[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

2009-07-27 Thread chinaski007
Not sure if my message went through. I am also getting this error... incorrect signature as of about 30 mins ago. Any ideas??? On Jul 27, 5:26 pm, goodtest goodtest...@gmail.com wrote: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

2009-07-27 Thread chinaski007
Yep, likewise. I am getting 100s of incorrect signature errors. On Jul 27, 5:26 pm, goodtest goodtest...@gmail.com wrote: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

2009-07-27 Thread chinaski007
Doug: Does this mean that Marcel made a fix for this? Or rather that we should examine our code to find the culprit? Thanks, Peter Bray On Jul 27, 6:24 pm, Doug Williams d...@twitter.com wrote: Updating you guys on this problem. A bug was reported off list that informed us we were not

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

2009-07-27 Thread chinaski007
This is very frustrating.

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

2009-07-27 Thread chinaski007
This is frustrating for those of us relying on authentication libraries which now may no longer work. The apparent solution is to either recode the possibly problematic library oneself, or encourage users to swap to Basic Authentication. While I certainly understand Twitter's need to ensure

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

2009-07-27 Thread chinaski007
It appears that this has been a known issue for 10 days, at least judging by this tweet: http://twitter.com/timwhitlock/statuses/2697185141

[twitter-dev] Re: Twitter: What did you change in OAuth?

2009-07-27 Thread chinaski007
Confirmed. Google Playground does not work.

[twitter-dev] Re: Potential Solution To OAuth Problem

2009-07-27 Thread chinaski007
This may solve your problem, but it doesn't work for me. I am getting errors for API calls that have no spaces, such as create friend, destroy, etc.

[twitter-dev] Re: Potential Solution To OAuth Problem

2009-07-27 Thread chinaski007
Using Perl libraries. Will mess around and see what I can do. Super annoying.

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

2009-07-28 Thread chinaski007
I have found the problem in the Perl library I am using.

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

2009-07-28 Thread chinaski007
I have found the problem in the library I am using: First, a Twitter request object is created. Second, a signature is generated. Third, params are then added to the request object. This addition of the params after the signing invalidates the signature. All params need to be added before

[twitter-dev] Lesson of the day: Basic Auth is better than OAuth.

2009-07-28 Thread chinaski007
OAuth is just not ready for primetime on Twitter. I have used Google Optimizer to test user response to OAuth versus Basic Auth, and users are far more likely to give Basic Auth details rather than cumbersome and weird (from the user's perspective) OAuth. From the user's perspective, OAuth

[twitter-dev] Lesson of the day: Basic Auth is more reliable/better received than OAuth.

2009-07-28 Thread chinaski007
Do you use Google Optimizer? If not, go there. Setup a test to compare sign-ups to your app between OAuth and Basic Auth. Give 50% the option to sign up with OAuth; 50% the option to sign up with Basic Auth. The results may surprise you. In my tests, I have found statistically significant

[twitter-dev] Re: Lesson of the day: Basic Auth is more reliable/better received than OAuth.

2009-07-28 Thread chinaski007
(I should mention that this post was made at 3am after handling errors due to surprise, surprise Twitter API changes to OAuth made at ~5pm (some kind of joke to checkin changes at end of workday??)... and that's after a 8am workday start. And that's after last week's limit to verify_credentials

[twitter-dev] Re: Lesson of the day: Basic Auth is more reliable/better received than OAuth.

2009-07-28 Thread chinaski007
(Then again, given that this was a Twitter security flaw, I guess I can kind of understand how they favored not to pre-announce this fix. That said, some consideration to developers would have been appreciated.)

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

2009-07-28 Thread chinaski007
Sorry about that... I deleted those threads before posting this one. I gather you are choosing to receive emails individually. The tests were statistically significant at 95% confidence levels. On Jul 28, 8:09 am, TjL luo...@gmail.com wrote: On Tue, Jul 28, 2009 at 7:27 AM,

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

2009-07-28 Thread chinaski007
them money? I think that is the statistical significance to which TjL was referring. At least, I hope so. On Tue, Jul 28, 2009 at 12:12, chinaski007 chinaski...@gmail.com wrote: Sorry about that... I deleted those threads before posting this one. I gather you are choosing to receive

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

2009-07-28 Thread chinaski007
OAuth IS unfamiliar, YES. OAuth DOES ask more of the user, YES. So what's the upside for the third-party developer? In terms of security, we've already seen how OAuth-like applications in, e.g., Facebook have led to massive hacker/phishing/etc problems. While OAuth solves one leg of the

[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst

2009-07-28 Thread chinaski007
Ugh, terrible situation here. Things working 99.9% of the time now with Perl. But we continue to get bizarre intermittent errors that span the range of API calls. We are thinking that internal hash re- ordering may invalidate signatures, but that is just speculation.

[twitter-dev] Re: Stats on what % of users complete the oauth flow

2009-07-28 Thread chinaski007
When you say 95%, do you derive that percentage from the number of people who click on access via OAuth (or whatever) and then Allow the authorization? Or do you mean 95% of the unauthenticated who visit your particular page authenticate via OAuth? On Jul 28, 1:08 pm, jmathai jmat...@gmail.com

[twitter-dev] Re: URI Escape fix for OAuth - correct usage of uri_escape() with Perl

2009-07-28 Thread chinaski007
If you are using Net::Twitter in Perl, the developer released a new release today that now correctly handles OAuth and Unicode-related issues. http://search.cpan.org/dist/Net-Twitter/ On Jul 28, 3:21 pm, Scott Carter scarter28m-goo...@yahoo.com wrote: This post is geared toward Perl

[twitter-dev] Re: OAUTH: Basic Auth is simpler/more reliable/more secure/better received than OAuth!?

2009-07-28 Thread chinaski007
what Facebook, paypal and all the big boys are pushing toward. As Robert Palmer once said: Your gonna have to face it, your addicted to passwords. Jim On Jul 28, 1:27 am, chinaski007 chinaski...@gmail.com wrote: Let's be honest... The end-result for third-party

[twitter-dev] Re: Twitter counts wrong the number of followers

2009-07-28 Thread chinaski007
If I understand your problem correctly, I believe this is already a known issue that Twitter is working on. See here: http://code.google.com/p/twitter-api/issues/detail?id=846colspec=ID%20Stars%20Type%20Status%20Priority%20Owner%20Summary%20Opened%20Modified%20Component

[twitter-dev] Re: Help with my rate limit issue?

2009-07-28 Thread chinaski007
There is no direct way to do this, no. But you might be able to accomplish the same thing in an interesting way. Create a new Twitter account that exclusively follows users of your app. When you request statuses/friends for that new account, you will get current information and most recent

[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...

2009-08-06 Thread chinaski007
Even worse... IPs are showing 0/150 remaining hits constantly, thus bringing my app to a total HALT. On Aug 6, 1:39 pm, chinaski007 chinaski...@gmail.com wrote: UGH!  All of my whitelisted IPs have reverted from 20k/hour limit to a 150/hour limit. Anyone else?? What the heck?!

[twitter-dev] rate limit has reverted from 20000 to 150 for my IPs...

2009-08-06 Thread chinaski007
UGH! All of my whitelisted IPs have reverted from 20k/hour limit to a 150/hour limit. Anyone else?? What the heck?!

[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...

2009-08-06 Thread chinaski007
Okay, IPs now appear to be back to 20k. On Aug 6, 1:51 pm, Haewoon haewoon.k...@gmail.com wrote: me, too. In my case, one of 10 IPs has reverted. On Aug 7, 5:43 am, chinaski007 chinaski...@gmail.com wrote: Even worse... IPs are showing 0/150 remaining hits constantly, thus bringing my

[twitter-dev] Re: Gardenhose API

2009-08-07 Thread chinaski007
My whitelisted IPs were 20k limit, then blocked, then 20k limit, and now blocked again. Can't you somehow sync the API whitelist ips with the host? On Aug 6, 11:18 pm, John Kalucki jkalu...@gmail.com wrote: The DDoS continues. Your stream could dry up due to any number of network components

[twitter-dev] Whitelisted IPs blocked for 12+ hours

2009-08-07 Thread chinaski007
Okay, my high-volume app has been dead in the water for the past 12 hours. My formerly whitelisted IPs have been limited to 150 calls. API calls ARE getting through... but are limited to 150/hour rather than 20k/hour. This suggests to me that the problem is on Twitter's side (rather than with

[twitter-dev] Re: requesting update from Twitter before weekend?

2009-08-07 Thread chinaski007
Frustrating. The last official status update on the API issue was 10 hours ago. I would like to be able to update our app's users of SOMETHING other than Twitter says they are working on it. I am not touching our code to handle all the new hoops on the assumption that those requirements will

[twitter-dev] Re: requesting update from Twitter before weekend?

2009-08-07 Thread chinaski007
, 7:58 pm, chinaski007 chinaski...@gmail.com wrote: Frustrating.  The last official status update on the API issue was 10 hours ago.  I would like to be able to update our app's users of SOMETHING other than Twitter says they are working on it.  I am not touching our code to handle all the new

[twitter-dev] Re: DDoS update: Friday 8PM PDT

2009-08-07 Thread chinaski007
Thanks for the update... keep 'em comin! On Aug 7, 9:53 pm, Dusty dustyrea...@gmail.com wrote: Thank you for the update! Totally appreciate the candidness. On Aug 7, 11:38 pm, Michael E. Carluen mecarl...@gmail.com wrote: Chad, As its been already said but deserves another mention...

[twitter-dev] Re: The silence is deafening....

2009-08-08 Thread chinaski007
If Twitter.com itself were down, you know that they would stay there until it was back up. But since it is just a large number of third party apps that are down... well, hey, it's a weekend in August! Grrr. On Aug 8, 4:55 pm, Dossy Shiobara do...@panoptic.com wrote: Seriously, anyone who has

[twitter-dev] Re: 408 Request Timeout on oAuth Calls to API

2009-08-08 Thread chinaski007
I should have taken my own advice when I ranted about Basic Auth being far more reliable than OAuth. On Aug 8, 3:37 pm, Josh Roesslein jroessl...@gmail.com wrote: Oauth has been on and off through out this DoS attack. Sometimes it work sometimes not. Only work around right now is to fall

[twitter-dev] Error code: 200, OK: 200 ... what is it?

2009-08-08 Thread chinaski007
Now getting a ton of these errors... empty body, and nothing meaningful in headers. What are they??

[twitter-dev] Re: Error code: 200, OK: 200 ... what is it?

2009-08-08 Thread chinaski007
I am now getting OK: 200 errors after requesting, e.g., friends ids. The response returned is the 200 error, and a prematurely ending json of id numbers. wtf? On Aug 8, 7:17 pm, Chad Etzel c...@twitter.com wrote: We have asked Ops about what these responses mean. Waiting on a definitive

[twitter-dev] Re: Error code: 200, OK: 200 ... what is it?

2009-08-08 Thread chinaski007
(Okay, in those I am seeing a header with read timeout... the empty ones are still coming fast and furious.) On Aug 8, 8:59 pm, chinaski007 chinaski...@gmail.com wrote: I am now getting OK: 200 errors after requesting, e.g., friends ids.  The response returned is the 200 error

[twitter-dev] Re: The silence is deafening....

2009-08-08 Thread chinaski007
As other media have noted, when Twitter goes down, people swap to FriendFeed, Facebook, etc. The same thing happens when Twitter apps go down. The problem with this outage is that it largely effects third-party Web-based apps. And so when our apps go down, for whatever reason, people swap to

[twitter-dev] Re: The silence is deafening....

2009-08-09 Thread chinaski007
You're wrong. If you check the tweets of the other main Twitter developers, you will see that they are doing sushi, rock concerts, weddings, watching movies on Saturday afternoon, etc. And while getting married is certainly a legitimate excuse, some of the other activities, during this major

[twitter-dev] Re: The silence is deafening....

2009-08-09 Thread chinaski007
And, by the way, if you're a deckhand on a submarine going down, you think you would go to a movie because it's your time off, or do whatever you can to help out? On Aug 8, 11:47 pm, chinaski007 chinaski...@gmail.com wrote: Part of it is DDOS response, part of it is API issues... as one

[twitter-dev] Re: The silence is deafening....

2009-08-09 Thread chinaski007
Yep, for sure. And maybe the rash of new 200 errors, and OAuth errors, etc, are not under the purview of API (though I would doubt it). But, at the very least, it's over another, what, 48 hours since the last official update. And those developer updates are presumably the responsibility of

[twitter-dev] Re: The silence is deafening....

2009-08-09 Thread chinaski007
My point was that my browsing of the tweetstreams of the Twitter engineers I am familiar with, ops and otherwise, reveals another normal weekend, with all the loveliness that the Bay Area has to offer... and while there may be a bunch of Keebler elves drinking coffee and working hard, I don't

[twitter-dev] Re: The silence is deafening....

2009-08-09 Thread chinaski007
See here: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/acdcb4baf76037c8/d5f4d4204b65d617#d5f4d4204b65d617 On Aug 9, 12:17 am, Bill Kocik bko...@gmail.com wrote: I remember seeing 200 errors somewhere, but I didn't read the details. 200 means status okay,

[twitter-dev] Re: The silence is deafening....

2009-08-09 Thread chinaski007
Chad, you'd definitely be captain of my sinking submarine! ;) On Aug 9, 12:33 am, Chad Etzel jazzyc...@gmail.com wrote: Hi There, First, in my own defense, I feel that my original part-time/day off statement was misconstrued. I was trying to make that point that even though I am way over

[twitter-dev] Re: Twitter Update, 8/9 noon PST

2009-08-09 Thread chinaski007
I am still getting these bizarre OK: 200 errors with returned content like... http://www.w3.org/TR/html4/strict.dtd; -- HTML HEAD META HTTP-EQUIV=Refresh CONTENT=0.1 META HTTP-EQUIV=Pragma CONTENT=no-cache META HTTP-EQUIV=Expires CONTENT=-1 TITLE/TITLE /HEAD BODYP/BODY /HTML On Aug 9, 12:35 

[twitter-dev] Re: Twitter Update, 8/9 noon PST

2009-08-10 Thread chinaski007
Yes, I am also having x-ratelimit not show up after I have received OK: 200 errors. I believe this is due to timeout issues. Specifically, I often find that I am returned partial JSON (lack of closing syntax) without the ratelimit header, e.g.: '_rc' = 200, '_headers' = bless( { 'connection'

[twitter-dev] Re: Social Graph API: Legacy data format will be eliminated 1/11/2010

2009-12-29 Thread chinaski007
Why is Twitter announcing a major API change over the holidays? Why are they giving us just a few (mostly holiday!) days to account for it? Please either a) preserve the existing calls, or b) give us a 3 month window before deprecating. This is a new API change. Given that many have commented

[twitter-dev] Basic Auth deprecation August 16th?

2010-07-28 Thread chinaski007
Any word on if this is still planned? Any further extensions? Or is the drop-dead deadline still August 16th?