Re: How to register an own source-parameter
Thank you very much, that's what I was looking for.
Re: a simple workaround for lack of OAuth
2009/1/2 Dharmesh dharme...@gmail.com: Nicely done. Thanks. Quick question: How are you ensuring that you see *all* posts in the public timeline? I didn't think that was quite possible yet with the Twitter API. It's actually using the search API not the public timeline. -Stuart -- http://stut.net/
Re: a simple workaround for lack of OAuth
I think Scoble likes to hear himself talk, and loves to stir up drama. It's how he keeps people paying attention to him. I'd find more reputable sources for that argument. -- Ed Finkler http://funkatron.com AIM: funka7ron ICQ: 3922133 Skype: funka7ron On Fri, Jan 2, 2009 at 12:44 AM, Richie rocketeer.so...@gmail.com wrote: I think it's getting more urgent day by day: http://scobleizer.com/2009/01/01/twitter-warning-your-data-is-being-sold/ Richie http://twitter.com/RMetzler On 8 Dez. 2008, 18:09, Alex Payne a...@twitter.com wrote: It won't be available for testing this week, but should be available before the end of the month. I'd definitely encourage you not to launch on it, though, as it will be a beta. On Mon, Dec 8, 2008 at 08:16,Richierocketeer.so...@gmail.com wrote: Hi Alex, do you have any updates on whenOAuthis available? Currently I'm doing the finishing touches on a new service and would love to let the users chooseOAuthfor authentication instead of requiere them to give me their secret pw. I'm experienced in using OAuthso I expect to get it working in a couple of hours. Do you think Twitter will enableOAuththis week or should I start my service with user/pw-authentication first? Richard On Nov 27, 12:38 am, Alex Payne a...@twitter.com wrote: As I don't know the entire schedule of our UX team, I can't. I would say less than a month and closer to a week by far, but please don't hold me to that. On Wed, Nov 26, 2008 at 15:41, Amir Michail amich...@gmail.com wrote: On Nov 24, 5:05 pm, Alex Payne a...@twitter.com wrote: We're currently waiting on our User Experience team to put the final touches on a BETA release of ourOAuthsupport. It's going to have bugs, to be sure, but we should have it out there soon. Could you give us a time estimate? In a week? A month? Amir On Mon, Nov 24, 2008 at 12:53, Stut stut...@gmail.com wrote: On 24 Nov 2008, at 15:13, fastest963 wrote: A better alternative would be to just create an API key for every user. Instead of entering username/password, they would enter their secret API key? This is far less secure thanOAuthand is actually not much better than requiring a username and password. One of the core benefits ofOAuthis the ability to be very specific regarding what each authorised application is allowed to do, on a per application basis. It also allows you to selectively revoke the permissions of any specific application without needing to ask or even tell the application about it. To do this with the API key system you effectively need to re-authorise every app you use when you want to block just one of them. No real difference between this and having to change your password. I would much prefer that the guys (and gals) at Twitter concentrate on gettingOAuthproperly implemented (which is harder than it sounds) than their attention gets diverted by developers too impatient to wait for the right solution to the problem. -Stut -- http://stut.net/ -- Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x
Re: a simple workaround for lack of OAuth
2009/1/2 Ed Finkler funkat...@gmail.com: I think Scoble likes to hear himself talk, and loves to stir up drama. It's how he keeps people paying attention to him. I'd find more reputable sources for that argument. Whilst there's an element of truth in your statement (just about all of the prominent tech bloggers remain prominent by stirring up drama), lots of people have been saying similar things for a long time. Ad hominem attacks don't change the fact that the message is right. You could start here : http://adactio.com/journal/1357 . I think we all understand, however, that the twitter engineering team first needed to make twitter stable before they could add features like this one. Now that they've largely done that, it appears they're responding to demand for features like this one, which is great news. Mark
Re: a simple workaround for lack of OAuth
I think Scoble likes to hear himself talk, and loves to stir up drama. It's how he keeps people paying attention to him. I'd find more reputable sources for that argument. Whilst there's an element of truth in your statement (just about all of the prominent tech bloggers remain prominent by stirring up drama), lots of people have been saying similar things for a long time. Ad hominem attacks don't change the fact that the message is right. You could start here : http://adactio.com/journal/1357 . So let's say Scoble is right. How, in fact, does OAuth prevent a bad actor from using credentials to act badly? OAuth solves many problems; it doesn't solve this one. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- BOND THEME NOW PLAYING: The Man With the Golden Gun --
Re: a simple workaround for lack of OAuth
On Fri, Jan 2, 2009 at 1:36 PM, Mark Ng ng.mar...@gmail.com wrote: Whilst there's an element of truth in your statement (just about all of the prominent tech bloggers remain prominent by stirring up drama), lots of people have been saying similar things for a long time. Ad hominem attacks don't change the fact that the message is right. You could start here : http://adactio.com/journal/1357 . Agreed, and that's a much better source. I think we all understand, however, that the twitter engineering team first needed to make twitter stable before they could add features like this one. Now that they've largely done that, it appears they're responding to demand for features like this one, which is great news. Yep. So not really a lot of point in continuing the oh boy, this is a big problem! thing, I think, when they're on it and have given many updates here recently. That's not a criticism of you in particular, but of folks who apparently don't search the archives before posting something along the lines of Scoble said this is a big deal, so you'd better do it! It doesn't help in any way. -- Ed Finkler http://funkatron.com AIM: funka7ron ICQ: 3922133 Skype: funka7ron
Re: a simple workaround for lack of OAuth
On Fri, Jan 2, 2009 at 1:41 PM, Cameron Kaiser spec...@floodgap.com wrote: So let's say Scoble is right. How, in fact, does OAuth prevent a bad actor from using credentials to act badly? OAuth solves many problems; it doesn't solve this one. And this.
Re: Advice for a newbie
O'Reilly has the rough cut of their book on the Twitter API available: http://oreilly.com/catalog/9780596157791/. On Thu, Jan 1, 2009 at 17:46, Ninjamonk dar...@stuartmedia.co.uk wrote: I would suggest learning a programming language, how restful webserices work, then reading the twitter api docs. If they already know something like php etc then I would suggest grabbing an existing library and reading the twitter api docs On Jan 2, 1:15 am, Cameron Kaiser spec...@floodgap.com wrote: If a complete novice to the twitter API with little or no web developing knowledge was to ask for suggestions on where to start with learning how to build a twitter app, what would you suggest? I am researching for a new blog post and would greatly appreciate you views on this. If you're patient, I'm sure there will be at least one book emerging on this topic in the very near future. Just something I'm pretty confident about mentioning. -- personal:http://www.cameronkaiser.com/-- Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com -- TRUE HEADLINE: Bomb Victims Still Trying To Pick Up The Pieces - -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
Re: multiple @'s reach replies inbox
As always, it really help us track requests if you submit an issue: http://code.google.com/p/twitter-api/issues/entry. On Thu, Jan 1, 2009 at 17:47, Ninjamonk dar...@stuartmedia.co.uk wrote: would be handy but it can be done in a limited way via the search on twitter. On Jan 2, 1:03 am, mozTom tob...@gmail.com wrote: I wouldn't mind if one could submit multiple in_reply_to_status_ids, like with commas or something, so that instead of having @user1 @user2 @user3, the system knows (if you set an i_r_t_s_i, you don't even need the @user, it will show up in their replies box). This way it doesn't look spammy and provides the maximum amount of characters. On Dec 31 2008, 4:53 pm, Chad Etzel jazzyc...@gmail.com wrote: Agree++; I think any mentions should be delivered somehow... either to Replies tab or a new Mentions tab or something. One can search for their username on search.twitter (or tweetgrid :D), but i bet most people miss their mentions because it doesn't occur to them do so... -chad On Wed, Dec 31, 2008 at 2:09 PM, Peter Denton petermden...@gmail.comwrote: Honestly, I think its a very good idea, as when you have businesses blasting, you don't want them to individual sends, as it will make the timeline look spam-centric, whereas multiple mentions looks nice. On Wed, Dec 31, 2008 at 11:08 AM, Alex Payne a...@twitter.com wrote: We've considered changing it such that any mentions of a user's screen_name are delivered to the reply timeline. We'll let you know if we do. On Wed, Dec 31, 2008 at 09:47, Peter Denton petermden...@gmail.com wrote: Hello, Just curious if the twitter system will eventually deliver multiple @'s in a single status to all those @'d. As I understand it now, it delivers the first @, IF it is the first string in the status, and all other @'s wont reach a reply inbox. Do you plan to change it? Peter -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
Re: update_profile_colors lag?
It's probably a bug. Please file an issue and we'll take a look at it after the holiday break: http://code.google.com/p/twitter-api/issues/entry. On Thu, Jan 1, 2009 at 18:41, dean.j.robinson dean.j.robin...@gmail.com wrote: The colors I set via the api are still not showing on twitter.com, yet they are being returned via the api. Is this a bug or could I have done something wrong when I was setting the colors? On Dec 31 2008, 3:21 pm, dean.j.robinson dean.j.robin...@gmail.com wrote: I'm in the process of adding a screen to Hahlo to allow users to change their twitter profile colors on the fly, the post to the api works, and returns the updated user info as expected, and when I re- retrieve a user profile from the api it too reflects the changes I submitted, but the colors aren't changing when I view the full profile at twitter.com. Eg. I changed the background color to f00, and the link color to ff in Hahlo Viewing http://twitter.com/users/show/hahlo_test.xml the change worked, but viewing twitter.com/hahlo_test to default colors remain. When I login to twitter.com and got to settings-design-colors the defaults are also returned not the value I specified. Is there a some sort of lag between the api and the main site updating or is it that I'm just getting a cached page(s) Thanks Dean -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
Re: a simple workaround for lack of OAuth
On Thu, Jan 1, 2009 at 10:44 PM, Richie rocketeer.so...@gmail.com wrote: I think it's getting more urgent day by day: http://scobleizer.com/2009/01/01/twitter-warning-your-data-is-being-sold/ Richie http://twitter.com/RMetzler It's true, OAuth doesn't really solve this problem, but the general public thinks it does. Having some solution is better than none, and sometimes the feeling of security is better for marketing apps than no security at all. I'd say the attention it's getting, and an entire app with open-text passwords being sold to a third party (which, who knows - maybe next time it's a spammer???) for a small price makes this pretty dang urgent. Jesse
Re: a simple workaround for lack of OAuth
http://scobleizer.com/2009/01/01/twitter-warning-your-data-is-being-sold/ It's true, OAuth doesn't really solve this problem, but the general public thinks it does. Having some solution is better than none, and sometimes the feeling of security is better for marketing apps than no security at all. Maybe for apps, but not for users. A user that thinks he's secure and is not is far worse off than a user who's insecure and knows he isn't. If this makes people think about who they give credentials to -- OAuth or no -- then the experience will be a painful but useful lesson. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- BOND THEME NOW PLAYING: The World is Not Enough --
Re: a simple workaround for lack of OAuth
2009/1/2 Cameron Kaiser spec...@floodgap.com: So let's say Scoble is right. How, in fact, does OAuth prevent a bad actor from using credentials to act badly? OAuth solves many problems; it doesn't solve this one. There are several problems to be solved, though. The first is a malicious actor with access to a single system (in this case, twitter) spamming. OAuth doesn't solve the problem of someone using an account to spam using messages from that user (unless that app doesn't need to message, and twitters OAuth implementation has granular permissions). The second is a malicious actor with access to a single system gaining control of other systems that user has access to because they've used the same username and/or password. Whilst this is bad practice on the part of the user, we'd be silly to pretend that this isn't a large problem. OAuth *does* solve that problem, which is one of the problems in this scenario. The third is a malicious actor with access to a single system locking the user out of their own account (by changing their password) and claiming the account for themselves (which has been known to happen with gmail accounts, for example). Twitter, so far as I'm aware, doesn't allow changes of passwords via the API, and I would assume that an OAuth implementation would only allow access to the API, and not the web interface. Even were these things not the case, it wouldn't make sense to allow an OAuth client to change the user password. So OAuth does solve this problem, also. Mark
Re: a simple workaround for lack of OAuth
So let's say Scoble is right. How, in fact, does OAuth prevent a bad actor from using credentials to act badly? OAuth solves many problems; it doesn't solve this one. There are several problems to be solved, though. Clearly. But the point I'm making is that *this* particular situation isn't solved by OAuth. You're absolutely right about the rest of the similar issues it *does* improve -- no one is contesting OAuth's utility -- but it wouldn't help this particular hypothetical situation. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- Friends don't let friends use Windows. -
Re: Advice for a newbie
2009/1/2 Alex Payne a...@twitter.com: O'Reilly has the rough cut of their book on the Twitter API available: http://oreilly.com/catalog/9780596157791/. They are aware that you guys are about to change it all right?? -Stuart -- http://stut.net/
Re: Being kind to the API - how many requests per minute is acceptable?
I'm certain there's no documentation or archival information readily available for this. *cough* On Fri, Jan 2, 2009 at 4:45 PM, Ben Metcalfe ben.metca...@gmail.com wrote: I'm building a twitter authority bot that makes numerous calls to twitter to derive a given user's authority. I'm about to turn this motha' on in production, and so I'm just wondering how many calls to the API I can make per minute and without being considered harmful? I have a whitelisted username and IP, but would rather know the friendly limits than be suddenly turned off for being too much. I am making use of as much caching as I can, but frankly there's a lot of calls to be made so I'll still need to throttle. Perhaps Alex/someone at Twitter could let me know. Thanks Ben PS: Do you guys have an IRC chan or something - I *REALLY* don't want to turn this on and give you problems so would love to have some real time contact (short of walking around to your offices!).
Re: PHP fread() hanging when using HTTP-REST api
Thanks guys, I'll check out cURL for future reference, but I've solved the problem. Looks like it's a simple overloaded server problem. The webserver I'm working on is a shared server, so when another client gets a spike, or the network is busy, one of my requests might drop, causing file_get_contents() or an fopen()/fread() to wait for 60 seconds before timing out. Solution; change the socket timeout time length, and use something incremental (like fread()) so that I can be flexible in my error handling. Again, thanks for the replies. -E On Jan 2, 10:18 am, Ed Finkler funkat...@gmail.com wrote: Unlikely to be a problem on Twitter's end. On your server, can you make the connection with the command line using cURL? If so, it's almost certainly something specific to how fread() is doing the call. FWIW, I use file_get_contents() (which is identical to what you're likely doing, but in one call) successfully on these sites: http://funkatron.com/twitter-trend-statshttp://funkatron.com/twitter-source-stats -- Ed Finklerhttp://funkatron.com AIM: funka7ron ICQ: 3922133 Skype: funka7ron On Fri, Jan 2, 2009 at 12:29 PM, staticfloat staticfl...@gmail.com wrote: Hey, I'm just trying to fopen()/fread() the status updates of a user on twitter (http://twitter.com/statuses/user_timeline/ staticfloat.rss), and my fread()'s randomly hang and timeout after 60 seconds. It's totally possible this is a problem on my servers' end, but is there any reason this might be a problem with the twitter severs? I've whitelisted the user I'm trying to connect to, and on my home computer, the script works flawlessly.
Twitter Authentication
I am trying to create a web-based Twitter app that will print out a friend's timeline, but the Twitter API asks for username/password. How do I do the username/password authentication on the server-side without asking this from the user. Does anyone know how to do this? Is there also a way to create a dynamic app that will update inside the web page whenever a new twitter update occurs? I am sorry if I have posted this in the wrong area, but I am struggling on understanding how this exactly works. Thanks for any help. Here is the code: $(document).ready(function(){ $('#response').createAppend('img', { src: 'images/twitter-32x32.png', alt: 'Loading...', id: 'loading_image'}, null); $.getJSON(url, ws_results); }); function ws_results(obj) { // hide the loading image $('#loading_image').hide(slow); // alternative way of displaying properties //var property, propCollection = ; //for (property in obj[0].user) { // propCollection += property + \n; //} //alert(propCollection); $('#response').createAppend( 'table', { width: '600px', align:'center', border:'2', rules:'none', frame:'box', style: 'background:#FFF;' , Name: 'tableData', id: 'Tweets' }, [ 'tr', { }, [ 'th', { colspan: '2', align: 'left', style: 'background: #FFF; color: #000 ' }, [ 'img', { src: 'images/twitter- logo.jpg', align: 'left'} ] ] ] ); // loop through items for (var i = 0; i obj.length; i++) { // create table row $('#Tweets').append('tr id=row' + i + '\/tr'); $('#row' + i).append('td align=left id=lcell' + i + ' style=font-size: 10pt;\/td'); $('#row' + i).append('td align=left id=rcell' + i + ' style=font-size: 10pt;\/td'); if (typeof(obj[i].user.url) == undefined || obj [i].user.url == '') { $('#lcell' + i).createAppend('img', { src: obj [i].user.profile_image_url, Name: 'ProfileImg', align: 'left', hspace: '5', alt: obj[i].user.name }, null); } else { $('#lcell' + i).createAppend('a', { href: obj [i].user.url }, [ 'img', { src: obj[i].user.profile_image_url, Name: 'ProfileImg', align: 'left', hspace: '5', alt: obj[i].user.name }, null]); } $('#rcell' + i).createAppend('a', { id: 'Twit', title: obj [i].user.name, href: 'http://twitter.com/' + obj [i].user.screen_name }, obj[i].user.screen_name ); $('#rcell' + i).append(' ' + obj[i].text + ' '); $('#rcell' + i).append('span id=created_at' + obj [i].created_at + '\/span'); $('#rcell' + i).append(' from ' + obj[i].source); } } //]] /script
Re: Twitter Authentication
I am trying to create a web-based Twitter app that will print out a friend's timeline, but the Twitter API asks for username/password. How do I do the username/password authentication on the server-side without asking this from the user. Does anyone know how to do this? Is there also a way to create a dynamic app that will update inside the web page whenever a new twitter update occurs? I am sorry if I have posted this in the wrong area, but I am struggling on understanding how this exactly works. Thanks for any help. You're going to have to use a CGI, PHP script, etc., on the server side to fetch the timeline and hand it to the browser. How you would do that depends on your chosen language, but many people here are using libcurl and PHP, and code for that is widely available. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- FORTUNE: Don't abandon hope: your Tom Mix decoder ring arrives tomorrow. ---
re: twitter authority
On Jan 2, 10:45 pm, Ben Metcalfe ben.metca...@gmail.com wrote: I'm building a twitter authority bot that makes numerous calls to twitter to derive a given user's authority. great. can I assume that the non monolingual perspective is taken care of? ;) as usual happy to throw suggestions out and play beta tester. I also have some data of a purely German user base (~5K) which you might test some ideas against. PS: Do you guys have an IRC chan or something - I *REALLY* don't want to turn this on and give you problems so would love to have some real time contact (short of walking around to your offices!). Oh yes please. I suggest the usual, making a #twitterapi or so on freenode? #twitter already exists. Nicole -- Suche Beta-Tester für Experiment: Journalisten suchen Blogger - http://bloxpert.de/ Kontakt: http://twitter.com/NicoleSimon // http://mit140zeichen.de/ http://crueltobekind.org // http://beissholz.de skype: nicole.simon / mailto:nee...@gmail.com phone: +49 451 899 75 03 / mobile: +49 179 499 7076
Re: A nice application
On Dec 27 2008, 2:17 am, dumis.admarket...@gmail.com dumis.admarket...@gmail.com wrote: I would like to build an application where a twitter user can store the birthday date of his friends. Is that possible using Twitter API ? Besides running into data protection issues, I do not want to have yet another database where I have to add sth like a date. Rather go on top of existing data and enhance my experience in tweeting / DM for birthday wishes. Nicole ps: dont forget timezones ;) -- http://twitter.com/NicoleSimon // http://mit140zeichen.de/ http://crueltobekind.org // http://beissholz.de skype: nicole.simon / mailto:nee...@gmail.com phone: +49 451 899 75 03 / mobile: +49 179 499 7076