As a follow up:
1) I assumed that updates to status DO NOT count towards rate limit
tokens. I verified this assumption is correct. This provides weight to
presumption of internal update rate limiting.
2) When this limit is reached, calls to update status return the
user's last status. While I ca
On Sun, Jan 4, 2009 at 11:20 PM, Alex Payne wrote:
>
> Getting worked up into hysterics about boycotts is just, as security
> expert Bruce Schenier is fond of saying, "security theater". It's the
> equivalent of an apartment building's tenants telling their landlord
> they refuse to use keys beca
Twitblogs-
There is no reason why any Twitter user should simply trust an app because
*you* created it. Though I inherently trust you and there's no reason to
believe you would create a malicious app, no one can *verify* that. Trust
yet verify.
That's all we are asking for. Until there is a verif
Based on this comment...
http://mashable.com/2009/01/01/is-it-stupid-to-trust-twitter-apps-with-your-password/?cp=2#comment-11382659
...I wonder how much the documentation is to blame for application
developers thinking they need to have their users passwords to access
data.
-Stuart
--
http:/
When using the twitter section, append the URL after the user has
entered his/her status. This way you won't need "Edit your status but
please do not change the address in it ", and it will be more user-
friendly. Just append the URL via JS before submitting to Twitter and
add a little note: "The
Usually api are to complicated to programm without knowledge and although it
is said so in the documentation that you only need a account (not the users
account), this api is 'too easy' to attract people without much knowledge
and you see the result.
(The users of course are not any better).
It m
Cameron's comment shows why a system like Oauth is important:
Making it easy for third party developpers.
Making it easier for users to build trust.
Btw business idea, as it did work with summize:
Build an oauth service between third apps and twitter,
gain the trust from the users, "force" devs to
Definitely happy to make it more clear which methods require
authentication and which do not. However, to get the effect that's
most intuitive from calling the API methods, calling them as the user
whose data you're interested in is the most straightforward approach.
On Mon, Jan 5, 2009 at 09:47,
Alex Payne wrote:
> Getting worked up into hysterics about boycotts is just, as security
> expert Bruce Schenier is fond of saying, "security theater". It's the
> equivalent of an apartment building's tenants telling their landlord
> they refuse to use keys because someone's place got broken into.
Definitely happy to make it more clear which methods require
> authentication and which do not. However, to get the effect that's
> most intuitive from calling the API methods, calling them as the user
> whose data you're interested in is the most straightforward approach.
Which is what brought u
Is there any way to search for in_reply_to_status_id on
search.twitter.com? Alternatively, is it possible to get the
in_reply_to_status_id in the json output? There's a lot of emphasis on
threading recently, and adding these abilities if they don't exist
would certainly be useful.
How are others
It might also be useful to have a "Reverse Table of Contents" which
lists the bits of information you can get from the API, and then lists
below each item the actual API calls that provide such information
(and maybe a note about authentication after each). In my experience,
I am always searching
hmmm. it's in
profile_image_url
For example,
Web GirlyChicago, IL
whatcha wanna do save the image to the local filesystem?
On Jan 4, 2:43 pm, krumlr wrote:
> I am trying to get the user picture (profile_image_url) from a Twitter
> account using
> eitherhttp://twitter.com/users/show/usern
Just use fwrite($local, file_get_contents());
Also, use the JSON format and the json_decode, and it will make a nice
array for you. Then you can use a regex to get the src from the
profile_image_url.
If you wanted I could write some simple code up if you can't
understand what I mean?
As far as a
Tyes please show me what you mean. Even though I know what to look for and
where to get it and once I get it I can copy it to my database I can't get
PHP to download the XML file using http.
On Mon, Jan 5, 2009 at 10:45 AM, fastest963 wrote:
>
> Just use fwrite($local, file_get_contents());
> Al
I've just played around with the user timeline to show data when the
user is logged in (http://www.wait-till-i.com/2009/01/05/detecting-and-
displaying-the-information-of-a-logged-in-twitter-user/, specifically
http://icant.co.uk/sandbox/twitter-hi-demo.html).
This is pretty cool, and kudos to yo
Also I am not very familiar with JSON. Thanks
On Mon, Jan 5, 2009 at 11:05 AM, Pete Wingard wrote:
> Tyes please show me what you mean. Even though I know what to look for and
> where to get it and once I get it I can copy it to my database I can't get
> PHP to download the XML file using http.
On Sun, Jan 4, 2009 at 11:26 PM, peterhough wrote:
>
> How do they make requests while authenticated as their own account
> without supplying a password? Am I missing something here...
Yes. You only need 'a' username not their username.
It is not super obvious but you can ask for follower and
I wholeheartedly agree with Jesse. IF users spread misinformation
about 3rd party apps that request passwords ALL being evil then we are
all in the same sinking boat.
Oauth is one part of the solution enabling serivce authentication. It
made me wonder will twitter also add in support for openid
I have this cURL
function get_tweets(){
// create a new cURL resource
$ch = curl_init();
$user = "netlatch";
$pass = "";
// set URL and other appropriate options
// $user:$pass http://twitter.com/statuses/replies.json
curl_setopt($ch, CUR
When you hit the rate limit, you should get some sort of HTTP error,
and not a valid return (at least thats what I was lead to believe).
As far as a "tweet" limit, there isn't a limit, but your followers
might get angry and annoyed and unfollow you. I don't know what your
purpose is though.
If y
Yes, hitting API rate limits correctly returns 400 error codes as
documented. I am not speaking about the api rate limit. I am talking
about a limit to rate that status updates are allowed for a single
user. Sending status updates does not count toward a user's rate limit
(as verified by monitorin
We do cap the number of updates a user can make in a 24 hour period,
whether via the API or any other input method (web, mobile, etc.).
Right now, that number is 1000, but it's subject to change at any
time.
On Mon, Jan 5, 2009 at 10:59, dougw wrote:
>
> Yes, hitting API rate limits correctly re
Actually, I see this "functionality" as a potential security/privacy
hole. I can imagine at least a couple of nefarious things websites
can do by being able to detect the presence of a twitter user on their
site... I remember bringing up a very similar issue with Alex earlier
last year which was
We did an experiment with a partner of ours around this. It's not
currently an officially-supported API method, but check out
/sessions/present.json. It should support a callback and returns a
boolean.
On Mon, Jan 5, 2009 at 07:49, Chris Heilmann wrote:
>
> I've just played around with the user
Debugging 101...
2009/1/5 Pete Wingard :
> I have this cURL
>function get_tweets(){
>// create a new cURL resource
>$ch = curl_init();
> $user = "netlatch";
>$pass = "";
>// set URL and other appropriate options
>// $user:$pass http://tw
so I can detect if a user is logged into twitter through
/sessions/present.json ?
What would be the full URL for checking a username against it?
ex: http://twitter.com/al3x/sessions/present.json
On Mon, Jan 5, 2009 at 11:09 AM, Alex Payne wrote:
>
> We did an experiment with a partner of ours
You can't find out WHICH user is logged in, just that *a* user is
logged in. We feel that minimizes the privacy risks.
On Mon, Jan 5, 2009 at 11:16, Peter Denton wrote:
> so I can detect if a user is logged into twitter through
> /sessions/present.json ?
>
> What would be the full URL for checki
also, you could try with what you have currently, curl_setopt($ch,
CURLOPT_USERPWD, "$username:$password");
On Mon, Jan 5, 2009 at 10:53 AM, Pete Wingard wrote:
> I have this cURL
>function get_tweets(){
>// create a new cURL resource
>$ch = curl_init();
> $user = "netlat
So you guys do admit, then, that you actually want solutions to bad
PR? That this is your real problem?
You are participating in hysteria.
Sent from my drmPhone
On Jan 5, 2009, at 5:16 AM, Twitblogs wrote:
I wholeheartedly agree with Jesse. IF users spread misinformation
about 3rd part
On the contrary, you certainly *can* detect WHICH user is logged in.
See http://icant.co.uk/sandbox/twitter-hi-demo.html if you are logged
into the twitter website. Now imagine the site making another AJAX
call to store the user info into a database somewhere goodbye
anonymous surfing
-C
Hey,
I just completed my Twitter app ( http://www.acamin.com ) using the
Twitter API – a simple file sharing tool for Twitter users. I was not
sure if there was a centralized page where developers can list their
completed Twitter applications.
Really sorry if this is the wrong place for “feedback/
I've been at it for two days. I generally don't ask for much help but based
on your response I shouldn't ask for anymore. I suppose no one ever helped
you a time or two. Thanks for the bone.
On Mon, Jan 5, 2009 at 2:12 PM, Stuart wrote:
>
> Debugging 101...
>
> 2009/1/5 Pete Wingard :
> > I have
I meant via this particular mechanism.
On Mon, Jan 5, 2009 at 11:19, Chad Etzel wrote:
>
> On the contrary, you certainly *can* detect WHICH user is logged in.
> See http://icant.co.uk/sandbox/twitter-hi-demo.html if you are logged
> into the twitter website. Now imagine the site making another
Here is what I use. Can you juse use XML?
$username = 'yourusername';
$password = 'yourpassword';
$host = "http://twitter.com/users/show/$businessUser.xml";;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $host);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch,
This is exactly what I've been looking for. Thanks!
On Jan 5, 7:39 pm, "Alex Payne" wrote:
> I meant via this particular mechanism.
>
>
>
> On Mon, Jan 5, 2009 at 11:19, Chad Etzel wrote:
>
> > On the contrary, you certainly *can* detect WHICH user is logged in.
> > Seehttp://icant.co.uk/sandbo
On Mon, Jan 5, 2009 at 8:40 PM, Peter Denton
>
> $host = "http://twitter.com/users/show/$businessUser.xml";;
shouldt that be https for more secure transmission of the data`?
Nicole
--
http://twitter.com/NicoleSimon // http://mit140zeichen.de/
http://crueltobekind.org // http://beissholz.de
Pete Wingard wrote:
> I have this cURL
>
>function get_tweets(){
>// create a new cURL resource
>$ch = curl_init();
> $user = "netlatch";
>$pass = "";
>// set URL and other appropriate options
>// $user:$pass http://twitter.com/statuses
Well, yes, but then it is a trivial step to get which user.
My question, though, is whether or not this sort of behavior is
intentional, for 3rd party sites to be able to discover the identity
of twitter users on their sites? Personally, I find this to be more
worrisome than the current username
So I'll ensure my application "shapes" a user's tweets and internally
throttles posts to about 40 per hour or 1 every 1.5 mins to stay under
this limit.
Thanks Alex
Cheers.
On Jan 5, 2:04 pm, "Alex Payne" wrote:
> We do cap the number of updates a user can make in a 24 hour period,
> whether v
As of now I am using nothing. My existing API calls uses cURL and I have
tried to use a several ways to grab and save the image but to no avail. I
think it has to with the http: protocol. As a protection my server can't
acces another server via http:?
On Mon, Jan 5, 2009 at 5:43 AM, j03 wrote:
>
I couldn't get your code to work (simpleXML errors) but this does: Thanks
Peter. $username="netlatch";
$password="**";
$curl = curl_init();
curl_setopt ($curl, CURLOPT_URL, "
http://twitter.com/users/show/$username.json";);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_set
Woah woah... if no-body ever needed to ask for help, then mailing
lists such as these wouldn't exist at all... I hate to see somebody be
discouraged from strengthening their knowledge of programming, so
please ask away! At worst you'll be flamed, but at best you'll get an
answer that may help you
I am storing the picture URL (ex:
http://s3.amazonaws.com/twitter_production/profile_images/40587632/blob_bigger.png)
in a DB field on my site, then cycling through users occasionally and
updating profile content. You don't want to be hitting the api for
information like images every time a page lo
Hi,
Do we need to apply to participate in this closed beta?
Amir
> Do we need to apply to participate in this closed beta?
I imagine that will be announced when it becomes available.
--
personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- PRIVACY. IT'S
I'd like to add: What do the T&C state for this case for the dev. side?
For us to store the picture we would have to get usage rights
via twitter in order to display them.
--
Kontakt:
http://twitter.com/NicoleSimon // http://mit140zeichen.de/
http://crueltobekind.org // http://beissholz.de
skyp
On Mon, Jan 5, 2009 at 9:08 PM, Chad Etzel wrote:
> My question, though, is whether or not this sort of behavior is
> intentional, for 3rd party sites to be able to discover the identity
> of twitter users on their sites? Personally, I find this to be more
> worrisome than the current username/p
So, it looks like there's a hole in something. I just got this that
claims to be from BarackObama (which I follow) through Twitter.
"BarackObama: What is your opinion on Barack Obama? Take the survey
and possibly win ??500 in free gas. http://tinyurl.com/9evlne";
So someone is being naughty and
> So, it looks like there's a hole in something. I just got this that
> claims to be from BarackObama (which I follow) through Twitter.
> "BarackObama: What is your opinion on Barack Obama? Take the survey
> and possibly win ??500 in free gas. http://tinyurl.com/9evlne";
>
> So someone is being
We've identified the source of this issue and have taken steps to
ensure it doesn't happen again.
On Mon, Jan 5, 2009 at 10:45, B. Maryott wrote:
>
> So, it looks like there's a hole in something. I just got this that
> claims to be from BarackObama (which I follow) through Twitter.
> "BarackOb
Twitblogs wrote:
> I wholeheartedly agree with Jesse. IF users spread misinformation
> about 3rd party apps that request passwords ALL being evil then we are
> all in the same sinking boat.
You say this like it's a bad thing. If we want to see a solution from
Twitter, there has to be a real bus
Indeed.
On Mon, Jan 5, 2009 at 12:37, Cameron Kaiser wrote:
>
>> Do we need to apply to participate in this closed beta?
>
> I imagine that will be announced when it becomes available.
>
> --
> personal: http://www.cameronkaiser.com/
> --
> Cameron Kaiser *
Are you using Curl or Sockets?
On Jan 4, 10:43 pm, krumlr wrote:
> I am trying to get the user picture (profile_image_url) from a Twitter
> account using
> eitherhttp://twitter.com/users/show/username.xmlorhttp://twitter.com/users/show/username.json.
> My problem is that I am a
> PHP guy and i
Good points.
On Mon, Jan 5, 2009 at 3:31 PM, Nicole Simon wrote:
>
>
> I'd like to add: What do the T&C state for this case for the dev. side?
> For us to store the picture we would have to get usage rights
> via twitter in order to display them.
>
>
> --
> Kontakt:
> http://twitter.com/NicoleSi
yes. I want to save the image to my server so my app won't depend on Twitter
to provide the picture
On Sun, Jan 4, 2009 at 5:50 PM, Waitman Gobble wrote:
>
>
> hmmm. it's in
>
> profile_image_url
>
> For example,
>
> Web GirlyChicago, ILhttp://s3.amazonaws.com/twitter_production/profile_images/1
Does anyone have a recomendation about whether your app should save
the twitter users pictures on site or simply access the twitter
supplied URL for a user's picture inside the app? Does this URL ever
change or does Twitter ever block access?
2009/1/5 Pete Wingard :
> I've been at it for two days. I generally don't ask for much help but based
> on your response I shouldn't ask for anymore. I suppose no one ever helped
> you a time or two. Thanks for the bone.
I apologise if I got the tone of my email wrong, but your problem
indicates
On Mon, Jan 5, 2009 at 4:20 PM, Stuart wrote:
>
>
>
> In response to Chad's email I take the view that fishing is always a
> better option than going to a fish market where coding is concerned.
>
True, and I agree... but sometimes you must go to the fish market
first in order to learn that you s
Thanks for the response. Your point was well taken and I was being a
bit sensitive to the tone. Sorry bout that.
On Mon, Jan 5, 2009 at 4:28 PM, Chad Etzel wrote:
>
> On Mon, Jan 5, 2009 at 4:20 PM, Stuart wrote:
> >
> >
> >
> > In response to Chad's email I take the view that fishing is always
In light of the current Phishing scheme, for the sake of my app and others,
can Twitter include the source of the DM in the XML returned? At least this
way I could start sending my App source id in the feeds so users know which
apps DMs come from, and which ones are not identified. I recognize it
Our operations team has informed me that we'll soon be blacklisting
IPs originating at hosting provider The Planet
(http://www.theplanet.com/). We've attempted to resolve a number of
abuse complaints with them over a long period of time and have not
received an acceptable response. If your service
NOOO... :-)
My 3 servers are at The Planet. They are the worlds largest managed
hosting provider so its a significant chunk of the internet so I'm
sure there will be an outcry.
Can you whitelist my range?
70.86.83.50-70.86.83.63
Zac Bowling
http://zbowling.com/
On Jan 5, 4:05 pm, "Alex Payne
When twitter finally supports oauth what user autentication system
will they use? With our application we will remove the need for
username/password but that means users will need to still login to our
service for authentication.
Of course we could use Google Friend Connect or JanRain's RPXonline
Twitter already partnered with Google's FriendConnect ...
Thanks-
- Andy Badera
- and...@badera.us
- (518) 641-1280
- Google me: http://www.google.com/search?q=andrew+badera
On Mon, Jan 5, 2009 at 5:15 PM, Twitblogs wrote:
>
> When twitter finally supports oauth what user autentication system
Unfortunately, no, not until we hear back from The Planet.
On Mon, Jan 5, 2009 at 14:21, zbowling wrote:
>
> NOOO... :-)
>
> My 3 servers are at The Planet. They are the worlds largest managed
> hosting provider so its a significant chunk of the internet so I'm
> sure there will be an outcry.
>
Oh don't you just love corporate hostility. Bureaucracy at its best!
On Tue, Jan 6, 2009 at 1:17 PM, Alex Payne wrote:
>
> Unfortunately, no, not until we hear back from The Planet.
>
> On Mon, Jan 5, 2009 at 14:21, zbowling wrote:
>>
>> NOOO... :-)
>>
>> My 3 servers are at The Planet. They a
I find this to be particularly concerning from a privacy point of
view.
You can retrieve enough information about a user to even replicate
their home page. This could be particularly damaging from a phishing
point of view. Not only can I spoof the Twitter home page, I can now
spoof the home page
There is much rejoicing!
I don't think there's ever been ANYTHING that's 100% proof of
anything. But when something comes up, you guys at Twitter do awesome
work, for which I thank you.
On Mon, Jan 5, 2009 at 2:41 PM, Alex Payne wrote:
>
> We've identified the source of this issue and have tak
It's been said by others before, and I 100% agree.
I'm not a twitter "fanboy" (I use it, occasionally, find it pretty cool,
flattered by some of the people who follow me). It's the SUPPORT, the
transparency, the honest answers that haven't been sanitised by Marketing /
Management. It's fantastic.
The source parameter means nothing. I can change Mitter to identify
itself as Twiterrifc, for example. If they take a road like that, some
spammer can change the parameter to, say, YOUR application and your
users will flock to something else (but, most probably, spammers won't
use any source, mean
On Tue, Jan 6, 2009 at 3:47 AM, Aaron Brazell wrote:
> Twitblogs-
>
> There is no reason why any Twitter user should simply trust an app because
> *you* created it. Though I inherently trust you and there's no reason to
> believe you would create a malicious app, no one can *verify* that. Trust
>
I don't think this is really corporate hostility or bureaucracy on
twitter's part. They're simply trying to address a case of abuse --
which ultimately impacts their ability to deliver service to their
users.
On Jan 5, 7:29 pm, "Mike Scott" wrote:
> Oh don't you just love corporate hostility. B
hi,
We are getting same (417) error and after including
'ServicePointManager.Expect100Continue = false;' its work fine
Thanxs for help
Vivek Shrivastav,
Invitratech India
On Dec 30 2008, 4:29 am, MacReeg wrote:
> Thank you for the help. To set the boolean of
> 'ServicePointManager.Expect100Co
First time poster, so I'm sorry if this has been asked and answered; I
did search the archives.
I'm trying to use the API to query whether a particular account is
both a friend and follower (in the notifications sense) of another
account. I realize I'm using deprecated terminology here, but it se
On Mon, Jan 5, 2009 at 8:22 PM, Julio Biason wrote:
>
> The source parameter means nothing. I can change Mitter to identify
> itself as Twiterrifc, for example. If they take a road like that, some
> spammer can change the parameter to, say, YOUR application and your
> users will flock to somethin
You can handle it with two calls to the friendship exists method:
http://apiwiki.twitter.com/REST+API+Documentation#exists
* user_a. Required. The ID or screen_name of the first user to
test friendship for.
* user_b. Required. The ID or screen_name of the second user to
test friendshi
77 matches
Mail list logo