rate limits, but if I'm whitelisted I can only make 20 calls per hour for each of those users since my limit is 20k/hour. Or am I missing something? On Apr 24, 2:21 am, Doug Williams d...@twitter.com wrote: Your application's IP-based whitelisting will apply to all calls originating from the IP address. This includes unauthenticated and authenticated methods, regardless of user. Additionally, your application's authenticated calls made on behalf of a user will not count toward their 100 credits elsewhere. @dougw
[twitter-dev] OAuth whitelisting?
I was just looking at the form use to apply for whitelisting, which says you must fill it out while logged in as the account you want the rate limit raised for. In my case, my app will be used by arbitrary Twitter account holders, who will not be using my credentials, so whitelisting my Twitter login will do nothing for my app. I saw Alex mention in another thread that whitelisting by OAuth will become the preferred method for whitelisting apps running in clouds (mine will be in EC2). I am assuming that OAuth whitelisting means I'll be able to whitelist my app, and the raised limit would apply for requests having OAuth access tokens obtained by my application, regardless of the Twitter user they belong to? Thanks, -Bill