[twitter-dev] Re: Apps that Site Hack
100% agree Alan On Mar 5, 1:54 am, nickmilon wrote: > These kind of tools do a lot of damage to twitter ecosystem. > > On Mar 4, 3:02 pm, Alan Hamlyn wrote: > > > > > Hi Dewald, > > > In fact you partly answered it yourself. > > > Random login CAPTCHA's when logging in to twitter, or the occasional > > one if flagged based on users tweets to have once to fill one in to > > send a tweet. > > > Algorithms, especially to to detect accounts that send 98%-100% links > > in tweets. > > > Legal account, which I'm sure they are already doing. > > > Algorithms like pascal mentioned, to pick up on likely spam behaviour. > > > Improving the report spam feature on twitters website, and actively > > encourage other users to report spam. > > > Stop the twitter accounts of the twitter spam software from being able > > to run, i.e @tweettankone and their variant accounts which aresite > >hackingsites. > > > Education to users, that twitter should be used for engagement not to > > spam links and churn followers. > > > Change up thesitecode fields that send tweets, or reliant data to > > have 1000's of variants, so if thesitechanges too much, or something > > thesitehackers rely on, the information will change too frequently. > > > Those are a few of my ideas. > > > Alan :) > > > On Feb 24, 9:38 pm, Dewald Pretorius wrote: > > > > Apart from implementing reCAPTCHA on tweet submission, follow, and > > > unfollow, I can't see what Twitter can do to prevent that kind of > > > abuse (can you imagine the revolt by bona fide users?). How else do > > > you determine that it is an actual human and not a piece of automated > > > software behind the browser on the user's desktop or laptop? The only > > > other option is legally, and that depends on the country of residence > > > of the owners of the software. At this point in time, it appears that > > > anyone who is able to and have the inclination to write desktop > > > software that bypasses the API might have carte blanche to do so. > > > > On Feb 24, 7:00 am,AlanHamlyn wrote: > > > > > Spam applications like Tweetadder, TheTweetTank and many others like > > > > it are currentlyhackingthe website to get round oauth and basic auth > > > > restrictions - what is Twitter doing to level the playing field for > > > > serious developers who use oauth and follow Twitter guidelines? > > > > > Many thanks in advance, > > > > >AlanHamlyn > > > > MarketMeSuite -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Apps that Site Hack
Hi Dewald, In fact you partly answered it yourself. Random login CAPTCHA's when logging in to twitter, or the occasional one if flagged based on users tweets to have once to fill one in to send a tweet. Algorithms, especially to to detect accounts that send 98%-100% links in tweets. Legal account, which I'm sure they are already doing. Algorithms like pascal mentioned, to pick up on likely spam behaviour. Improving the report spam feature on twitters website, and actively encourage other users to report spam. Stop the twitter accounts of the twitter spam software from being able to run, i.e @tweettankone and their variant accounts which are site hacking sites. Education to users, that twitter should be used for engagement not to spam links and churn followers. Change up the site code fields that send tweets, or reliant data to have 1000's of variants, so if the site changes too much, or something the site hackers rely on, the information will change too frequently. Those are a few of my ideas. Alan :) On Feb 24, 9:38 pm, Dewald Pretorius wrote: > Apart from implementing reCAPTCHA on tweet submission, follow, and > unfollow, I can't see what Twitter can do to prevent that kind of > abuse (can you imagine the revolt by bona fide users?). How else do > you determine that it is an actual human and not a piece of automated > software behind the browser on the user's desktop or laptop? The only > other option is legally, and that depends on the country of residence > of the owners of the software. At this point in time, it appears that > anyone who is able to and have the inclination to write desktop > software that bypasses the API might have carte blanche to do so. > > On Feb 24, 7:00 am,AlanHamlyn wrote: > > > > > Spam applications like Tweetadder, TheTweetTank and many others like > > it are currently hacking the website to get round oauth and basic auth > > restrictions - what is Twitter doing to level the playing field for > > serious developers who use oauth and follow Twitter guidelines? > > > Many thanks in advance, > > >AlanHamlyn > > MarketMeSuite -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Apps that Site Hack
I agree entirely, sites like Tweetadder, tweettankone, are very popular though because they do what oauth apps aren't allowed to do. On Feb 25, 4:22 pm, "M. Edward (Ed) Borasky" wrote: > On Fri, 25 Feb 2011 11:16:54 +0100, Pascal Jürgens > > wrote: > > How about a competition to develop spam-detection algorithms :) > > > Pascal > > I don't see VCs / angels funding that sort of thing, so there's not > likely a market. > > -- > http://twitter.com/znmebhttp://borasky-research.net > > "A mathematician is a device for turning coffee into theorems." -- Paul > Erdős -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Re: Apps that Site Hack
Great Idea :P On Feb 25, 10:16 am, Pascal Jürgens wrote: > How about a competition to develop spam-detection algorithms :) > > Pascal > > On Feb 24, 2011, at 10:38 PM, Dewald Pretorius wrote: > > > > > Apart from implementing reCAPTCHA on tweet submission, follow, and > > unfollow, I can't see what Twitter can do to prevent that kind of > > abuse (can you imagine the revolt by bona fide users?). How else do > > you determine that it is an actual human and not a piece of automated > > software behind the browser on the user's desktop or laptop? The only > > other option is legally, and that depends on the country of residence > > of the owners of the software. At this point in time, it appears that > > anyone who is able to and have the inclination to write desktop > > software that bypasses the API might have carte blanche to do so. -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
[twitter-dev] Apps that Site Hack
Spam applications like Tweetadder, TheTweetTank and many others like it are currently hacking the website to get round oauth and basic auth restrictions - what is Twitter doing to level the playing field for serious developers who use oauth and follow Twitter guidelines? Many thanks in advance, Alan Hamlyn MarketMeSuite -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk
Re: [twitter-dev] 401 Error
Me too! I'm using twitter4j and every function that uses oAuth autentication gives to me headeache!!! :( I can't figure out 2010/9/6 Farrukh Javeid > Hi, > > I have been trying to figure out a method to handle the 401 error but > cannot actually find any particular solution. I have even tried the > synchronizing my time with the internet server but still to no avail. > > Any help might be really helpful as I have already wasted 2 days on > it. > > Warm Regards, > Farrukh Javeid > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: > http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk?hl=en > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Choosing which account to link an application to
I have some questions about choosing an account to link an API integration to. Ultimately, I'm trying to decide whether to use an existing account that our marketing team uses, or to create a new one. I need a little bit of information to help me make my decision: - What is risk to using existing account? For instance, could it be blacklisted or disabled because the integration behaves "badly", and prevent us from doing our marketing? - If we use new account, do we need to Tweet from it to keep it active? Does API activity count as activity? - Will any customer be able to see which Twitter account we're actually using? - Does having an established account make it easier or harder to whitelist the api application? Thanks, Alan -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk?hl=en
[twitter-dev] Cursor Expiration
Although million follower accounts are rare, how to I design for a million follower user logged into my application which users Social Graph API? If Barack Obama were to log into my application, it would take 566 API calls to fetch his 2,828,782 followers, but I wouldn't have any left after the 150 API calls to fetch his 747,127 friends. Obviously, I'd like to work my way through the list a little bit each hour. I'd like to store the cursor after 30 API calls, resume my iteration over an hour later. When do cursors expire? I assume they will still be valid an hour later, but I've seen discussion on this group that says that they are opaque and that they may change at some point. I suppose that when that time goes, if my application is crawling a celebrity, it will not be able to resume crawling with the cursor it stored an hour before. Alan Gutierrez http://twitter.com/bigeasy
[twitter-dev] Re: Twitter rejecting show_user request
Am I reading this right? ... The php warning message implies that your php script is trying to open the string " . " as a file [1] . It seems very unlikely to me that this is a valid filename, ignoring the fact that the user with ID 4667006333 also does not seem to exist [2] [1] http://php.net/manual/en/function.file-get-contents.php [2] http://twitter.com/users/show.xml?user_id=4667006333 On Oct 12, 3:44 am, Raffi Krikorian wrote: > can you please let us know what search you were executing at the > time? this way i can look through this a bit more carefully. > > thanks! > > > > > yes, the twitter id comes from a twitter hashtag search that returns > > an xml document. i'm using show.xml to get the location of the twitter > > id. > > >> Are you sure that the ID in question exists? > > >>> Hello, > > >>> Just started developing a Twitter app... I'm using a php script with > >>> CURL to issue a show_user request, and i'm getting this response: > > >>> Warning: file_get_contents( > >>> /users/show.xml?user_id=4667006333 > >>> Not found ) [function.file-get-contents]: > >>> failed to open stream: No such file or directory > > >>> Does Twitter still allow Basic Authorization? Do I have to > >>> register an > >>> app with Twitter in order to get a valid response when using the > >>> REST > >>> API? > > >>> Thanks for helping out... > > -- > Raffi Krikorian > Twitter Platform Team > ra...@twitter.com | @raffi
[twitter-dev] broken links
My tweets all have broken links right now. here are a few of them: http://is.gd/3HsuO,http://is.gd/3HsuO,%3Ca http://is.gd/3HjBL,http://is.gd/3HjBL,%3Ca http://is.gd/3HjfP,http://is.gd/3HjfP,%3Ca can you look at this issue, please? Thanks in advance, Best Regards
[twitter-dev] Re: HTTP 400 Bad Request
Hi there,
I'm afraid I can't help with the specifics of the prototypejs
framework, but I don't see a GET line in your request headers. I
can't imagine that prototypejs didn't send it, but a common cause of
400s in general is an invalid path in the GET line itself, so please
post the full GET line here too (and see below for comments on access-
control requests). A normal set of request headers for this request
should look like this (and this request works for me, from browser):
(Request-Line) GET /statuses/public_timeline.json HTTP/1.1
Hosttwitter.com
User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.2)
Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language en-gb,en;q=0.5
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Furthermore - the access-control and origin headers in your request
indicate that this was an access-control pre-request, not the actual
GET. Can you maybe post the headers from the GET request itself? Or
was it not sent?
There is also a JS library listed on the twitter API wiki, and that
has a public_timeline method if that's of any interest:
http://sources.disruptive-innovations.com/twitterHelper/tags/latest/TwitterHelper.html#mozTocId519819
Alan
On Aug 4, 10:30 pm, 0m4r wrote:
> Hi All,
>
> I've been reading the API documentation and this support group as well
> but I can't find an answer, or a solution, to my problem.
> I've been writing some js code using the Twitter API but every time I
> perform a call I got back the error in subject: HTTP 400 Bad Request
> and no response at all.
>
> Here follows a pice of the code I am using (with the prototypejs
> framework):
> ==
> new Ajax.Request('http://twitter.com/statuses/public_timeline.json', {
> method: 'GET',
> encoding: 'UTF-8',
> onLoading: function(){
> debug.update('Loading...');
> },
> onSuccess: function(transport) {
> debug.update("SUCCESS: " + transport.responseJSON + "")
> },
> onException: function(transport, exception){
> debug.update("EXCEPTION: " + exception);
> }});
>
> ==
>
> here are the requests headers:
> ==
> Host: twitter.com
>
> User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:
> 1.9.1.1) Gecko/20090715 Firefox/3.5.1
>
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
> *;q=0.8
>
> Accept-Language: en-us,en;q=0.5
>
> Accept-Encoding: gzip,deflate
>
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
>
> Keep-Alive: 300
>
> Connection: keep-alive
>
> Origin: null
>
> Access-Control-Request-Method: GET
>
> Access-Control-Request-Headers: x-prototype-version,x-requested-with
> ==
>
> and the response headers:
> ==
> Date: Tue, 04 Aug 2009 20:20:48 GMT
>
> Server: hi
>
> Last-Modified: Tue, 04 Aug 2009 20:20:48 GMT
>
> Status: 400 Bad Request
>
> X-RateLimit-Limit: 150
>
> X-RateLimit-Remaining: 135
>
> Pragma: no-cache
>
> Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-
> check=0
>
> Content-Type: application/json; charset=utf-8
>
> X-RateLimit-Reset: 1249417836
>
> Expires: Tue, 31 Mar 1981 05:00:00 GMT
>
> X-Revision: adb502e2c14207f6671fe028e3b31f3ef875fd88
>
> X-Transaction: 1249417248-99305-1720
>
> Set-Cookie:
> _twitter_sess=BAh7CDoMY3NyZl9pZCIlN2NmZWIyZmU0NTQ3NjMyZGU1MThlNjZjODc0MGY2%250AODM6B2lkIiVlMzg5ZTViMmYzZjkwM2ExZDExMmRhMmM3NDFjNGMwOSIKZmxh
> %250Ac2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoK
> %250AQHVzZWR7AA%253D%253D--5a76f810fb5fde72f43634d7423aff19f28b3aa7;
> domain=.twitter.com; path=/
>
> Vary: Accept-Encoding
>
> Content-Encoding: gzip
>
> Content-Length: 99
>
> Connection: close
> ==
>
> Thanks to all for your help.
>
> 0m4r
[twitter-dev] Re: whitelist site -- horror story
Just a shot in the dark, but could it be caused by this?:
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/f7cd82f2c43a77d0/464d0df7446d43e7
It sounds like exactly the sort of thing that could cause an app to suddenly
stop working. I see that your new code posted above contained a referer,
but what about the code that was failing? How about putting in a User-Agent
too, for good measure.
Regards,
Alan Evans
On Fri, Jun 19, 2009 at 2:50 PM, markanson wrote:
>
> Marco it was all working fine for a month or more
>
> then today it stopped working
>
> My new code that I got from somewhere seems ok but I don't feel really
> confident about this
>
> I am using this
>
>
>
> function file_post_contents($url,$headers=false) {
>$url = parse_url($url);
>
>if (!isset($url['port'])) {
> if ($url['scheme'] == 'http') { $url['port']=80; }
> elseif ($url['scheme'] == 'https') { $url['port']=443; }
>}
>$url['query']=isset($url['query'])?$url['query']:'';
>
>$url['protocol']=$url['scheme'].'://';
>$eol="\r\n";
>
>$headers = "POST ".$url['protocol'].$url['host'].$url['path']."
> HTTP/1.0".$eol.
>"Host: ".$url['host'].$eol.
>"Referer: ".$url['protocol'].$url['host'].$url['path'].
> $eol.
>"Content-Type: application/x-www-form-urlencoded".
> $eol.
>"Content-Length: ".strlen($url['query']).$eol.
>$eol.$url['query'];
>$fp = fsockopen($url['host'], $url['port'], $errno, $errstr, 30);
>if($fp) {
> fputs($fp, $headers);
> $result = '';
> while(!feof($fp)) { $result .= fgets($fp, 128); }
> fclose($fp);
> if (!$headers) {
>//removes headers
>$pattern="/^.*\r\n\r\n/s";
>$result=preg_replace($pattern,'',$result);
> }
> return $result;
>}
> }
>
>
[twitter-dev] Re: Public Timeline Frozen
Excellent job! Many thanks, Alan On May 7, 9:38 pm, Doug Williams wrote: > The public_timeline is updating correctly again. > > @Hwee-Boon: that email as a bit premature. We will announce via @twitterapi > and this list when the push feed is available to the world at large. > > Thanks, > Doug > > > Doug Williams | Platform Support | Twitter, Inc. > > 539 Bryant St. Suite 402, San Francisco, CA 94107http://twitter.com/dougw > > On Thu, May 7, 2009 at 10:16 AM, Hwee-Boon Yar wrote: > > > Hmm.. when did the Streaming API come about? I see Firehose mentioned > > in there, OK that's known. What's Spritzer? (I read the description > > and tested it). > > > - > > Hwee-Boon > > > On May 8, 12:39 am, John Kalucki wrote: > > > Matt, > > > > As Doug mentioned, we're working on fixing the public timeline. I hope > > > we can get that updating again shortly. > > > > As a workaround, you might consider an early migration to the > > > Streaming API. The /spritzer resource should have about the same > > > amount of data, but in an easier to consume format. So far the > > > availability has been very good, and the latency very low. > > > > -John > > > > On May 7, 6:01 am, mattarnold1977 wrote: > > > > > I just checked the log on my server and noticed that the public time > > > > line has been putting out the same status information since around 5 > > > > o'clock yesterday. Is this a known issue? > > > > > -Matt
[twitter-dev] Re: invalid xml char in public timeline
I'm seeing this same problem at the exact same line/column many, many times per hour since yesterday. This is also because the feeds we are receiving (partner feed) are repeating constantly. This is a separate issue, whereby only a small handful of feeds are being repeated over and over, and we get this malformed feed coming up about 30 times per hour now (out of a total of 60 requests per hour). The char, as mentioned, is "end-of-medium", and the status that contains it is 1718277608 , the text is "RT @Gonendunit New Study: Americas ..." , the invalid char comes between the a and s in Americas. If you need more info, I can easily extract more from my debug output. Hoping we can get to the bottom of this. Many thanks, Alan On May 7, 5:24 am, AJ Chen wrote: > the example xml feed I'm looking at has status ID from 1718273418 to > 1718264182 > -aj > > On May 6, 7:21 pm, Cameron Kaiser wrote: > > > > I'm getting this xml parsing error all day long. I'm using jdom.jar > > > and pass twitter api xml response directly to build jdom document. > > > Looking at the xml file right now, but hope you can take at look at it > > > as well. I expect other jdom users may see the same error. > > > > 2009-05-06 19:11:49,401 ERROR feed.XmlFetcher (XmlFetcher.java:run > > > (136)) - failed to fetchhttp://twitter.com/statuses/public_timeline.xml; > > > org.jdom.input.JDOMParseException: Error on line 8148: An invalid XML > > > character (Unicode: 0x19) was found in the element content of the > > > document. > > > The problem is that the view moves so fast that it's unlikely it's still > > there. When you dump the raw data, what is the last status ID you see before > > it bugs out? > > > -- > > > > personal:http://www.cameronkaiser.com/-- > > Cameron Kaiser * Floodgap Systems *www.floodgap.com*ckai...@floodgap.com > > -- It's the car, right? Chicks dig the car. -- "Batman Forever" > > ---
[twitter-dev] Re: Public Timeline Frozen
I've been seeing a ver similar issue since yesterday with the partner feed - a very small number of feeds are repeating over and over, including one containing malformed XML (which makes it nicely obvious, as it shows up in error logs with an invalid character at the same line/column each time). The repeats are not necessarily consecutive, are separated by minutes, hours even. Please contact me if I can help by supplying more data. Many thanks, Alan On May 7, 3:01 pm, mattarnold1977 wrote: > I just checked the log on my server and noticed that the public time > line has been putting out the same status information since around 5 > o'clock yesterday. Is this a known issue? > > -Matt
[twitter-dev] Re: Public Timeline Frozen
To give you an impression of the scale of this issue, of the last 10 requests for the feed, I have received 5 repeats each of 2 distinct feeds: The first begins with status 1718278475 , and is malformed, due to the presence of an end-of-medium character in status 1718277608 The second begins with status 1718273418 Both statuses are from yesterday (6th May), although we are now 16 hours into the 7th of May. The feeds were requested once per minute for 10 minutes, and repeats are not consecutive, but rather interleaved, I also have many instances of the same malformed (first) feed over the last 24 hours. I don't have dumps of those feeds yesterday, but given that the xml parser reports an invalid char at the same line/column, we can assume that it's the same feed. I have essentially received no new statuses since yesterday. Hoping we can solve this issue soon. Please contact me if you need more data. Many thanks, Alan On May 7, 3:01 pm, mattarnold1977 wrote: > I just checked the log on my server and noticed that the public time > line has been putting out the same status information since around 5 > o'clock yesterday. Is this a known issue? > > -Matt
Re: Stability of format of direct message and follower emails?
On Dec 2, 6:10 am, "Alex Payne" <[EMAIL PROTECTED]> wrote: > ...or let us know what other headers you'd need so that you don't > have to parse the emails at all. The only infomation the app currently needs is whatever is in the header X-Twittersenderscreenname and the actual text of the tweet, which is extracted from the body of the email. I could ask for the body text to be placed in an X-Twitter header, but that would probably be very silly. I think we would be better applying for whitelisting, though I'll read up on that process first to ensure I can give you as much information as you want. Thanks for your time, Alan. http://twitter.com/brokendrum70
Re: Stability of format of direct message and follower emails?
On Dec 1, 10:19 pm, "Alex Payne" <[EMAIL PROTECTED]> wrote: > The headers will remain, but the body text may change at any time. Thanks, Alex. Will there be any warning of a change to the body text, or would I be best applying for whitelisting and hitting the API to check for new followers / direct messages? (Which is something I really don't want to do unless we get the OK.) Thanks for your time, Alan.
Stability of format of direct message and follower emails?
Hello, This is my first discussion post, so apologies if this has been answered somewhere else. (I did a search but couldn't find anything that seemed to be about this.) To cut down on the number of API calls our application makes, we've written routines that extract relevant information from the emails that are sent by Twitter when a user follows the Twitter account our app is using, and when a user direct messages that account. Basically, if the current format / structure of the emails was to change (specifically the sender email address, the X-twitter header stuff and the body text of direct message emails), our application would enter a world of hurt. So, is the current format / structure of emails fixed? Thanks for your time. Best, Alan.
