Re: Maximum allowed tweets per minute
As a follow up: 1) I assumed that updates to status DO NOT count towards rate limit tokens. I verified this assumption is correct. This provides weight to presumption of internal update rate limiting. 2) When this limit is reached, calls to update status return the user's last status. While I can see where this behavior is helpful in some cases, is there not a reasonable argument for throwing a 400 in this case? On Jan 5, 2:49 am, dougw igu...@gmail.com wrote: What is the maximum allowed rate of tweeting. I'm hitting some limit where tweets are simply not being allowed for a user, and I presume this is because the rate of tweeting is too high. Does Twitter have a limit of how often a user is allowed to tweet? Doug
Re: This is why it's Urgent
On Sun, Jan 4, 2009 at 11:20 PM, Alex Payne a...@twitter.com wrote: Getting worked up into hysterics about boycotts is just, as security expert Bruce Schenier is fond of saying, security theater. It's the equivalent of an apartment building's tenants telling their landlord they refuse to use keys because someone's place got broken into. Alex, sorry, but this is more than just security - this is getting ready to put a whole lot of businesses out of business, thanks to the lack of such a mechanism. Regardless of whether it's the solution or not (I still argue it would have helped), if users boycott, our apps don't get used. If our apps stop getting used, Twitter stops getting used. There are entire groups of users out there right now asking what apps could be the culprit. I've heard some mention my app. I've heard others mention TweetDeck. I've heard some mention Twhirl. All these apps, whether they have any chance of being the culprit (I realize they don't, but your users don't have any way of knowing - all these apps collected their passwords), all have the chance of getting cut off of Twitter here real soon by the users if something isn't done. Didn't you guys say at one point the majority of your traffic comes from the API? This is more than just not using keys - this is about telling the landlord you won't pay them for the month because they refuse to install locks. This issue is huge for us as developers, and I don't sense that urgency from Twitter. Jesse
Re: This is why it's Urgent
Twitblogs- There is no reason why any Twitter user should simply trust an app because *you* created it. Though I inherently trust you and there's no reason to believe you would create a malicious app, no one can *verify* that. Trust yet verify. That's all we are asking for. Until there is a verify mechanism, yes, no app at all ever on the planet, including my favorite TweetDeck, should be trusted. Ever. I think that's what is being said here. And if that hurts business, well... blame Twitter. Or Bush. Or both. -- Aaron Brazell web:: www.technosailor.com phone:: 410-608-6620 skype:: technosailor twitter:: @technosailor On Mon, Jan 5, 2009 at 11:35 AM, Nicole Simon nee...@gmail.com wrote: Cameron's comment shows why a system like Oauth is important: Making it easy for third party developpers. Making it easier for users to build trust. Btw business idea, as it did work with summize: Build an oauth service between third apps and twitter, gain the trust from the users, force devs to use it. As this can be switched on by twitter any moment: take a small amount of money from the users in the meantime until twitter implements it. I'd probably pay 10 dollars a year for such an intermediary service (so make that 5 for six months) Business idea 2 for you so you don't canibalise yourself: Let's use a pledge drive to put up money for you and implement these. Alex: Christopher St John's comments above accurately reflect my own concerns. OAuth is not a security magic bullet, and it only encourages phishing attacks. I feel bad for users that have given their credentials to a phishing site, and we'll do everything we can to educate them, but token-based authentication systems are not going to fix this particular security problem. Of course it is not a magic bullet but let's not forget that having to provide my login data on third party apps because nothing else exists is really stupid. It may not be the magic bullet but in comparison that is miles between those too. Getting worked up into hysterics about boycotts is just, as security expert Bruce Schenier is fond of saying, security theater. It's the equivalent of an apartment building's tenants telling their landlord they refuse to use keys because someone's place got broken into. The equivilant you are looking for is that in order to have operations done in my appartment all I can do is hand out my keys instead of being able to use the trusted third party service which will watch them just for a bit. Are users stupid and dont know what they do? Of course. Basically it surprises me to see it took them phishers so long to go for it. But you can see a clear correlation with some of the recent news with twitter news popping up on sites like digitalpoint and co. The ecosystem is one of the reasons why Twitter is succeeding, interviews with users show that over and over again. Nicole -- Kontakt: http://twitter.com/NicoleSimon // http://mit140zeichen.de/ http://crueltobekind.org // http://beissholz.de skype: nicole.simon / mailto:nee...@gmail.com phone: +49 451 899 75 03 / mobile: +49 179 499 7076
Is the documentation to blame?
Based on this comment... http://mashable.com/2009/01/01/is-it-stupid-to-trust-twitter-apps-with-your-password/?cp=2#comment-11382659 ...I wonder how much the documentation is to blame for application developers thinking they need to have their users passwords to access data. -Stuart -- http://stut.net/
Re: Listings for completed Twitter Apps
When using the twitter section, append the URL after the user has entered his/her status. This way you won't need Edit your status but please do not change the address in it , and it will be more user- friendly. Just append the URL via JS before submitting to Twitter and add a little note: The link will be appended to the end of the status.
Re: Is the documentation to blame?
Usually api are to complicated to programm without knowledge and although it is said so in the documentation that you only need a account (not the users account), this api is 'too easy' to attract people without much knowledge and you see the result. (The users of course are not any better). It might be best to add to the wiki a flag saying this command needs a authentification auth:any this command needs authentification from the user in question - auth:user linked to a mini explanation. Nicole -- Suche Beta-Tester für Experiment: Journalisten suchen Blogger - http://bloxpert.de/ Kontakt: http://twitter.com/NicoleSimon // http://mit140zeichen.de/ http://crueltobekind.org // http://beissholz.de skype: nicole.simon / mailto:nee...@gmail.com phone: +49 451 899 75 03 / mobile: +49 179 499 7076
Re: This is why it's Urgent
Cameron's comment shows why a system like Oauth is important: Making it easy for third party developpers. Making it easier for users to build trust. Btw business idea, as it did work with summize: Build an oauth service between third apps and twitter, gain the trust from the users, force devs to use it. As this can be switched on by twitter any moment: take a small amount of money from the users in the meantime until twitter implements it. I'd probably pay 10 dollars a year for such an intermediary service (so make that 5 for six months) Business idea 2 for you so you don't canibalise yourself: Let's use a pledge drive to put up money for you and implement these. Alex: Christopher St John's comments above accurately reflect my own concerns. OAuth is not a security magic bullet, and it only encourages phishing attacks. I feel bad for users that have given their credentials to a phishing site, and we'll do everything we can to educate them, but token-based authentication systems are not going to fix this particular security problem. Of course it is not a magic bullet but let's not forget that having to provide my login data on third party apps because nothing else exists is really stupid. It may not be the magic bullet but in comparison that is miles between those too. Getting worked up into hysterics about boycotts is just, as security expert Bruce Schenier is fond of saying, security theater. It's the equivalent of an apartment building's tenants telling their landlord they refuse to use keys because someone's place got broken into. The equivilant you are looking for is that in order to have operations done in my appartment all I can do is hand out my keys instead of being able to use the trusted third party service which will watch them just for a bit. Are users stupid and dont know what they do? Of course. Basically it surprises me to see it took them phishers so long to go for it. But you can see a clear correlation with some of the recent news with twitter news popping up on sites like digitalpoint and co. The ecosystem is one of the reasons why Twitter is succeeding, interviews with users show that over and over again. Nicole -- Kontakt: http://twitter.com/NicoleSimon // http://mit140zeichen.de/ http://crueltobekind.org // http://beissholz.de skype: nicole.simon / mailto:nee...@gmail.com phone: +49 451 899 75 03 / mobile: +49 179 499 7076
Re: This is why it's Urgent
Alex Payne wrote: Getting worked up into hysterics about boycotts is just, as security expert Bruce Schenier is fond of saying, security theater. It's the equivalent of an apartment building's tenants telling their landlord they refuse to use keys because someone's place got broken into. Ah, but what people _should_ refuse to do is give out copies of their keys to those who are essentially complete strangers just to water their houseplants or feed their cat while on vacation. You should only give your key to someone trusted who then acts on behalf of the stranger to let them in, watch them water the plants or feed the cat, then ensure they exit your apartment without doing anything else. Yes, tenants should tell their landlord that having to give out a copy of their key is not acceptable, especially when the break-ins occured using a copied key that was handed out. Still, why do we care? It's just a Twitter account being compromised - what, do you exchange trade secrets in DMs that you wouldn't want someone else to read? Hint: Twitter isn't a confidential and secure messaging transport. Don't try to pretend it is. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: Is the documentation to blame?
Definitely happy to make it more clear which methods require authentication and which do not. However, to get the effect that's most intuitive from calling the API methods, calling them as the user whose data you're interested in is the most straightforward approach. Which is what brought us into this mess (and I am telling you that is not getting better) I'd rather have the user 'learn' which actions require the access to my password. Which basically should be just two areas: sending tweets / DM and changing settings. Most apps should not require the password and like childreen people like Chris Brogan and co will make them learn that this is all they should share. It is like childreen and fire. The viral effect most devs wish for (oh they should tweet about me!) can be reached without the users login data by encouraging the users to spread the news. See this result from http://twtpoll.com/r/49jw9z as an example of how it is done in a way that I as a user am happy to spread the news in comparison to the most often stupid automated messages. hth Nicole -- Suche Beta-Tester für Experiment: Journalisten suchen Blogger - http://bloxpert.de/ Kontakt: http://twitter.com/NicoleSimon // http://mit140zeichen.de/ http://crueltobekind.org // http://beissholz.de skype: nicole.simon / mailto:nee...@gmail.com phone: +49 451 899 75 03 / mobile: +49 179 499 7076
Searching for in_reply_to_status_id
Is there any way to search for in_reply_to_status_id on search.twitter.com? Alternatively, is it possible to get the in_reply_to_status_id in the json output? There's a lot of emphasis on threading recently, and adding these abilities if they don't exist would certainly be useful. How are others addressing the problem of searching for replies? The only think I can think of is searching for @user on search.twitter.com and then checking for the in_reply_to_status_id via the normal twitter API, one by one.. this seems pretty wasteful. Thanks!
Re: Racking my brain to figure out how to use users/show
hmmm. it's in profile_image_url For example, h1Web Girly/h1pChicago, IL/ppimg src=http:// s3.amazonaws.com/twitter_production/profile_images/14391342/ images_normal.jpg/p whatcha wanna do save the image to the local filesystem? On Jan 4, 2:43 pm, krumlr petewing...@gmail.com wrote: I am trying to get the user picture (profile_image_url) from a Twitter account using eitherhttp://twitter.com/users/show/username.xmlorhttp://twitter.com/users/show/username.json. My problem is that I am a.
Re: Racking my brain to figure out how to use users/show
Tyes please show me what you mean. Even though I know what to look for and where to get it and once I get it I can copy it to my database I can't get PHP to download the XML file using http. On Mon, Jan 5, 2009 at 10:45 AM, fastest963 fastest...@gmail.com wrote: Just use fwrite($local, file_get_contents()); Also, use the JSON format and the json_decode, and it will make a nice array for you. Then you can use a regex to get the src from the profile_image_url. If you wanted I could write some simple code up if you can't understand what I mean? As far as a faster/better way to download the image, you could try maybe CURL and then do a fwrite with that, or you could use sockets, but file_get_contents() is the easiest. -- Pete Wingard Krumlr.Com MudSweatAndTears.Com PixelCast.Net TigerTailST.Com Yougler.Com you can follow on Twitter http://www.twitter.com/krumlr Decatur, GA 404.797.1646 http://yougler.com/pete netla...@gmail.com
Re: Friends / Followers without authentication?
On Sun, Jan 4, 2009 at 11:26 PM, peterhough em...@peterhough.co.uk wrote: How do they make requests while authenticated as their own account without supplying a password? Am I missing something here... Yes. You only need 'a' username not their username. It is not super obvious but you can ask for follower and friends for anybody you just need to authenticate yourself against twitter. Pattern: http://twitter.com/statuses/friends/nicolesimon.xml?page=2 http://twitter.com/statuses/followers/nicolesimon.xml?page=2 will get you everything. hth Nicole -- http://twitter.com/NicoleSimon // http://mit140zeichen.de/ http://crueltobekind.org // http://beissholz.de skype: nicole.simon / mailto:nee...@gmail.com phone: +49 451 899 75 03 / mobile: +49 179 499 7076
Re: Displaying public user data / tweet this buttons only when user is authenticated - popup issues
Actually, I see this functionality as a potential security/privacy hole. I can imagine at least a couple of nefarious things websites can do by being able to detect the presence of a twitter user on their site... I remember bringing up a very similar issue with Alex earlier last year which was removed from the site. Is this behavior intentional? -Chad On Mon, Jan 5, 2009 at 10:49 AM, Chris Heilmann chris.heilm...@gmail.com wrote: I've just played around with the user timeline to show data when the user is logged in (http://www.wait-till-i.com/2009/01/05/detecting-and- displaying-the-information-of-a-logged-in-twitter-user/, specifically http://icant.co.uk/sandbox/twitter-hi-demo.html). This is pretty cool, and kudos to your security that when the user is not authenticated I get a popup to authenticate. However, this is the problem of the script. Is there an idea of allowing a twitter status API call that only would allow me to see if the current user is authenticated? It would be useful to build for example WordPress add-ons that only give twitter functionality when we know the user is authenticated. A boolean would do, really. Or turning off the automatic login request on the json and callback output and instead throw back an error. If I curl the user timeline I get this error, but not when I use the JSON callback. cheers chris
Re: Displaying public user data / tweet this buttons only when user is authenticated - popup issues
We did an experiment with a partner of ours around this. It's not currently an officially-supported API method, but check out /sessions/present.json. It should support a callback and returns a boolean. On Mon, Jan 5, 2009 at 07:49, Chris Heilmann chris.heilm...@gmail.com wrote: I've just played around with the user timeline to show data when the user is logged in (http://www.wait-till-i.com/2009/01/05/detecting-and- displaying-the-information-of-a-logged-in-twitter-user/, specifically http://icant.co.uk/sandbox/twitter-hi-demo.html). This is pretty cool, and kudos to your security that when the user is not authenticated I get a popup to authenticate. However, this is the problem of the script. Is there an idea of allowing a twitter status API call that only would allow me to see if the current user is authenticated? It would be useful to build for example WordPress add-ons that only give twitter functionality when we know the user is authenticated. A boolean would do, really. Or turning off the automatic login request on the json and callback output and instead throw back an error. If I curl the user timeline I get this error, but not when I use the JSON callback. cheers chris -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
Re: Racking my brain to figure out how to use users/show
Debugging 101... 2009/1/5 Pete Wingard petewing...@gmail.com: I have this cURL function get_tweets(){ // create a new cURL resource $ch = curl_init(); $user = netlatch; $pass = ; // set URL and other appropriate options // $user:$pass http://twitter.com/statuses/replies.json curl_setopt($ch, CURLOPT_USERPWD, $user.:.$pass); curl_setopt($ch, CURLOPT_URL, http://twitter.com/users/show/netlatch.json;); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,2); // grab URL and pass it to the browser $input = curl_exec($ch); var_dump($input); $val = json_decode($input); var_dump($val); $output = $val-{text}; var_dump($output); // close cURL resource, and free up system resources curl_close($ch); return $output; } $array=get_tweets(); but I get nothing in the $array. It dumps the content on the page though. If I use this w/o a username and password I get an error of too many requests. What am I doing wrong? You're not doing basic legwork before asking for help. However, I'm gonna throw you a bone. Read up on the CURLOPT_RETURNTRANSFER option - that's what you're missing. -Stuart -- http://stut.net/
Re: Racking my brain to figure out how to use users/show
On Mon, Jan 5, 2009 at 8:40 PM, Peter Denton petermdenton $host = http://twitter.com/users/show/$businessUser.xml;; shouldt that be https for more secure transmission of the data`? Nicole -- http://twitter.com/NicoleSimon // http://mit140zeichen.de/ http://crueltobekind.org // http://beissholz.de skype: nicole.simon / mailto:nee...@gmail.com phone: +49 451 899 75 03 / mobile: +49 179 499 7076
Re: Racking my brain to figure out how to use users/show
Pete Wingard wrote: I have this cURL function get_tweets(){ // create a new cURL resource $ch = curl_init(); $user = netlatch; $pass = ; // set URL and other appropriate options // $user:$pass http://twitter.com/statuses/replies.json curl_setopt($ch, CURLOPT_USERPWD, $user.:.$pass); curl_setopt($ch, CURLOPT_URL, http://twitter.com/users/show/netlatch.json;); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,2); // grab URL and pass it to the browser $input = curl_exec($ch); $val = json_decode($input); $output = $val-{text}; // close cURL resource, and free up system resources curl_close($ch); return $output; } $array=get_tweets(); but I get nothing in the $array. It dumps the content on the page though. If I use this w/o a username and password I get an error of too many requests. What am I doing wrong? You need to set curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); or $input will contain the curl result code, not the page contents. -Matt
Re: Displaying public user data / tweet this buttons only when user is authenticated - popup issues
Well, yes, but then it is a trivial step to get which user. My question, though, is whether or not this sort of behavior is intentional, for 3rd party sites to be able to discover the identity of twitter users on their sites? Personally, I find this to be more worrisome than the current username/password issues. -Chad On Mon, Jan 5, 2009 at 2:39 PM, Alex Payne a...@twitter.com wrote: I meant via this particular mechanism. On Mon, Jan 5, 2009 at 11:19, Chad Etzel jazzyc...@gmail.com wrote: On the contrary, you certainly *can* detect WHICH user is logged in. See http://icant.co.uk/sandbox/twitter-hi-demo.html if you are logged into the twitter website. Now imagine the site making another AJAX call to store the user info into a database somewhere goodbye anonymous surfing -Chad On Mon, Jan 5, 2009 at 2:17 PM, Alex Payne a...@twitter.com wrote: You can't find out WHICH user is logged in, just that *a* user is logged in. We feel that minimizes the privacy risks. On Mon, Jan 5, 2009 at 11:16, Peter Denton petermden...@gmail.com wrote: so I can detect if a user is logged into twitter through /sessions/present.json ? What would be the full URL for checking a username against it? ex: http://twitter.com/al3x/sessions/present.json On Mon, Jan 5, 2009 at 11:09 AM, Alex Payne a...@twitter.com wrote: We did an experiment with a partner of ours around this. It's not currently an officially-supported API method, but check out /sessions/present.json. It should support a callback and returns a boolean. On Mon, Jan 5, 2009 at 07:49, Chris Heilmann chris.heilm...@gmail.com wrote: I've just played around with the user timeline to show data when the user is logged in (http://www.wait-till-i.com/2009/01/05/detecting-and- displaying-the-information-of-a-logged-in-twitter-user/, specifically http://icant.co.uk/sandbox/twitter-hi-demo.html). This is pretty cool, and kudos to your security that when the user is not authenticated I get a popup to authenticate. However, this is the problem of the script. Is there an idea of allowing a twitter status API call that only would allow me to see if the current user is authenticated? It would be useful to build for example WordPress add-ons that only give twitter functionality when we know the user is authenticated. A boolean would do, really. Or turning off the automatic login request on the json and callback output and instead throw back an error. If I curl the user timeline I get this error, but not when I use the JSON callback. cheers chris -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
Re: Racking my brain to figure out how to use users/show
I couldn't get your code to work (simpleXML errors) but this does: Thanks Peter. $username=netlatch; $password=**; $curl = curl_init(); curl_setopt ($curl, CURLOPT_URL, http://twitter.com/users/show/$username.json;); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_USERPWD, $username.:.$password); $result = curl_exec ($curl); $result = json_decode($result); curl_close ($curl); echo pre; print_r($result); echo /pre; On Mon, Jan 5, 2009 at 2:40 PM, Peter Denton petermden...@gmail.com wrote: Here is what I use. Can you juse use XML? $username = 'yourusername'; $password = 'yourpassword'; $host = http://twitter.com/users/show/$businessUser.xml;; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $host); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_USERPWD, $username:$password); curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1); curl_setopt($ch, CURLOPT_POST, 1); $result = curl_exec($ch); curl_close($ch); $xml = new SimpleXMLElement($result); On Mon, Jan 5, 2009 at 11:38 AM, Pete Wingard petewing...@gmail.comwrote: I've been at it for two days. I generally don't ask for much help but based on your response I shouldn't ask for anymore. I suppose no one ever helped you a time or two. Thanks for the bone. On Mon, Jan 5, 2009 at 2:12 PM, Stuart stut...@gmail.com wrote: Debugging 101... 2009/1/5 Pete Wingard petewing...@gmail.com: I have this cURL function get_tweets(){ // create a new cURL resource $ch = curl_init(); $user = netlatch; $pass = ; // set URL and other appropriate options // $user:$pass http://twitter.com/statuses/replies.json curl_setopt($ch, CURLOPT_USERPWD, $user.:.$pass); curl_setopt($ch, CURLOPT_URL, http://twitter.com/users/show/netlatch.json;); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,2); // grab URL and pass it to the browser $input = curl_exec($ch); var_dump($input); $val = json_decode($input); var_dump($val); $output = $val-{text}; var_dump($output); // close cURL resource, and free up system resources curl_close($ch); return $output; } $array=get_tweets(); but I get nothing in the $array. It dumps the content on the page though. If I use this w/o a username and password I get an error of too many requests. What am I doing wrong? You're not doing basic legwork before asking for help. However, I'm gonna throw you a bone. Read up on the CURLOPT_RETURNTRANSFER option - that's what you're missing. -Stuart -- http://stut.net/ -- Pete Wingard Krumlr.Com MudSweatAndTears.Com PixelCast.Net TigerTailST.Com Yougler.Com you can follow on Twitter http://www.twitter.com/krumlr Decatur, GA 404.797.1646 http://yougler.com/pete netla...@gmail.com -- Pete Wingard Krumlr.Com MudSweatAndTears.Com PixelCast.Net TigerTailST.Com Yougler.Com you can follow on Twitter http://www.twitter.com/krumlr Decatur, GA 404.797.1646 http://yougler.com/pete netla...@gmail.com
Re: Twitter Users Pictures
I am storing the picture URL (ex: http://s3.amazonaws.com/twitter_production/profile_images/40587632/blob_bigger.png) in a DB field on my site, then cycling through users occasionally and updating profile content. You don't want to be hitting the api for information like images every time a page loads. On Mon, Jan 5, 2009 at 12:29 PM, tweetalkr petewing...@gmail.com wrote: Does anyone have a recomendation about whether your app should save the twitter users pictures on site or simply access the twitter supplied URL for a user's picture inside the app? Does this URL ever change or does Twitter ever block access?
OAuth Closed Beta
Hi, Do we need to apply to participate in this closed beta? Amir
Re: OAuth Closed Beta
Do we need to apply to participate in this closed beta? I imagine that will be announced when it becomes available. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- PRIVACY. IT'S EVERYONE'S BUSINESS. -- Evil, Inc. ---
Re: Displaying public user data / tweet this buttons only when user is authenticated - popup issues
On Mon, Jan 5, 2009 at 9:08 PM, Chad Etzel jazzyc...@gmail.com wrote: My question, though, is whether or not this sort of behavior is intentional, for 3rd party sites to be able to discover the identity of twitter users on their sites? Personally, I find this to be more worrisome than the current username/password issues. This would run into legal problems if you use it, at least in the european union. without being a lawyer but it roughly goes into being able to connect data to a users - german sites for example face legal implications for even having google analytics on the site. hth Nicole
Re: This is why it's Urgent
Twitblogs wrote: I wholeheartedly agree with Jesse. IF users spread misinformation about 3rd party apps that request passwords ALL being evil then we are all in the same sinking boat. You say this like it's a bad thing. If we want to see a solution from Twitter, there has to be a real business reason for them to fund it. What better business reason than our API traffic dropped by 80% in one month and has remained at that low level for the past three months. Let the panic continue. Either we'll see a workable solution to the problem, or folks will just stop using the API - either way, we'll finally have some clarity on the situation. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70)
Re: OAuth Closed Beta
Indeed. On Mon, Jan 5, 2009 at 12:37, Cameron Kaiser spec...@floodgap.com wrote: Do we need to apply to participate in this closed beta? I imagine that will be announced when it becomes available. -- personal: http://www.cameronkaiser.com/ -- Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com -- PRIVACY. IT'S EVERYONE'S BUSINESS. -- Evil, Inc. --- -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x
Re: Racking my brain to figure out how to use users/show
yes. I want to save the image to my server so my app won't depend on Twitter to provide the picture On Sun, Jan 4, 2009 at 5:50 PM, Waitman Gobble avail4...@gmail.com wrote: hmmm. it's in profile_image_url For example, h1Web Girly/h1pChicago, IL/ppimg src=http:// s3.amazonaws.com/twitter_production/profile_images/14391342/ images_normal.jpghttp://s3.amazonaws.com/twitter_production/profile_images/14391342/images_normal.jpg /p whatcha wanna do save the image to the local filesystem? On Jan 4, 2:43 pm, krumlr petewing...@gmail.com wrote: I am trying to get the user picture (profile_image_url) from a Twitter account using eitherhttp:// twitter.com/users/show/username.xmlorhttp://twitter.com/users/show/username.json. My problem is that I am a. -- Pete Wingard Krumlr.Com MudSweatAndTears.Com PixelCast.Net TigerTailST.Com Yougler.Com you can follow on Twitter http://www.twitter.com/krumlr Decatur, GA 404.797.1646 http://yougler.com/pete netla...@gmail.com
Re: Racking my brain to figure out how to use users/show
2009/1/5 Pete Wingard petewing...@gmail.com: I've been at it for two days. I generally don't ask for much help but based on your response I shouldn't ask for anymore. I suppose no one ever helped you a time or two. Thanks for the bone. I apologise if I got the tone of my email wrong, but your problem indicates to me that you haven't really read the documentation for the curl extension in the PHP manual. I have no problem helping people who have done the basics... 1) read the manual, 2) have a go, and 3) apply basic debugging skills if it doesn't work. You've demonstrated 2, great, but I saw little to no evidence of 1 and 3. In response to Chad's email I take the view that fishing is always a better option than going to a fish market where coding is concerned. -Stuart -- http://stut.net/ On Mon, Jan 5, 2009 at 2:12 PM, Stuart stut...@gmail.com wrote: Debugging 101... 2009/1/5 Pete Wingard petewing...@gmail.com: I have this cURL function get_tweets(){ // create a new cURL resource $ch = curl_init(); $user = netlatch; $pass = ; // set URL and other appropriate options // $user:$pass http://twitter.com/statuses/replies.json curl_setopt($ch, CURLOPT_USERPWD, $user.:.$pass); curl_setopt($ch, CURLOPT_URL, http://twitter.com/users/show/netlatch.json;); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,2); // grab URL and pass it to the browser $input = curl_exec($ch); var_dump($input); $val = json_decode($input); var_dump($val); $output = $val-{text}; var_dump($output); // close cURL resource, and free up system resources curl_close($ch); return $output; } $array=get_tweets(); but I get nothing in the $array. It dumps the content on the page though. If I use this w/o a username and password I get an error of too many requests. What am I doing wrong? You're not doing basic legwork before asking for help. However, I'm gonna throw you a bone. Read up on the CURLOPT_RETURNTRANSFER option - that's what you're missing. -Stuart -- http://stut.net/ -- Pete Wingard Krumlr.Com MudSweatAndTears.Com PixelCast.Net TigerTailST.Com Yougler.Com you can follow on Twitter http://www.twitter.com/krumlr Decatur, GA 404.797.1646 http://yougler.com/pete netla...@gmail.com
Re: BarackObama: Wha...
There is much rejoicing! I don't think there's ever been ANYTHING that's 100% proof of anything. But when something comes up, you guys at Twitter do awesome work, for which I thank you. On Mon, Jan 5, 2009 at 2:41 PM, Alex Payne a...@twitter.com wrote: We've identified the source of this issue and have taken steps to ensure it doesn't happen again. On Mon, Jan 5, 2009 at 10:45, B. Maryott bmary...@gmail.com wrote: So, it looks like there's a hole in something. I just got this that claims to be from BarackObama (which I follow) through Twitter. BarackObama: What is your opinion on Barack Obama? Take the survey and possibly win ??500 in free gas. http://tinyurl.com/9evlne; So someone is being naughty and there's already a hole in one of the authentication systems that lets these type of people in. Fun and delightful stuff. -- bmary...@gmail.com -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- bmary...@gmail.com
Re: BarackObama: Wha...
It's been said by others before, and I 100% agree. I'm not a twitter fanboy (I use it, occasionally, find it pretty cool, flattered by some of the people who follow me). It's the SUPPORT, the transparency, the honest answers that haven't been sanitised by Marketing / Management. It's fantastic. I subscribed to the API mailing list several months ago; at the time, I was considering writing a twitter client (for various reasons, that hasn't happened yet), yet I've remained subscribed to the list, which isn't insignificant in daily traffic, and realistically is of little relevance to my current activities solely because of the straight up, here's what's happening, this is what we intend to do, will it cause you problems type messages from Alex and Co. There's been a recent outbreak of threats (for want of a better word) - people calling for a boycott etc - and this saddens me. Give the guys (and gals?) a break! They're well aware of the issues - and provide facilities for you to report any new anomalies - what more could you want? (I've worked for companies who've paid 7digits for this sort of support!) I *clearly* don't speak for Twitter, I'm not even a notable contributor to the traffic, let alone the API / Technology. I am, however, the development, support, sales and marketing team for *completely different product*. I pride myself on the open and honest information I provide my customers (including those using my API) - and they, in turn, appreciate it. The community that builds around this is fantastic; not in any bankable/tangible way - call it Karma if you like; good spirit flowing in both directions. It's refreshing to see a company (Twitter, in the form of Alex) telling it as it is, rather than hiding behind excuses, spinning it, or denying all knowledge (believe me, it does happen - especially in tech companies). Apologies to anyone who feels my response is spam or a rant, I just wanted to publicly show my support for the twitter team. Long may they continue in the mode they've done so to date. Kind regards, Rob Iles DomiaLifestyle http://www.domialifestyle.com Harmony Development http://www.rob-iles.co.uk/rmidevelopment Twitter http://twitter.com/Rob_Iles Skype: rob_iles skype://rob_iles [image: http://www.domialifestyle.com/images/logo.jpg] 2009/1/6 B. Maryott bmary...@gmail.com There is much rejoicing! I don't think there's ever been ANYTHING that's 100% proof of anything. But when something comes up, you guys at Twitter do awesome work, for which I thank you. On Mon, Jan 5, 2009 at 2:41 PM, Alex Payne a...@twitter.com wrote: We've identified the source of this issue and have taken steps to ensure it doesn't happen again. On Mon, Jan 5, 2009 at 10:45, B. Maryott bmary...@gmail.com wrote: So, it looks like there's a hole in something. I just got this that claims to be from BarackObama (which I follow) through Twitter. BarackObama: What is your opinion on Barack Obama? Take the survey and possibly win ??500 in free gas. http://tinyurl.com/9evlne; So someone is being naughty and there's already a hole in one of the authentication systems that lets these type of people in. Fun and delightful stuff. -- bmary...@gmail.com -- Alex Payne - API Lead, Twitter, Inc. http://twitter.com/al3x -- bmary...@gmail.com
Re: Source of Direct Messages
The source parameter means nothing. I can change Mitter to identify itself as Twiterrifc, for example. If they take a road like that, some spammer can change the parameter to, say, YOUR application and your users will flock to something else (but, most probably, spammers won't use any source, meaning the source it's the website itself -- which proves nothing.) On Tue, Jan 6, 2009 at 9:01 AM, Jesse Stay jesses...@gmail.com wrote: In light of the current Phishing scheme, for the sake of my app and others, can Twitter include the source of the DM in the XML returned? At least this way I could start sending my App source id in the feeds so users know which apps DMs come from, and which ones are not identified. I recognize it's not a perfect solution, but it is one way I can prove to my users my own app is not compromised (yes, users are asking out there, and they're asking about many other apps as well). It's also one way my users can let me know if they find out for some reason it has been compromised (knock on wood). Thanks, Jesse -- Julio Biason julio.bia...@gmail.com Twitter: http://twitter.com/juliobiason
Re: This is why it's Urgent
On Tue, Jan 6, 2009 at 3:47 AM, Aaron Brazell emmenset...@gmail.com wrote: Twitblogs- There is no reason why any Twitter user should simply trust an app because *you* created it. Though I inherently trust you and there's no reason to believe you would create a malicious app, no one can *verify* that. Trust yet verify. Use an open source application, then. You can verify the source yourself. -- Julio Biason julio.bia...@gmail.com Twitter: http://twitter.com/juliobiason
Re: Web API 'statuses/update.xml' brings an error called '(417) Expectation Failed'.
hi, We are getting same (417) error and after including 'ServicePointManager.Expect100Continue = false;' its work fine Thanxs for help Vivek Shrivastav, Invitratech India On Dec 30 2008, 4:29 am, MacReeg macr...@googlemail.com wrote: Thank you for the help. To set the boolean of 'ServicePointManager.Expect100Continue = false;' was the magic row that I have to insert into myC#-Code! Greetings, MacReeg On Dec 29, 6:38 pm, Alex Payne a...@twitter.com wrote: Please see this thread in this very group:http://groups.google.com/group/twitter-development-talk/browse_thread... On Mon, Dec 29, 2008 at 08:52, MacReeg macr...@googlemail.com wrote: Hello together! I use the web API 'statuses/update.xml' to send news about the IT to the community. Via aC#-Webrequest I send this news inserted into status tags to the update.xml. This goes very good and all my news were updated. I was getting a xml schema back after sending my twitter message. Since 3:52 PM Dec 23rd the web API 'statuses/update.xml' will brings an error called '(417) Expectation Failed'. Who knows this error and what can I do to send news over the web API again? Greetings, MacReeg -- Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x-Hide quoted text - - Show quoted text -- Hide quoted text - - Show quoted text -
Query whether or not notifications are enabled on a particular friend
First time poster, so I'm sorry if this has been asked and answered; I did search the archives. I'm trying to use the API to query whether a particular account is both a friend and follower (in the notifications sense) of another account. I realize I'm using deprecated terminology here, but it seems to be the language of the API. What I need is something like: http://twitter.com/notifications/enabled/username.json Is there a way to get this information, even if it's roundabout, short of scraping? Thanks, Warren Moore @warrenm
Re: Source of Direct Messages
On Mon, Jan 5, 2009 at 8:22 PM, Julio Biason julio.bia...@gmail.com wrote: The source parameter means nothing. I can change Mitter to identify itself as Twiterrifc, for example. If they take a road like that, some spammer can change the parameter to, say, YOUR application and your users will flock to something else (but, most probably, spammers won't use any source, meaning the source it's the website itself -- which proves nothing.) It's no reliable source of identity, but it would allow my users to let me know if for some reason my own app has been hacked. Again, this is perhaps something OAuth could make even more authentic. I'd just be happy, in the meantime, to have the field and let apps use it as they please. Jesse