[twitter-dev] Re: A new permission level
Hi Matt, I understand the change need to happen. In regards to xAuth though and finding an upgrade path, the assumption is that those that got access to that were developing desktop/mobile clients (not centralized services) so there is no centralized storage of tokens or user data (only in standalone applications in those applications). In a good number of the high profile applications of xAuth, it's an actual client (like TweetBot, Seesmic, Tweetdeck, etc). Those clients almost always interface with direct messages because they replicate most of the twitter features up and down. In that case, can you please reconsider the case of xAuth. Grandfather existing xAuth users to read, write, and direct message level. Then going forward with xAuth, evaluate the need of the app if it needs read/write/direct message on a case by case basis? You are going to break a good number of applications with that change. Although a month is just barely enough time to turn around an update for iOS if developers rush, it doesn't leave a lot of grace time for users that do not upgrade their applications very often. My own stats for my apps show without sending out notifications to nag the users to tell of an update (or force them to an update by sending them to the store when they launch the app), nearly half my users do not upgrade for at least 2 to 3 weeks after an update comes out. I hate to bring up comparisons to facebook, but they give us a good developer roadmap (http://developers.facebook.com/roadmap/ ) with a decent time line for deprecation, ramp downs, and migration paths. Zac -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: A new permission level
Matt, This maybe a harder architectural shift, but a better solution would be to move permissions from being per application, but instead a per authentication token method, wherein that each token stores the permissions that the app requested and was granted at the time they authorized. So in this case, let us pass in a well know list of fine grain permissions we want/need when we make an oAuth request and then offer an end point to authorize for additional permissions when needed to upgrade a token's access in the future as new features come out. In the case of xAuth, doing this wouldn't be as disruptive as all existing tokens would have all the permissions they intended when they were requested. In that xAuth could have a default permission level as set by Twitter when someone requests access to xAuth. Zac -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
[twitter-dev] Re: A new permission level
Thanks Matt! I still urge you to reconsider the mass breakage of older and existing apps and the crippling mobile/desktop user experiences apps going forward. My own judgement is that yes, maybe user didn't realize that didn't want to give that level of access and matbe the web flow can help twitter communicate to the user better, but it's going up against all the issues of users that already authorized and throws away all the constant re-hashing of the issues that drove the development of xAuth in the first place. I fear it's going to be litteral countdown until doomsday and hell is going to break out of users and developers that didn't get the memo. Zac -- Twitter developer documentation and resources: https://dev.twitter.com/doc API updates via Twitter: https://twitter.com/twitterapi Issues/Enhancements Tracker: https://code.google.com/p/twitter-api/issues/list Change your membership to this group: https://groups.google.com/forum/#!forum/twitter-development-talk
Re: [twitter-dev] New Twitter API?
I'm not sure about the question, but it has me thinking. I know it's kind of a failed tech these days but wouldn't it be funny if twitter could host an OpenSocial like container thing in the right pain based on the a tweet link? It could open that right area to all sorts of dynamic content. Either way, there is so much rick-rolling to be had now on twitter with the video embedding. Zac Bowling @zbowling PS: Can someone at twitter bump my main @zbowling account up in the rollout queue? On Sep 14, 2010, at 8:57 PM, PeekURL.com wrote: I run a URL shortener that plays Youtube videos. When someone clicks a link like http://peekURL.com/va1gk1h how do I play that video in the right pane on the New Twitter? Can I show ads there? The videos will all be coming from Youtube or Myspace, but if Twitter isn't going to allow third-party access to the right pane - after some form of vetting of course - then they'd seem to be unjustly helping Youtube. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Twitter dev
Well it's been a trip, but like my colleague @abraham, after two years and half years on this list, it has gotten a little too heavy for my inbox. I've been around but I don't comment often anymore since I don't deal with twitter API issues or updates on a day to day basis anymore. Since I left that twitter client company I used to work for 18 months ago, I haven't dealt with any twitter related issues on a day to day basis in pretty long while (except with the streaming API which is all I use anymore). I've learned (and continue to learn) a ton from my friends on the twitter team on their experiences on everything from oauth, to scaling streaming APIs, to ideas for scaling the latest nosql engine but I'm consuming knowledge through different channels (mostly twitter and the dev's own blogs). It's been fun and be sure to connect me on twitter at @zbowling. If anyone needs any help with any of the various open source twitter related things I've developed in the past, you can find my email below. I will always try to be involved with everything twitter I can (can't wait for the next hackathon like thing like we did for the annotations preview). I think I'm going to jump now before the oauth apocalypse and the fall out silly questions :-) Thanks everyone! Zac Bowling z...@zacbowling.com http://twitter.com/zbowling Sent from my iPad -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
Re: [twitter-dev] Re: Recent API changes and new fields
Is there a time line for the streaming API getting these changes? Zac Bowling On Mon, Aug 23, 2010 at 11:40 PM, Matt Harris thematthar...@twitter.com wrote: Hey everyone, Thanks for the questions. I'll try and answer them all in this message. 1) are the counts turned on? This weekend the counts were turned off and have remained off. This is because of some bugs we found in the way the value was calculated. I'll let you know when we have this resolved. 2) Will these fields show up in the Search and Streaming API? The fields are already in the Streaming API but be aware the 'retweeted' field is not meaningful here. This is because the streamed status knows nothing of the connected user. The search API does not include this information. 3) How do I know if the feature is turned off? Tweets will contain a retweeted_count if available. If the service is not enabled newer Tweets will likely be missing their retweeted_count. The safest thing to do is code to handle missing values. If they are present use them, if they are not, treat them the same as when the field didn't exist. This way your code works when the retweeted_count is both enabled and disabled. 4) When was the feature turned on? The service was rolled out the week beginning Aug 16th Hope that answers your questions, Matt On Sat, Aug 21, 2010 at 4:33 PM, Joe j...@ajcomputers.com wrote: will we see this in both search and stream API? On Aug 20, 6:45 pm, Matt Harris thematthar...@twitter.com wrote: Hey everyone, This week we rolled out a couple of new data fields for the status and user objects. For a while it has been difficult for you to get the number of lists a user is listed in, or the number of times a Tweet has been retweeted. You were also finding it hard to know if the user had retweeted the status themselves or not. The feature requests you filed and the messages on the developer mailing list showed this is a pain point for many of you as it uses up many of your hourly API requests. These fields are live now and many of you have already seen them in our API responses. We intended to tell you about these changes before they were live, and in the future for things like this we will, but this time around our system for doing that didn't work. The good news is we know what went wrong and have made the necessary improvements needed to ensure you are notified before the changes happen. The recent changes which have been made affect the user and status objects. In both cases we have added fields: To the user object: --- listed_count represents the number of public lists a user is listed in. This field is an integer. As this is a new field it is possible some users will not have a listed_count value yet. follow_request_sent representing whether the user you are authenticating as has requested to follow the user you are viewing. This will be false unless the friendship request is pending. The field is a boolean and will be true or false. To the status object: - retweet_count represents the number of times a status has been retweeted using the Twitter retweet action. This field is an integer. There will not be a value for this field when the feature is turned off, or the Tweet was created before we added retweet_count support. retweeted represents whether the user you are authenticating as has retweeted this status or not. The field is a boolean and can be true or false. Changes to existing methods -- users/show When requesting data for suspended users the user/show used to return an HTTP 404 status code - it now returns HTTP 403. This change is in response to number of users who were asking if there was a way to know if a user they were getting data for had been deleted or was instead suspended. The change means the API agrees with the twitter.com in that we confirm a user exists, but that you may not see their information because they are suspended. If you call /users/show on a suspended user the API response will include the error message User has been suspended. Please remember we sometimes turn features off to maintain site stability. We recommend you always check a field exists before attempting to use it and be prepared for the value to be empty. This will help ensure your code stays stable if we have to turn features off. We'll also be adding this information to the main API documentation soon. Best, Matt Harris Developer Advocate, Twitterhttp://twitter.com/themattharris -- Matt Harris Developer Advocate, Twitter http://twitter.com/themattharris
Re: [twitter-dev] Twitter 140 character limit break
Yay! Robots! Genuine bug and not a scaling issue. Zac On Aug 14, 2010, at 12:43 PM, Tom van der Woerdt wrote: On 8/14/10 9:29 PM, Tom van der Woerdt wrote: On 8/14/10 9:27 PM, Chris White wrote: It appears that the new twitter share link can be used to break the 140 character limit. Basically in Firefox you can do this: 1) In the URL bar enter http://twitter.com/share?url=Some over 140 character text 2) Hit enter 3) On the page resulting page click Tweet 4) View in web and notice the limit broken I'm not sure if clients can handle this, but it could turn into a pretty nasty annoyance for users of web if it continues. Might be a good idea to have it looked at. I'm assuming a simple check to verify it's a valid URL would suffice. Just tested it - yes, you are right. How clients handle it? Well, very simple, they simply display a t.co URL. Should be some more checks on the URL though, I agree. Tom One more note, You can't visit a page that has a long link on it. @barthoekstra and I (@tvdw) just tested this - I posted 5 paragraphs of the well-known lorem ipsum (don't worry, deleted after a few seconds) but his timeline started saying Something is technically wrong. I removed my tweet and it was fine again. He then posted an url as well but now he can't remove it anymore. I am assuming that all his ~1500 followers can't use the timeline anymore at the moment. Proof: http://twitter.com/barthoekstra Tom
Re: [twitter-dev] Re: Any way to turn off 'user-scalable' meta tag in OAuth authorization form?
The only issue with that is that you can't return the user to the app after the oath flow (unless you implement a protocol handler on your platform and Twitter supported calling back to it). I'm back and forth on this myself. The security advocate in me agrees with you Taylor, but the UX guy in me causes me to strive to find a way to guide the user through the process so that my users don't have follow too many instructions or do to many steps get up and going. Zac Sent from my iPad On Aug 12, 2010, at 2:35 PM, Taylor Singletary taylorsinglet...@twitter.com wrote: There's no known way to do this today, Tony. While it's obviously not a policy at Twitter, I thought I'd just take the time to share my personal opinion on embedded web views and the OAuth flow: - Not into it. Why? somewhat-related-opinion By redirecting to a standard web browser on the device where your application resides, your users can better understand the security scenario being presented to them while they are approving access for your application. Using an embedded webview subverts this trust, as you're basically providing them with a web browser of your application's design. Obviously, the majority of developers who implement things this way are not doing so with ill intent, but the opportunity for funny business increases when using a custom web view. There are other API providers out there who forbid the use of embedded browsers during OAuth flows for this reason. /somewhat-related-opinion Taylor On Thu, Aug 12, 2010 at 2:31 PM, Tony.In.Portland tony.in.portl...@gmail.com wrote: Bad choice of words on my part. I want to be able to set the value to yes, I want the page that comes back to be scalable. On Aug 12, 2:09 pm, Tony.In.Portland tony.in.portl...@gmail.com wrote: Is there any way to turn off the user-scalable meta tag in the page that comes back during the oAuth authorization process? I want to render the page in my own webview, but I want to allow the person to zoom/pinch so they can expand the page so the input fields and buttons are not so small. This is for a mobile device. Thanks, Tony
[twitter-dev] Profile updates in user stream
Would it be possible to add profile changes to the user stream? Zac Bowling @zbowling Sent from my iPhone
Re: [twitter-dev] Re: +++++++++++++++++++++++++++
I knew twitter had a business plan up their selves somewhere... Just didn't think it would of involved porn spam. :-) Good one... Caught me off guard there :-) Zac Bowling @zbowling On Jun 17, 2010, at 5:46 PM, Taylor Singletary wrote: That was actually a test of a new Promoted Tweets spin-off we're testing just for the twitter-development-talk subscribers -- what do you guys think?! ;)
Re: [twitter-dev] Keep it real
Hey Abraham, You have been a big part of the life blood on this list. Sad I won't see you around that much. Twitter's dev growth has exploded since I got involved over 24 months ago and ever since then I noticed you have been all over this list and one of the biggest rockstars for the twitter dev community. Almost infamous. I literally seen people seeking you out just to meet you at that dev meet up we had here in SF earlier this year after you tweeted you were there which is pretty epic. You have posted 1154 messages to this list which is just shy from being the top poster (just ~50 behind Al3x from when he was around). That number just blows my mind. You not being here as much will make a huge dent that will be really hard to fill. Hope for the best in your quest for a work and hope we can work on something awesome together someday. Zac Bowling @zbowling On Jun 14, 2010, at 9:13 PM, Abraham Williams wrote: I just wanted to let everyone know that I won't be on the list much going forward. Reading the list has become a time consuming burden (1000+ emails/month) and much of it has become reiteration for me. Getting more time on my own projects and paying for the roof over my head are top priorities right now. But if you have questions pertaining to me feel free to cc me on them and I will be more then happy to jump in. If you are interested in hiring me for Twitter integration projects (especially OAuth with just over 2 weeks left) or just want to say hi you can reach me as 4bra...@gmail.com or @abraham. Oh. I have several Twitter API related blog posts in draft so be sure to look for them on http://blog.abrah.am/. I'll be around :) Abraham - Abraham Williams | Hacker Advocate | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: Coming soon: a solution for Open Source applications using OAuth with the Twitter API
In facebook's desktop authflow, rather then giving you an access_token endpoint to call with a secret to exchange a callback and get an valid access_token, you instead call authorize and it will redirect the user to a login_success.html page on facebook.com with the access token in a fragment on that page. (see http://developers.facebook.com/docs/authentication/desktop ) Their idea is that if you can embed a browser and get the user to authenticate through it, you can inspect the url of the embedded browser and detect when it hits login_success.html and take the access token fragment and store it. However, what is interesting about that is that I can embed client_ids I stole from other desktop apps (and possibly other web apps if they don't protect against it) and generate valid access_tokens against other ids in my own desktop app. The user may notice the app they authorize isn't the one they are using because because facebook identifies the app with its name and icon on the authorize page. However if I'm being evil, i could social engineer the user some how like I could name my app the same as the one I'm stealing or something similar and use the same icon, and then I can get access tokens like I'm that app. Basically when it comes to desktop apps, Facebook can't for sure tell the difference between my desktop app and illegitimate one. If Facebook blocks entire apps or rate limits by them, then I can still DOS the app by using their client_id. It doesn't offer anymore application identity protection then just embedding a secret and using the OAuth 1.0a flow and embedding secrets. Facebook probably realizes this. Since you can mark your app as a desktop app and not a web app in your app settings, they probably realize this issue and know that you can't always trust the desktop clients so why even bother with secrets (probably good that they ask your app type upfront for this reason and it doesn't give a false sense of security by even having a secret). From an operations perspective for FB, it gives them less options to safely blacklisting desktop apps without taking out legitimate ones though. Zac Bowling @zbowling On Jun 14, 2010, at 10:00 AM, Jef Poskanzer wrote: Yeah, what Ryan said. Also, On Jun 13, 1:40 pm, segphault ryankp...@gmail.com wrote: Facebook and Google Buzz both offer desktop-appropriate OAuth authentication flows which do not require a consumer secret key and do not require the user to go through a complicated copy/paste process. I'm curious what they are doing. Do they give up on identifying the application and just identify the user?
Re: [twitter-dev] Coming soon: a solution for Open Source applications using OAuth with the Twitter API
Interesting idea. I didn't think it was to hard if you had user that was fiddling with your source to just have him generate his own keys and while I just compile my keys into my official binary builds but I guess for scripting based clients, this makes sense. I guess you get the attribution and client tracking on the Twitter side as well. Sometimes though this is not ideal, like a wordpress twitter plugin I use. I forced it to use my own keys because I want it to say myblogsite.com in the attribution link and not UberWordPressTwitterPlugin or whatever. If you can make it where the user can optionally edit the source attribution tag and link when they set it up the clone, then I would probably direct my users to use this approach over manually creating their own original consumer and secret. Zac Bowling @zbowling On Jun 11, 2010, at 3:56 PM, Taylor Singletary wrote: Hi Developers, As has been discussed on the list recently, OAuth and Open Source applications are a difficult combination because token secrets shouldn't be embedded in widely distributed code. We're pleased to announce that we've devised a solution to this problem. Next week, we plan to release a new extension to the Twitter API that will allow Open Source applications to obtain OAuth consumer keys and secrets for their users, without having to distribute an application secret. Approved Open Source client applications will have an easy to implement ability, through dev.twitter.com, to generate new client tokens secrets to be used specifically for each new instance of the application. While completing the process does require the end-user to complete a few extra operations, we think this is a good compromise. The source tag on tweets published by the child applications generated with this approach will be a variation on the originating application's name. For examples, if the name of the parent application was AdventureTweet and the user's screen name was @zork, then the child application's name would be AdventureTweet (zork). The work flow for these applications will be something like this: 1. You store your API Consumer Key in your application distribution (but never your secret!). 2. A user downloads/installs/checks out your open source application and runs it for the first time 3. Your application builds a URL to our key exchange endpoint, using your consumer key. Example: http://dev.twitter.com/apps/key_exchange?oauth_consumer_key=abcdefghijklmnopqrstuvwxyz 4. You send the user to that URL in whatever way makes sense in your environment. 5. That user will have to login using their Twitter credentials (if they aren't already), and then approve your application's request to replicate itself on the user's behalf. 6. The approval will require that the user agrees to our terms of service, as this process results in them having control of their own application 7. The user is presented with a string that they are asked to paste into your application. The string will contain ah API key and secret, in addition to an access token and token secret for the member: everything that's needed to get the user up and running in your application. 8. The user pastes the string into your application, which then consumes and stores it to begin performing API calls using OAuth. The string containing the keys will be x-www-form-urlencoded. To keep the string brief, it will contain abbreviated key names. An example: ck=KIyzzZUM7KvKYOpnst2aOwcs=4PQk1eH4MadmzzEZ1G1KdrWHIFC1IPxv1kXZg0G3Eat=542212-utEhFTv5GZZcc2R4w6thnApKtf1N1eKRedcFJthdeAats=FFdeOEwxOBWPPREd55dKx7AAaI8NfpK7xnibv4Yls Where: ck - consumer key, cs - consumer secret, at - access token, ats - access token secret This kind of key requisition service is new to the Twitter ecosystem, and we're going to be closely monitoring it for abuse. Once we announce its availability, we'll begin taking requests for Open Source applications that would like to offer the feature in their application. We're excited to offer this solution to the open source community. Thanks everyone! Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod
Re: [twitter-dev] Re: Coming soon: a solution for Open Source applications using OAuth with the Twitter API
Yes, that is a problem with any app that you distribute that has any embedded keys. Unfortunately, you ultimately can't really entirely secure anything you ship that a user can run on their own machine. You can however take a few steps to make that extremely difficult by encrypting and obfuscating your consumer keys/secrets in your app package before you distribute. Nothing is impossible to reverse engineer if you can get your hands on it (look at iTunes), but you can make it take so long and be so hard that it becomes to hard and almost everyone gives up (look at iTunes 9). One thing I wish was easier though for desktop apps and OAuth is if most API providers would make it possible to have multiple consumers and secrets out for the same app at the same time. You can then rotate new ones in constantly in your builds and if one key is discovered or extracted and abused and revoked, all the versions of your app wouldn't be affected. It's something we do with SSL client certificates against our API when we ship a new build (even each of our nightly builds has its own certificate). If someone extracts it and tries to use it, then we can blacklist that one certificate and it doesn't take down all the versions of our apps. Zac Bowling @zbowling On Jun 12, 2010, at 1:59 AM, Jef Poskanzer wrote: I don't understand why you are suggesting this only for open source programs. Were you thinking that an attacker would be incapable of decompiling an executable and extracting the secret?
Re: [twitter-dev] Re: Coming soon: a solution for Open Source applications using OAuth with the Twitter API
On Jun 12, 2010, at 11:57 AM, Jef Poskanzer wrote: Application authors are being asked to devote substantial resources to the OAuth conversion, but OAuth provides no security for application authors! It does from a web app perspective which is the primary design goal of OAuth since there would be no distribution of your secret in that scenario. With OAuth, the issue is that if you are distributing secrets out that are embedded in your app, even with all the measures you can take to encrypt and obfuscate them, they can still be extracted at some point if someone has time. The issue is compounded since the app uses the same key universally in all the versions they ship that work so you are screwed if someone does yank your key. All versions you shipped are at risk then. Your only recourse is to rev your secret and force all your users to upgrade their apps to get new keys. In practice, this isn't that bad since twitter isn't hosting credit card data or anything of major risk and you basically devolve into the same issue we had with app identify we had with basic auth and passing clear text source ids (except that maybe now all your apps are crippled). I've been pondering how you could solve this from my experience with solving these issues with SSL/TLS. One idea is having a sort of delegation chain where I could generate a new delegated secret for each copy of my app I distribute rather then using my same static secret directly in all my apps and then the client could pass the authentication chain up when it goes to Twitter to get an access token. This is similar to the idea of having the ability to issue multiple secrets against a single app like I was suggesting earlier which could work with the OAuth spec today. However a delegation system would be even better so I could issue delegated secrets at will without going back to Twitter, although that idea would probably require extending the OAuth spec to handle passing signed delegation chains of some kind. I'm hoping OAuth 2\WRAP allows this somehow since it builds on SSL/TLS instead of reinventing the wheel. There is a lot OAuth could learn from SSL/TLS which I'm hoping that OAuth 2/WRAP takes full advantage of in solving. :-) Right now though, one solution if you are ultra paranoid if you are going to distribute software, is to proxy the calls from your own software through your own web service (which would render the ease of use you get from xAuth moot but you are sacrificing usability for security). Zac Bowling @zbowling
Re: [twitter-dev] Re: Coming soon: a solution for Open Source applications using OAuth with the Twitter API
On Jun 12, 2010, at 3:05 PM, Bernd Stramm wrote: I've been pondering how you could solve this from my experience with solving these issues with SSL/TLS. One idea is having a sort of delegation chain where I could generate a new delegated secret for each copy of my app I distribute rather then using my same static secret directly in all my apps and then the client could pass the authentication chain up when it goes to Twitter to get an access token. The question is also - why do you care which copy of your app it is? People using your app will post silly things, engage in slander of other people, commit crimes, plot revolutions. Yes, the reason I'm worried is when a token/secret is blocked/revoked, it doesn't take down all clients using that same key in my app. Currently I get one consumer token/secret so if twitter needs to block one bad user running around using the key they reverse engineered from my compiled/obfuscated app, it may take down all my users if they block the entire token/secret (hopefully twitter investigates and warns me and blocks the offending IPs rather then the entire token/secret to give me some time to rev a new key and figure out a deployment but that is asking a lot from them). Having the ability to issue multiple consumer token/secrets per app, or having delegated chaining (like in SSL), I have some ability to mitigate the issue a bunch and give twitter the ability to block a much smaller subset of my users if a key was extracted and used abusively. OAuth 1.0a isn't well designed for desktop/mobile apps and it's more than just usability issues that the Twitter gang are trying tackle with things like xAuth. It wasn't designed with the thought that keys could be compromised by third parties embedded inside apps. I can only hope it's fixed OAuth 2.0. Just ideas. :-) Zac Bowling @zbowling
Re: [twitter-dev] Re: OAuth Echo problem in python
It may not help fix your problem but I would recommend upgrading to the
python-oauth2 library. (Don't be confused by the name; it's not an oauth 2.0
library, but just the next generation of the original oauth 1.0a library that
Leah Culver wrote). There are bunch of little issues with the original one that
don't follow the spec exactly that are fixed and it's not a difficult upgrade
(as long as your are not hosting an OAuth server of your own because those
interfaces changed considerably).
http://github.com/zbowling/python-oauth2 (the fork I maintain with bunch of
twitter related fixes and workarounds)
or:
http://github.com/simplegeo/python-oauth2 (the official upstream)
Zac Bowling
@zbowling
On Jun 3, 2010, at 3:15 PM, Steve C wrote:
I just looked at your code briefly, but I believe the problem is this
line:
oauth_request = TwitpicOAuthRequest(http_method=POST,
http_url=settings.TWITPIC_API_URL,
The OAuth Request needs to be signed using the Twitter Endpoint
(https://api.twitter.com/1/account/verify_credentials.json), not the
Twitpic API URL.
Try something like this:
oauth_request = TwitpicOAuthRequest(http_method=GET,
http_url=https://api.twitter.com/1/account/verify_credentials.json;,
On Jun 3, 2:38 pm, yml yann.ma...@gmail.com wrote:
I would greatly appreciate any help.
Here it is the latest evolution of this piece of code :
class TwitpicOAuthRequest(OAuthRequest):
def to_header(self, realm='http://api.twitter.com/'):
headers = super(TwitpicOAuthRequest,
self).to_header(realm=realm)
return {'X-Verify-Credentials-Authorization':
headers['Authorization']}
def post_photo(request):
if request.method == 'POST':
form = PhotoForm(request.POST, request.FILES)
if not request.session.get('twitter_access_token'):
return HttpResponse(Not authenticated)
if form.is_valid():
access_token = request.session['twitter_access_token']
params = {
'oauth_consumer_key': settings.TWITTER_CONSUMER_KEY,
'oauth_signature_method':HMAC-SHA1,
'oauth_token':access_token.key,
'oauth_timestamp':oauth.generate_timestamp(),
'oauth_nonce':oauth.generate_nonce(),
'oauth_version':'1.0'
}
consumer =
oauth.OAuthConsumer(key=settings.TWITTER_CONSUMER_KEY,
secret=settings.TWITTER_CONSUMER_SECRET)
token = oauth.OAuthToken(key=access_token.key,
secret=access_token.secret)
oauth_request = TwitpicOAuthRequest(http_method=GET,
#http_url=settings.TWITPIC_API_URL,
http_url=settings.TWITTER_VERIFY_CREDENTIALS,
parameters=params)
signature=oauth_request.sign_request(OAuthSignatureMethod_HMAC_SHA1(),
consumer,
access_token)
headers = oauth_request.to_header()
headers['X-Auth-Service-Provider'] =
settings.TWITTER_VERIFY_CREDENTIALS
#with multipart_encode
values = [
MultipartParam('key',value=settings.TWITPIC_API_KEY),
MultipartParam('message',value=form.cleaned_data['message']),
MultipartParam('media',
filename='copine_moi.jpg',
filetype='image/jpeg',
fileobj=open(/home/yml/Desktop/
copine_moi.jpg,rb))
]
register_openers()
datagen, heads = multipart_encode(values)
headers.update(heads)
req = urllib2.Request(settings.TWITPIC_API_URL, datagen,
headers)
# Post to netcat -l -p 9000
#req = urllib2.Request(http://127.0.0.1:9000;, datagen,
headers)
#with urlencode
#values = {}
#values['key'] = MultipartParam(settings.TWITPIC_API_KEY)
#values['message'] =
MultipartParam(form.cleaned_data['message'])
#values['media'] = open(/home/yml/Desktop/
copine_moi.jpg, rb).read()
#data = urllib.urlencode(values)
#req = urllib2.Request(settings.TWITPIC_API_URL, data,
headers)
response = urllib2.urlopen(req)
return HttpResponse(the photo is posted)
else:
form = PhotoForm(initial={created_at:datetime.now()})
return render_to_response(twitter_integration/photo_form.html,
{form:form,},
context_instance=RequestContext(request))
On Jun 3, 11:20 am, yml yann.ma...@gmail.com wrote:
Hello,
I am in the process of writing a python web app that should enable the
user to post picture to twitpic using the Oauth Echo authorization
mechanism.
The application is already able to post tweet using the Oauth
authentication so the access_token is available to us in the session.
So my question
Re: [twitter-dev] Re: OAuth Echo problem in python
Hi Yann,
I don't see anything obvious that stands out as wrong to me in your
implementation from just looking at it, but I'm not sure. I do have OAuth Echo
code working for Twitpic but using the OAuth2 library. If you don't figure out
an answer, you can hit me up off the list and I'll see if I separate our
version so it works independently and I'll post it on gist for you.
If you want to upgrade though to python-oauth2, the biggest change is swapping
out your imports to use oauth2 instead of oauth and removing the OAuth prefix
on all the class names.
For example:
import oauth
oauth.OAuthRequest(...)
oauth.OAuthToken(...)
becomes:
import oauth2
oauth2.Request(...)
oauth2.Token(...)
etc...
Most of the API that you care about is identical from there. The library has
evolved a bit but it should be obvious and most of the public methods remained
the same. In my fork, I've fixed a few issues and added some changes to support
XAuth and a few other minor issues (like forcing Authentication headers on
POSTs for Twitter).
Zac Bowling
@zbowling
On Jun 3, 2010, at 6:37 PM, Yann Malet wrote:
Zac,
I would love to do this but I can't find any documentation on how to do Oauth
Echo with python-oauth2. I would gladly switch to python-ouath2 if I could
find some code showing How to use it to post a picture on twitpic :
http://dev.twitpic.com/docs/2/upload/
Any help would be greatly appreciated.
Regards,
--yml
On Thu, Jun 3, 2010 at 7:41 PM, Zac Bowling zbowl...@gmail.com wrote:
It may not help fix your problem but I would recommend upgrading to the
python-oauth2 library. (Don't be confused by the name; it's not an oauth 2.0
library, but just the next generation of the original oauth 1.0a library that
Leah Culver wrote). There are bunch of little issues with the original one
that don't follow the spec exactly that are fixed and it's not a difficult
upgrade (as long as your are not hosting an OAuth server of your own because
those interfaces changed considerably).
http://github.com/zbowling/python-oauth2 (the fork I maintain with bunch of
twitter related fixes and workarounds)
or:
http://github.com/simplegeo/python-oauth2 (the official upstream)
Zac Bowling
@zbowling
On Jun 3, 2010, at 3:15 PM, Steve C wrote:
I just looked at your code briefly, but I believe the problem is this
line:
oauth_request = TwitpicOAuthRequest(http_method=POST,
http_url=settings.TWITPIC_API_URL,
The OAuth Request needs to be signed using the Twitter Endpoint
(https://api.twitter.com/1/account/verify_credentials.json), not the
Twitpic API URL.
Try something like this:
oauth_request = TwitpicOAuthRequest(http_method=GET,
http_url=https://api.twitter.com/1/account/verify_credentials.json;,
On Jun 3, 2:38 pm, yml yann.ma...@gmail.com wrote:
I would greatly appreciate any help.
Here it is the latest evolution of this piece of code :
class TwitpicOAuthRequest(OAuthRequest):
def to_header(self, realm='http://api.twitter.com/'):
headers = super(TwitpicOAuthRequest,
self).to_header(realm=realm)
return {'X-Verify-Credentials-Authorization':
headers['Authorization']}
def post_photo(request):
if request.method == 'POST':
form = PhotoForm(request.POST, request.FILES)
if not request.session.get('twitter_access_token'):
return HttpResponse(Not authenticated)
if form.is_valid():
access_token = request.session['twitter_access_token']
params = {
'oauth_consumer_key': settings.TWITTER_CONSUMER_KEY,
'oauth_signature_method':HMAC-SHA1,
'oauth_token':access_token.key,
'oauth_timestamp':oauth.generate_timestamp(),
'oauth_nonce':oauth.generate_nonce(),
'oauth_version':'1.0'
}
consumer =
oauth.OAuthConsumer(key=settings.TWITTER_CONSUMER_KEY,
secret=settings.TWITTER_CONSUMER_SECRET)
token = oauth.OAuthToken(key=access_token.key,
secret=access_token.secret)
oauth_request = TwitpicOAuthRequest(http_method=GET,
#http_url=settings.TWITPIC_API_URL,
http_url=settings.TWITTER_VERIFY_CREDENTIALS,
parameters=params)
signature=oauth_request.sign_request(OAuthSignatureMethod_HMAC_SHA1(),
consumer,
access_token)
headers = oauth_request.to_header()
headers['X-Auth-Service-Provider'] =
settings.TWITTER_VERIFY_CREDENTIALS
#with multipart_encode
values = [
MultipartParam('key',value=settings.TWITPIC_API_KEY),
MultipartParam('message',value=form.cleaned_data['message']),
MultipartParam('media',
filename='copine_moi.jpg
[twitter-dev] Annotations in Streams - June 7th
Awesome. I have earlybird ready to receive the annotations and dump them to the console as they are received when these changes go live. I will push it to github after it hits for some sample code for anyone that wants to play. http://github.com/zbowling/earlybird/ (The version in master right now is the hacky version I put together at the hackfest to push social graph changes back into the tweet stream with annotations for my @reannotate bot and also do some fun remote shell execution via annotations. In this version I call the rest API to get the annotations after getting them from the streaming API. I will move this code to a branch later and I will push a version that allows you to see annotations via the REST api after they come in instead for now. ) Any schedule on when the search API will support annotations? Zac @zbowling On Jun 2, 2010, at 2:49 PM, John Kalucki wrote: We will test Streaming API Tweet Annotation as early as next week - June 7th through June 11th. All streaming clients, including user streams preview clients, should expect empty annotations and the rare populated annotation during arbitrary test periods. Assuming general stability, on our end and yours, we'll eventually leave annotation delivery turned permanently on. General purpose JSON and XML parsers should experience no problems with this change. Expect a further announcement just before we flip the switch for the first time. http://apiwiki.twitter.com/Annotations-Overview -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. -- Twitter API documentation and resources: http://apiwiki.twitter.com API updates via Twitter: http://twitter.com/twitterapi Change your membership to this group: http://groups.google.com/group/twitter-api-announce?hl=en
[twitter-dev] Thoughts on annotations
This weekend's hackfest was at Twitter HQ was fun. About a couple dozen of us stayed awake for about 30 hours and still had enough to energy to present. Some pretty amazing things created and we helped identified a bunch of bugs. Now that I've had a chance to go home and catch up on some sleep, here is a brain dump of my thoughts. * One of the documented recommended types is place/location, but this data is similar to what we store in the geo fields. I'm not sure what issues we may run into privacy using it rather then storing the Geo fields (users can enable/disable geo and remove geo data from all previous status updates). * We will always have twitter clients that will not understand or look even look at our attributes. This means that we can't can't have annotations that change the meaning of a tweet or make the meaning of the tweet useless. This is basically graceful degradation, and not progressive enhancement. We joked that want to see tweets that say: This tweet can only be read in clients that support X annotations. Please upgrade your twitter client or try X client.. * You have to treat annotations as potentially hostile attack vectors. As was proved with some awesome cornfied and flashing unicorn injections this weekend, any raw data can be store in annotations. Just because you stored it there, anyone can do store any raw data and anyone can post tweets that copy your annotation format. Twitter may sanitize javascript injections, but it doesn't stop other types of injections from occurring if you don't check. It's extremely important to validate, html encode, or whatever you need to with the data stored in the annotations. As I did with my twitter remote shell execution example, I added my own signature and noance of my own into the twitter annotation to validate the sender had my secret. It may be one solution. * Attributes work at the time of creation because status updates are immutable. This may be obvious to most, but its a limitation that hits you a few times as you develop. Because of that we need to make sure that we can get most of the clients, including Twitter.com, support the most popular annotation formats. We can't fix update status updates after the fact so we have to get it right. (Adding annotations to new style retweets is in theory possible) * Can't remind people enough to switch from twitter.com to api.twitter.com. A bunch of little differences between the two that give you headaches. Our board of wasted time at the hackfest summed it up pretty well. * A good number of us spent a good deal of time on just getting past OAuth this weekend. We had a lot of people that understood the OAuth spec fairly well thankfully and @jmhodges was there to help (although not his area he deals with in the code). Since you update twitter with POST, it's optional to store the authentication data in the postdata instead of the authentication header according to the spec, and some our libraries were doing just that, but twitter only works with the Authentication header. We didn't know but this was documented on the Wiki and had to learned from trial and error. A bunch of us got caught up on using twitter.com instead of api.twitter.com. I think we all worked through it at about midnight late saturday. In the end it was pretty awesome. I want to thank @jonashuckestein for the the bookmarklet. It was awesome and saved us all time. http://jonashuckestein.github.com/Twitter.com-Annotations-Bookmarklet/ (see my stream with it http://twitpic.com/1st8sd ) I won't cover the bugs. I'll leave twitter to document those if and when they open up annotations to more developers. Thanks all! Zac Bowling @zbowling
[twitter-dev] List data in user streams
Thanks who ever pushed this at Twitter. Not documented, but its awesome to find. Started getting list_member_added and list_member_removed events now in the user stream API on betastream. Missing pieces coming together. (Found it while hacking here at the hackathon. We are still here burning the midnight oil). Zac @zbowling
[twitter-dev] Parking
Weird to ask this here, but does anyone know the parking situation at Twitter HQ for the hackfest? I usually just take the ferry but it does come on saturdays and would rather avoid BART :-) Zac Sent from my iPad
Re: [twitter-dev] Re: Streaming API OAuth explanation?
The format is fairly simple and almost self explanatory. Check out this for a working sample: http://github.com/zbowling/earlybird Zac Bowling On Mon, May 24, 2010 at 7:23 PM, Jonathon Hill jhill9...@gmail.com wrote: Hey we need documentation! Jonathon On May 24, 4:50 pm, Mark McBride mmcbr...@twitter.com wrote: OAuth is now enabled on stream.twitter.com. I'll also send a note out to the announce list ---Mark http://twitter.com/mccv On Mon, May 24, 2010 at 12:30 PM, Aaron Rankin aran...@gmail.com wrote: Hi, Is there an ETA for enabling oauth on stream.twitter.com? Thanks, Aaron On May 13, 1:11 pm, John Kalucki j...@twitter.com wrote: OAuthis not enabled on stream.twitter.com. You can try on chirpstream.twitter.com. On Thu, May 13, 2010 at 10:53 AM, Lucas Vickers lucasvick...@gmail.com wrote: I am writing my own c++ basedOAuthlibrary. I know there is liboauth but I like to do things myself to learn. Anyhow I am trying to accesshttp://stream.twitter.com/1/statuses/sample.xml and I keep getting 401. I have verified pretty much every parameter, and used the tool on http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signin... to verify my signature is correct. I used twurl to obtain the user access tokens to my account. After doing some reading I'm no longer convinced that thestreaming server even supportsoauth. can you fill me in on the current status of stream.twitter.com and oauth? thanks! Lucas On Apr 20, 11:02 pm, Jonathon Hill jhill9...@gmail.com wrote: Thanks Taylor for the very detailed and helpful response! Jonathon On Apr 20, 1:17 pm, Taylor Singletary taylorsinglet...@twitter.com wrote: Hi Jonathon, ForStreamingAPI access that isn't from the perspective of a user's account, you would use two-leggedOAuthto establish authentication instead of basic auth. A two-leggedOAuthrequest is very similar to otherOAuthrequests: you have a specific resource you are trying to access, you have some parameters you want to pass to that resource, and you have anOAuthconsumer key andOAuth consumer secret. Which is unlike three-leggedOAuthwhere you also have oauth_tokens representing either a user/access_token or a request token in addition to the rest. But the rules remain the same. You take all theOAuthparameters and the parameters you are sending to the resource, organize them, build a signature base string, then sign that with your consumer secret and send the request on to Twitter properly signed. The only difference is that there is no oauth_token and oauth_token_secret getting involved in the mix. This is essentially what a two-legged request to thestreamingAPI would look like: Signature Base String GEThttp%3A%2F%2Fstream.twitter.com %2F1%2Fstatuses%2Fsample.jsonoauth_consumer_key%3Dri8JxYK2zzwSV5xIUfNNvQ%26oauth_nonce%3DSJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1271783743%26oauth_version%3D1.0 Signature Xi5jfuw2XqtU5KpNX9ZCtTptJS0= Authorization Header OAuthoauth_nonce=SJJqJPdaZrYuIogToapS6ueJRyWB4Rs2ox4HEbu4nW8, oauth_signature_method=HMAC-SHA1, oauth_timestamp=1271783743, oauth_consumer_key=ri8JxYK2zzwSV5xIUfNNvQ, oauth_signature=Xi5jfuw2XqtU5KpNX9ZCtTptJS0%3D, oauth_version=1.0 Taylor Singletary Developer Advocate, Twitterhttp://twitter.com/episod On Tue, Apr 20, 2010 at 10:05 AM, Jonathon Hill jhill9...@gmail.com wrote: One thing I meant to find out @chirp last week--what willoauthlook like for theStreamingAPI? I'm having a hard time visualizing how that will work. Thanks, Jonathon Hill @compwright Company52 http://company52.com -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
Re: [twitter-dev] Hard lesson learned
Hey Miguel, Long time :-) OAuth 1.0a spec lays it out clearly for hmac/sha1 signatures. Has all the specific details. Soon though with OAuth WRAP/2.0 it will make it much easier by just leaving it all up the transport layer and using ssl/tls. Hope mono is doing well! Zac Sent from my iPad On May 23, 2010, at 2:52 PM, Miguel de Icaza miguel.de.ic...@gmail.com wrote: Hello guys, Perhaps the most frustrating piece in dealing with the OAuth configuration is that the twitter OAuth page talks casually about urlEncode. You need to urlEncode this and urlEncode that. What the page does not say is that urlEncode is not a standard urlEncoding system that web developers are used to. The urlEncode required by OAuth signatures is actually percent encode and it is *required* that you use percent encoding for anything but a small subset of characters. The only characters that do not require percent encoding are: unreserved = a through z, A through Z, 0 through 9 and '-', '.', '_', '~' Miguel
Re: [twitter-dev] Command-line implementations of Twitter OAuth was Announcing Twurl: OAuth-enabled curl for the Twitter API
I've been dealing with this myself. What I did was implement a new twitterrc format -- basically a config file in your user directory (~/.twitterrc) or in your /etc/ that has your own personal consumer and access token. I also store a version inside in the keychain on Mac. I forked a version of twurl and updated all own my scripts to recognize the rc file and Mac keychain format and use it if it's detected. It makes it far less complicated to use command line tools. It would be nice to standardize this or something maybe. Zac Bowling @zbowling Sent from my iPad On May 17, 2010, at 2:53 PM, Cameron Kaiser spec...@floodgap.com wrote: Twurl is just what I need, a command-line OAuth getter. Except it's written in a language I don't have so it's useless to me. Before turning off basic auth twitter needs to provide their own official implementation of a CLI OAuth getter, written in plain old C. I don't want to jump too far with this, but I am working with Taylor and Raffi to get TTYtter 1.1 in an acceptable form for public release (we are having discussions about how to streamline the keys process in such a way that's simpler for users, but still secure for Twitter). That implementation is 100% pure Perl, and does not use any external libraries. You're welcome to take a crack at it now if you like, but you will need to generate your own app keys in its current state. E-mail me off list if interested. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Why do we scoff at fortune tellers, yet listen to economists? --
[twitter-dev] Weird inconsistency in social graph
I've been poking around with this little ruby script running it every now and then the last few weeks: http://gist.github.com/403113 (I'm trying to get an understanding of the rate of change in my social graph by being able to compare my graph to any point in time I previously ran the script.) I turned up a weird inconstancy though. Some Twitter employees that are following me (or maybe not following me) appear and disappear randomly from my social graph. Like @mm who every few times shows she follows me (who I don't think is actually following me because I can't DM her to check), and also @dougw on rare occasion shows he isn't following me (which I know he is because I can DM him). I thought it was a fluke or caching issue but it's been like that for over a 2 weeks and hasn't cleared up (even before the accept bug). Seems to only happen with twitter employees but that may be just a coincidence, or maybe it might its a bug with some internal feature you have enabled for twitter employees that is acting up maybe. Any ideas? Not a critical issue but just wondering out of curiosity. Attached are the results from making 3 requests of my followers social graph a few seconds apart. The second one has @mm, but the other two don't. --- followers/1274040599.txt2010-05-16 13:09:59.0 -0700 +++ followers/1274040541.txt2010-05-16 13:09:01.0 -0700 @@ -80,6 +80,7 @@ 129004024 16909593 11009852 +7101692 19130449 14793018 129424089 Zac Bowling @zbowling 39600909 14380462 1142711 123643162 15391023 138543652 89044620 65415178 7557 92865690 41280728 28338565 16324081 44579983 137908690 108719030 15150351 142430267 134587852 32897297 18628681 142055010 140525243 136977879 108844424 74613484 75210878 138075151 13288902 13744592 15936194 117135861 14074881 121069642 139781026 134399964 139342954 19356814 14745819 75265089 111541882 128930929 136439186 6686342 137926273 72702593 133563688 133388947 70570451 39685056 104448721 110102920 50753911 62432436 13396902 24430595 26101798 14694677 56214804 135047518 21220586 15925986 12543022 135705680 15066929 9715522 14860302 9347472 1374361 13503902 19223 13259942 65585979 7082702 16722928 11815982 133703782 46783 812049 129004024 16909593 11009852 19130449 14793018 129424089 15781775 17459313 28890407 22582599 48352523 64906489 18237002 32658080 26015915 113368617 103703103 14129318 127762744 125449133 128824623 22419681 79518901 100772620 128015200 124428985 6856622 10937622 22043299 16638239 18486852 16881073 5848282 122766410 6883712 14117730 105963996 105843108 27971734 7134102 14559712 14573643 45282898 16023185 74673 14880920 126389013 23772882 62778374 70407105 9253522 14134276 8864422 1693421 8713712 125878497 61413756 28482162 124582977 14114105 14702477 83074508 116038995 16296704 123636203 121528064 117117359 804358 14317493 122253561 86712934 73877793 55241054 119534015 117697200 119335689 42738861 19966048 833071 91838094 7334402 10202 8940282 1401881 335893 116113431 111212900 785148 36967262 42106933 15669526 14295423 26376718 118639445 10957902 16116901 41507308 4959461 86854621 24218879 10284472 68042098 23720707 115435506 103862202 115499976 25544326 20355172 20408506 54460111 18608106 109293 11039092 54434620 75174395 24143539 8602182 11957802 109003537 26170776 12193 1582391 106496169 89350277 17790274 39998762 109283287 14498374 14398449 83130412 106222709 11392102 14688796 59701884 94183896 41925691 103584743 103258331 103265618 103246379 14556090 10076682 3741421 38037584 51012735 24349486 165293 21062686 17540895 68498232 22127489 12255212 9436992 14056632 1132291 68512051 22441611 86772969 102564878 81794569 102213497 13190472 85397914 8448552 102201516 15253419 11294522 45538687 612 79016364 24303 100338530 53767782 98092929 18624058 94045028 76246319 94812598 89113720 69523030 88696846 18167958 9118502 38937224 66906245 6987882 16164520 9678372 99900142 7234682 14492032 33944319 55767870 98061278 62252399 95988164 18892257 36873203 8654602 96978077 59858937 17960394 7612682 16936110 16208514 48506440 96930326 14551773 14362200 84239329 15789884 7275352 97506989 18225739 13545 2205921 14270329 96377901 13464192 23923340 96303998 18278306 47652631 22461067 95801409 71696778 41804469 40176787 35218640 18464551 93299683 96328313 9007632 24443061 88334518 87626226 75233126 85656051 95488747 91777621 14738561 94325602 34395913 18303140 27427474 45608097 20174987 94964549 14522944 28304831 19720019 18113175 10762342 15392391 53130511 92589759 46718643 28282442 92390154 89516707 87636054 83055503 17741757 65019615 15318975 2806761 8614702 87546862 44640797 14671263 14396780 22366323 15665583 89854436 22935006 79006150 83731305 58880714 9263952 19160166 30137587 18720900 9360692 69604419 16303389 15371839 11644922 68386991 39470541 45784665 75949513 16813828 32418877 1609 88299939 84018570 10076782 27615066 68251169 25988350 30405446 20639602 71568103 87156160 17172786 11825392 70172933 86785588 14460422 32639070
Re: [twitter-dev] WebSockets protocol for streaming API
Web sockets allows you to support cross domain access however you want by checking the Origin: header. If you only want to allow your own domain, then you can compare the Origin equals your own domain and if you want to allow some domains or all domains you can whitelist as you want. According to the lastest version of the draft spec's security concern: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-55#section-7 One thing to understand is that WebSockets are not really HTTP. WebSockets handshakes may start out looking like an HTTP in the initial request and initial response but that only so that it's possible for a web server serving HTTP today could be used to handle the requests and be able to tell that it's a WebSocket and internally switch over to handling the request as a WebSocket internally. Websockets are not like HTTP though in that they are full duplex communication (real two way communication). It avoids some of the tricks you have to do with AJAX Comet/Long polling/http streaming by giving the browsers something more like traditional TCP/IP sockets to communicate back the server while still working through HTTP proxies and firewalls. Jetty, the web server that Twitter uses today on the streaming side supports WebSockets in its latest version (http://blogs.webtide.com/gregw/entry/jetty_websocket_server). Most of the web socket server implementations that exist today are built on top of traditional web servers, but they don't use epoll or any kind of event based async sockets (most design around having a single thread handle the connections for a user) and so they are unable to handle massive numbers of simultaneous open concurrent connections like you can with Jetty or FriendFeed's Tornado (http://www.tornadoweb.org/). I would love to see a streaming server implementation using WebSockets from Twitter, not only just for access from web browsers but from desktop clients that support websockets. There are some doors that open with that like being able to send back messages to Twitter up the socket (like sending a tweet, or changing the paramaters of what we are filtering on the stream, or request all sorts of things that you would have to do on the querystring and have to reconnect to change them). Zac Bowling @zbowling On Sun, May 16, 2010 at 11:29 AM, John Kalucki j...@twitter.com wrote: I did a quick reading, and I couldn't tell if WS connections are restricted back to the domain of the calling page, or if arbitrary connections are allowed. If the former, there may not be a reason for the Streaming API to support this. If the latter, perhaps there's a valid use case. Looking at the protocol itself, this wouldn't be trivial to support, but it might not be that bad either. We'll have to keep an eye on the installed browser base and see when this might make sense. It is too bad that they didn't allow HTTP connections with incremental byte reads in addition to WB connections on that interface. I'm sure they had their reasons. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Sat, May 15, 2010 at 3:22 PM, Abraham Williams 4bra...@gmail.com wrote: I'm not particularly familiar with the specifics of WebSockets but here is the draft documentation: http://dev.w3.org/html5/websockets/ I don't see Chrome Extensions as being any different from desktop applications as they are both manually installed by the user on their desktop. Abraham On Sat, May 15, 2010 at 09:02, John Kalucki j...@twitter.com wrote: The first release of User Streams is not intended for web clients due to capacity constraints. http://apiwiki.twitter.com/ChirpUserStreams All services, mobile and browser-based clients must not use Streaming until we've sorted out Desktop clients at some scale. One problem at a time. That being said, of course we'd like to encourage experimentation with other client types, so that clients can evolve as we scale out the service. While others at Twitter are well-versed in the latest browser technologies, I'm totally and willfully ignorant. If you could give a brief summary of how the existing Streaming API does not work for WebSockets, that might be helpful. What's missing? -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Fri, May 14, 2010 at 9:38 PM, Cezar Sá Espinola ceza...@gmail.com wrote: Hey guys, Quick question, are there any plans on supporting WebSockets protocol for the Streaming API? That'd be awesome for browser based Twitter clients (i.e. Google Chrome extensions). Without this it'll be very difficult for this kind of client to lavarage benefit from the upcoming user streams. Thanks a lot for all your hard work, Cezar Sá Espinola @cezarsa -- Abraham Williams | Developer for hire | http://abrah.am @abraham | http://projects.abrah.am | http://blog.abrah.am This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: How to filter out utf-8 characters in java
PHP treats strings as c strings basically (char/byte arrays). It won't really do anything special automagically and leaves it up to you to make sure you treat your strings safely. Make sure your code is encoded in utf-8 and make sure your content types are set to UTF-8 in your responses. Use UTF-8 wherever you can in your dbs and use utf8_encode/decode and the mb functions replacements where you can't. If you are making http requests mark your encodings in your requests correctly (with CURL set your charset to UTF-8 in your request headers). In java, all strings are high level representations of chars (internally UCS2 wide chars but you don't need to worry about that). You just need to make sure you decode/encode properly and mark your charsets in your requests and responses everywhere. Zac Sent from my iPad On May 13, 2010, at 10:51 AM, Matt Sanford m...@twitter.com wrote: Hi giustin, I don't think it's the same issue since yours is more PHP specific. My guess is that the PHP library in question or the code you're using to process the results is incorrectly converting between UTF-8 and ISO-8859-1 [1]. Maybe someone on the list with some more PHP knowledge can suggest a fix. Thanks; — Matt Sanford / @mzsanford [1] = The UTF-8 encoding of ã is two bytes. When those same two bytes are interpreted as ISO-8859-1 (a.k.a ISO-Latin-1) they are interpreted as two characters, like so (fixed width font required): UTF-8 Bytes vs. Same bytes in ISO-8859-1 n 0x6E n ã 0xC3 à 0xA3 £ o 0x6F o On May 12, 7:19 pm, giustin tgiu...@gmail.com wrote: I have similar problems. When I try to search using the tag não the result is não. The API that I used were Twitter Search API from Ryan Faerman (http:// ryanfaerman.com/twittersearch/) Regards. On 12 maio, 21:47, Matt Sanford m...@twitter.com wrote: Hi there, All characters in Tweets are utf-8. I'm assuming you're looking for something specific like accents or ASCII-art punctuation. Can you describe your problem in a little more detail? I might be able to help once I know what you're trying to prevent. Thanks; — Matt Sanford / @mzsanford On May 12, 4:21 pm, adamjamesdrew theikl...@gmail.com wrote: any ideas?
Re: [twitter-dev] The most shameful bug a site can have! Fix it quickly before it causes havoc dear Twitter
So weird. I KNEW something was up. I thought it was just stale memcache data and it would expire. I've been jacking around this script all week and what I was getting back didn't make sense: http://gist.github.com/396262 So confused because things weren't adding up. I even sent out tweets asking if someone else was actually following me or not (eg: http://twitter.com/zbowling/status/13698520461 and http://twitter.com/zbowling/status/13653464851 ) http://gist.github.com/396262 Zac Bowling @zbowling On Mon, May 10, 2010 at 9:42 AM, Mark McBride mmcbr...@twitter.com wrote: We're aware and currently working on a fix. ---Mark http://twitter.com/mccv On Mon, May 10, 2010 at 9:37 AM, nischalshetty nischalshett...@gmail.com wrote: Hi, TechCrunch Europe reported the bug. I hope you fix it asap. It seems to work! I'm extremely sorry, did not mean to exploit it, was just trying to ascertain if it was true. Once you are done fixing the bug, you will have the arduous task of reversing all the follows that took place by exploiting this bug. If you have an easy way to do that, well and fine. One thing I noticed, when you make someone follow you using the exploited bug, the new follower notification email is never sent. This might be of some help to you in identifying all those who exploited the bug and reverse it.
[twitter-dev] Enable xAuth for app owners
Hey guys, I had an idea for a feature that I would like to suggest. If it's not difficult, can you extend xAuth to always allow just the owner of the application itself to be able to authenticate with xAuth by default? The http://dev.twitter.com/apps/xx/my_tokenhttp://dev.twitter.com/apps/413/my_token page is fantastic but it would be just a little bit nicer for single user apps to avoid one step of hunting down that access token. It makes one less step to get up and running with twurl and my OAuth enabled fork of earlybird. Zac Bowling @zbowling
[twitter-dev] bug with auth on help.twitter.com/zendesk
Not a development issue but an issue with help.twitter.com. My coworker had the same issue. The bug is that if you had your email associated with one user on twitter, opened a ticket, and then swapped that email it out with a new user on twitter, you can't login to zendesk again with the new twitter user or the old twitter user. I would open a ticket but I can't login :-) Url to login to help.twitter.com redirects to zenddesk and then it bounces around a few times and fails with the url below. First url it bounces to is: https://twitter.zendesk.com/access/remote/?name=zbowlingemail=zac%40zacbowling.comexternal_id=7676492timestamp=1273048060hash= censoredreturn_to=http%3A%2F%2Fhelp.twitter.com %2Frequests%2Fportal%2Findex Not sure if another is in there but I end up with this: http://twitter.com/?kind=errormessage=Failed+to+update+user+with+new+properties%3A+Email+has+already+been+taken Zac Bowling @zbowling
Re: [twitter-dev] Re: Upcoming changes to userstream preview
Cool... I added OAuth support and switched to the betastream but no OAuth
yet enabled there so I probably beat the roll out (getting 401s on
betastream but token works on api.twitter.com so I'm assuming its not up yet
:-) ). I'm holding off fixing it to support hydrated items until I see it
working though but it may be a useful start at least for testing.
source: http://github.com/zbowling/earlybird
usage: earlybird.rb -c consumer_token -s consumer_secret -a access_token -S
access_secret [-d] [-f] [-t key,words] [-u url] [-h host]
options:
-c --consumer_token consumer token
-s --consumer_secret consumer secret
-a --access_token access token
-S --access_secretaccess secret
-r show in reply too (takes a lot of API requests)
-d debug mode, read json from stdin
-f filter out @replies from users you don't follow
-g growl notifications for new tweets
-t track keywords separated by commas.
-u userstream path. Default: /2b/user.json
-h userstream hostname: Default:
betastream.twitter.com
Zac Bowling
@zbowling
On Tue, May 4, 2010 at 4:09 PM, Mark McBride mmcbr...@twitter.com wrote:
Then by all means, hack away!
---Mark
http://twitter.com/mccv
On Tue, May 4, 2010 at 4:05 PM, Zac Bowling zbowl...@gmail.com wrote:
I was going to tackle it if no body else did :-)
Already started working on a fork my self:
http://github.com/zbowling/earlybird
Zac Bowling
On Tue, May 4, 2010 at 4:01 PM, Mark McBride mmcbr...@twitter.com
wrote:
I can hack that together.
---Mark
http://twitter.com/mccv
On Tue, May 4, 2010 at 3:54 PM, Zac Bowling zbowl...@gmail.com wrote:
Who is updating earlybird? :-P
Zac Bowling
On Tue, May 4, 2010 at 1:59 PM, Mark McBride mmcbr...@twitter.com
wrote:
The hydrated social events (as described in the previous email) are
now live. Please let me know if you have questions/issues/concerns
with the new data
---Mark
http://twitter.com/mccv
On Mon, May 3, 2010 at 10:50 AM, Mark McBride mmcbr...@twitter.com
wrote:
Userstream previewers:
Coming soon there will be a number of changes that may impact
applications.
The first is support for OAuth 1.0a. When rolled out, you will be
able to sign requests to all streaming API endpoints on
betastream.twitter.com. This means that you can use OAuth with
both
user streams and other streaming calls (filter, sample, etc.) To
obtain access tokens use the regular twitter.com OAuth flow, then
sign
requests to betastream.twitter.com. If you already have an access
token you should be able to use it with the streaming API.
The second is inclusion of fully hydrated objects for the social
events. Instead of just getting a source id, target id, and target
object id you will get the full user object in source and target
fields, and the full status in the target object field (if
applicable). You will also get a created_at field that indicates
the time the social event was created. This should dramatically
reduce
the number of REST API calls needed to build a client. Note that
most
parsers shouldn't need to change -- the ID field will still be set,
you will just have more fields available. The format is the same as
statuses retrieved via the rest API, with following exceptions:
1) The user's latest status may not be included
2) The user's status count may not be included
3) The user's favorites count may not be included
An example of a hydrated social event is
{created_at=Mon May 03 17:42:55 + 2010,
target_object=
{coordinates=nil,
truncated=false,
created_at=Sun Jun 28 23:10:35 + 2009,
favorited=false,
contributors=nil,
text=looking at cricket eyes!,
id=4,
geo=nil,
in_reply_to_user_id=nil,
source=web,
place=nil,
user=
{profile_background_tile=false,
name=Ray,
profile_sidebar_border_color=87bc44,
profile_sidebar_fill_color=e0ff92,
location=nil,
created_at=Mon Apr 12 00:00:00 + 2010,
profile_image_url=/images/default_profile_4_normal.png,
profile_link_color=ff,
contributors_enabled=false,
url=nil,
favourites_count=1,
id=4,
utc_offset=-21600,
profile_text_color=00,
protected=true,
lang=en,
followers_count=3,
notifications=nil,
verified=false,
description=nil,
profile_background_color=9ae4e8,
geo_enabled=false,
time_zone=Saskatchewan,
profile_background_image_url=/images/themes/theme1/bg.png,
statuses_count=1,
friends_count=3,
screen_name=ray
Re: [twitter-dev] OAuth support and reformatted DMs live on user streams
My fork of earlybird works: http://github.com/zbowling/earlybird/ Fixing it to support hydrated objects. One thing is that it doesn't appear to support query string passed OAuth params but if I pass it as authentication headers it works. Zac Bowling On Wed, May 5, 2010 at 10:31 AM, Mark McBride mmcbr...@twitter.com wrote: OAuth support on betastream is live now. This is different OAuth implementation than we use on twitter.com, so if you find any rough edges please let us know quick like. The changes to make direct messages more distinguishable from tweets has also been pushed. This will probably require some changes in parsing logic when dealing with DMs. ---Mark http://twitter.com/mccv
[twitter-dev] Javascript (google analytics) in search RSS feed.
Just seen someone tweet this. The search.twitter.com RSS feeds are returning javascript pointing to google analytics in the description tag. Causing validation errors. In the ATOM feed it's marked as format='html' so it doesn't choke there for me but the RSS feed is choking in my reader. Zac Bowling @zbowling
Re: [twitter-dev] OAuth support and reformatted DMs live on user streams
Hydrated message support in earlybird! http://github.com/zbowling/earlybird/ OAuth in query string doesn't work and only HMAC-SHA1 signature (unless you only allow plaintext over SSL) but its fine. One feature request would be an inital event with the users credentials just like how the user's social graph comes down initially. Right now I don't know the user's screen_name unless I also hit api.twitter.com or he tells me on the command line. With that I could drop the dependency on the twitter gem. Zac Bowling @zbowling On Wed, May 5, 2010 at 10:54 AM, Mark McBride mmcbr...@twitter.com wrote: It should support both. Can you send me a direct email with a URL that you tried? ---Mark http://twitter.com/mccv On Wed, May 5, 2010 at 10:38 AM, Zac Bowling zbowl...@gmail.com wrote: My fork of earlybird works: http://github.com/zbowling/earlybird/ Fixing it to support hydrated objects. One thing is that it doesn't appear to support query string passed OAuth params but if I pass it as authentication headers it works. Zac Bowling On Wed, May 5, 2010 at 10:31 AM, Mark McBride mmcbr...@twitter.com wrote: OAuth support on betastream is live now. This is different OAuth implementation than we use on twitter.com, so if you find any rough edges please let us know quick like. The changes to make direct messages more distinguishable from tweets has also been pushed. This will probably require some changes in parsing logic when dealing with DMs. ---Mark http://twitter.com/mccv
Re: [twitter-dev] Re: Upcoming changes to userstream preview
Who is updating earlybird? :-P
Zac Bowling
On Tue, May 4, 2010 at 1:59 PM, Mark McBride mmcbr...@twitter.com wrote:
The hydrated social events (as described in the previous email) are
now live. Please let me know if you have questions/issues/concerns
with the new data
---Mark
http://twitter.com/mccv
On Mon, May 3, 2010 at 10:50 AM, Mark McBride mmcbr...@twitter.com
wrote:
Userstream previewers:
Coming soon there will be a number of changes that may impact
applications.
The first is support for OAuth 1.0a. When rolled out, you will be
able to sign requests to all streaming API endpoints on
betastream.twitter.com. This means that you can use OAuth with both
user streams and other streaming calls (filter, sample, etc.) To
obtain access tokens use the regular twitter.com OAuth flow, then sign
requests to betastream.twitter.com. If you already have an access
token you should be able to use it with the streaming API.
The second is inclusion of fully hydrated objects for the social
events. Instead of just getting a source id, target id, and target
object id you will get the full user object in source and target
fields, and the full status in the target object field (if
applicable). You will also get a created_at field that indicates
the time the social event was created. This should dramatically reduce
the number of REST API calls needed to build a client. Note that most
parsers shouldn't need to change -- the ID field will still be set,
you will just have more fields available. The format is the same as
statuses retrieved via the rest API, with following exceptions:
1) The user's latest status may not be included
2) The user's status count may not be included
3) The user's favorites count may not be included
An example of a hydrated social event is
{created_at=Mon May 03 17:42:55 + 2010,
target_object=
{coordinates=nil,
truncated=false,
created_at=Sun Jun 28 23:10:35 + 2009,
favorited=false,
contributors=nil,
text=looking at cricket eyes!,
id=4,
geo=nil,
in_reply_to_user_id=nil,
source=web,
place=nil,
user=
{profile_background_tile=false,
name=Ray,
profile_sidebar_border_color=87bc44,
profile_sidebar_fill_color=e0ff92,
location=nil,
created_at=Mon Apr 12 00:00:00 + 2010,
profile_image_url=/images/default_profile_4_normal.png,
profile_link_color=ff,
contributors_enabled=false,
url=nil,
favourites_count=1,
id=4,
utc_offset=-21600,
profile_text_color=00,
protected=true,
lang=en,
followers_count=3,
notifications=nil,
verified=false,
description=nil,
profile_background_color=9ae4e8,
geo_enabled=false,
time_zone=Saskatchewan,
profile_background_image_url=/images/themes/theme1/bg.png,
statuses_count=1,
friends_count=3,
screen_name=ray,
following=nil},
in_reply_to_screen_name=nil,
in_reply_to_status_id=nil},
event=favorite,
target=
{profile_background_tile=false,
name=Ray,
profile_sidebar_border_color=87bc44,
profile_sidebar_fill_color=e0ff92,
location=nil,
created_at=Mon Apr 12 00:00:00 + 2010,
profile_image_url=/images/default_profile_4_normal.png,
profile_link_color=ff,
contributors_enabled=false,
url=nil,
favourites_count=1,
id=4,
utc_offset=-21600,
profile_text_color=00,
protected=true,
lang=en,
followers_count=3,
notifications=nil,
verified=false,
description=nil,
profile_background_color=9ae4e8,
geo_enabled=false,
time_zone=Saskatchewan,
profile_background_image_url=/images/themes/theme1/bg.png,
statuses_count=1,
friends_count=3,
screen_name=ray,
following=nil},
source=
{profile_background_tile=false,
name=Jack,
profile_sidebar_border_color=87bc44,
profile_sidebar_fill_color=e0ff92,
location=San Francisco,
created_at=Wed Apr 28 00:00:00 + 2010,
profile_image_url=
http://s3.amazonaws.com/twitter_development/profile_images/2/jack_normal.jpg
,
profile_link_color=ff,
contributors_enabled=false,
url=nil,
favourites_count=0,
id=3,
utc_offset=-28800,
profile_text_color=00,
protected=true,
lang=en,
followers_count=2,
notifications=nil,
verified=false,
description=love, love,
profile_background_color=9ae4e8,
geo_enabled=false,
time_zone=Pacific Time (US Canada),
profile_background_image_url=/images/themes/theme1/bg.png,
statuses_count=1,
friends_count=2,
screen_name=jack,
following=nil}}
The third is an improvement to the direct message payload. Currently
it's a bit of a pain to disambiguate statuses and DMs. We'll be
wrapping direct messages in a higher level direct_message object,
e.g.
{direct_message=
{created_at
Re: [twitter-dev] Re: Upcoming changes to userstream preview
I was going to tackle it if no body else did :-)
Already started working on a fork my self:
http://github.com/zbowling/earlybird
Zac Bowling
On Tue, May 4, 2010 at 4:01 PM, Mark McBride mmcbr...@twitter.com wrote:
I can hack that together.
---Mark
http://twitter.com/mccv
On Tue, May 4, 2010 at 3:54 PM, Zac Bowling zbowl...@gmail.com wrote:
Who is updating earlybird? :-P
Zac Bowling
On Tue, May 4, 2010 at 1:59 PM, Mark McBride mmcbr...@twitter.com
wrote:
The hydrated social events (as described in the previous email) are
now live. Please let me know if you have questions/issues/concerns
with the new data
---Mark
http://twitter.com/mccv
On Mon, May 3, 2010 at 10:50 AM, Mark McBride mmcbr...@twitter.com
wrote:
Userstream previewers:
Coming soon there will be a number of changes that may impact
applications.
The first is support for OAuth 1.0a. When rolled out, you will be
able to sign requests to all streaming API endpoints on
betastream.twitter.com. This means that you can use OAuth with both
user streams and other streaming calls (filter, sample, etc.) To
obtain access tokens use the regular twitter.com OAuth flow, then
sign
requests to betastream.twitter.com. If you already have an access
token you should be able to use it with the streaming API.
The second is inclusion of fully hydrated objects for the social
events. Instead of just getting a source id, target id, and target
object id you will get the full user object in source and target
fields, and the full status in the target object field (if
applicable). You will also get a created_at field that indicates
the time the social event was created. This should dramatically reduce
the number of REST API calls needed to build a client. Note that most
parsers shouldn't need to change -- the ID field will still be set,
you will just have more fields available. The format is the same as
statuses retrieved via the rest API, with following exceptions:
1) The user's latest status may not be included
2) The user's status count may not be included
3) The user's favorites count may not be included
An example of a hydrated social event is
{created_at=Mon May 03 17:42:55 + 2010,
target_object=
{coordinates=nil,
truncated=false,
created_at=Sun Jun 28 23:10:35 + 2009,
favorited=false,
contributors=nil,
text=looking at cricket eyes!,
id=4,
geo=nil,
in_reply_to_user_id=nil,
source=web,
place=nil,
user=
{profile_background_tile=false,
name=Ray,
profile_sidebar_border_color=87bc44,
profile_sidebar_fill_color=e0ff92,
location=nil,
created_at=Mon Apr 12 00:00:00 + 2010,
profile_image_url=/images/default_profile_4_normal.png,
profile_link_color=ff,
contributors_enabled=false,
url=nil,
favourites_count=1,
id=4,
utc_offset=-21600,
profile_text_color=00,
protected=true,
lang=en,
followers_count=3,
notifications=nil,
verified=false,
description=nil,
profile_background_color=9ae4e8,
geo_enabled=false,
time_zone=Saskatchewan,
profile_background_image_url=/images/themes/theme1/bg.png,
statuses_count=1,
friends_count=3,
screen_name=ray,
following=nil},
in_reply_to_screen_name=nil,
in_reply_to_status_id=nil},
event=favorite,
target=
{profile_background_tile=false,
name=Ray,
profile_sidebar_border_color=87bc44,
profile_sidebar_fill_color=e0ff92,
location=nil,
created_at=Mon Apr 12 00:00:00 + 2010,
profile_image_url=/images/default_profile_4_normal.png,
profile_link_color=ff,
contributors_enabled=false,
url=nil,
favourites_count=1,
id=4,
utc_offset=-21600,
profile_text_color=00,
protected=true,
lang=en,
followers_count=3,
notifications=nil,
verified=false,
description=nil,
profile_background_color=9ae4e8,
geo_enabled=false,
time_zone=Saskatchewan,
profile_background_image_url=/images/themes/theme1/bg.png,
statuses_count=1,
friends_count=3,
screen_name=ray,
following=nil},
source=
{profile_background_tile=false,
name=Jack,
profile_sidebar_border_color=87bc44,
profile_sidebar_fill_color=e0ff92,
location=San Francisco,
created_at=Wed Apr 28 00:00:00 + 2010,
profile_image_url=
http://s3.amazonaws.com/twitter_development/profile_images/2/jack_normal.jpg
,
profile_link_color=ff,
contributors_enabled=false,
url=nil,
favourites_count=0,
id=3,
utc_offset=-28800,
profile_text_color=00,
protected=true,
lang=en,
followers_count=2,
notifications=nil,
verified=false,
description=love
Re: [twitter-dev] Re: Early look at Annotations
Thanks for the insight this early into everything. This helps from the communication standpoint. I hope this devolve thought into design by commit on this thread though for the name-spacing. I have a few ideas but I'm reserving them because they may be obvious and not going to hurt me because I can work around anything you make. Now make some annotations. :-) Zac Bowling On Fri, Apr 16, 2010 at 1:43 PM, Marcel Molina mar...@twitter.com wrote: This is a great idea for how to bootstrap and fuel the adoption and consensus on namespaces and key names. I'm going to talk to our analytics team and see if we can surface analytics on the most used namespaces and those namespace's most used keys. On Fri, Apr 16, 2010 at 1:05 PM, Jaanus jaa...@gmail.com wrote: Another 2c: you should think about publishing numbers/stats for annotations. Easiest to start on the level of namespaces. Publish stats about popularity of namespaces: how many tweets and how many users use which namespaces. And don't do that's a good idea and there are still many moving parts and we are thinking of it for the future, do this is absolutely vital for the community from day 1 :) This would be a good measure for community to inform what namespaces to support, what works and what doesn't, etc. J -- Subscription settings: http://groups.google.com/group/twitter-development-talk/subscribe?hl=en -- Marcel Molina Twitter Platform Team http://twitter.com/noradio
Re: [twitter-dev] Re: Thoughts moving forward
Will be there. Telling the other devs around me. Zac Sent from my iPad On Apr 14, 2010, at 4:56 PM, Abraham Williams 4bra...@gmail.com wrote: I'm going to say that third-party developers should get together tonight at 9pm right at the end of Ignite Chirp. Look for me (with a 12 inch beard) and if you cant make it feel free to email me with anything you would like brought up. Abraham On Tue, Apr 13, 2010 at 15:48, Orian Marx (@orian) or...@orianmarx.com wrote: Anyone else want to join in on this? Ryan wants to chat about specifics in the 10:15 am session of the Hack Day, so I agree with Abraham that it makes sense to try and meet some time on Day 1 to collect some thoughts. I'm sure we'll have a lot of new info to digest as well. On Apr 12, 4:31 pm, Abraham Williams 4bra...@gmail.com wrote: I'm looking forward to Chirp and the dialogs that will happen. The Coop session on the second day looks to be the best time to have a heart to heart between third-party developers and the platform team. I think it would be good to have the third-party developers meet before then have a discussion about what we want and what our priorities are. I'm not sure when the best time would be. During the afternoon break or at 9pm on the first day seem like good times. I also think it would be respectful of Twitter employees to not attend this gathering so developers can be frank and honest. There will be many other opportunities. Abraham -- Abraham Williams | Developer for hire |http://abrah.am PoseurTech Labs | Projects |http://labs.poseurtech.com This email is: [ ] shareable [x] ask first [ ] private. -- To unsubscribe, reply using remove me as the subject. -- Abraham Williams | Developer for hire | http://abrah.am PoseurTech Labs | Projects | http://labs.poseurtech.com This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Re: Twitter buying Tweetie
Congrats, As a twitter user I'm intrigued. As a twitter developer I'm not hoping that you are really close to a statement to reassure us all its ok and maintaining an even playing field. Although renaming it Tweetie to Twitter for iPhone is a hurtful (being THE twitter client relegates the others to second instantly in what was an even playing field). So as a Tweetie user, please add sign up API so my mom and dad can get on Twitter from directly on the iPhone. Please add iPad support. Please also make a purchase of Windows based company to even out Tweetie for Mac venture so Twitter doesn't seem Mac happy, and please buy a Android company to even that side out too. See you all at Chrip! I'm sure this will be a lively debate so: INB4 insanity Zac Bowling On Fri, Apr 9, 2010 at 7:18 PM, Dewald Pretorius dpr...@gmail.com wrote: It's great for Loren. But, there's a problem, and I hope I'm not the only seeing it. Twitter has just kicked all the other developers of Twitter iPhone (and iPad) clients in the teeth. Big time. Now suddenly their products compete with a free product that carries the Twitter brand name, and that has potentially millions of dollars at its disposal for further development. It's really like they're saying, We picked the winner. Thanks for everything you've done in the past, but now, screw you. This would not have been such a huge deal if the developer ecosystem did not play such a huge role in propelling Twitter to where it is today. Please correct me if I'm wrong. On Apr 9, 10:41 pm, Tim Haines tmhai...@gmail.com wrote: Before anyone rants, let me say congratulations Loren, and congratulations Twitter. Awesome! Totally awesome! :-) Tim. -- To unsubscribe, reply using remove me as the subject.
Re: [twitter-dev] Chirp is coming to San Francisco April 14 and 15
Going to be off the hook. Geek style. Zac Bowling @zbowling On Mon, Apr 5, 2010 at 12:23 PM, Abraham Williams 4bra...@gmail.com wrote: I look forward to meeting all you awesome developers there. Abraham On Mon, Apr 5, 2010 at 12:04, Doug Williams d...@twitter.com wrote: Hi all -- With only nine days left until Biz's opening speech, Chirp -- Twitter's first conference for developers -- is fast approaching! The two day event will be in San Francisco on April 14th and 15th. You can image how excited we are to have a conversation with everyone from the ecosystem in the same room. The conference opens at the Palace of Fine Arts from 9AM to 6PM on April 14th. The schedule features keynotes from Biz Stone, Ev Williams, Ryan Sarver, and Dick Costolo which include announcements and roadmap details. On April 14th at 7PM we all move to Fort Mason to start the Hack Day. Here is where everyone will have a chance to collaborate, meet other members of the ecosystem, and have the entire Twitter team on call to answer questions. After an Ignite session at 8PM on the night of the 14th, we'll leave the doors to Fort Mason open all night for developers who want to dig into their code or conversations. The content on April 15th will pick up at 10AM. The day includes breakout talks on technology, best practices, policy, design, and more. Additionally, we're hosting times for developers to meet with Twitter's designers, Legal team, Platform team, the EFF and others to get their individual questions answered. Even Ev and Biz are hosting an hour so everyone can meet the founders. We'll wrap the entire conference with a rockin' party later that night! We have more space at Fort Mason than the Palace of Fine Arts so last week we opened tickets for the Hack Day. There are still $140 Hack Day passes and a few full conference tickets left so if you would like to attend please head to http://chirp.twitter.com and register. We hope to see you there! Thanks, Doug http://twitter.com/dougw -- Abraham Williams | Community Advocate | http://abrah.am PoseurTech Labs | Projects | http://labs.poseurtech.com This email is: [ ] shareable [x] ask first [ ] private.
Re: [twitter-dev] Getting IP of user from Tweets
The user's IP isn't available. Would be a huge security and privacy issue. However location is possible using the new geo features. It's opt in and it requires the user use client that supports sending location data, but the accuracy is far greater then any kind of geo-ip lookup could offer. Zac Bowling On Thu, Mar 11, 2010 at 7:08 PM, PRAVEEN KUMAR erpraveen2...@gmail.comwrote: Hi All, I want to get IP address of user based on the last tweet sent by him. Message may be sent from machine or from mobile but in both the cases whatever IP he has used I need that in my application to find out user's current location. Please help me in getting this detail.Which API function can solve my problem ? Thanks. (Praveen Kumar)
Re: [twitter-dev] Re: Deprecating /statuses/public_timeline resource on 4/5/10
Yah, the public_timeline was awesome back in the really early days of twitter when volume was really low and you could actually keep up. Since then its a vestige of the original Twitter API that doesn't really work anymore because you can't see all tweets with it. It's just a limited random number of tweets so it doesn't make it very useful. The only advantages of the public_timeline is that its a simple get that doesn't required auth and it's cacheable between users locally (since it doesn't change very often). If you doing server to server access with the API, it shouldn't be an issue to switch. Even though I can't think of anything off the top of my head that API would be useful for these days for desktop and mobile clients, there may be something innovative that it may useful, which for those clients it kind of sucks. Since the streaming API doesn't support OAuth/XAuth yet like the other APIs and like was said at the dev meet up is not really targeting connections directly from the desktop/mobile clients connections right now, the developers using that API are going to need to host a server in order to replicate that functionality. It wouldn't be difficult to roll your own server to replicate the public_timeline with data from the spritzer if you had too, but some mobile and desktop developers hitting the Twitter API directly may not be in a position to host their own servers for their own clients. Part of me says that it would be wise to wait until general xAuth is up and running for everyone (for those that need to login without going through the web) and is working on the streaming API and the streaming API is ready for connections directly from clients. However the other half of me thinks that that since the public_timeline sucks that it should just die either way. Zac Bowling @zbowling On Thu, Mar 4, 2010 at 9:22 AM, Carlos carlosju...@gmail.com wrote: What is the replacement for this endpoint for mobile applications? On Mar 3, 9:45 pm, Ryan Sarver rsar...@twitter.com wrote: This is an announcement that we will be deprecating the * /statuses/public_timeline* resource as of April 5th (4/5/10). Please let us know if there are any major concerns. Thanks, Ryan
Re: [twitter-dev] Re: Permanent Profile URL
Absolute tweet link? Sounds like a neat and simple 3rd party api service. Like bit.ly for specific tweets and users profiles that follows the user as they change their username. Zac Bowling On Fri, Feb 26, 2010 at 9:51 PM, Andy Freeman ana...@earthlink.net wrote: However, there's still no way to reference a tweet using the user id. See http://code.google.com/p/twitter-api/issues/detail?id=1242 On Feb 23, 2:47 pm, Paul Tarjan ptar...@gmail.com wrote: Perfect, Marc hit the nail on the head. Thank you. http://twitter.com/account/redirect_by_id?id=14757201 On Feb 23, 10:53 am, Marc Mims marc.m...@gmail.com wrote: * Lil Peck lilp...@gmail.com [100223 10:48]: On Mon, Feb 22, 2010 at 11:10 PM, Paul Tarjan ptar...@gmail.com wrote: Is there a permanent profile URL for users? Something like http://twitter.com/account/profile?user_id=14757201 I'd like something that is ID based (since users can change their short form) but is guaranteed to resolve for a while. Possibly even 302ing to thehttp://twitter.com/name I could use http://api.twitter.com/1/users/show.xml?user_id=14757201 but it is rather long and doesn't return any nice HTML You could make a custom TinyURL. http://twitter.com/account/redirect_by_id?id=14757201 -Marc- Hide quoted text - - Show quoted text -
Re: [twitter-dev] Introduce yourself!
My name is Zac (@zbowling) and I'm a engineer at doubleTwist. Formerly of Seesmic. Although my day to day development with the Twitter API isn't as high as it used to be, I still remain active in the dev community here and help out where I can. I also feed off the knowledge and issues the community bring up with OAuth to help with designing our own OAuth client and server implementations and try to contribute back where I can. I will be at Chirp this year. Zac Bowling http://twitter.com/zbowling On Fri, Feb 19, 2010 at 12:20 PM, Abraham Williams 4bra...@gmail.comwrote: We have not had an introductions thread in a long time (or ever that I could find) so I'm starting one. Don't forget to add an answer to the tools thread [1](Gmail link [2]) as well. I'm Abraham Williams, I've been working with the Twitter API and this group since early 2008. I do mostly freelance Drupal and Twitter API integration and personal projects. I love seeing the creative projects developers build or integrate with the API and look forward to meeting many of you at Chirp. TwitterOAuth [3] the first PHP library to support OAuth is built and maintained by me, and will hopefully see a new release soon. I also built a fun Chrome extension [4] that integrates common friends and followers into Twitter profiles. The feature I would most like added to the API is a conversation method to get replies to a specific status. So. Who are you, what do you do, what have you built, and what feature do you most want to see added? @Abraham [1] http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c7cdaa0840f0de84/ [2] https://mail.google.com/mail/#inbox/12680cd0fa59011e [3] https://chrome.google.com/extensions/detail/npdjhmblakdjfnnajeomfbogokloiggg [4] http://code.google.com/p/twitter-api/issues/detail?id=142 -- Abraham Williams | Community Advocate | http://abrah.am Project | Out Loud | http://outloud.labs.poseurtech.com This email is: [ ] shareable [x] ask first [ ] private. Sent from Seattle, WA, United States
Re: [twitter-dev] Private account
Not to promote another service but Yammer is kind of designed for this setup. Yammer is a lot like Twitter in a lot of ways but built for business and all the timelines are only visible to other employees in the same company. Zac Bowling On Sat, Feb 13, 2010 at 10:07 PM, Raffi Krikorian ra...@twitter.com wrote: all the employees could just request to follow the boss, i suppose. On Sat, Feb 13, 2010 at 2:01 PM, niel nathaniel.thall...@gmail.comwrote: Hi, I have the following requirement. I set up a private twitter account for my boss. His tweets need to be visible to all the employees. So, the tweets must be displayed on the company's intranet so employees have a central place to read them. But the issue is that this is only possible with public accounts and not private accounts. Is there any way around this? Thanks. -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: Twitter status update through a Ajax Post
Looks like cross server Ajax to me. Can't do that because of the same origin design of Ajax. Not sure how it worked before (unless running locally.) Unless my tired eyes are lieing to me, you are not running this inside ASP (runat=server) so that JS is running in the browser. On Feb 12, 2010 9:07 PM, atomic mouse quickf...@gmail.com wrote: Thank you very much for your reply Raffi. is this hosted somewhere so we can hit it with a browser Yes certainly, it is on http://www.dinkumsite.com/twitter_feed.asp I have created a Twitter test account and inserted the correct username and password in the code. To discount the possibility that it might be some weird server setting, I have also published this test page to 2 seperate servers. I got the same error on both Regards;
Re: [twitter-dev] Re: How Does TwittPic Works ?
Yes, what magic is this? I'm confused. It takes username and password but then uses OAuth? I wonder if they are injecting the username/password into the OAuth form on the page. Twitter should really randomize that page or require captcha or something. Zac Bowling On Wed, Feb 3, 2010 at 11:43 AM, Dewald Pretorius dpr...@gmail.com wrote: Raffi, Have you tried it? There is no OAuth flow. I.e., the user types in his Twitter username and password. That's it. If it is indeed using OAuth, does that mean that the background requesting of tokens when you have the Twitter credentials is now available? Meaning, I can also now use it to convert all existing Twitter accounts to OAuth in one fell swoop? On Feb 3, 3:02 pm, Raffi Krikorian ra...@twitter.com wrote: seesmic look, i believe, is using oauth talking to api.twitter.com. On Tue, Feb 2, 2010 at 8:09 PM, Dewald Pretorius dpr...@gmail.com wrote: Raffi, What's going on here? Your credibility is at stake here. You've been telling us in many posts that new apps must use OAuth to get a source attribution, and only old grandfathered apps have source attribution with Basic Auth. On Feb 2, 11:18 pm, Dewald Pretorius dpr...@gmail.com wrote: At first I thought they must have changed the old Seesmic source to Seesmic Look. But no. Here's a recent tweet from Seesmic: http://twitter.com/CathyBrooks/status/8570217879 And here's a recent one from Seesmic Look: http://twitter.com/adamse/status/8565271563 Seesmic Look uses Basic Auth. Does anyone else spot Mt Everest on this level playing field of ours? On Feb 2, 10:41 pm, Pedro Junior v.ju.ni.o...@gmail.com wrote: *Seesmic Look is old? * - Pedro Junior 2010/2/2 Lukas Müller webmas...@muellerlukas.de Only old apps can do this. New apps cannot use it. -- Raffi Krikorian Twitter Platform Teamhttp://twitter.com/raffi
Re: [twitter-dev] Not able to read unicode from Twitter Response XML in C#.net
Entity codes. Just decode them... using System.Web; ... string decoded_stuff = HttpUtility.HtmlDecode(encoded_stuff); There is a way to do this with System.Xml but whatever. Zac Bowling On Wed, Jan 27, 2010 at 9:10 PM, Rejeev Thomas rejeevtho...@gmail.comwrote: Please help friends! Thanks Ryan! I am taking an XML response from * http://twitter.com/statuses/friends_timeline.xml* and it happens when I post a Tweet in my home language and trying to read it ,follwoing are some of the Text. *?xml version=1.0 encoding=UTF-8? statuses type=array status created_atWed Jan 27 04:19:36 + 2010/created_at id8265961626/id text#3335;#3368;#3405;#3364;#3405;#3375;#3349;#3405;#3349;#3390;#3376;#3393;#3359;#3398; #3334;#3382;#3353;#3405;#3349; #3370;#3376;#3391;#3351;#3363;#3391;#3349;#3405;#3349;#3363;#3374;#3398;#3368;#3405;#3368;#3405; #3347;#3384;#3392;#3384;#3405; #3372;#3391;#3383;#3370;#3405;#3370;#3405;: #3374;#3398;#3378;#3405;#8205;#3372;#3363;#3405;#8205;: #3347;#3384;#3405;#8204;#3359;#3405;#3376;#3399;#3378;#3391;#3375;#3375;#3391;#3378;#3405;#8205; #3335;#3368;#3405;#3364;#3405;#3375;#3349;#3405;#3349;#3390;#3376;#3405;#8205;#3349;#3405;#3349;#3398;#3364;#3391;#3376;#3398; #3368;#3359;#3349;#3405;#3349;#3393;#3368;#3405;#3368; #3334;.../text* The above are the junk characters responded , also made convert to UTF8 but its not converting. please help. Thanks, Rejeev. On Mon, Jan 25, 2010 at 9:14 PM, ryan alford ryanalford...@gmail.comwrote: Can you paste an example of the bad characters as .Net shows them, and what they should really be? Ryan On Mon, Jan 25, 2010 at 5:36 AM, Rejeev rejeevtho...@gmail.com wrote: Hi all, My Twitter response XML contains some unicode characters , I am not able to read that in C#.net. Its showing junk characters. Please help me to read that in proper text. Thanks, Rejeev
Re: [twitter-dev] Not able to read unicode from Twitter Response XML in C#.net
Also: http://weblogs.sqlteam.com/mladenp/archive/2008/10/21/Different-ways-how-to-escape-an-XML-string-in-C.aspx Zac Bowling On Wed, Jan 27, 2010 at 9:28 PM, Zac Bowling zbowl...@gmail.com wrote: Entity codes. Just decode them... using System.Web; ... string decoded_stuff = HttpUtility.HtmlDecode(encoded_stuff); There is a way to do this with System.Xml but whatever. Zac Bowling On Wed, Jan 27, 2010 at 9:10 PM, Rejeev Thomas rejeevtho...@gmail.comwrote: Please help friends! Thanks Ryan! I am taking an XML response from * http://twitter.com/statuses/friends_timeline.xml* and it happens when I post a Tweet in my home language and trying to read it ,follwoing are some of the Text. *?xml version=1.0 encoding=UTF-8? statuses type=array status created_atWed Jan 27 04:19:36 + 2010/created_at id8265961626/id text#3335;#3368;#3405;#3364;#3405;#3375;#3349;#3405;#3349;#3390;#3376;#3393;#3359;#3398; #3334;#3382;#3353;#3405;#3349; #3370;#3376;#3391;#3351;#3363;#3391;#3349;#3405;#3349;#3363;#3374;#3398;#3368;#3405;#3368;#3405; #3347;#3384;#3392;#3384;#3405; #3372;#3391;#3383;#3370;#3405;#3370;#3405;: #3374;#3398;#3378;#3405;#8205;#3372;#3363;#3405;#8205;: #3347;#3384;#3405;#8204;#3359;#3405;#3376;#3399;#3378;#3391;#3375;#3375;#3391;#3378;#3405;#8205; #3335;#3368;#3405;#3364;#3405;#3375;#3349;#3405;#3349;#3390;#3376;#3405;#8205;#3349;#3405;#3349;#3398;#3364;#3391;#3376;#3398; #3368;#3359;#3349;#3405;#3349;#3393;#3368;#3405;#3368; #3334;.../text* The above are the junk characters responded , also made convert to UTF8 but its not converting. please help. Thanks, Rejeev. On Mon, Jan 25, 2010 at 9:14 PM, ryan alford ryanalford...@gmail.comwrote: Can you paste an example of the bad characters as .Net shows them, and what they should really be? Ryan On Mon, Jan 25, 2010 at 5:36 AM, Rejeev rejeevtho...@gmail.com wrote: Hi all, My Twitter response XML contains some unicode characters , I am not able to read that in C#.net. Its showing junk characters. Please help me to read that in proper text. Thanks, Rejeev
Re: [twitter-dev] Re: Can new twitter account be created from API?
Strictly speaking, there is an API of sorts to create accounts, but limited to certain partners. Citysearch is using it IIRC. Although it would be great for mobile clients because there isn't a nice mobile web page to create an account so it takes a PC to get started for new users. Seen a note on it on those leaked twitter docs on techcrunch a while back, so the twitter guys have been thinking about it. On Jan 26, 2010 5:01 AM, John Meyer john.l.me...@gmail.com wrote: On 1/25/2010 8:55 PM, Johnny Honestly wrote: Twitter is a messenger system. They want people to ... I'm not talking about an API registration, what I'm talking about is either a new URL or a modification of the current URL that allows the user to allow an app where if the person isn't a twitter user it will let them become one, then go back, register the app, and return.
Re: [twitter-dev] Twitter Preproduction Server?
No test version of twitter. The best way is to create a test account and protect it's updates to keep it off search. Request account/ip white-listing where necessary. You may get rate limited but it's good to understand your limits you can work inside during testing (rate limits reset every hour). It's unlikely to get blacklisted as long as your not DOSing twitter or spamming people. Zac Bowling On Fri, Jan 1, 2010 at 5:51 AM, evolutional evolutio...@gmail.com wrote: I'm just starting out on writing a simple C++ library that integrates with the Twitter API. As this is in the early stages I don't really want to be integrating with the live twitter environment - 1) I may be sending over a load of broken requests while I work out that I'm doing 2) The status updates / etc will just be for testing and I don't really want them through on my live account 3) I don't want to get blacklisted or keep hitting rate limits Is there a preproduction / dev version of the twitter api that's just for developers to integrate with? I couldn't find anything in the FAQ, it seems very much like it's live or nothing. Cheers, Oli
Re: [twitter-dev] What You Put In Not The Same As What You Get Back Out
Twitter has to host those files. Pure guess here but like thunbnails, it's not completely unresonable that they maybe want to optimize them for size to save a few dollars on the hosting bills. Why does it mater? Zac Bowling On Wed, Dec 30, 2009 at 1:27 PM, Kyle Mulka repalvigla...@yahoo.com wrote: When uploading a background image, the image contents seems to get modified. Seems like I should be able to do an MD5 sum on the file before it is uploaded, upload the image to Twitter, and when I download the image do another MD5 sum and the two should be the same. But they aren't. Why? -- Kyle Mulka Founder, Congo Labs http://twilk.com
Re: [twitter-dev] Twitter Developer QA on Stack Overflow
Basic questions get answered usually here just as long as they are not obvious questions on the Wiki. :-) Stack Overflow has a lot of overflow (no pun) with other development communities. You see a lot of questions around how to use the twitter API with specific languages or frameworks on Stack Overflow rather then the twitter API specifically itself. More often then not, this list is usually filled with people that understand their platform well enough and past the basics of the API and are trying to maintain or develop larger twitter related projects these days. The questions that come up are usually around the lesser accessed/less trivial APIs (streaming, social graph, and oauth to some extent) or by people that need understanding on rate limiting or white-listing with the API that only the twitter devs maybe able to help with, or sometimes just to discuss changes in the API or bugs that popup as things happen. Stack Overflow is awesome but it's not a good platform for what goes on here. Zac Bowling On Tue, Dec 29, 2009 at 4:13 AM, Jonathan Markwell j.l.markw...@inuda.comwrote: Hi Ken, Andrew, Thank you for your thoughts! I had considered a Stack Exchange and have set up a couple of experimental QA communities using it. After the seeing what the Android and Adbobe teams are doing I think it makes much more sense to keep the programming discussion in one place on and avoid splitting the community. I've not experienced the problems new developers may have with getting started with Stack Overflow. While I'd like to think of the Twitter Platform as being a perfect starting point for new developers trying there hand at using web APIs, I think a key skill all programmers need to learn first is how to find existing solutions to problems. If a new developer finds it difficult participating in Stack Overflow vs. posting to a mailing list, they are likely to become a very high maintenance member of the community. Unfortunately looking back at the archives of this group it looks like many newbie questions go unanswered. That is far less likely to happen on Stack Overflow as there are incentives for people of all levels of expertise to help each other. Stack Overflow looks like a great opportunity to bring developer communities together which will ultimately be better for all of us. We've seen a number of language specific questions pop up here that the wider Stack Overflow community would probably do a much better job of answering. In addition, comparing discussions around different platforms side by side in Stack Overflow may increasingly influence developers trying to decide which platform (Twitter/Facebook/LinkedIn) to integrate with first. I think we'd fair very well here and the more open competition between the communities will help highlight areas which should be prioritised for improvement. Jon. On Tue, Dec 29, 2009 at 6:30 AM, Ken Dobruskin k...@cimas.ch wrote: It seems like creating a stackexchange would just split the support power. +1, totally. One issue I've noticed with Stackoverflow is it is harder for new developers to participate where as the barrier for entry on Google Groups is just having an email address. Some email groups can be very tough on newbies and this can change (ie, get worse) over time as there are no posted rules/policy. In my view, stack exchange is well conceived to avoid the trap of a harsh expert user playing the troll and shutting out new users. There is also a place for rules, and if desired a meta-QA for discussion of the discussion. I agree though that it should be up to Twitter to provide this environment. Ken Abraham On Mon, Dec 28, 2009 at 21:40, Ken Dobruskin k...@cimas.ch wrote: Jonathan, Good points and initiative. I do not believe Twitter have the resources to recreate the success of Stack Overflow for QA purposes. Have you considered setting up a Twitter Dev QA beta site on stackexchange.com? I have, and someone probably could, but I thought I'd wait and see what the official Twitter development platform had to offer before doing that! Ken Windows Live: Keep your friends up to date with what you do online. -- Abraham Williams | Awesome Lists | http://awesomeli.st Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Madison, WI, United States Windows Live: Make it easier for your friends to see what you’re up to on Facebook. -- Jonathan Markwell Engineer | Founder | Connector Inuda Innovations Ltd, Brighton, UK Web application development support Twitter Facebook integration specialists http://inuda.com Organising the world's first events for the Twitter developer Community http://TwitterDeveloperNest.com Providing
Re: [twitter-dev] Re: Social Graph API: Legacy data format will be eliminated 1/11/2010
I agree with the others to some extent. Although its a good signal to stop
using something ASAP when something is depreciated, saying depreciated and
not giving definite time-line on it's removal isn't good either. (Source
params are deprecated but still work and don't have solid deprecation date,
and I'm still going on using them because OAuth sucks for desktop/mobile
situations still and would die with a 15 day heads up on removal).
Also iPhone app devs using this API will would probably have a hard time
squeezing a 15 day return on Apple right now.
Zac Bowling
On Sun, Dec 27, 2009 at 3:28 PM, Dewald Pretorius dpr...@gmail.com wrote:
I agree 100%.
Calls without the starting cursor of -1 must still return all
followers as is currently the case.
As a test I've set my system to use cursors on all calls. It inflates
the processing time so much that things become completely unworkable.
We can programmatically use cursors if showuser says that the person
has more than a certain number of friends/followers. That's what I'm
currently doing, and it works beautifully. So, please do not force us
to use cursors on all calls.
On Dec 24, 7:20 am, Aki yoru.fuku...@gmail.com wrote:
I agree with PJB. The previous announcements only said that the
pagination will be deprecated.
1.http://groups.google.com/group/twitter-api-announce/browse_thread/thr.
..
2.http://groups.google.com/group/twitter-api-announce/browse_thread/thr.
..
However, both of the announcements did not say that the API call
without page parameter to get
all IDs will be removed or replaced with cursor pagination.
The deprecation of this method is not being documented as PJB said.
On Dec 24, 5:00 pm, PJB pjbmancun...@gmail.com wrote:
Why hasn't this been announced before? Why does the API suggest
something totally different? At the very least, can you please hold
off on deprecation of this until 2/11/2010? This is a new API change.
On Dec 23, 7:45 pm, Raffi Krikorian ra...@twitter.com wrote:
yes - if you do not pass in cursors, then the API will behave as
though you
requested the first cursor.
Willhelm:
Your announcement is apparently expanding the changeover from page
to
cursor in new, unannounced ways??
The API documentation page says: If the cursor parameter is not
provided, all IDs are attempted to be returned, but large sets of
IDs
will likely fail with timeout errors.
Yesterday you wrote: Starting soon, if you fail to pass a cursor,
the
data returned will be that of the first cursor (-1) and the
next_cursor and previous_cursor elements will be included.
I can understand the need to swap from page to cursor, but was
pleased
that a single call was still available to return (or attempt to
return) all friend/follower ids. Now you are saying that, in
addition
to the changeover from page to cursor, you are also getting rid of
this?
Can you please confirm/deny?
On Dec 22, 4:13 pm, Wilhelm Bierbaum wilh...@twitter.com wrote:
We noticed that some clients are still calling social graph
methods
without cursor parameters. We wanted to take time to make sure
that
people were calling the updated methods which return data with
cursors
instead of the old formats that do not.
As previously announced in September (http://bit.ly/46x1iL) and
November (http://bit.ly/3UQ0LU), the legacy data formats
returned
as a result of calling social graph endpoints without a cursor
parameter are deprecated and will be removed.
These formats have been removed from the API wiki since
September.
You should always pass a cursor parameter. Starting soon, if you
fail
to pass a cursor, the data returned will be that of the first
cursor
(-1) and the next_cursor and previous_cursor elements will be
included.
If you aren't seeing next_cursor and previous_cursor in your
results,
you are getting data back in the old format. You will need to
adjust
your parser to handle the new format.
We're going to start assuming you want data in the new format
(users_list / users / user or id_list / ids / id) instead of the
old
format (users / user or ids / id) regardless of your passing a
cursor
parameter as of 1/11/2010.
* The old formats will no longer be returned after 1/11/2010.
* Start using the new formats now by passing the 'cursor'
parameter.
To recap, the old endpoints at
/statuses/friends.xml
/statuses/followers.xml
returned
users type=array
user
!-- ... omitted ... --
/user
/users
or JSON like [{/*user record*/ /*, .../]
whereas
/statuses/friends.xml?cursor=n
/statuses/followers.xml?cursor=n
return data that looks like
Re: [twitter-dev] Tweets with !, ', and other characters refused..
Make sure you are using UTF-8 and not a ISO-8859-x. Zac Bowling On Tue, Dec 22, 2009 at 9:49 PM, thetwitmaniac alon.a.ta...@gmail.comwrote: Hi, I'm building a desktop twitter client and for some reason whenever I try to post a tweet with an exclamation mark or apostrophe, the tweet is rejected and I am presented with a request to provide login credential for the Twitter API. Has anyone run into this issue or have any idea why this would occur? Thanks!
Re: [twitter-dev] Re: Developer Preview: Contributor API
I'm curious about rate limiting and what impact this has. Which account gets
rate limited basically.
Zac Bowling
On Mon, Dec 14, 2009 at 8:33 PM, Justyn justyn.how...@gmail.com wrote:
Hi Raffi,
Curious how the contributors will be associated? Will it essentially
be linking accounts? Presumably then the user would identify in an app
which account to post an update to based on those accounts they have
been associated as contributors to? So, a contribution would
originate from a separate Twitter account, let's say @Raffi and be
posted to @Twitter. The primary difference from what we're used to
with CoTweet for example, where you may have many authors with no
individual twitter accounts, this would all be based on having two or
more accounts (1 biz account linked to contributor accounts). Does
that make sense?
Justyn
On Dec 14, 6:07 pm, Raffi Krikorian ra...@twitter.com wrote:
As you may have seen on our
bloghttp://blog.twitter.com/2009/12/feature-test-with-businesses.html,
we're starting a very small test of a new feature that will allow a
Twitter
account to have multiple contributors. This is the first in a suite of
features that we'll be rolling out specifically targeted to the needs of
businesses, and this particular feature is going to allow a business to
invite employees and representatives to tweet, DM, follow users, etc., on
behalf of the account holder.
While this feature is not ready for prime-time, and while we're not yet
taking requests to be part of an early-access release while we work out
the
kinks, we're really committed to keeping our developers in the loop. I
want
to give you all a heads up on what is coming on the API side, and, for
this
particular feature, I wanted to give you all a look at what we're calling
the Contributor API. The reason I want to really highlight these
changes
is because we'll be making an addition to the status objects as this
rolls
out.
We'll be introducing a new parameter called contributingto to most API
endpoints -- this parameter must be set to the user ID of the user that
the
employee or representative wants to take the action on behalf of. If
using
contributingto, then the caller must authenticate when calling and must
use
OAuth. For example, if I, @raffi, wanted to tweet on behalf of @twitter
(ID
783214), I would call /status/update.xml, I would attach a parameter of
contributingto=783214, and I would authenticate to that endpoint as
myself
using OAuth. The API will confirm that @raffi has permission to
contribute
to the @twitter account, and will error with a 403 if that account does
not.
You can expect to see contributingto show up as an optional parameter to
the
following endpoints (and presumably some more) when calling onhttp://
api.twitter.com/1:
/account/rate_limit_status
/account/update_profile
/account/update_profile_background_image
/account/update_profile_colors
/account/update_profile_image
/account/verify_credentials
/blocks/blocking
/blocks/blocking/ids
/blocks/create
/blocks/destroy
/blocks/exists
/direct_messages
/direct_messages/destroy
/direct_messages/new
/direct_messages/sent
/favorites
/favorites/create
/favorites/destroy
/followers/ids
/friends/ids
/friendships/create
/friendships/destroy
/friendships/exists
/report_spam
/saved_searches
/saved_searches/create
/saved_searches/destroy
/saved_searches/show
/statuses/destroy
/statuses/followers
/statuses/friends
/statuses/friends_timeline
/statuses/home_timeline
/statuses/mentions
/statuses/public_timeline
/statuses/retweet
/statuses/retweeted_by_me
/statuses/retweeted_to_me
/statuses/retweets
/statuses/retweets_of_me
/statuses/show
/statuses/update
/statuses/user_timeline
/users/show
Lastly, the status objects will include an additional parameter named
contributors that will have an user_id with the ID of the user who
actually
created this status object. An example XML status would have
status
...
contributors
user_idID of the contributor/user_id
/contributors
...
/status
and in JSON
{
...
contributors : [ID of the contributor],
...
}
Due to caching, historical status objects may or may not contain the
contributors, but all status created after launch will.
Like I said, more details to come!
--
Raffi Krikorian
Twitter Platform Teamhttp://twitter.com/raffi
Re: [twitter-dev] What exactly does the follow parameter to friendships/create do?
This question gets asked every few weeks. Probably need to update the documentation. Right now it means subscribe with SMS to their updates. (In the twitter from a long long time ago, I believe this also controlled getting IM notifications). Zac Bowling
Re: [twitter-dev] search.twitter.com no longer showing deleted tweets
Little late to the party :-) http://www.techcrunch.com/2009/10/24/twitter-finally-removing-deleted-tweets-from-search-results/ Zac Bowling On Mon, Dec 7, 2009 at 5:57 PM, TJ Luoma luo...@luomat.net wrote: Good news/bad news. Not sure when this started, but search.twitter.com is no longer showing deleted tweets.
[twitter-dev] URL detection on Twitter.com no longer picking up querystring
Howdy, The URL detection on twitter.com changed. Querystring matching is broken in our case. For example this used to work last week: http://twist.to/?a=B001L0TLEY However now only the http://twist.to; is being detected as link. I did some testing and I believe it happens if you have question mark after the first slash in the url, it doesn't pick up the querystring after that. For example: http://google.com/?test=1 - Fails with http://google.com; http://google.com/search?q=zbowling - Passes We are changing our scheme over to avoid the querystring but it doesn't fix the existing software that already shipped that the users will start using very soon. Any ideas? Zac Bowling Senior Software Engineer - doubleTwist z...@doubletwist.com
Re: [twitter-dev] Re: Retweet streams have been frozen for 2 weeks
The link to http://help.twitter.com/requests/new on the help twitter site VERY hard to find. It took me a long long time and getting lucky to stumble on it. The move to zendesk should make it easy to enter tickets :-P Zac Bowling
[twitter-dev] Retweet streams have been frozen for 2 weeks
The retweet streams have been frozen for 2 weeks. See here: http://twitpic.com/rfcjv I thought it was just me, but a coworker is seeing this as well. Don't need this for dev but it would be nice to know what is going on. The pages take a long time to load and then show that above. I wonder if something is failing and just returning some kind of cache maybe? Don't know. A quick search on twitter shows I'm not alone: http://twitter.com/#search?q=retweets%20by%20others Zac Bowling
Re: [twitter-dev] Re: Twitter app marked inactive?
I hope OAuth suspensions are rare in general. It could drive a few devs back to Basic Auth if they fear disconnection. :-) Zac Bowling On Tue, Nov 24, 2009 at 6:46 PM, Andrew Badera and...@badera.us wrote: Gotcha, thanks for the info Brian. ∞ Andy Badera On Tue, Nov 24, 2009 at 7:48 PM, Brian Sutorius bsutor...@twitter.com wrote: Listerine was temporarily suspended pending a conversation between the developer and the owners of the registered mark Listerine. This was a rare case, so if you do have any specific questions about objectionable application behavior as outlined in our policies, don't hesitate to email us at a...@twitter.com :) Brian On Nov 24, 10:24 am, Michael Steuer mste...@gmail.com wrote: Thanks for providing all 4 links Brian... So why was Listerine blocked? I tried out the app once and didn't necessarily see any behavior that was objectionable based on the link you sent? On 11/24/09 10:11 AM, Brian Sutorius bsutor...@twitter.com wrote: OAuth tokens are suspended when the applications break our API Rules, API Terms of Service, Twitter Rules, or Twitter Terms of Service. I understand that four separate documents can be a lot to keep up with, but I've put them at the bottom of this post for your convenience. To ask any questions about these rules as they apply to application behavior, simply email a...@twitter.com . Thanks! Brian http://twitter.com/apirules http://apiwiki.twitter.com/Terms-of-Service http://help.twitter.com/forums/26257/entries/18311 http://twitter.com/terms On Nov 23, 5:34 pm, Andrew Badera and...@badera.us wrote: Could you help educate the rest of the community as to what might cause that to happen, so we can avoid it? Thanks- ƒ Andy Badera ƒ +1 518-641-1280 Google Voice ƒ This email is: [ ] bloggable [x] ask first [ ] private ƒ Google me:http://www.google.com/search?q=andrew%20badera On Mon, Nov 23, 2009 at 12:46 PM, Brian Sutorius bsutor...@twitter.com wrote: Hey Luis, Your OAuth token has been suspended. For more information about this, please write to a...@twitter.com and I'll be happy to talk with you. Brian On Nov 21, 6:28 pm, luis, syndeomedia l...@syndeomedia.com wrote: Hey all, My Twitter app Listerine has been marked inactive in my oauth_clients page and I don't know why. (http://twitter.com/ oauth_clients/details/45072) Could someone shed some light on this please? :luis
Re: [twitter-dev] Re: Twitter app marked inactive?
I hope OAuth suspensions are rare in general. Wouldn't want to drive any devs back to Basic Auth if they fear disconnection. :-) Zac Bowling On Tue, Nov 24, 2009 at 6:46 PM, Andrew Badera and...@badera.us wrote: Gotcha, thanks for the info Brian. ∞ Andy Badera On Tue, Nov 24, 2009 at 7:48 PM, Brian Sutorius bsutor...@twitter.com wrote: Listerine was temporarily suspended pending a conversation between the developer and the owners of the registered mark Listerine. This was a rare case, so if you do have any specific questions about objectionable application behavior as outlined in our policies, don't hesitate to email us at a...@twitter.com :) Brian On Nov 24, 10:24 am, Michael Steuer mste...@gmail.com wrote: Thanks for providing all 4 links Brian... So why was Listerine blocked? I tried out the app once and didn't necessarily see any behavior that was objectionable based on the link you sent? On 11/24/09 10:11 AM, Brian Sutorius bsutor...@twitter.com wrote: OAuth tokens are suspended when the applications break our API Rules, API Terms of Service, Twitter Rules, or Twitter Terms of Service. I understand that four separate documents can be a lot to keep up with, but I've put them at the bottom of this post for your convenience. To ask any questions about these rules as they apply to application behavior, simply email a...@twitter.com . Thanks! Brian http://twitter.com/apirules http://apiwiki.twitter.com/Terms-of-Service http://help.twitter.com/forums/26257/entries/18311 http://twitter.com/terms On Nov 23, 5:34 pm, Andrew Badera and...@badera.us wrote: Could you help educate the rest of the community as to what might cause that to happen, so we can avoid it? Thanks- ƒ Andy Badera ƒ +1 518-641-1280 Google Voice ƒ This email is: [ ] bloggable [x] ask first [ ] private ƒ Google me:http://www.google.com/search?q=andrew%20badera On Mon, Nov 23, 2009 at 12:46 PM, Brian Sutorius bsutor...@twitter.com wrote: Hey Luis, Your OAuth token has been suspended. For more information about this, please write to a...@twitter.com and I'll be happy to talk with you. Brian On Nov 21, 6:28 pm, luis, syndeomedia l...@syndeomedia.com wrote: Hey all, My Twitter app Listerine has been marked inactive in my oauth_clients page and I don't know why. (http://twitter.com/ oauth_clients/details/45072) Could someone shed some light on this please? :luis
Re: [twitter-dev] Re: Please allow me to see people who RT me! !
This a twitter developers list. Try twitter on getsatisfaction,com or http://help.twitter.com to contact twitter support. We are the last group to want to hear you scream about how horrible twitter is, and how it's hurting your user experience as an end user trying to game twitter to build your personal brand. Also as third party engineers we are all probably the last to care to be preached at about twitter elitism. Zac Bowling @zbowling
Re: [twitter-dev] Re: retweets vs mentions
By definition, mentions would contain the retweets because retweets contain @username in them. Twitter changing the current mentions stream to explicitly remove retweets would break the current functionality not be backward compatibility. Maybe you could add a feature request for a second mentions stream that doesn't contain retweets maybe. It wouldn't fix retweets done manually though unless twitter adds tweet parsing magic. Zac Bowling On Wed, Nov 18, 2009 at 6:59 AM, twittme_mobi nlupa...@googlemail.com wrote: So basically statuses/retweet results are included in statuses/ mention ? On Nov 17, 4:21 pm, Josh Roesslein jroessl...@gmail.com wrote: Mentions are any tweets that contain @yourscreenname in the tweet. Retweets are tweets that repeat a previously posted tweet (kind of like email forwarding). On Tue, Nov 17, 2009 at 7:08 AM, Rich rhyl...@gmail.com wrote: Mentions are anyone who replies or mentions or retweets you, retweets are exactly that, just retweets? On Nov 17, 10:15 am, twittme_mobi nlupa...@googlemail.com wrote: Hi all, I wondered if we already could start using the retweet API methods - for example statuses/retweet. Currently statuses/mentions also returns retweets , so what is the difference between thos and how should they be organized in an application implementing this functionality/ Thanks.- Hide quoted text - - Show quoted text -
[twitter-dev] Re: Moderators, can you trim this address from list?
Yes I'm getting the same thing. Kind of annoying. Zac Bowling On Fri, Nov 13, 2009 at 9:29 AM, Cameron Kaiser spec...@floodgap.com wrote: I'm getting them too, and I haven't sent anything... I think they're going to everyone on the list Okay. I see only an rjmol...@gmail which is probably forwarded. I set that account to No E-mail (Web Only) so messages won't get sent to it. Let me know if this doesn't fix the problem. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- We only pretend to have standards. -- Unknown producer, ABC-TV -
[twitter-dev] Re: Fully Featured PHP 5.3 Twitter Client
Still find PHP Namespaces weird. I wish one of the other proposals won out.
Zac Bowling
On Fri, Nov 13, 2009 at 10:19 AM, Jonathan Wage jonw...@gmail.com wrote:
Hi Everyone,
Just wanted to let the group know that I've written a OO interface to the
Twitter API for PHP 5.3
http://github.com/jwage/Twitter
The above link has a pretty descriptive README showing at the bottom, but
here are some quick examples to give you a taste!
$client = new \Twitter\Client\HTTP('username', 'password');
$statuses = new \Twitter\Api\Statuses($client);
$statuses-updateStatus('my new status');
$account = new \Twitter\Api\Account($client);
$account-updateProfileImage('/path/to/image.jpg');
Thanks, Jon
--
Jonathan H. Wage (+1 415 992 5468)
Open Source Software Developer Evangelist
sensiolabs.com | jwage.com | doctrine-project.org | symfony-project.org
You should follow me on Twitter: http://www.twitter.com/jwage
You can contact Jonathan about Doctrine, Symfony and Open-Source or for
training, consulting, application development, or business related questions
at jonathan.w...@sensio.com
[twitter-dev] Re: MGTwitterEngine - anyone added list support yet?
I give mgtwitterengine credit for being there (was there for me in a snap once) and being there first for cocoa devs to drop in, but there are some nasties to it. It's async callback/delegate pattern is odd (try supporting multiple accounts with it and you understand quickly that you don't where the data is coming from because there is no handle back to the account). Twitter's api isn't overly complicated so it's easy enough to roll your own API wrapper, which is what did in my own project. Zac Bowling @zbowling On Nov 10, 2009 3:01 PM, Tim Haines tmhai...@gmail.com wrote: Hey guys, Has anyone added list support to @mattgemmell's MGTwitterEngine yet? Cheers, Tim.
[twitter-dev] Re: MGTwitterEngine - anyone added list support yet?
My opinions are more from using an older version of it and things may have changed in the last few months. They never used to give a source (an object handle or ID or anything that could hold on too) that gave you and idea of the account the data was coming from to your callback delegate (made very difficult to support multiple accounts). I'm recalling this from memory, but there was also a dictionary at its core IIRC that was tracking things by string rather then just giving me an object pointer that I could hold on too that really bothered me. Too long ago and to many brain cells spent since then to remember exactly that issue. :-) It also was written before Objective-C 2.0 ;-) Zac Bowling @zbowling On Wed, Nov 11, 2009 at 1:35 PM, Tim Haines tmhai...@gmail.com wrote: Hey Zac, That's what I decided to do too. Interested in your point of concern given as an example though. MGTwitterEngine gives you a UUID for each request right? So you should be dropping those into an array for your tracking purposes so you know where they came from and what for (and which account), and then respond appropriately? One of the things I didn't like about it is that I couldn't find an easy way to gain access to the response body if an error occurs. I realized the subset of API calls I need is so small that I should just roll my own anyway though.. Tim. On Thu, Nov 12, 2009 at 10:26 AM, Zac Bowling zbowl...@gmail.com wrote: I give mgtwitterengine credit for being there (was there for me in a snap once) and being there first for cocoa devs to drop in, but there are some nasties to it. It's async callback/delegate pattern is odd (try supporting multiple accounts with it and you understand quickly that you don't where the data is coming from because there is no handle back to the account). Twitter's api isn't overly complicated so it's easy enough to roll your own API wrapper, which is what did in my own project. Zac Bowling @zbowling On Nov 10, 2009 3:01 PM, Tim Haines tmhai...@gmail.com wrote: Hey guys, Has anyone added list support to @mattgemmell's MGTwitterEngine yet? Cheers, Tim.
[twitter-dev] Re: Is image shrinking broken?
This happened a while back. Probably a regression. Their thumbnail servers are not working or something. Zac Bowling
[twitter-dev] Re: Suspended account?
Interesting. What is odd is all the lists he is on. So if we are following someone or have them on a list and they get suspended, will it redirect to the suspended account? Zac Bowling On Sat, Oct 31, 2009 at 7:19 PM, John Adams j...@twitter.com wrote: On Oct 31, 2009, at 7:04 PM, Zac Bowling wrote: http://twitter.com/suspended I'm seeing some profiles redirect to this. It looks like a user. Weird? It is a user, unfortunately. There was a small web server change in the way that suspended accounts are processed, and the normal suspended page will be shown again on Monday after we deploy some final changes to that system. -j
[twitter-dev] Re: Stepping down from API Support role
Sorry to see you go Chad. You helped me and the rest of the community out a ton in your time at Twitter. I owe you a beer sometime (maybe have a 3rd party twitter-dev meet up at 21st Amendment or something sometime if you are in SF?). Zac Bowling - @zbowling On Fri, Oct 30, 2009 at 4:00 PM, Chad Etzel c...@twitter.com wrote: Hi all, Today is the last day of my Twitter API Support contract. I will be stepping down from this role and return to full-time 3rd party Twitter app development. In other words, I will no longer be under Twitter's employ. This also means that I will no longer be responding to the dev-list in any sort of official capacity. I may still chime in occasionally with questions/comments as a voice from the community, but that will be as official as it gets. I have enjoyed the opportunity to help so many developers on (and especially off) the list to help further their apps. I leave the official dev-list communication in the very capable hands of the Twitter Platform Team. By the way, Twitter is still hiring! If you feel that this Support role is something that you would like, please apply! http://bit.ly/2VeK4g There are several other open positions as well: http://twitter.com/jobs Cheers! -Chad
[twitter-dev] Re: Check when a friendship was created
What you describe is a very spamy tactic people use to slowly grow their follower counts without having having dramatically higher following counts then follower counts. I HATE when people do that because I get follows (usually from marketing or social media experts pushing their personal brand and don't really care so much about what I have to say and are just shooting for quantity rather then quality). IIRC correctly, it could be against the TOS too. Zac Bowling On Sun, Oct 25, 2009 at 4:13 PM, TylerC tyle...@gmail.com wrote: I am seeking the need to know when a friendship or when I have followed a given user. Basically, I want to scan my account for people I have been following, enter a given number of days, and unfollow them if they have not followed me back in that timespan. I have it all worked out expect for checking when I followed a given person. Is there no way to do this via the API, from the looks of it I would have to do this artificially with a database or something right? Thanks!
[twitter-dev] Re: Twitpocalypse II Update - Scheduled for Tuesday 9/22 at 11:30am PST
All things being prefect, it would good if the development staffs of many companies were not out at TC140 when this happened. Zac Bowling On Mon, Sep 21, 2009 at 1:55 PM, JDG ghil...@gmail.com wrote: Agreed, but then they're probably aware of the situation and have made plans to mitigate if they're going to be attending TC140. On Mon, Sep 21, 2009 at 14:52, Caliban Darklock cdarkl...@gmail.com wrote: On Mon, Sep 21, 2009 at 1:42 PM, JDG ghil...@gmail.com wrote: Why wouldn't said developer partners have updated their code 2 weeks ago when this was announced? Three reasons. A. Irresponsibility. Paying no attention to anything, they have no clue this is happening and indeed will not even find out what's going on until after it happens. B. Laziness. Knowing it is easier to fix something that has broken than predict where something is going to break, they voluntarily decided to let their application break and fix it then. C. Discipline. Having already fixed everything they thought was going to break, they are standing by to make sure they didn't miss anything. Contrary to popular belief, option B is not necessarily bad. We'd all prefer option C, and option A is clearly the Wrong Thing, but option B is actually a smart response to some business conditions. -- Internets. Serious business.
[twitter-dev] Re: My Issue with the ReTweet API and my solutions
I see value in a retweet API. I disagree on your first point. Retweets have been around for some time and still happen quite a bit. No decrease in usage. (its even showing in sites like mashables retweet button and http://iphone.tomtom.com/ (look at the share button)). The only issue I see is that not everyone will flip over to the new system immediately so it will not be fully adopted into the system and inconsistent across clients for a while. Point 3, no one says that you have to add support for it. However unifying the retweet functionality drastically simplifies consumption of retweets and outweighs any slight input requirements and an API complexity required for it. Point 4, I think you missing the point of how it would work internally. As I understand it, the original 140 char message stays intact. Point 5, I'm confused with what point you are trying to get across. Zac Bowling On Sat, Aug 15, 2009 at 2:00 AM, Paul Kinlanpaul.kin...@gmail.com wrote: Hi Guys, When I saw the original message stating that the retweet API I was about to say straight away that I despise the idea, but I thought I would refrain - give it some thought. I still despise the idea and I have to make it known the reasons why I think it is a very very bad idea and in the long term will negatively affect Twitter as a communications platform for the future. You are embedding a user developed based meme into the Twitter infrastructure - the popularity of RT itself may wane after some point. Users are very fickle, they change their minds, take a stand and don't listen to them - you know your platform and I am pretty sure you know that this is a bit of a hack. Let users use they system how they want, they will evolve how they use it, constraints via an API Twitter already has the capability to do smarter things that completely negate the need for this API if they just change the current API a little Not every app will use RT API (especially legacy ones) and not every user will use it and as such Twitter and this list will get lots of questions why certain RT's are accessible by the retweet API. Again, RT's are a user concept, and is very easy for them not use. Whilst I use TweetDeck, I really dislike the amount of utility buttons it has and the amount of options it has - introducing another API for another function is tantamount to the same thing, you are asking us app developers to include more options in our apps. The great thing about a RT is that I just hit reply and type RT at the front. A big thing that people have requested is that quite often there is not any room in the very limited 140 characters to add comment to a retweet, this doesn't seem to solve that problem. Authority of a user based on a RT and credit to the originator is a misnomer, no one actually needs it, very very few people care about - and when they do care about not getting the credit for the original tweet you have to ask why do they care? and why should we care? again it is still very easy to bypass. If you have a problem with it, as per the Twitter TOS you are the copyright holder of your content. My honest vote is not to pollute the Twitter API with a special RT capability, rather: Enhance Favorites and the favorites API, allow me to get a list of everyone's favorites, allow me to see a list of people who favorited a tweet. If you look at the proposal for RT API it is doing something similar to this. The entire UX for Favorites makes a lot more sense than retweet - infact you can go as far as saying if you like something favorite (star) it, if you really like your favorite - Forward (RT). Allow me to get a list of a users favorites (similar to the Likes feed in FriendFeed) - this type of concept is so powerful, I can discover people who share very similar likes. I can also do Best of Day very easily Enhance in_reply_to, allow me to see all tweets that reply to this tweet in an object returned by the current api ( that is so I don't have to keep re-querying the search API), further more allow me to request N levels deep of replies to a given tweet (yes this is similar to threaded comments) So by enhancing Replies and favorites you can remove the need for special RT API because you can combine both parts of the API to get at the originator of a popular tweet, have notification and visual queues of popular tweets. thus keeping the twitter API simple. Paul - grumpy - Kinlan http://twitter.com/PaulKinlan
[twitter-dev] Re: Cease Desist from Twitter
Wow. Twitters legal team thinks twitter owns blue backgrounds. Hehe. Sent from my iPhone On Aug 13, 2009, at 3:32 PM, Twitlonger stu...@abovetheinternet.org wrote: I recently got a letter by email from a UK law firm representing Twitter claiming that my website www.twitlonger.com was infringing on their trade mark and was inherently likely to confuse users. The version of the website they were objecting to didn't have a similar font but did use the same birds as the old version of the site (fair enough to be asked to remove them). The timing coincided with a redesign of the site anyway which went live this week. I emailed them back pointing this out and then ended up on the phone with them with the claim being that the site as it stands now could still be seen as potentially confusing. I want to know how different they expect a site to be (especially when it doesn't even include the full word twitter in the name. Compare this to Twitpic, Twitvid etc who are using the same contraction AND the same typeface. This feels so much like a legal department doing stuff that is completely contrary to the Twitter team who have been so supportive of the third party community. Of course, all these applications have been granted access to be listed in the posted from field in the tweets, been granted special access to the API via whitelisting which requires the application to be named and described and, in many cases, been registered with OAuth, again requiring the name and description of the app. Has anyone else received similar letters where they have no problem with the service but can't seem to tell the difference between two sites if blue is present in each? :( Letter copied below. --- TWITTER - Trade Mark and Website Presentation Issues We act for Twitter, Inc. in relation to intellectual property issues in the UK. Twitter has asked us to contact you about your ww.twitlonger.comwebsite (the..Website..).Twitter has no objection to the service which you are offering on the Website. However, Twitter does need you to make certain changes to the Website. We have set out the reasons below. Your Website Twitter owns a number of registrations for its TWITTER trade mark, including Community trade mark registration number 6392997. Your use of a name for the Website which is based on the TWITTER trade mark is inherently likely to confuse users of the ww.twitter.com website into thinking that the Website is owned or operated by Twitter, when this is not the case. You are using a font on your Website which is very similar to that used by Twitter for its TWITTER logo. You have no doubt chosen to use this font for this very reason. You are also using a blue background and representations of blue birds. These blue birds are identical to those which Twitter has previously used on the www.twitter.com website. The combination of these factors and the name of your Website inevitably increase the likelihood of confusion. We therefore ask you to confirm that you will, within seven days of giving the confirmation: 1. incorporate a prominent non-affiliation disclaimer on all pages of the Website; 2. permanently stop any use on the Website of a font which is identical or similar to the font used by Twitter for its TWITTER logo; and 3. permanently stop any use on the Website of (i) representations of blue birds which are identical or similar to the blue bird design previously or currently used by Twitter on the www.twitter.com website; and (ii) a blue background.
[twitter-dev] Re: OAuth vs. Basic authentication strictly on iPhone
Pictures in email signatures is obnoxious and annoying. Zac Bowling On Tue, Aug 11, 2009 at 2:58 PM, Bradley S. O'Hearnebrad.ohea...@gmail.com wrote: Alex, Thank you for the information -- that does give me a much better idea of the helpful utility of OAuth within the Twitter ecosystem. Please understand, my point in raising these issues has never been to buck the system, but rather to prove out what the real security issues in play are, so as to address them as efficiently as possible. Stickiness is a major issue in mobile apps, and every hoop you put the user through increases the chances for a user to leave and / or delete your app. As for the iPhone-optimized version of the OAuth workflow -- I run a company specializing in iPhone development. If Twitter would be in need of our services to can OAuth into a distributable component / library or set of source code, somewhat in the vein of Facebook Connect, contact me offline. Regards, Brad Brad O'Hearne Owner / Developer Big Hill Software br...@bighillsoftware.com http://www.bighillsoftware.com On Aug 11, 2009, at 10:40 AM, Alex Payne wrote: For the case of a dedicated application on a rich mobile platform like iPhone, I agree that OAuth does not offer a particularly different user experience. It does, however, provide us at Twitter the information we need to provide detailed usage analytics back to developers, as well as the data we need to better understand our platform and help it grow. OAuth also provides a mechanism for users to revoke access to applications that aren't behaving as they expected; on the iPhone, removing a misbehaving application is as simple as deleting it, but for some non-technical users it may be helpful for them to visit their Twitter settings and see the list of applications they've authorized. We're working with our mobile team on improving the iPhone-optimized version of the OAuth workflow. It may not be an enormous improvement over password-based authentication, but once it's done, it certainly won't be a hinderance. Twitter is one of many companies moving to OAuth, and you can already find iPhone applications like TripIt that rely solely on OAuth for authentication. On Mon, Aug 10, 2009 at 14:16, Bradley S. O'Hearne brad.ohea...@gmail.com wrote: All, I don't want to kick this subject to death, as there was a lengthy thread on general OAuth vs. Basic auth -- I want to restrict this question strictly to the scope of iPhone apps. Having pored over the OAuth vs. Basic authentication process, I have a question, given the following assumptions: - The iPhone app is communicating directly with Twitter, i.e. not through some third-party means. - The iPhone app requires authentication at the beginning of each application runtime (i.e. each time the app is run the user has to type in their password). - The password is cached only in memory, for the life of that specific runtime (i.e. when the user quits the app, the password is released). - The password is NEVER persisted anywhere, i.e. never stored to disk. - All network communication with Twitter takes place over HTTPS. If all of those things are true in an iPhone app, how is OAuth superior in any way to basic authentication from a security standpoint? Furthermore, given having to introduce a foreign UI element and extra authentication steps over the web, could OAuth even be considered inferior when evaluated as a whole as an authentication means for the iPhone, when app branding, integration, and ease of use are considered? Mind you, the purpose of this post is not in any way to incite a religious war or stir the pot, it is to definitively establish the true pros and cons of each authentication means within the specific use case of the iPhone only. Many of the other OAuth / Basic auth threads are somewhat overridden with personally charged statements that I'd rather ignore them. Anyway, your constructive views are most appreciated. Regards, Brad -- Alex Payne - Platform Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: FW: Twitter is Suing me!!!
Apparently you fail to recall the MikeRoweSoft.com case. The deal with MikeRoweSoft is a different issue then this one. Mike Rowe was perfectly fine in his use. However when Microsoft sent him a CD and said they would pay $ Zac Bowling
[twitter-dev] Re: FW: Twitter is Suing me!!!
Apparently you fail to recall the MikeRoweSoft.com case. The deal with MikeRoweSoft is a different issue then this one. Mike Rowe was perfectly fine in his use. However when Microsoft sent him a CD and said they would pay $100 (IIRC) for his domain. His mistake was saying yah, maybe for a $1,000,000.00 in jest. Doing so was enough to claim that his intent wasn't for his own his own fair use but to hold Microsoft to pay for it. Microsoft tried to force it to domain arbitration when it turned into a PR issue for Microsoft being seen as the big bad bully for taking down a 16 year old kids personal page, so they backed down and gave him a bunch of free stuff. Using Twitter in a domain name directly related to a service that involves Twitter is a whole other issue that pretty much can get you in a lot of trouble. Zac Bowling
[twitter-dev] Re: Twitpocalypse: The Second Coming is on the horizon
Just store everything in strings and give up :-) Zac Bowling On Fri, Jul 31, 2009 at 3:37 PM, Josh Roessleinjroessl...@gmail.com wrote: Well 64 bit should last for a while. Curious how long it will be until 128 bit will be required.
[twitter-dev] Re: Spamming via addition of trending words to tweets
Is the @spam account monitored by a bot or a human? Zac Bowling On Tue, Jul 7, 2009 at 5:34 PM, Jeffrey Greenbergjeffreygreenb...@gmail.com wrote: Alex, so you're saying that we ought to auto-report spamming that we detect. And I guess we have to formulate some spam detection strategies of our own... And obviously you're dealing with spam of different kinds already: @spamming, follower spamming to name two of em... but can you speak to this particular one which screws up search results? Does Twitter do spam detection on tweets? I guess you should be somewhat secretive on the approach so that spammers cannot workaround it easily, but can we expect more aggressive filtering from Twitter itself or is this really a full-blown app responsibility? Thanks. jeffrey On Jul 7, 3:59 pm, Alex Payne a...@twitter.com wrote: Anyone can send a Direct Message to @spam with the username of a potential spammer. We factor those reports into our automated spam detection tools. We're well aware of the issue, and we appreciate the help. On Tue, Jul 7, 2009 at 15:41, Jeffrey Greenberg jeffreygreenb...@gmail.comwrote: So i'm seeing a ton of tweet spam that appends the trending topics to the tweet. For example, Hey here is myhttp://spam/1234Michael Jackson MJ iran They get picked up by searches ( for instance see the search stock market athttp://www.tweettronics.com ) What is Twitter doing or planning on doing to deal with this? It has been noted elsewhere that any tweet with 3 or more trending topics is likely to be spam... Will Twiitter institute an automated spam rejection through the API let alone through it's other interfaces? I suppose we've entered the era of dealing with Twitter spam with all our apps... ugh Please advise jeffrey greenberg http://www.jeffrey-greenberg.com http://www.tweettronics.com -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x
[twitter-dev] Re: Spamming via addition of trending words to tweets
Good to know before I started spamming @spam with my own log data. Zac Bowling http://twitter.com/zbowling On Tue, Jul 7, 2009 at 6:05 PM, Doug Williamsd...@twitter.com wrote: The replies and DMs sent to @spam are manually reviewed by our abuse support staff at the moment. Thanks, Doug On Tue, Jul 7, 2009 at 5:58 PM, Zac Bowling zbowl...@gmail.com wrote: Is the @spam account monitored by a bot or a human? Zac Bowling On Tue, Jul 7, 2009 at 5:34 PM, Jeffrey Greenbergjeffreygreenb...@gmail.com wrote: Alex, so you're saying that we ought to auto-report spamming that we detect. And I guess we have to formulate some spam detection strategies of our own... And obviously you're dealing with spam of different kinds already: @spamming, follower spamming to name two of em... but can you speak to this particular one which screws up search results? Does Twitter do spam detection on tweets? I guess you should be somewhat secretive on the approach so that spammers cannot workaround it easily, but can we expect more aggressive filtering from Twitter itself or is this really a full-blown app responsibility? Thanks. jeffrey On Jul 7, 3:59 pm, Alex Payne a...@twitter.com wrote: Anyone can send a Direct Message to @spam with the username of a potential spammer. We factor those reports into our automated spam detection tools. We're well aware of the issue, and we appreciate the help. On Tue, Jul 7, 2009 at 15:41, Jeffrey Greenberg jeffreygreenb...@gmail.comwrote: So i'm seeing a ton of tweet spam that appends the trending topics to the tweet. For example, Hey here is myhttp://spam/1234Michael Jackson MJ iran They get picked up by searches ( for instance see the search stock market athttp://www.tweettronics.com ) What is Twitter doing or planning on doing to deal with this? It has been noted elsewhere that any tweet with 3 or more trending topics is likely to be spam... Will Twiitter institute an automated spam rejection through the API let alone through it's other interfaces? I suppose we've entered the era of dealing with Twitter spam with all our apps... ugh Please advise jeffrey greenberg http://www.jeffrey-greenberg.com http://www.tweettronics.com -- Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x
[twitter-dev] Re: WWDC Twitter developer meetup at Twitter HQ: RSVP!
Count me in! Zac Bowling On Thu, May 21, 2009 at 2:18 PM, Alex Payne a...@twitter.com wrote: Hi all, There's great crossover between Twitter API developers and Mac/iPhone developers. Andrew Stone, developer of Twittelator Pro, suggested that we all get together during WWDC and coordinate around the Apple Push Notification Service and other issues of mutual interest. Twitter's offices are just a few blocks from Moscone, so it should be easy for any interested coders to make it over here. Please RSVP with a reply to this thread and let us know what dates and times work for you. Andrew was thinking early one morning, but not being much of a morning person, I'd prefer something later in the day. We'll let group consensus decide. Thanks, and hope to see you in early June. -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: replies blog post clarification...
Riddle me this, what happens in this scenario: I'm following user A and user B 1. User A sends an @reply to user B. 2. User B changes his name. 3. Tweet is going to user B's old name. Will I see the tweet? Zac Bowling On Wed, May 13, 2009 at 6:26 PM, Doug Williams d...@twitter.com wrote: Non-confirmed @replies will still be seen by all. Confirmed @replies, or those with in_reply_to_status_id set, will only be seen by mutual followers. Thanks, Doug -- Doug Williams Twitter Platform Support http://twitter.com/dougw On Wed, May 13, 2009 at 3:25 PM, Steve Brunton sbrun...@gmail.com wrote: from @biz and his post : First, we're making a change such that any updates beginning with @username (that are not explicitly created by clicking on the reply icon) will be seen by everyone following that account. for us folks that fiddle with the API. Can we read this as Tweets that start with @username, but don't have the in_reply_to_status_id parameter set? -steve
[twitter-dev] Re: How do I find all replies to a status?
Protected updates really complicate the API. I really wish that twitter could phase that feature out to make things easier all around, but I'm sure the privacy worry warts would have a hissy fit. Zac Bowling On Wed, Apr 22, 2009 at 11:03 PM, Doug Williams d...@twitter.com wrote: Jason, It is authenticated because the statuses/mentions timeline potentially includes protected updates. Making it unauthenticated is therefore not an option. Thanks, Doug Williams Twitter API Support http://twitter.com/dougw On Wed, Apr 22, 2009 at 1:02 PM, Doug Williams d...@twitter.com wrote: Jason, statuses/mentions would contain this data, and it is available via search. Let me bring this up with Alex, because you make a good point. Doug Williams Twitter API Support http://twitter.com/dougw On Wed, Apr 22, 2009 at 11:57 AM, Jason Wong ja...@kratedesign.com wrote: As I see it, replies also contain @screen_name in them. There's already an API structure to find these items, via statuses/mentions. Is there a reason why it's restricted to only the authenticating user and not open to access a screen_name / user_id parameter? I can easily implement this if I keep everyone's authentication tokens and doing statuses/mentions and checking the in_reply_to_status_id. But it's not efficient and will have way too many hits against the twitter server. What do you guys think? Jason. Doug Williams wrote: It requires a non trivial change to our architecture which means that until the product at large (twitter.com) adopts the idea of conversation threads, the API will be unable to offer this feature. Doug Williams Twitter API Support http://twitter.com/dougw On Wed, Apr 22, 2009 at 11:01 AM, Zac Bowling zbowl...@gmail.com wrote: I see the bug was closed as WONTFIX. Would it not be possible for search to get a param for in_reply_to_status_id? I'm not working on any twitter projects anymore but it could lead to some very interesting clients. Zac On Wed, Apr 22, 2009 at 10:11 AM, Doug Williams d...@twitter.com wrote: Please see http://code.google.com/p/twitter-api/issues/detail?id=142 Doug Williams Twitter API Support http://twitter.com/dougw On Wed, Apr 22, 2009 at 10:04 AM, Jason Wong ja...@kratedesign.com wrote: I'm trying to find a way to get all replies to a certain status. I was looking at the statuses/mentions function, but according to the documentation it only works with the authenticated user's screen_name. If I use statuses/user_timeline and get a status id that I know has replies, is there a way for me to get it without searching the public_timeline and checking the in_reply_to_status_id field for that status? It doesn't seem very efficient. Thanks, Jason.
[twitter-dev] Re: How do I find all replies to a status?
I see the bug was closed as WONTFIX. Would it not be possible for search to get a param for in_reply_to_status_id? I'm not working on any twitter projects anymore but it could lead to some very interesting clients. Zac On Wed, Apr 22, 2009 at 10:11 AM, Doug Williams d...@twitter.com wrote: Please see http://code.google.com/p/twitter-api/issues/detail?id=142 Doug Williams Twitter API Support http://twitter.com/dougw On Wed, Apr 22, 2009 at 10:04 AM, Jason Wong ja...@kratedesign.com wrote: I'm trying to find a way to get all replies to a certain status. I was looking at the statuses/mentions function, but according to the documentation it only works with the authenticated user's screen_name. If I use statuses/user_timeline and get a status id that I know has replies, is there a way for me to get it without searching the public_timeline and checking the in_reply_to_status_id field for that status? It doesn't seem very efficient. Thanks, Jason.
[twitter-dev] Re: Twitter's official comment on our disabling of OAuth
Everyone is using terms like mitigate rather then fix, which a clue there is probably a flaw in design that isn't accounting for the social engineering aspect. Maybe something that could confuse users to give their user credentials to a third party and not the real OAuth provider when they think they are authorizing the consuming app. The other idea is a possible man in the middle attack. I made a proof of concept for something like that but it was to many steps to setup to think anyone could ever deploy it. Interested to hear what it is. Zac Bowling http://twitter.com/zbowling On Wed, Apr 22, 2009 at 1:27 PM, Alex Payne a...@twitter.com wrote: http://blog.twitter.com/2009/04/whats-deal-with-oauth.html In short: there's a security issue with OAuth, and the major OAuth providers are working together to patch the vulnerability before information about the issue is publicly released. That information will be available at http://oauth.net/ at midnight, PST. In cooperation with this consortium of other OAuth providers (including Yahoo!, Google, Netflix, etc.), we agreed not to disclose the nature of the vulnerability, nor even that a vulnerability existed, until all members of the group agreed to do so. I apologize for what must have seemed unnecessarily tight-lipped communication around this issue, but please understand that we and the other companies involved are trying to mitigate the impact of this vulnerability as much as possible. Please also note that our OAuth support is in beta, albeit public beta. We have not suggested to developers that they rely solely on OAuth until our support of the standard leaves beta. I know that some companies practice a policy of perpetual beta, but at Twitter, we do not. For us, beta really means still in testing, not suitable for production use. Thanks for your patience and understanding. -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Sign in with Twitter
Sorry, a little confused by your email. :-) It's really not directly related to twitter sign-on directly but with OAuth authentication in general that doesn't force the user to authenticate each time. The problem is with all OAuth providers that shortcut the process of associating and granting user permissions by bypassing the login screen if they are already logged into that site (have a session cookie already or something). When our client or service handles multiple accounts the OAuth provider has for just a single user on our-side. What happens is that when a user on a service or client on our side wants to connect and authenticate with multiple accounts. For each link they create on their account on ourside, we will redirect them back to twitter or OAuth provider to grant us permissions. The problem is that they are automatically logged in using their session on that site, so the permissions they are granting us are for that same user that they probably already set up previously. Does that make sense? Zac Bowling On Thu, Apr 16, 2009 at 10:45 AM, Ivan Kirigin ivan.kiri...@gmail.com wrote: Zac, this can be solved just be properly modeling user accounts and twitter accounts. It should be one-to-many. Signing in with any of their twitter accounts can sign in that user. Let me know if that doesn't address your problem. Ivan http://tipjoy.com On Apr 16, 1:18 pm, Zac Bowling zbowl...@gmail.com wrote: Hi Doug, There is a use case that sort of sucks when you don't force the user to authenticate each time, and thats when a your application supports multiple twitter accounts. Its nice to shortcut authenticating because it removes a step for the end user, but it sucks when you are trying to associate with multiple accounts. It would be nice if we could pass a flag to force login to show, or pass in an expected username and if its not the same as what twitter has for their session cookie, it invalidates and forces a login or something. Not sure if something like this exists already or anyone has ran into this issue and figured out a work around. Zac Bowling On Thu, Apr 16, 2009 at 9:55 AM, Doug Williams d...@twitter.com wrote: Related: More OAuth documentation is to come throughout the day so some of the links will be broken. It's a glaring omission in the documentation. Let's use this thread to fill the holes people find while implementing Sign in with Twitter for the time being. Cheers, Doug Williams Twitter API Support http://twitter.com/dougw On Apr 16, 9:52 am, Doug Williams d...@twitter.com wrote: Matt has deployed our answer for one click login. It requires only a small change to the normal Twitter OAuth workflow and is documented here: http://apiwiki.twitter.com/Sign-in-with-Twitter This is the perfect tool for web applications wanting to offer users the ability to sign in with a Twitter account and a single mouse click. We want to see it in the wild so please let us know if you roll this out in your application. Thanks, Doug Williams Twitter API Supporthttp://twitter.com/dougw
[twitter-dev] Re: Determining Sex/Gender with the API?
Bought! :-) Now I just need to cast Time Magicus Level 20 to find the time to develop it. Zac Bowling On Thu, Apr 2, 2009 at 10:20 AM, Alex Payne a...@twitter.com wrote: http://www.beardorbra.com/ On Thu, Apr 2, 2009 at 10:18, Zac Bowling zbowl...@gmail.com wrote: That would be an interesting challenge. Now this would only work with active users and for English users but you could mine out probability index of gender using other data around the user. Basically you could search back on someone's tweets for keywords that allude you to gender. Like someone saying Us girls have it hard. you could assume a high chance of being female. You could also use the search api and look of people talking about the subject in the third person and you are likely to find the pronouns he or she. For example coming across a tweet like I love @zbowling. He is awesome.. Other ideas are looking for other gender specific words like my beard or my bra . Then you might have the privacy advocates (big brother conspiracy nuts) crying fowl though and gender bombing twitter if you release such a service. Zac Bowling http://twitter.com/zbowling On Thu, Apr 2, 2009 at 9:28 AM, kazvor...@gmail.com kazvor...@gmail.com wrote: As the subject line implies, I need to know how to programmatically determine the sex of a profile owner with the API. Is this supported, in any way at all? Not the sex of the person logged in as the app, but the owners of the profiles in a search, for example. -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: Twitter user picture sizes
Thanks Alex for making sure this gets taken care of. It's been driving me nuts here chasing ghosts why my IO appears to be blocked when its actually trying to just pull a massive image. Basically I'm having all the same issue other are having... My IO library doesn't make it easy to cancel a transfer that is partially complete for our client (doable but increases the complexity a lot), one big image can invalidate several older images in my cache engine because of memory constraints and I don't want to write resizing code before I put it in the cache, and it creates a bottleneck because our client runs where bandwidth is usually small quiet often, etc, etc. You know the deal :-) Zac Bowling On Mon, Mar 30, 2009 at 12:23 PM, Alex Payne a...@twitter.com wrote: It's one of our top issues right now. On Sun, Mar 29, 2009 at 23:05, Andrew Maizels andrew.maiz...@gmail.com wrote: We'd really like to see a fix for this too. Having a few hundred unexpectedly large images floating around is playing havoc with our memory usage. Regards, Andrew Maizels PeopleBrowsr On Mar 26, 2:53 pm, Jason Schroeder jasch...@gmail.com wrote: Here is a 480x480 _normal image:http://s3.amazonaws.com/twitter_production/profile_images/108666778/I... Any progress on working with the UX team to resize these? TwitterBerry is expecting a 48x48-pixel image. Cheers, Jason TwitterBerry On Mar 24, 7:49 am, Shannon Whitley shannon.whit...@gmail.com wrote: Don't forget the _mini. :) This is my list: (original) _mini _normal _bigger On Feb 25, 12:15 am, Dave Briccetti da...@davebsoft.com wrote: Hi. I’ve searched around for 1/2 hour or so, and haven’t found an authoritative explanation of the sizes of pictures, and how to retrieve them. It seems that profile_image_url leads to a tiny picture: http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM... But there is also a slighter bigger version: http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM... And then a proper full-sizeone: http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM... Am I correct in this? That the big version URL can be derived from that in profile_image_url by dropping the _normal from the name? Is this part of the API spec? Safe to use? Thanks. -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: API Changes for April 1, 2009
Fantastic news. Are the direct message's recipient and sender objects updated as well? Zac Bowling http://twitter.com/zbowling On Wed, Apr 1, 2009 at 5:34 PM, Alex Payne a...@twitter.com wrote: (Not an April Fool, we promise. We don't enjoy humor.) * Feature (REST API): We now return the same representation of User objects throughout the API. This representation contains all of the attributes we make available via the API. A bit more about this change: Previously, these full User objects were only available via the /users/show and /account/verify_credentials methods. If your application has been making requests to these methods just to get extra User attributes, you no longer need to do so. We've had many, many requests for these extra attributes to be available everywhere, so we hope to see you all making use of them! Please note that this new extended view of User objects may not appear for all users immediately. As cache expiry occurs for users in our system, the extra attributes will show up. Don't be surprised if this takes multiple days for inactive users. Please also note that if your application is operating in a highly bandwidth-constrained environment, you may want to proxy requests to strip out attributes that aren't relevant to your client. The additional bytes over the wire should not impact the vast majority of platforms, in our estimates. As always, you can keep up with these changes at http://bit.ly/api_changelog. -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
[twitter-dev] Re: twitter in iframes
Wow. That would be one evil clickjacking attack concept if it could work. Are pages on m.twitter.com protected from clickjacking as well? Zac Bowling On Mon, Mar 30, 2009 at 3:23 PM, Matt Sanford m...@twitter.com wrote: Actually, that 'follow' button it a great clickjacking target, unless you already follow @britneyspears … which is cool. I'm not here to judge. :) — Matt On Mar 30, 2009, at 02:52 PM, Ryan wrote: clickjacking does not really affect pages like http://twitter.com/britneyspears. whatever... I understand you got to protect yourself from misuse. On Mar 30, 5:38 pm, Alex Payne a...@twitter.com wrote: Not until the clickjacking problem is solved by the browser vendors. End of story. On Mon, Mar 30, 2009 at 14:31, Ryan ryan10...@gmail.com wrote: I can see that twitter recently has inserted a (graceful) iframe buster which clears out the html. Why is twitter in iframe such a bad thing when the content is public anyways - the rss feed of the content is available for consumption? I know about the clickjacking attack, but that unnecessarily penalizes the good applications. Any thoughts on allowing twitter pages in iframes through registered usage? -- Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x
[twitter-dev] Re: Image resizing failures is starting to get out of hand ... :-)
http://twitter.com/account/profile_image/hchua11 It's a cute dog. Kinda big though. Zac Bowling On Sat, Mar 28, 2009 at 2:23 PM, Dossy Shiobara do...@panoptic.com wrote: Check out @hchua11 - avatar image is 500k+ and so are the thumbnails. D'oh. Really sucks to watch a mobile app download those over GPRS or even EDGE. Yow. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
[twitter-dev] A Twitter Query Language (TQL) ?
I would love it if Twitter would develop an equivalent to Facebook's
FQL, Yahoo's YQL, Amazon's SimpleDB, or Google's GQL (used for app
engine data storage).
Basically an abstracted SQL-like query engine for doing queries and
getting back data the data you want using virtual tables of different
data twitter serves up.
You could do something basic like:
SELECT StatusID, UserID, Text FROM StatusUpdates as S
WHERE
S.UserID in (SELECT UserID FROM SocialGraph WHERE FollowerUseringID
= MYUSERID) and
S.StatusID LASTID
ORDER BY S.StatusID DESC
LIMIT 200
to get a basic user's following timeline or whatever. From there you
can build on from that and get a bit more complex.
It could even build on from just query syntax to modify and destructive calls.
Maybe something like:
DELETE FROM StatusUpdates WHERE StatusID = 200102;
or:
INSERT INTO StatusUpdates(text,replyToStatusID,replyToUserID) VALUES
('@johnsmith hello',123601020,235133);
or:
UPDATE StatusUpdates SET favorite = TRUE WHERE StatusID = 123601020;
You could do it where you do an HTTP get/post with a query like above
to twitter's rest api, and the results could come back as JSON or XML
or whatever.
Some concepts like this could be done in a local side wrapper (like
I've seen a SQL bridge for MSSQL for twitter on here a while back) but
it would be awesome if these were processed twitter server side. If
done right, it can save on overhead on both twitter and from the
client side.
Like in one case I have where I'm hitting the following timeline, I'm
missing something out of the user structure that you get back from
that, so I turn around and do another user call on user for each tweet
to get that data. Half the data I get back in both cases don't use on
both calls but it would be awesome to be able to get that data in one
call.
A lot to consider around optimization and limits and a bit of work to
build it but I think something like that would be really useful.
Zac
[twitter-dev] Re: A Twitter Query Language (TQL) ?
There was the one I mentioned in my first email that was a bridge with
MSSQL (Tweet-SQL) but that is nothing more then a bunch of managed
(written in c#) stored procedure calls for MSSQL 2005 which maybe what
you are thinking of. That's not really anything close to what I'm
looking for.
It doesn't even have to be SQL like but just a some kind of structured
query language for twitter. That would be awesome.
Zac Bowling
On Sun, Mar 22, 2009 at 4:49 PM, Abraham Williams 4bra...@gmail.com wrote:
I'm positive that a third party was providing a tql api for their database
of tweets and that it was announced on this list but now searching returns
nothing. Does anybody else remember this? Maybe it was a dream...
On Sun, Mar 22, 2009 at 15:28, Zac Bowling zbowl...@gmail.com wrote:
I would love it if Twitter would develop an equivalent to Facebook's
FQL, Yahoo's YQL, Amazon's SimpleDB, or Google's GQL (used for app
engine data storage).
Basically an abstracted SQL-like query engine for doing queries and
getting back data the data you want using virtual tables of different
data twitter serves up.
You could do something basic like:
SELECT StatusID, UserID, Text FROM StatusUpdates as S
WHERE
S.UserID in (SELECT UserID FROM SocialGraph WHERE FollowerUseringID
= MYUSERID) and
S.StatusID LASTID
ORDER BY S.StatusID DESC
LIMIT 200
to get a basic user's following timeline or whatever. From there you
can build on from that and get a bit more complex.
It could even build on from just query syntax to modify and destructive
calls.
Maybe something like:
DELETE FROM StatusUpdates WHERE StatusID = 200102;
or:
INSERT INTO StatusUpdates(text,replyToStatusID,replyToUserID) VALUES
('@johnsmith hello',123601020,235133);
or:
UPDATE StatusUpdates SET favorite = TRUE WHERE StatusID = 123601020;
You could do it where you do an HTTP get/post with a query like above
to twitter's rest api, and the results could come back as JSON or XML
or whatever.
Some concepts like this could be done in a local side wrapper (like
I've seen a SQL bridge for MSSQL for twitter on here a while back) but
it would be awesome if these were processed twitter server side. If
done right, it can save on overhead on both twitter and from the
client side.
Like in one case I have where I'm hitting the following timeline, I'm
missing something out of the user structure that you get back from
that, so I turn around and do another user call on user for each tweet
to get that data. Half the data I get back in both cases don't use on
both calls but it would be awesome to be able to get that data in one
call.
A lot to consider around optimization and limits and a bit of work to
build it but I think something like that would be really useful.
Zac
--
Abraham Williams | http://the.hackerconundrum.com
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from: Madison WI United States.
[twitter-dev] Re: A Twitter Query Language (TQL) ?
If it was built and twitter charged something similar to the rate that
Amazon's SimpleDB charges for processing power required to preform the
query, I would gladly pay.
Zac Bowling
On Sun, Mar 22, 2009 at 7:14 PM, Zac Bowling zbowl...@gmail.com wrote:
There was the one I mentioned in my first email that was a bridge with
MSSQL (Tweet-SQL) but that is nothing more then a bunch of managed
(written in c#) stored procedure calls for MSSQL 2005 which maybe what
you are thinking of. That's not really anything close to what I'm
looking for.
It doesn't even have to be SQL like but just a some kind of structured
query language for twitter. That would be awesome.
Zac Bowling
On Sun, Mar 22, 2009 at 4:49 PM, Abraham Williams 4bra...@gmail.com wrote:
I'm positive that a third party was providing a tql api for their database
of tweets and that it was announced on this list but now searching returns
nothing. Does anybody else remember this? Maybe it was a dream...
On Sun, Mar 22, 2009 at 15:28, Zac Bowling zbowl...@gmail.com wrote:
I would love it if Twitter would develop an equivalent to Facebook's
FQL, Yahoo's YQL, Amazon's SimpleDB, or Google's GQL (used for app
engine data storage).
Basically an abstracted SQL-like query engine for doing queries and
getting back data the data you want using virtual tables of different
data twitter serves up.
You could do something basic like:
SELECT StatusID, UserID, Text FROM StatusUpdates as S
WHERE
S.UserID in (SELECT UserID FROM SocialGraph WHERE FollowerUseringID
= MYUSERID) and
S.StatusID LASTID
ORDER BY S.StatusID DESC
LIMIT 200
to get a basic user's following timeline or whatever. From there you
can build on from that and get a bit more complex.
It could even build on from just query syntax to modify and destructive
calls.
Maybe something like:
DELETE FROM StatusUpdates WHERE StatusID = 200102;
or:
INSERT INTO StatusUpdates(text,replyToStatusID,replyToUserID) VALUES
('@johnsmith hello',123601020,235133);
or:
UPDATE StatusUpdates SET favorite = TRUE WHERE StatusID = 123601020;
You could do it where you do an HTTP get/post with a query like above
to twitter's rest api, and the results could come back as JSON or XML
or whatever.
Some concepts like this could be done in a local side wrapper (like
I've seen a SQL bridge for MSSQL for twitter on here a while back) but
it would be awesome if these were processed twitter server side. If
done right, it can save on overhead on both twitter and from the
client side.
Like in one case I have where I'm hitting the following timeline, I'm
missing something out of the user structure that you get back from
that, so I turn around and do another user call on user for each tweet
to get that data. Half the data I get back in both cases don't use on
both calls but it would be awesome to be able to get that data in one
call.
A lot to consider around optimization and limits and a bit of work to
build it but I think something like that would be really useful.
Zac
--
Abraham Williams | http://the.hackerconundrum.com
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from: Madison WI United States.
[twitter-dev] 24,386 unfollow calls
So I have kind of weird request. My boss, who is following 24,386 people (and has 22,752 followers) came to me and wanted me to hack something to wipe out all the people he follows so he can start clean again for various reasons. I'm curious if there is any tools internally at twitter that could help with this maybe because this seems to push the limits of what the API was intended for. (If so, you can contact me off list at z...@seesmic.com) If not, the code is fairly trivial to do (I already have something that does something similar in fact), but I don't want to set off any alarms if I make 24,385 unfollow requests and several requests to pull his social graph down as it runs. I can also throttle it as I was planning to do and do it across a few days. Thanks, Zac Bowling http://twitter.com/zbowling http://zbowling.com/
[twitter-dev] Re: 24,386 unfollow calls
Haha, being that you know who I work for and the we own Twhirl, I probably shouldn't comment about Tweetdeck. :-) Loic loves everyone, but he had an auto-follow bot that followed everyone that followed him. Got a little crazy. The biggest issue was Zac Bowling http://twitter.com/zbowling http://zbowling.com/ On Mon, Feb 23, 2009 at 10:50 AM, Terry Jones terry.jo...@gmail.com wrote: Hi Zac Zac == Zac Bowling zbowl...@gmail.com writes: My boss, who is following 24,386 people (and has 22,752 followers) came to me and wanted me to hack something to wipe out all the people he follows so he can start clean again for various reasons. ... you can contact me off list at z...@seesmic.com You have a Seesmic address, and your boss follows 24K people and wants to unfollow them all H. So, uh, why does Loic hate us? :-) Not so long ago we were all his friends! You might suggest he try Tweetdeck. That would let him nicely keep up to date with just the people and topics he really wants to read, without the mass unfollow. Of course you guys might have to buy Tweetdeck too before that could happen :-) Or if he really does want to start again, just delete the account and recreate it. That would have a certain appealing symmetry. Regards, Terry
[twitter-dev] Re: 24,386 unfollow calls
Script is running now. It has a 1.5 second delay between calls to be nice to twitter (hope that is enough). Already down about 2,000 people. using the twyt python library (with some modifications to support the new social graph api) and simplejson. --- from twyt.twitter import Twitter import simplejson import time t = Twitter() t.set_auth(loic,) b = simplejson.loads(t.user_friends_graph()) for i in range(len(b)): try: t.friendship_destroy(b[i]) print %s - unfriending %s % (i,b[i]) except Exception: #TODO: INSERT ASCII FAIL WHALE print insert ascii fail whale here! time.sleep(1.5) --- Thanks a ton! Zac Bowling http://twitter.com/zbowling http://zbowling.com/ On Mon, Feb 23, 2009 at 11:15 AM, Alex Payne a...@twitter.com wrote: That's not accurate, Nick. All accounts are expected to maintain a ratio of followers to following. As long as more people follow you than you follow in turn, you're good. On Mon, Feb 23, 2009 at 10:55, Nick Arnett nick.arn...@gmail.com wrote: On Mon, Feb 23, 2009 at 10:50 AM, Terry Jones terry.jo...@gmail.com wrote: Or if he really does want to start again, just delete the account and recreate it. That would have a certain appealing symmetry. Ah, but new accounts can only follow 2,000 people, so I'll bet he doesn't want that. Nick -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
