[twitter-dev] Quickest way to check if a tweet is from my followers ?
Hi everybody, I'm willing to display only a list of tweets that : - contains a certain word (that's ok) - and are from my followers only The idea is to make the process as light and quick and possible and was wondering if there was a way to only perform the word check in my followers's tweets ? My question is : - can I check if a general tweet is from a follower or not (checking a boolean value or something like that) - can I retrieve a list of my followers id or name and then compare them to the id of the tweets containg a specific word before displaying them ? (wouldn't this be quite hard if I have 10.000 followers or so?) - have you got a better solution I'm not thinking of? Sincere thanks.
[twitter-dev] Download Hollywood Movies 2010
www.hollywood-moives.blogspot.com
Re: [twitter-dev] Re: Failed to validate oauth signature and token
Yeah, the Nonce needs to be a unique value. If your language can create GUIDs, that might be the best option. Ryan On Sat, Jan 16, 2010 at 11:11 PM, eco_bach bac...@gmail.com wrote: solved, apparently my oauth_nonce value was incorrect, I assumed it was simply a random string and I didn't use the mx.utils.UIDUtil class to generate. I'll try also switching the order so the signature is at the end.
[twitter-dev] Re: Any iPhone Twitter apps with OAuth login ?
Hi, we're releasing an app that has a twitter-based sharing component in a couple of weeks. Does Twitter have any interest in making a mobile friendly version of the oauth allow/deny/pin pages? Could one of us on the outside just gin it up and give it to Twitter? On Jan 12, 7:15 am, funkatron funkat...@gmail.com wrote: Just FWIW, this isn't really aniPhone-specific issue – there are a lot of rich mobile devices out there. One reason (excuse?) for not usingOAuthin Spaz on webOS is the poor functionality on mobile. I'm really reluctant to move toOAuthuntil the flow for mobile is improved. The data from heypic.me is just what I was afraid of. -- Ed Finklerhttp://funkatron.com Twitter:@funkatron AIM: funka7ron ICQ: 3922133 XMPP:funkat...@gmail.com On Dec 6 2009, 3:08 am, Ram group...@cascadesoft.net wrote: As a followup to the mobileOAuthdiscussions from October (seehttp://groups.google.com/group/twitter-development-talk/browse_thread...) Does anyone know of any (publicly released)iPhoneor other mobile Twitter apps that useOAuth? I'm partly curious to know/confirm whether our app is the onlyiPhone (or mobile) app that uses TwitterOAuthlogin for posting tweets, but I also want to know what you think of the UI, if you've used TwitterOAuthlogin in any publicly released mobile app. Thanks Ram
[twitter-dev] Re: Streaming API Basics ...
Any one, please??? On Jan 16, 1:11 pm, Twitter-Developer alamshe...@gmail.com wrote: Dear Experts, Well I have been developing Twitter applicaiton for quite a long now and has been using Twitter Search API for my goals. Here is my business overview: I have subscribers over 20K. Have their profiles containing their interests keywords, location and other geographic information. I use oAuth for authentication and then get following information for each subscriber. 1. Mentions (Cache each mention locally) 2. Retweets (Cache each retweet locally) 3. Search tweets for subscriber interests using their keywords etc and location. All these activities are being performed periodically, where I use sinceId to fetch mentions, retweets, so that I may have historical data and do not lose any mention or retweet of the user. Now I have read the API documentation and can see Streaming API is the most recommended API by twitter. I want to convert my application to use Streaming API. So as I see, with the default access level, I can subscribe to statuses/sample or statuses/filter method using any of my account (using basic authentication) and can fetch whatever I want, as the nature of API is event based, this is definitely going to be fast. Here are few questions though: 1. What is the difference between sample and filter method? When to use which? 2. What is best approach to get the retweets and mentions? Is it tracking my subscribers screen names or just specify there user ids in follow predicate? 3: If I have 20,000 subscribers, that means, I have at least 20,000 screen names to track or follow and suppose I have 3 keywords for each subscriber on average, that makes it 60,000 keywords to track as well, how to manage this? 4: If any of the subscriber changes location or keywords, I have to reconnect to update the predicates. right? I have read the documentation and can follow the best practices. However I am unable to understand the count variable logic. I want to see if any of the mentions or retweets is missing in my storage, what's the best approach to get it back? 5: How to track or follow based on users' location? So basically I am confused :) Any recommendations to move from here or quick answers to above will help. I'll be grateful for any help. Regards, Alam Sher
Re: [twitter-dev] Cursor Expiration
A cursor is an opaque deletion-tolerant index into a Btree keyed by source userid and modification time. It brings you to a point in time in the reverse chron sorted list. So, since you can't change the past, other than erasing it, it's effectively stable. (Modifications bubble to the top.) But you have to deal with additions at the list head and also block shrinkage due to deletions, so your blocks begin to overlap quite a bit as the data ages. (If you cache cursors and read much later, you'll see the first few rows of cursor[n+1]'s block as duplicates of the last rows of cursor[n]'s block. The intersection cardinality is equal to the number of deletions in cursor[n]'s block). Still, there may be value in caching these cursors and then heuristically rebalancing them when the overlap proportion crosses some threshold. -John Kalucki http://twitter.com/jkalucki Infrastructure, Twitter Inc. On Sat, Jan 16, 2010 at 10:40 PM, Marc Mims marc.m...@gmail.com wrote: * John Kalucki j...@twitter.com [091209 09:28]: A cursor should be valid forever, but as it ages and rows are removed, you might see some minor data loss and probably more duplicates. Out of curiosity, what is a cursor? From our (the users') perspective, it's just an opaque number. But I'm curious. How is it generated? What does it represent internally? -Marc
Re: [twitter-dev] Re: Streaming API Basics ...
Please don't bump. I'm happy to help, but, note that we currently don't have dedicated support for this list, it's a holiday weekend and there's a lot going on that you can't see. On Sun, Jan 17, 2010 at 1:39 AM, Twitter-Developer alamshe...@gmail.comwrote: Any one, please??? On Jan 16, 1:11 pm, Twitter-Developer alamshe...@gmail.com wrote: Dear Experts, Well I have been developing Twitter applicaiton for quite a long now and has been using Twitter Search API for my goals. Here is my business overview: I have subscribers over 20K. Have their profiles containing their interests keywords, location and other geographic information. I use oAuth for authentication and then get following information for each subscriber. 1. Mentions (Cache each mention locally) 2. Retweets (Cache each retweet locally) 3. Search tweets for subscriber interests using their keywords etc and location. All these activities are being performed periodically, where I use sinceId to fetch mentions, retweets, so that I may have historical data and do not lose any mention or retweet of the user. Now I have read the API documentation and can see Streaming API is the most recommended API by twitter. I want to convert my application to use Streaming API. So as I see, with the default access level, I can subscribe to statuses/sample or statuses/filter method using any of my account (using basic authentication) and can fetch whatever I want, as the nature of API is event based, this is definitely going to be fast. Here are few questions though: 1. What is the difference between sample and filter method? When to use which? 2. What is best approach to get the retweets and mentions? Is it tracking my subscribers screen names or just specify there user ids in follow predicate? 3: If I have 20,000 subscribers, that means, I have at least 20,000 screen names to track or follow and suppose I have 3 keywords for each subscriber on average, that makes it 60,000 keywords to track as well, how to manage this? 4: If any of the subscriber changes location or keywords, I have to reconnect to update the predicates. right? I have read the documentation and can follow the best practices. However I am unable to understand the count variable logic. I want to see if any of the mentions or retweets is missing in my storage, what's the best approach to get it back? 5: How to track or follow based on users' location? So basically I am confused :) Any recommendations to move from here or quick answers to above will help. I'll be grateful for any help. Regards, Alam Sher
[twitter-dev] OAuth best practice
I'd like to embed the Twitter OAuth authorization-sign in window WITHIN my application. Is this considered a best practice, or is it always recommended to send the user to a new browser window for the service provider(Twitter in this case) OAuth authentication process?
[twitter-dev] Regarding sending messages to all my followers in twitter
hi guys, Is it any way to send a message to all my followers in twitter.Because when i went through the API ,there is a function sendDirectMessage which is used to send message to a particular friend (follower). Regards Vivek
Re: [twitter-dev] DELETE list members API is rate limited
Does X-RateLimit-Remaining decrease when you call call DELETE list members? Just having it in the response header does not mean the rate limit is actually affected. If you find that it is decreasing with each DELETE call search and open an issue so Twitter can keep track of it: http://code.google.com/p/twitter-api/issues/list Abraham On Sat, Jan 16, 2010 at 23:06, ono_matope matope@gmail.com wrote: Hi, I'm @ono_matope. I found a bug on lists API and I wanna report you. Even though API document says DELETE list members API is Not rate limited, my DELETE list members API requests like following is rate limited. I requested following DELETE request. curl -u ono_matope:X -X DELETE -d id=17130681 http://api.twitter.com/1/ono_matope/hoge/members.json -i And response headers is following. HTTP/1.1 200 OK Date: Thu, 14 Jan 2010 15:05:30 GMT Server: hi X-RateLimit-Limit: 150 X-Transaction: 1263481531-77276-28451 Status: 200 OK ETag: 77550e3c9975d610529f85edff0913e9 Last-Modified: Thu, 14 Jan 2010 15:05:31 GMT X-RateLimit-Remaining: 147 X-Runtime: 0.14168 Content-Type: application/json; charset=utf-8 Pragma: no-cache Content-Length: 1109 X-RateLimit-Class: api Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post- check=0 Expires: Tue, 31 Mar 1981 05:00:00 GMT X-Revision: DEV X-RateLimit-Reset: 1263482054 Set-Cookie: lang=en; path=/ Set-Cookie: _twitter_sess=ABBR; domain=.twitter.com; path=/ Vary: Accept-Encoding Connection: close This request is rate-limitted. So I can't rebuild lists. I think that is a kind of a bug... I hope that this problem would be fixed. -- Abraham Williams | Moved to Seattle | May cause email delays Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Seattle, WA, United States
Re: [twitter-dev] OAuth best practice
It is best practice to always send the user to Twitter in their browser of choice not embedded in another webpage/application. Abraham On Sun, Jan 17, 2010 at 08:50, eco_bach bac...@gmail.com wrote: I'd like to embed the Twitter OAuth authorization-sign in window WITHIN my application. Is this considered a best practice, or is it always recommended to send the user to a new browser window for the service provider(Twitter in this case) OAuth authentication process? -- Abraham Williams | Moved to Seattle | May cause email delays Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Seattle, WA, United States
Re: [twitter-dev] Re: Social Graph API: Legacy data format will be eliminated 1/11/2010
From the numbers I've seen in this thread more then 95% of accounts are are followed less then 25k times. It would not seem to make sense for Twitter to support returning more then 25k ids per call. Especially since there are only ~775 accounts with more then 100k followers: http://twitterholic.com/top800/followers/ Abraham On Sat, Jan 16, 2010 at 04:06, st...@implu.com st...@implu.com wrote: Can we get a decision on this issue? Will a cursor eventually be a required element? If not, what will the default return be? If a cursor is required, what will be the number of social graph elements returned? I guess I'm cook with a required cursor so long as cursor=-1 returns 100k for example. A decision please. Cheers, Steve On Jan 8, 9:24 pm, st...@implu.com st...@implu.com wrote: Here's some rough numbers...x is the number of twitter user's with a follower count of... x = 100k 7140.007% 75k = x 100k 1510.001% 50k = x 75k 4110.004% 25k = x 50k 20440.020% 0 x 25k10009489 96.529% Total: 10,369,396 So I would agree that 100k would be sufficient for our needs. -Steve On Jan 8, 3:38 pm, Dossy Shiobara do...@panoptic.com wrote: 100k, at the minimum. On 1/8/10 3:35 PM, Wilhelm Bierbaum wrote: How much larger do you think makes it easier? On Jan 7, 6:42 pm, st...@implu.com st...@implu.com wrote: I would agree with several views expressed in various posts here. 1) Acursor-less call that returns all IDs makes for simpler code and fewer API calls. i.e. less processing time. 2) If we must have a 'cursored' call then at least allow forcursor=-1 to return a larger number than 5k. -- Dossy Shiobara | do...@panoptic.com |http://dossy.org/ Panoptic Computer Network |http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70) -- Abraham Williams | Moved to Seattle | May cause email delays Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] Re: Tweets with !, ', and other characters refused..
I'm seeing this in a library that previously was not having this issue. On Jan 14, 9:48 am, Xavier Grosjean xavier.grosj...@yoono.com wrote: There must be an issue in the OAuth signature computing, which is why you are requested to provide your login again... 2010/1/14 thetwitmaniac alon.a.ta...@gmail.com We are using UTF-8 and still have this issue! Really can't understand why, all help would be greatly appreciated! On Dec 23 2009, 6:04 pm, Abraham Williams 4bra...@gmail.com wrote: Make sure you are properly encoding the characters before you send them to Twitter. Abraham On Tue, Dec 22, 2009 at 23:49, thetwitmaniac alon.a.ta...@gmail.com wrote: Hi, I'm building a desktop twitter client and for some reason whenever I try to post a tweet with an exclamation mark or apostrophe, the tweet is rejected and I am presented with a request to provide login credential for the Twitter API. Has anyone run into this issue or have any idea why this would occur? Thanks! -- Abraham Williams | Awesome Lists |http://awesomeli.st Project | Intersect |http://intersect.labs.poseurtech.com Hacker |http://abrah.am|http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private.
[twitter-dev] authenticity_token same as access token?
Hi Can someone confirm or deny whether the authenticity_token returned is the same as 'access_token' referred to in the documentation? Thanks in advance!
[twitter-dev] Re: Loose ends for List and Retweet APIs
On Dec 18 2009, 6:38 pm, Marcel Molina mar...@twitter.com wrote: Or conceivably (though arguably janky) there could be an additional parameter you provide for the user timeline that opts you in to having retweets appear. e.g. ?include_retweets=true Yes... please add this to the API. It would restore the ability to see retweets for non-authenticated users.
Re: [twitter-dev] Sign in with Twitter, PIN authentication and Desktop Clients
1. Desktop applications are those that are installed or ran from a PC /Mac/Linux or on a mobile device. They are outside of the browser. 2. One is used for web applications, the other is for desktop applications. 3. You are correct. PIN workflow is only for desktop applications. Ryan Sent from my DROID On Jan 17, 2010 5:00 PM, eco_bach bac...@gmail.com wrote: Hi Building an AS3 based web application using OAuth. So far I've coded a demo that successfully obtains a request token, redirects the user to the oauth url, and, on successful login redirects the user back to the previously supplied consumer- application URL. However somewhat confused by several things. 1)Definition of Desktop Clients http://apiwiki.twitter.com/Authentication Is a desktop client any web based application? or does it specifically refer to any application OUTSIDE of the browser (ie AIR based)? 2) SignIn with Twitter Can someone explain the difference between 'oauth/authorize' and 'oauth/authenticate' urls? What is meant by 'normal flow' (2nd paragraph) here http://apiwiki.twitter.com/Sign-in-with-Twitter 3) PIN handshake My assumption is that the extra PIN handshake is ONLY necessary for what I understand to be desktop clients (ie #1 above) So 'Sign in with Twitter' for a web-based application shouldn't require the extra PIN handshake. Am I correct? Thanks for any feedback on the above!
[twitter-dev] Re: OAuth best practice
On Jan 17, 10:46 am, Abraham Williams 4bra...@gmail.com wrote: It is best practice to always send the user to Twitter in their browser of choice not embedded in another webpage/application. Abraham Thanks! I was just about to code something up to do it the other way!
[twitter-dev] Re: Sign in with Twitter, PIN authentication and Desktop Clients
Thanks Ryan On Jan 17, 5:38 pm, ryan alford ryanalford...@gmail.com wrote: 1. Desktop applications are those that are installed or ran from a PC /Mac/Linux or on a mobile device. They are outside of the browser. 2. One is used for web applications, the other is for desktop applications. 3. You are correct. PIN workflow is only for desktop applications. Ryan Sent from my DROID On Jan 17, 2010 5:00 PM, eco_bach bac...@gmail.com wrote: Hi Building an AS3 based web application using OAuth. So far I've coded a demo that successfully obtains a request token, redirects the user to the oauth url, and, on successful login redirects the user back to the previously supplied consumer- application URL. However somewhat confused by several things. 1)Definition of Desktop Clientshttp://apiwiki.twitter.com/Authentication Is a desktop client any web based application? or does it specifically refer to any application OUTSIDE of the browser (ie AIR based)? 2) SignIn with Twitter Can someone explain the difference between 'oauth/authorize' and 'oauth/authenticate' urls? What is meant by 'normal flow' (2nd paragraph) herehttp://apiwiki.twitter.com/Sign-in-with-Twitter 3) PIN handshake My assumption is that the extra PIN handshake is ONLY necessary for what I understand to be desktop clients (ie #1 above) So 'Sign in with Twitter' for a web-based application shouldn't require the extra PIN handshake. Am I correct? Thanks for any feedback on the above!
[twitter-dev] sqllite command for writing to local DB
Hello all, I'm trying to capture data from twitter and write it to a local sqlite3 DB. Can anyone help with a command for this? I am also a newbie so I wouldn't assume anything when explaining. thanks
Re: [twitter-dev] Update profile background image using Oauth API
hi - yes - this is completely doable. i wrote a simple ruby script and posted it at http://mehack.com/uploading-a-background-image-to-twitter-using (which may be having DNS issues at the moment, and if so, just go see the code directly at http://gist.github.com/279650) -- that code demonstrates how to construct the signature, and upload a background image. i tested it on my test account, and it works great. On Sun, Jan 10, 2010 at 9:33 AM, rohit khariwal khariwal.ro...@gmail.comwrote: I have tried it. The command line code is working fine but not working with Oauth API. On Sun, Jan 10, 2010 at 10:36 PM, Pedro Junior v.ju.ni.o...@gmail.comwrote: *Yes, is possible.* * http://apiwiki.twitter.com/Twitter-REST-API-Method:-account update_profile_background_imagehttp://apiwiki.twitter.com/Twitter-REST-API-Method:-account%C2%A0update_profile_background_image * - Pedro Junior 2010/1/10 rohit khariwal.ro...@gmail.com I have been researching the PHP script to update the background image of twitter profile. I found lots of code but none of them seems to be working. Is it really possible to do this using API? Thanks -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Is there anyway get update profile background image to work with OAuth?
i wrote a simple ruby script and posted it at http://mehack.com/uploading-a-background-image-to-twitter-using (which may be having DNS issues at the moment, and if so, just go see the code directly at http://gist.github.com/279650) -- that code demonstrates how to construct the signature, and upload a background image. i tested it on my test account, and it works well. on a separate thread i mentioned that Twitter4J ( http://yusuke.homeip.net/twitter4j/en/index.html) has support for setting background images via OAuth. its very clearly written, and would be relatively easy to pull apart and see how they are doing their OAuth uploads. On Sat, Jan 16, 2010 at 9:41 AM, Vikram vikram.prav...@gmail.com wrote: Is there anyway get update profile background image to work with OAuth? No one from twitter API team also seem to be trying help people out? -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] Re: OAuth image upload: how does Twitter want to see multi-part post OAuth parts?
i wrote a simple ruby script and posted it at http://mehack.com/uploading-a-background-image-to-twitter-using (which may be having DNS issues at the moment, and if so, just go see the code directly at http://gist.github.com/279650) -- that code demonstrates how to construct the oauth signature and upload a background image to Twitter. i tested it on my test account, and it seems to work well. while that code is written in ruby, i tried to take care to write it clearly enough so that even non-ruby programmers should be able to follow it. let me know if there are any questions! ps. as yusuke mentioned earlier on this thread, Twitter4J ( http://yusuke.homeip.net/twitter4j/en/index.html) has support for setting background images via OAuth. FWIW, that library is -very- clearly written, and should be relatively easy for programmers (especially those who are attempting to construct their own OAuth signatures) to follow. On Wed, Jan 13, 2010 at 9:40 AM, Vikram vikram.prav...@gmail.com wrote: Raffi, After modifications, this is how my request looks like OAuth signature base: POSThttp%3A%2F%2Ftwitter.com%2Faccount %2Fupdate_profile_background_image.xmloauth_consumer_key %3DgUutCG9HjEOT0N8IxvW9w%26oauth_nonce %3Dt64bID6gIVtpU6t7m3dsTrTUOhubJizM%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1263403749%26oauth_token %3D29191067-7Gl0rjc5KegDdw5p0FJqcBLTmKFF8rCr9Kb3Yt7ZE%26oauth_version %3D1.0a I sign this and then add all the parameters to the request stream, this is how my stream looks like: oauth_consumer_key=gUutCG9HjEOT0N8IxvW9woauth_nonce=t64bID6gIVtpU6t7m3dsTrTUOhubJizMoauth_signature=TE0lfX3WZwYAr1812GNP8uYJGKc %3Doauth_signature_method=HMAC- SHA1oauth_timestamp=1263403749oauth_token=29191067-7Gl0rjc5KegDdw5p0FJqcBLTmKFF8rCr9Kb3Yt7ZEoauth_version=1.0aimage= This is followed by the byte stream of the image. I still get a 401 as response. Can tell me what I need to change? -- Raffi Krikorian Twitter Platform Team http://twitter.com/raffi
Re: [twitter-dev] OAuth best practice
This brings up a really good point about OAuth. The reality is that when you put a really nice UI in front of OAuth on a mobile or in an application, you are very likely to make the direct credentials available to the application itself. In many cases, there is no memory access protection standing in the way. I agree that HTTP Basic auth is as bad as anything could ever be, putting the password on the wire. Has twitter thought about allowing HTTP Digest? It would eliminate the UX clunk, and still keep the passwords off the wire. On Sun, Jan 17, 2010 at 8:50 AM, eco_bach bac...@gmail.com wrote: I'd like to embed the Twitter OAuth authorization-sign in window WITHIN my application. Is this considered a best practice, or is it always recommended to send the user to a new browser window for the service provider(Twitter in this case) OAuth authentication process?
Re: [twitter-dev] OAuth best practice
Although you can find many instances of popular applications that do exactly this, and the precise reasons for it being verboten are definitely arguable and murky at best, the reaction that you'll receive from the OAuth community is likely to be crystal clear, and very negative. I posted an open source app that did this and received this from a founding member of the OAuth committee: ...this approach is specifically one that OAuth is trying to protect users from. The problem is that your app does not (and can not) give users any trust that you (or more importantly, an attacker) are not storing their Twitter credentials without informing them... My personal feelings about the veracity of this statement aside, the tone is pretty clear: you shouldn't do this. isaiah http://twitter.com/isaiah On Jan 17, 2010, at 8:50 AM, eco_bach wrote: I'd like to embed the Twitter OAuth authorization-sign in window WITHIN my application. Is this considered a best practice, or is it always recommended to send the user to a new browser window for the service provider(Twitter in this case) OAuth authentication process?
Re: [twitter-dev] OAuth best practice
best practice for certain environments, certainly. On Sun, Jan 17, 2010 at 10:46 AM, Abraham Williams 4bra...@gmail.comwrote: It is best practice to always send the user to Twitter in their browser of choice not embedded in another webpage/application. Abraham On Sun, Jan 17, 2010 at 08:50, eco_bach bac...@gmail.com wrote: I'd like to embed the Twitter OAuth authorization-sign in window WITHIN my application. Is this considered a best practice, or is it always recommended to send the user to a new browser window for the service provider(Twitter in this case) OAuth authentication process? -- Abraham Williams | Moved to Seattle | May cause email delays Project | Intersect | http://intersect.labs.poseurtech.com Hacker | http://abrah.am | http://twitter.com/abraham This email is: [ ] shareable [x] ask first [ ] private. Sent from Seattle, WA, United States
Re: [twitter-dev] OAuth best practice
Let's look at the current set of alternatives: 1) bop over to the browser on your mobile get out your pen, etc, write down that pin... 2) provide a simple user/pass interface within your app, and use HTTP basic, a scheme that gives a reasonable UX but from a security standpoint merits jail time. Both suck. I agree with their POV for the laptop/desktop environment, but it is important to find a way to do better for mobile. HTTP Digest might be a good step toward killing HTTP Basic usage. Perhaps it is time for a better oath (or something else) that will work with mobile? It might be more tolerable to be pitched to the browser if the pin copy could be eliminated. Maybe the twitter server could hold some sort of ticket state that the app could silently fetch after the user re-launches the app. On Sun, Jan 17, 2010 at 10:42 AM, Isaiah Carew isa...@me.com wrote: Although you can find many instances of popular applications that do exactly this, and the precise reasons for it being verboten are definitely arguable and murky at best, the reaction that you'll receive from the OAuth community is likely to be crystal clear, and very negative. I posted an open source app that did this and received this from a founding member of the OAuth committee: ...this approach is specifically one that OAuth is trying to protect users from. The problem is that your app does not (and can not) give users any trust that you (or more importantly, an attacker) are not storing their Twitter credentials without informing them... My personal feelings about the veracity of this statement aside, the tone is pretty clear: you shouldn't do this. isaiah http://twitter.com/isaiah On Jan 17, 2010, at 8:50 AM, eco_bach wrote: I'd like to embed the Twitter OAuth authorization-sign in window WITHIN my application. Is this considered a best practice, or is it always recommended to send the user to a new browser window for the service provider(Twitter in this case) OAuth authentication process?
[twitter-dev] Re: Streaming API
Hi, I also want Gardenhose access level. Please let me know email address to get EULA. On 2009年12月28日, 午後12:00, John Kalucki j...@twitter.com wrote: All Twitter accounts have access to the Spritzer access level on /1/statues/sample.format. The Gardenhose rate increases the flow on that same resource by about three times. You have to agree to a EULA. Email a...@twitter.com to get started. -John Kaluckihttp://twitter.com/jkalucki Services, Twitter Inc. On Sun, Dec 27, 2009 at 11:14 AM, Arunachalam arunachala...@gmail.comwrote: Hi, The webpagehttp://apiwiki.twitter.com/Streaming-API-DocumentationspecifiesThe *Gardenhose* access level provides a proportion more suitable for *data mining and research applications* that desire a larger proportion to be statistically significant sample. Please let me know how to get the access for the Gardenhose API and also usage of gradenhose feeds which is not mentioned in that webpage. Is it possible to access the Gradenhose API after getting the access rights using http://stream.twitter.com/1/statuses/gradenhose.json*? * Cheers, Arunachalam- 引用テキストを表示しない - - 引用テキストを表示 -
[twitter-dev] @ Message read rate for non-followers
Hey Guys, Do you know what % of people read @ messages if you are not a follower + targeting them based on keywords or search api's? Thanks, Abir
[twitter-dev] Guide to understanding how to work with Twitter and OAuth
Hey - I'm hoping to save someone time with this as I was looking for a similar guide myself when learning about OAuth and didn't find any. So I just put together a walkthrough of the OAuth sequence. Maybe this will be helpful to someone. http://www.jaanuskase.com/en/2010/01/understanding_the_guts_of_twit.html rgds, Jaanus
