r the same regulations, although that may be
dependent on whether the receiver has the means to decrypt them.
--
Dave Sherohman
ney to my account, or to lock you out
of your bank account, and I'll forget them as soon as the deposit has
been made. Really. I promise.
*That* is the problem with Basic Auth, regardless of whether I use https
when I log in to your bank account or not.
--
Dave Sherohman
app and link another
without having to go to twitter.com and find the 'revoke credentials'
page.
--
Dave Sherohman
being the biggest-name
application using an embedded SQLite database engine to handle its data.
http://en.wikipedia.org/wiki/SQLite
--
Dave Sherohman
--
Subscription settings:
http://groups.google.com/group/twitter-development-talk/subscribe?hl=en
an the average refresh delay required by
those clients which fall under the API rate limit. I submit, therefore,
that any such delay caused by waiting for buckets to close will be
inconsequential.
--
Dave Sherohman
eshing it with the latest fresh profile data
whenever I send or retrieve a status update for the user - that
information is already coming back with the status, so I can update it
without having to wait for any extra requests to complete.
--
Dave Sherohman
es.
"Most frequent case" does not imply "secure". If it did, we wouldn't
bother with passwords or authentication at all because, hey, it's pretty
much only ever me who uses my Twitter account. Only a miniscule number
of attempts to update @DaveSherohman's status are made by people other
than me.
--
Dave Sherohman
n that desktop/mobile
apps are vulnerable to having their OAuth keys extracted from them, in
which case they could still be impersonated, but that's the reasoning
I've seen given previously for the policy.)
--
Dave Sherohman
not seeing any
coherent argument for how the planned third oauth flow will, in any way,
be *worse* than the existing basic auth scheme. It may not be an
absolutely perfect world in which absolutely nothing except Twitter
itself is capable of accepting a Twitter password, but it's still a big
improvement on what we have today.
--
Dave Sherohman
On Fri, Dec 11, 2009 at 01:27:48AM -0600, Abraham Williams wrote:
> On Fri, Dec 11, 2009 at 00:53, Dave Sherohman wrote:
> > - If oauth is the only allowed authentication method, a rogue app would
> > not be able to gain full access to your account. Perhaps most
> > impo
f without providing the
necessary crypto keys and algorithms to you in some form. Once I have
done so, there is no way to prevent you from using them in ways other
than those which I intended.
--
Dave Sherohman
oauth flows because there is no
way to bring up a browser. It in no way prevents or discourages use of
the existing oauth flows in scenarios where a browser is available.
Really, the current lack of oauth delegation is a far bigger obstacle to
being able to say "don't give your Twitter password to anyone else" than
the ability to turn a username/password into oauth credentials will ever
be.
--
Dave Sherohman
side, I'm sure it will simplify things considerably for
all API methods to support only a single authentication method.
--
Dave Sherohman
;m all for Twitter doing what they can to suppress
it. It just would have been nice if rejected updates had been reported
as errors (which they are) from square one.
--
Dave Sherohman
ishing niche site, so non-fishing photos wouldn't be entirely
welcome there,
b) it does not provide an API, OAuth-based or otherwise, and
c) I had to write it myself.
--
Dave Sherohman
ly be
just as well off building the regex by hand. The main reason I'm using
Regexp::Assemble to do it on the fly is because manually creating and
then maintaining a regex that will efficiently match any of 1300 terms
would be a nightmare.
--
Dave Sherohman
know of anything like it?
>
> Thanks all
--
Dave Sherohman
cal database of tweets, my first thought to emulate this would be to
check the tweets' in_reply_to_user_id properties.
--
Dave Sherohman
27;m fairly certain it's over six months
ago. Any application registered after that date *cannot* use the source
parameter to identify itself. You *must* authenticate using OAuth if
you wish your application to be identified as the source of updates.
--
Dave Sherohman
7;s very doable (quick, even), despite having
far more than 10 keywords involved.
--
Dave Sherohman
The search function operates on
complete words only, with no special-case handling for @usernames.
"w...@yegle" doesn't match "@yegle" for the same reason it doesn't match
"it": they're substrings embedded within the word, not the complete
word.
--
Dave Sherohman
ed, but should work. Note that the maintainer of
Net::Twitter was talking a couple months ago about wrapping the
retrieved messages up into objects, so $tweet may no longer be a bare
hashref; I just haven't needed to update my direct Twitter-interfacing
functions since then so I haven't stayed on top of it. Check the
Net::Twitter documentation for full details.)
--
Dave Sherohman
sted technique to shut them all down en masse at the cost of less
than one day of a single employee's time (and they may have other
techniques they could use which would be more effective and/or even
quicker to implement). It's a question of will and of policy.
--
Dave Sherohman
e last
hour/day. This change sets the stage for serving both of us better.
--
Dave Sherohman
race conditions in which it would fail, too), but it does
require you to keep that latest seen ID around and relatively
up-to-date.
--
Dave Sherohman
before concerning myself
with it), but would you mind sharing your issues with it, either here or
off-list if you think that would be more appropriate?
--
Dave Sherohman
shortening, you'll think
it failed unless you remember to ignore URLs when comparing the text)
and false negatives (if the update is a duplicate of the user's most-
recent status, the text will match even though the update failed), but
YMMV.
--
Dave Sherohman
Twitter to allow the optional
> > specification of one or more hashtags when associating an account with
> > a list, which would indicate tweets from that account should only
> > appear under this list IF these hashtags are part of the tweet.
> >
> > Leon
> >
--
Dave Sherohman
updates have been sent during that time.
rv1 = send_tweet(tweet1); # OK
rv2 = send_tweet(tweet2); # OK
...
rv100 = send_tweet(tweet100); # OK
rv101 = send_tweet(tweet1); # Fails, if within some unknown time limit
--
Dave Sherohman
status will also produce incorrect
results when the submitted status is rejected for being identical to the
user's most-recent previous status. Depending on your application,
failure in this scenario may or may not be relevant.
--
Dave Sherohman
just figured out that when calling statuses/updatewith a text
> > > > longer than 140 chars, the reply of that API call will be 200 OK with
> > > > the laststatusof the user.
> >
> > > > Wouldn't it be better to return some sort of error message?
> >
> > > > The same seems to be happening when sending a duplicate tweet.
> >
> > > > Ole
> >
> > > > --
> > > > Jan Ole Suhr
> > > > s...@mobileways.de
> > > > On Twitter:http://twitter.com/janole
--
Dave Sherohman
he whole thing. Failing
silently is *never* the right answer in an API or other library code.
--
Dave Sherohman
really
needs to stop rejecting updates silently and add some kind of indicator
(a non-200 HTTP status, an extra flag in the response payload, whatever)
to tell us when the update had been rejected (and, ideally, why).
--
Dave Sherohman
for the silent failure, so I can't report the cause to my users.
Andy Freeman has mentioned that, in the case of rejection due to
duplication, this is also unsatisfactory in that it does not allow him
to identify the original status which was duplicated.
--
Dave Sherohman
at I recall
> seeing or can find now. This is a pretty significant change in
> behavior for existing clients.. We are failing to post because people
> are not getting an error and they believe it is our problem.
Agreed. That is a definite problem.
--
Dave Sherohman
will
indicate when this has happened, or if the update has been rejected for
any other reason? Failing silently does not seem appropriate,
particularly when the failure returns the user's previous status.
--
Dave Sherohman
36 matches
Mail list logo