[twitter-dev] Re: Streaming API not returning any data

[Amitab]

On Apr 19, 8:37 pm, John Kalucki  wrote:
> The Streaming API is currently configured to send a keep-alive newline
> every 30 seconds. If you don't receive any data or the keep-alive in
> perhaps 60 or 90 seconds, you should drop and reconnect. The only case
> where what you observed should happen is if a load balancer restarts.
> I don't think this happened at 4pm -- rather, there was a Hosebird
> deploy at around this time. If anything, you should have received an
> HTTP error code, a TCP RST or TCP CLOSE at this time.

Thanks, I will check whether my session is terminating on a TCP RST/
CLOSE.

> If you were connecting twice with the same username, your earlier
> connection may have been dropped due to duplication.

I use different usernames and different IPs in my test and production
environments. Thanks for clarifying.

>
> -John Kaluckihttp://twitter.com/jkalucki
> Infrastructure, Twitter Inc.
>
>
>
> On Mon, Apr 19, 2010 at 8:28 PM, Amitab  wrote:
> > Hi,
>
> > There was a thread about this before in which Twitter folks mentioned
> > that there was a problem with the load balancers.
>
> > This happened at about 4pm PDT. The streaming API didnt send anything
> > and neither terminated the connection. I restarted my streaming and it
> > started working again. I have two streaming sessions, one from my host
> > machine and another from my test machine, and both sessions had the
> > same issue at the same time.
>
> > Does Twitter recommend that we break the connection if no data arrives
> > in some time and then restart it?
>
> > /Amitab
>
> > Twaller.com(@mytwaller)
>
> > --
> > Subscription 
> > settings:http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

[twitter-dev] Streaming API not returning any data

[Amitab]

Hi,

There was a thread about this before in which Twitter folks mentioned
that there was a problem with the load balancers.

This happened at about 4pm PDT. The streaming API didnt send anything
and neither terminated the connection. I restarted my streaming and it
started working again. I have two streaming sessions, one from my host
machine and another from my test machine, and both sessions had the
same issue at the same time.

Does Twitter recommend that we break the connection if no data arrives
in some time and then restart it?

/Amitab

Twaller.com(@mytwaller)


-- 
Subscription settings: 
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en

[twitter-dev] Re: Introduce yourself!

[Amitab]

Hi folks,

This is Amitab (@hiamitabha) and I am working on identifying location
specific tweets at http://www.twaller.com. There are Twaller pages for
many of the cities where all you folks live, so it was great to meet
so many people through this forum.

I am a heavy user of the Search and Streaming APIs. I am just getting
started with developing an iPhone app for Twaller, if anyone here
would like to work with me/ help me, that would be awesome.

I also want to thank everyone here for maintaining such a lively
discussion forum, I have get a lot of help from the notes available
here, sometimes I don't acknowledge because the thread is too old, but
I do want to say that all of you do a lot of awesome work for the
Twiiter community.

/Amitab

Follow Twaller @mytwaller

On Feb 21, 12:02 pm, Abraham Williams <4bra...@gmail.com> wrote:
> Nice to see so many awesome introductions :)
>
> I've been adding you and your applications to some Twitter lists so if I
> missed anything let me know.
>
> https://twitter.com/abraham/twitter-api-developershttps://twitter.com/abraham/twitter-applications
>
> @abraham
>
>
>
>
>
> On Sat, Feb 20, 2010 at 17:08, Marco Kaiser  wrote:
> > I'm Marco Kaiser (@marco), started playing with the API in Summer 2007 and
> > developed AIR-based twhirl back then. It was acquired by Seesmic almost two
> > years ago now, and I joined the company, too. Did a couple more Twitter
> > desktop apps since then... :) I am based in Germany, and I also act as a
> > moderator on this list.
>
> > I'll be at Chirp.
>
> > Cheers,
> > Marco
>
> > On Sat, Feb 20, 2010 at 10:17 PM, Scott Wilcox  wrote:
>
> >> Hi,
>
> >> I'm Scott Wilcox (@dordotky). I'm a freelance developer and currently run
> >> and maintain thehttp://tweekly.fmandhttp://laststat.usservices. I
> >> developer mostly in PHP over the majority of my projects but plan to switch
> >> to either Ruby or Python this year. I'm also an iPhone developer and plan 
> >> to
> >> release a few apps this year.
>
> >> I use both the REST API and Streaming API regularly and agree with the
> >> comments on standardising the errors across the platform (the user_timeline
> >> as mention by Marc is a particular pet hate).
>
> >> I've also been doing some research in to awareless of embedded EXIF data
> >> in images that are posted to Twitter via services such as twitpic.com.
> >> I'll be publishing these finds towards the end of the month.
>
> >> I sadly won't be attending Chirp due to it being too far to travel from
> >> England and not enough funds to do so :( Hopefully one of you will create a
> >> webcast for me to watch!
>
> >> Scott.
>
> --
> Abraham Williams | Community Advocate |http://abrah.am
> Project | Out Loud |http://outloud.labs.poseurtech.com
> This email is: [ ] shareable [x] ask first [ ] private.
> Sent from Seattle, WA, United States

[twitter-dev] Re: Streaming API - AND between filter keywords

[Amitab]

Thanks Mark. That helps a lot.

On Jan 9, 4:44 pm, Mark McBride  wrote:
> Currently no.  What I would do is search for "Francisco" (a much rarer
> term), and then manually check for "San Francisco" on your end.
>
>    ---Mark
>
> http://twitter.com/mccv
>
>
>
> On Sat, Jan 9, 2010 at 2:32 PM, Amitab  wrote:
> > Hi folks,
>
> > Is there a way by which I can get streaming results tracking a
> > combination of words. For example, is it possible to get streaming
> > results which track the keyword "San Francisco" i.e, San AND
> > Francisco. I could track "San" OR "Francisco" and then filter out for
> > "San" AND " Francisco" but the results for "San" are very huge.
>
> > /Amitabh
>
> > Follow Twaller @mytwaller

[twitter-dev] Re: Best way to pull/cache location based search results?

[Amitab]

Twaller.com is a service which categorizes location based tweets
particularly useful to travelers. You can check us out at www.twaller.com.
We search tweets based on some combinations of keywords and then
filter them out using language processing algorithms.

If you would like access to the data using a Web API, do let us know.

Amitab

follow Twaller @mytwaller



On Jan 8, 7:49 am, "@epc"  wrote:
> On Jan 8, 9:29 am, GeorgeMedia  wrote:
>
> > No one?
>
> I think you would be better off consuming the firehose, geocode the
> tweets yourself, and throw away any that aren’t in regions you care
> about, caching the rest for a period of time.
>
> The thing to remember about "geocoding" of tweets is that until very
> recently the geocoding was solely by the  field in a user’s
> profile.  True geocoding of individual tweets is very recent and
> depends on the user enabling geo coding, and on the user agent posting
> the lat/lon with the tweet.  So the firehose *does* contain the 
> field, it's just mostly empty because most clients don’t populate it
> yet.  So if the  field is empty you’d have to geocode based on
> the  field which is a bit of a hairball and may contain any
> data up to 30 bytes.
>
> Alternately, do the cron job thing but enlarge the regions you’re
> searching on (search on the top N cities or metros for example, not
> 200,000 coordinates).  Cache the data, and accept that it won’t be
> absolutely up to date (it’s already lost a lot of precision since the
>  field is completely arbitrary and even if it is a city or
> lat/lon pair, does not necessarily represent where the twitter user
> was at that moment in time).
>
> --
> -ed costello

[twitter-dev] Streaming API - AND between filter keywords

[Amitab]

Hi folks,

Is there a way by which I can get streaming results tracking a
combination of words. For example, is it possible to get streaming
results which track the keyword "San Francisco" i.e, San AND
Francisco. I could track "San" OR "Francisco" and then filter out for
"San" AND " Francisco" but the results for "San" are very huge.

/Amitabh

Follow Twaller @mytwaller

[twitter-dev] Re: Questions about opening the firehose

[Amitab]

Hi Raffi,

Will the geo-hose streaming API return only those tweets which are geo-
tagged, or will it also return tweets for users whose location (in
profile) falls within the lat, lon specified.

If it returns only tweets that are geo-tagged, I guess the volume of
returned tweets will be pretty low for now.

/Amitab

Twaller.com (@mytwaller)

On Dec 17, 9:19 pm, Raffi Krikorian  wrote:
> > For one thing, I do a lot of location-based processing. I'm quite
> > interested in what's happening in Portland, Oregon, and not so much
> > about the rest of the world. As far as I can tell, there's no geocode
> > parameter for "filter". In addition, I can do a search back in time
> > with Twitter search - with filter, if I don't know what I'm looking
> > for, it's going to go right by me. ;-)
>
> the geo-hose will be eventually available to help specifically with this
> feature -http://www.slideshare.net/raffikrikorian/whats-happening-here.
>
> --
> Raffi Krikorian
> Twitter Platform Teamhttp://twitter.com/raffi

[twitter-dev] Dynamic redirect URL after OAuth login

[Amitab]

Hi,

Is there a way to support dynamic URLs being loaded after OAuth login?

My website has multiple URLs from where a user can sign-in. I want the
user to come back to same Url where they were before clicking on the
Sign_in button. Can I ask Twitter OAuth to redirect to an Url of my
choice by supplying it as a parameter in my OAuth login request.

Thanks,
Amitabh

Follow Twaller @mytwaller

[twitter-dev] Re: Developer Preview: Trends API

[Amitab]

Hi Raffi,

Very interesting and useful since Twitter has so much data.

Could you elaborate more on how you identify that a tweet is of a
particular location. From the data twitter collects, there are three
main sources that come to mind:

1) Location in the profile of the user.
2) Geo tagged tweets having Lat and Long information.
3) Text in the tweet, such as a tweet mentioning San Francisco.

Which of the above three (or combinations of) would you be using to
identify a tweet with a location?

/Amitabha

Twaller.com
Follow Twaller.com @mytwaller

On Nov 9, 2:41 pm, Raffi Krikorian  wrote:
> hi naveen.
>
> that's actually a _really_ interesting idea!  we'll take it under  
> advisement.
>
>
>
>
>
> > Looks very interesting.
>
> > Something that pops to mind right away is maybe on the trends/
> > available accept a latitude and longitude to sort available trends by
> > distance from a specific location (useful for mobile tweeters). It is
> > unclear how many "locations" you plan to support but if the number is
> > anything significant some method of searching/sorting through
> > available trends will be extremely useful.
>
> > --Naveen
>
> >> We've heard from lots of users that trending topics, as seen on the
> >> twitter.com homepage and on search.twitter.com, are a fun way to
> >> figure out what's going on in the Twitter-verse at this very instant.
> >> The one feature request that we've heard over and over, however, is
> >> "what's going on where I am?".  To answer that, we wanted to give you
> >> all a heads up regarding the new "Trends API" that we're launching.
> >> This API will open up trending information that is specific to a
> >> number of locations around the world.
>
> >> At a high level, there will be two new endpoints:
>
> >> * an endpoint to give a listing of all locations that trends are
> >> available for, and
> >> * an endpoint to actually allow you to query by a specific location.
>
> >> We're using Yahoo!'s Where on Earth IDs (WOEIDs) to name each  
> >> location
> >> that we have information for -- we're doing so because those IDs give
> >> not only language-agnostic, but also permanent, stable, and unique
> >> identifiers for geographic locations.  For example, San Francisco has
> >> a permanent and unique WOEID of 2487956, London has 44418, and the
> >> Earth has WOEID 1.  You can find out more about those IDs 
> >> athttp://developer.yahoo.com/geo/geoplanet/
> >> .  The EXAMPLES section at the bottom of the documentation's landing
> >> page shows an example of how to find out the WOEID of a specific  
> >> place.
>
> >> To start reading through the documentation, check out:
>
> >>https://twitterapi.pbworks.com/Twitter-REST-API-Method%3A-trends-avai...
> >> ...
>
> >> It should be noted that at launch, unlike the trends that are
> >> available by the search API, these localized trends will not be  
> >> rolled
> >> up into daily and weekly trends.  Those rollups may come in a future
> >> release.
>
> --
> Raffi Krikorian
> Twitter Platform Team
> ra...@twitter.com | @raffi

[twitter-dev] Re: OAuth wed & desktop feedback

[Amitab]

For me, the biggest pain with Oauth is when the redirection to Twitter
gives a "Twitter is busy, too many people are tweeting" response. For
websites/ applications that are pretty small, each person who is
willing to try out is immensely valuable. I hate it when I loose that
person (probably permanently) just because twitter couldn't support
the log in process.

I saw this happening a lot of times today morning. It is a problem
that keeps recurring.

This is what I would want to improve in OAuth:
1) Get the login process working 99.999% time. I can cache the
remaining things but ic annot cache the login process.
2) Please integrate the OAuth authntication with my branding. At the
moment it is just the logo. I would like to have the whole background
be of my branding.

/Amitabh

Follow Twaller.com @mytwaller

On Oct 12, 1:20 pm, Abraham Williams <4bra...@gmail.com> wrote:
> A number of older threads for 
> reference:http://groups.google.com/group/twitter-development-talk/browse_thread...http://groups.google.com/group/twitter-development-talk/browse_thread...http://groups.google.com/group/twitter-development-talk/browse_thread...
> http://groups.google.com/group/twitter-development-talk/browse_thread...http://groups.google.com/group/twitter-development-talk/browse_thread...
> 
>
> On Mon, Oct 12, 2009 at 15:00, Duane Roelands wrote:
>
>
>
>
>
> > Please do NOT adopt anything like the Facebook model.  Facebook
> > authentication for desktop applications is a nightmare.  You have to
> > programatically interact with the browser and it's an enormous hassle.
>
> > I think that the OAuth flow for desktop applications is fine as-is.
> > Mobile apps need some love, no question, but for desktop apps, I don't
> > think anything is all that broken.
>
> > On Oct 12, 3:38 pm, Isaiah  wrote:
> > > > 1. What can be improved about the web workflow?
>
> > > I'll leave this one for the web dudes.
>
> > > > 2. What can be improved about the desktop workflow?
>
> > > The UX:  it's currently very complicated for the user.  Much more more
> > > complicated than basic auth.  Users are unaccustomed to it.  Novelty
> > > isn't a bonus during authorization.
>
> > > The browser:  drop-kicking the user to another app seems egregious.
> > > Make it so that this is unnecessary and the UX problem is nearly solved.
>
> > > The assumption:  there seems to be an assumption that twitter clients
> > > are *not* trusted and the web browser *is* trusted.  But the reality
> > > is that all of the phishing, scams, and untrusted things that I'm
> > > bombarded with daily come in the browser.  Please help me to resolve
> > > this paradox.
>
> > > > 3. What other models of distributed auth do you think we could learn
> > > > from and what specifically about them?
>
> > > All of the clients for everything that needs authorization on my
> > > desktop use a basic-auth-like model:  email, ftp, backup services,
> > > picture sharing, blogging, well, you get the idea.  I'm not saying
> > > it's right or wrong, but that is the way it is.
> > > I want my app to be part of that ecosystem and not stand out like a
> > > sore thumb.
>
> > > Make matching the user experience of other desktop apps your goal.  If
> > > you can't achieve that goal, then maybe OAuth isn't ready for the
> > > desktop.  Or perhaps it's more apt to say that the desktop is not
> > > ready for OAuth.
>
> > > If you say, "it's really no big deal to add this one step," then
> > > stop.  It **is** a big deal.  Every step added is **really** big
> > > deal.  Really.
>
> > > > 4. What could we improve around the materials for integrating OAuth
> > > > into your application?
>
> > > It's not all the complicated to implement.  There's a lot of open
> > > source on web in a multitude of languages.
> > > If you have manpower to throw around, please work on the UX first.  ;-)
>
> > > I'd be happy to contribute to any open source project that helps to
> > > achieve this.  Count me in.
>
> > > Isaiah
>
> --
> Abraham Williams | Community Evangelist |http://web608.org
> Hacker 
> |http://abrah.am|http://twitter.com/abrahamhttp://web608.org/geeks/abraham/blogs/2009/10/03/win-google-wave-invite
> This email is: [ ] blogable [x] ask first [ ] private.

[twitter-dev] Re: Noise-tweet regex repository

[Amitab]

This is something very useful.

At Twaller.com we use filtering based on dictionary words, these words
include http, www, com etc. and also abusive words. However the lists
of such words keeps on growing and recently we have also added RT to
it since there are too many retweets which dont add value. Some regex
rules would be great, but I doubt we can have regex for abusive words.

Amitab

Follow Twaller @mytwaller



On Oct 8, 4:22 pm, Sam Street  wrote:
> It's a nice idea. I'd go ahead with it - but also release the regex
> publicly.
> Apps make enough external requests as it is
>
> On Oct 9, 12:14 am, Dewald Pretorius  wrote:
>
> > I think it might be a better idea to publish the regex code somewhere,
> > so that developers can directly include it in their apps if they want
> > to.
>
> > If you provide a web service, can I send my users to your email
> > address or support system if your regexs reject their tweets as false
> > positives? ;-)
>
> > I suck at regex. Regex is for super intelligent beings levitating on a
> > much higher and different intellectual stratus than me. So, any kind
> > of regex that can be copied and pasted is always very welcome.
>
> > Dewald
>
> > On Oct 8, 6:28 pm, Dave Briccetti  wrote:
>
> > > I detest tweets like these:
>
> > > just joined a video chat athttp://xxxMakeyourown video chat 
> > > athttp://xxx#xxx
> > > just joined a twibe ...
>
> > > I am thinking of starting a repository of regular expressions matching
> > > noise-tweets like these, that Twitter clients could query via a Web
> > > Service, and the public could contribute to.
>
> > > Is this a good idea?

[twitter-dev] Re: Updates to the retweet API payload

[Amitab]

Great, I think this is much better and provides a better way of
identify which tweet is a retweet and which is not.

/Amitab

Follow Twalle @mytwaller

On Sep 30, 4:08 pm, Marcel Molina  wrote:
> We've updated the retweet payload to look a lot more like a regular
> tweet's payload. We find this change makes the retweet API
> conceptually simpler, easier and more convenient to work with and
> better overall. I've linked to examples of the new payload below, and
> will be updating documentation shortly, but first I'd like to share
> some background on what we've learned working on the retweet API over
> the past few weeks.
>
> One of the big objectives of the retweet feature is discovering new
> users to follow. We wanted the original status and its author
> highlighted front and center so they get due credit for the tweet
> someone you follow found worthy of retweeting. To that end the API was
> designed to emphasize the original tweet by having it be the top level
> object. Embedded within it we provided details about who retweeted it
> and when.
>
> Though this makes a statement to how we'd like the feature to be
> thought about, logistically it doesn't degrade gracefully for clients
> who don't implement any retweet logic in their code. Tweets appear in
> timelines from people who you do not follow and unless clients
> differentiate those tweets visually letting you know that someone you
> follow has shared this tweet, confusion ensues.
>
> To mitigate this, we opted to not include retweets into the existing
> friends timeline. Instead we created a new parallel home timeline that
> would be just like the friends timeline but included retweets. That
> way developers could opt in to the retweet feature at their leisure.
> Even with this opt in policy, though, there is still a critical
> responsibility imposed on developers to clearly communicate to their
> users that a given tweet in their timeline is a retweet and who the
> retweet is from. The likelihood that confusion would result turned out
> to be too high.
>
> Additionally, with the original status as the top level object in the
> payload, that means consumers of the API would receive what appears to
> be the same tweet multiple times. In a lot of cases that's fine, in
> others it's problematic.
>
> After experimenting with this approach we've decided that it's a
> better bet to craft a payload that will degrade far more gracefully.
> So we've redesigned the retweet payload. Rather than having the
> original tweet as the top level status with embedded details about who
> retweeted it, the retweet is the top level object and within it we
> include the original tweet and its author. You'll have full access to
> the entire retweeted status and user as well as the original tweet and
> its user. So you don't have to make any additional API calls and
> should have everything you need to display a retweet distinctively
> with attribute to both the original author and the retweeter. In other
> words, these retweeted statuses look a whole lot like regular
> statuses. This new design was our instinct to begin with and we
> probably should have gone with it. We think it's better and hope you
> do too. All the same documented resources will exist. Only the
> payloads change.
>
> The following timeline should contain examples of the updated retweet
> payload. You can use this to test consuming retweets.
> curlhttp://twitter.com/statuses/user_timeline/testiverse.xml
> curlhttp://twitter.com/statuses/user_timeline/testiverse.json
>
> In the event that new tweets go into the above timeline that push the
> retweets out, you can access a few directly at the following urls:
> curlhttp://twitter.com/statuses/show/4452134416.xml
> curlhttp://twitter.com/statuses/show/4452466408.xml
> curlhttp://twitter.com/statuses/show/4349744308.xml
>
> The above payloads don't contain a "retweet_count" element yet and
> they probably will. Other than that we don't suspect any more major
> changes as we approach a full public launch. As always, though, we're
> open and solicitous of everyone's feedback.
>
> Thanks.
>
> --
> Marcel Molina
> Twitter Platform Teamhttp://twitter.com/noradio

[twitter-dev] How does search get affected by Retweet APIs

[Amitab]

Hi,

How do search results get affected when the ReTweet APIs become
public. Do the search results consider Retweets as separate tweets and
show them multiple times. Or do they ignore RTs since they dont
contain any new content.

As a developer at Twaller.com, I get frustrated when multiple Retweets
get returned by search. Since there is sometimes no pattern to
identifying Retweets (Repople use RT in many ways), a text matching
algorithm frequently does not identify the retweets. I wonder if the
Retweet functionality will solve my problem.

Thanks,
Amitab

Follow Twaller @mytwaller

PS: Apologize if this has lalready been answered, but I couldn't find
it in previous posts

[twitter-dev] Re: Search API Rate Limiting and Performance

[Amitab]

I have exchanged emails with Twitter on this and I believe they are
working on it.

We use search extensively at www.Twaller.com . The errors in search
that we are seing is as follows:

(1) HTTP status code: 403
 Message:The request is understood, but it has been refused.  An
accompanying error message will explain why.

(2)HTTP status code: 503
Message:Service Unavailable: The Twitter servers are up, but
overloaded with requests. Try again later. The search and trend
methods use this to indicate when you are being rate limited.

(3) HTTP status code: -1
Message:Read timed out

These errors are becoming more and more frequent lately.

/Amitab



On Sep 1, 5:41 pm, Dewald Pretorius  wrote:
> Twitter team, can you please do something about the performance and
> rate limiting of the Search API.
>
> It is becoming completely unworkable. I have jumped through all the
> hoops, with unique User Agents, sleeping my scripts in-between API
> calls, and yet the rate limiting is just becoming more severe, and the
> performance is just becoming slower and slower.
>
> Please help. A lot of us are using Search to provide services, and I
> am sure it is not only my service that is hurting very much under the
> present circumstances.
>
> Dewald

[twitter-dev] Re: Search API sometimes returning random tweets mixed in?

[Amitab]

I have seen the same which is affecting quality of results at
Twaller.com. I have communicated this issue with the Twitter Team, you
can see my post at this forum 3-4 daya back. This seems to be a very
recent phenomenon.

On Aug 20, 7:42 am, Marco Kaiser  wrote:
> Hi,
> we are receiving an increasing number of reports from users about search
> results containing tweets that don't match the search query. It doesn't seem
> to be reproducable, i.e. a later request for the same query does not contain
> the false results. We've also seen from user reports on twitter that other
> clients seem to be affected.
>
> Anyone got an idea what's going on? Or can someone confirm that he's also
> running into that issue?
>
> Thanks,
> Marco

[twitter-dev] How does search API work

[Amitab]

Hi folks,

Could someone educate me about how Twitter search works? The Twitter
documentation merely mentions: Returns tweets that match a specified
query.

Is that that the results are guaranteed to have all the words that are
searched? Or any one of them? Or is this a best effort scenario.

At Twaller.com , we use search API a lot. Obver the past 3 days, we
have noticed really irrelevant results which leads to very irrelevent
tweets displayed on Twaller.com. One happened just now:

Search query: "eating at Daejeon"

Result: juhasaarinen@matt_stephenson Hmm. Wonder if there's a VM
setup that runs in Win7 x64?

This result is absolutely irrelevant. Funny thing is that this lasted
abt 5 mins, after which search correctly didn;t return this result.

Given the quality of some of the search results, I am inclined to
check internally whether the search result contained the searched
terms. But it would be good to get some feedback before we started
implementing that way.

Thanks,

Amitab
Twaller.com

[twitter-dev] Re: Twitter4J 2.0.9 released - introduces tons of bugs, and lots of new features including Android support

[Amitab]

Thanks a lot Yusuke,

Did you do any major changes to Oauth aoart from fixing TFJ-187?

I will get working with this for twaller.com

/Amitab

On Jul 30, 5:36 am, Yusuke Yamamoto  wrote:
> Versoin 2.0.9 is not meant to introduce tons of bugs, it actually  
> *fixes* tons of bugs of course.
> --
> Yusuke Yamamoto
> yus...@mac.com
>
> this email is: [x] bloggable/tweetable [ ] ask first [ ] private
> follow me on :http://twitter.com/yusukeyamamoto
> subscribe me at :http://yusuke.homeip.net/blog/
>
> On 2009/07/30, at 2:16, Yusuke Yamamoto wrote:
>
>
>
> > Hi all,
>
> > Twitter4J 2.0.9 is available for download.
> >http://yusuke.homeip.net/twitter4j/en/index.html#download
> > It is(or will be) also available at the Maven central repository.
> >http://repo1.maven.org/maven2/net/homeip/yusuke/twitter4j/
> > Snapshot builds can be found at:
> >http://yusuke.homeip.net/maven2/net/homeip/yusuke/twitter4j/
>
> > Release Notes - Twitter4J - Version 2.0.9 - HTML format
> > Bug
> > [TFJ-167] - push style streaming thread quits with IOException
> > [TFJ-173] - " is mapped to \\u0022
> > [TFJ-175] - Streaming API now requires comma separated follow  
> > parameter
> > [TFJ-181] - ExceptionInInitializationError on Android platforms
> > [TFJ-187] - SerializationException with twitter4j.http.OAuth
> > [TFJ-189] - TwitterException with streaming API :  
> > twitter4j.TwitterException: JSONObject["id"] not found with  
> > streaming api
> > Improvement
> > [TFJ-174] - inconsistent method names in User Methods
> > [TFJ-177] - the scope of the junit dependencies in the pom should be  
> > set to test
> > [TFJ-178] - getPublicTimeline(int sinceID) should take long sinceId
> > [TFJ-179] - scope of junit should be "test", not "compile"
> > [TFJ-180] -http://twitter.com/statuses/friends_timeline/
> > .xml is not supported anymore
> > [TFJ-182] - ExceptionInInitializerError with Java applets
> > [TFJ-183] - method name refactor: RateLimitStatus.getDateTime() ->  
> > RateLimitStatus.getResetTime()
> > New Feature
> > [TFJ-163] - introduce twitter4j.properties that overrides default  
> > properties
> > [TFJ-170] - dynamic callback support
> > [TFJ-176] - Streaming API : support track method
> > Task
> > [TFJ-184] - refactor: some fields in HttpClient can be static
> > [TFJ-190] - slf4j, and rome are not required libraries, scope in  
> > pom.xml should be "provided" instead of "compile"
> > Cheers,
> > --
> > Yusuke Yamamoto
> > yus...@mac.com
>
> > this email is: [x] bloggable/tweetable [ ] ask first [ ] private
> > follow me on :http://twitter.com/yusukeyamamoto
> > subscribe me at :http://yusuke.homeip.net/blog/

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

[Amitab]

On Jul 28, 4:16 pm, Isaiah  wrote:
> I publish an open source example of using a OAuth in a standalone mac  
> app -- so I'm bought in to the OAuth idea.  But it wasn't easy, I had  
> to fight to make it appear even somewhat integrated, and the lack of  
> security around my apps private keys really freaks me out.
> On the other hand I see a lot of posts like this where I tilt my head  
> and say, "what are you talking about?" Because I just don't get where  
> you're coming from.  It's like there's some hidden assumption someone  
> forgot to tell me.
>
> So, please don't take offense, I'd just like to play devil's advocate  
> and ask you to back up these reasons with some more info.  I'll try to  
> be specific about what seems odd, or at least odd to me:
>
> > I really loved OAuth because:
>
> > (1) Ease of coding. I could get OAuth working within a couple of days.
>
> You're saying that OAuth was easier to implement than basic auth?  How  
> so?  Basic auth just places the authorization info into the request --  
> oauth requires the entire token request, token exchange, token  
> inclusion dance.
> At best I could see someone arguing that it's roughly the same because  
> you can use a nice library either way, but saying OAuth is actually  
> easier seems a bit far fetched.
>
I was merely advocating about OAuth here. I didn't play around with
BasicAuth since OAuth was available when I started developing
twaller.com. I wanted to respond to comments which said, OAuth is hard
to code etc., by saying I didn't feel that way, mainly because I used
the library Twitter4J.

> > Saves me any password maintenance, encryption etc.
>
> But how do you maintain the user's auth tokens?  Since they're  
> basically as powerful as a password (so long as the user has not  
> turned them off) they need to be given the same care, right?
> In my implementation I save them just like passwords.  Are other  
> developers not doing this?  If not why not?
>

I think there is a difference. I find passwords messy because if
someone wants to misuse them, they can potentially misuse them for
other websites beyond twitter. Many people including myself have
similar usernames and exactly the same password in multiple websites.
So if I accidently leak a password, and someone uses that to login a
bank website and make a financial transaction, that will not look very
good.

Oauth token's are limited to Twitter use. At the moment, i am not
encrypting it in my database.


> > (2) Integration with Twitter Branding. With the OAuth scheme, I
> > believe my website is more integrated with Twitter. It would also be
> > nicer if Twitter would maintain their own list of websites they trust
> > with Oauth, just to give users the added confidence that Twitter
> > trusts me.
>
> I'm sure if Twitter decided that tomorrow that OAuth was out, and that  
> PAuth or QAuth were the new black, then those would be "more  
> integrated."  My point being that this is not an advantage intrinsic  
> to OAuth, just an advantage of using the currently blessed standard.  
> I'll give you that one, if you also agree if that if tomorrow Twitter  
> decided Basic Auth was the way forward, Basic Auth would then be more  
> integrated than OAuth.

I meant the process of going to Twitter for a login makes me feel that
my application is integrated with them. As oppossed to merely saying,
please supply your Twitter name and password to my website.

>
> > (3) Saves me worrying about SSL. A lot of people are finicky about
> > HTTPS/SSL. This was I can just ytell them that if Twitter wants Oauth
> > that way in future, we will simple provide it.
>
> But doesn't that mean that people sniffing on the network where you  
> host your app could potentially grab the authentication tokens of your  
> users as they fly by?  Or even just your application tokens if they  
> were interested in spoofing you?
> I don't mean to be paranoid, but my rather tiny little site was  
> attacked and compromised once a week by evil folks in June -- 4  
> different attacks by four separate security holes (note to self, don't  
> run a wiki on the same host as my web store).

That is a very valuable suggestion. I was thinking of hosting multiple
things on the same host, I will avoid that now.

 >These jerks are  
> everywhere now, and they're the real deal.  They have a lot of cash  
> and a lot of patience to think of new ways to exploit your resources  
> to their own end.


>
> > The part I hate about OAuth is that the OAUth page is extremely slow
> > to load and sometimes does not load at all. I see this issue with the
> > Twitter website in general as well, sometime postst from the web just
> > don't go through. I would much appreciate if people at Twitter can
> > address scalability problems to OAUTH, because that I believe is the
> > biggest user turnoff.
>
> I've noticed this too.  From an outsider layperson's point of view is  
> seems as though we're pushing every authorization reques

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

[Amitab]

As a developer who has recent launched Twaller (http://
www.twaller.com) which supports OAuth, I think I should share my
perspective on this.

I really loved OAuth because:

(1) Ease of coding. I could get OAuth working within a couple of days.
Saves me any password maintenance, encryption etc.
(2) Integration with Twitter Branding. With the OAuth scheme, I
believe my website is more integrated with Twitter. It would also be
nicer if Twitter would maintain their own list of websites they trust
with Oauth, just to give users the added confidence that Twitter
trusts me.
(3) Saves me worrying about SSL. A lot of people are finicky about
HTTPS/SSL. This was I can just ytell them that if Twitter wants Oauth
that way in future, we will simple provide it.

The part I hate about OAuth is that the OAUth page is extremely slow
to load and sometimes does not load at all. I see this issue with the
Twitter website in general as well, sometime postst from the web just
don't go through. I would much appreciate if people at Twitter can
address scalability problems to OAUTH, because that I believe is the
biggest user turnoff.


On Jul 28, 1:11 pm, JDG  wrote:
> It's only a scare if the development community neglects or refuses to
> educate the populace at large that only Twitter really needs your password,
> so why give it to anyone else?
>
>
>
> On Tue, Jul 28, 2009 at 13:27, jahbini  wrote:
>
> > Sorry about your Oauth Implementation, Mine's been working steadily
> > with no hiccups: Lot's of very solid implementations out there.
>
> > As far as the user sign-up problem, Yeah, I agree, It's a bit of a
> > scare for the user to have to connect to an off-site twitter authority
> > page -- But that's what Facebook, paypal and all the big boys are
> > pushing toward.
>
> > As Robert Palmer once said: "Your gonna have to face it, your addicted
> > to passwords".
>
> > Jim
>
> > On Jul 28, 1:27 am, chinaski007  wrote:
> > > Let's be honest...
>
> > > The end-result for third-party developers using OAuth appears to be
> > > fewer sign-ups, less reliability, more complexity, and potentially
> > > less security.
>
> > > Google Optimizer reveals that users are more likely to sign-up for
> > > Basic Auth than OAuth.  That's just fact.  Test it for yourself to
> > > confirm.
>
> > > I suppose this is not so weird.  Users are accustomed to giving user/
> > > pass information even to "foreign" apps.  It is far more disruptive
> > > and invasive for them to go to some bizarre Twitter screen asking them
> > > to "approve an app".  To the average user, what does that mean?  (And,
> > > heck, it may even require more steps if they have to login again to
> > > Twitter.)
>
> > > In terms of reliability, Twitter OAuth was down for days several weeks
> > > ago.  Tonight yet another unannounced change occurred that broke major
> > > code libraries.  Meanwhile, Basic Auth has been plugging along just
> > > fine and dandy...
>
> > > So what IS the benefit of OAuth?
>
> > > It doesn't benefit developers as you will likely get more sign-ups
> > > with Basic Auth and Basic Auth is far, far easier to setup.  Sure,
> > > OAuth might satisfy some power users hungry for security...
>
> > > But is OAuth even more secure than Basic Auth?
>
> > > Perhaps not.  After all, tonight's fix was for an OAuth security flaw
> > > known for at least 10+ days (judging by tweets to @twitterapi) that
> > > allowed for potential impersonations of credentialed users.
>
> > > On the heels of Twitter's (unofficial) assurance of better
> > > communication with developers, this sort of unannounced change is
> > > distressing.  What's next?  (Have Labor Day Weekend plans?  You might
> > > want to cancel those... just the right time for Twitter to make an
> > > unannounced API change!)
>
> > > As for us, we are in the strange position of deprecating OAuth in
> > > favor of Basic Auth.
>
> > > Weird, eh??
>
> > > Okay, we are not totally deprecating OAuth, but we are advising users
> > > that Basic Auth is far more robust and reliable.
>
> > > And so our message to new developers: avoid OAuth like the plague.  If
> > > you must, offer it.  But let Basic Auth be your backbone: more
> > > reliable, more sign-ups, simpler, and probably just as secure.  (Just
> > > look at Google Code bug reports about OAuth to get a sense of
> > > reliablity.)
>
> > > (Okay, okay, this post was written at 4am after a workday that started
> > > at 8am, and after Twitter introduced this new change at 5pm... (hey
> > > Twitter, can you introduce major new changes EARLIER in the day so we
> > > can react!?!?)... it still doesn't excuse Twitter's continued
> > > disregard for the small-to-medium size developer.)
>
> --
> Internets. Serious business.