[twitter-dev] Re: OAuth and screen name

[Abraham Williams]

So my testing before was wrong somehow. I think I was not setting a callback
url and was getting sent to production where I had a valid session already
going.

They correct flow is:
1) get request token from twitter.
2) send user to twitter with oauth_token for the first time.
3) user returns and app uses request token to get user access token which
get stored.
4) user come back to site to sign in and is not signed in.
5) site gets request token from twitter.
6) user is sent to twitter with request oauth_token and are automatically
redirected back to site.
7) access oauth_token is returned with user which can be matched with
oauth_token_secret stored in the database.

It seems like it would make more sense to use the same work flow for both
oauth/authorize and oauth/authenticate. Then the same code could be used in
the callback function and the authenticate method would be more secure.

Sorry about all the misinformation.
Abraham

On Thu, Apr 16, 2009 at 17:25, djMax  wrote:

>
> I'm not sure you don't have the secret for it.  I'm still trying to
> understand the tweet# code, but you were supposed to have saved the
> "new" secret for that token when you got the original request token
> right?  Right now when trying to exchange that secondary oauth_token
> for an access token, tweet# isn't passing a secret.
>
> On Apr 16, 6:14 pm, Dossy Shiobara  wrote:
> > On 4/16/09 6:02 PM, Abraham Williams wrote:
> >
> > > the oauth_token you are returned is only good for getting an access
> > > token from oauth/access_token. that access token is what lets you act
> as
> > > the user.
> >
> > Wait, what?  The oauth_token that's returned from the
> > _oauth/authenticate_ method is already an Access Token, for which you
> > don't have the secret to.
> >
> > I'm hoping Twitter fixes this somehow.
> >
> > --
> > Dossy Shiobara  | do...@panoptic.com |http://dossy.org/
> > Panoptic Computer Network   |http://panoptic.com/
> >"He realized the fastest way to change is to laugh at your own
> >  folly -- then you can let go and quickly move on." (p. 70)
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Madison, Wisconsin, United States

[twitter-dev] Re: update_profile_image api issues

[Raghu Prasad]

On Apr 15, 6:10 pm, ctshryock  wrote:
> I have an app that posts new profile images using update_profile_image
> in the API.
> as of about 3 some weeks ago (rough guess) the images uploaded are
> coming up broken, though I'm still getting a success status.
>
> I dug through this group and found a curl example for testing this API
> feature:
>
> curl -F 'ima...@path/to/image' -H 'Expect:' -u 
> USERNAME:PASSWORDhttp://twitter.com/account/update_profile_image.xml
>
> I ran that in the terminal and got a xml return that seemed to
> indicate success, it showed me the same (or similar) out put as /users/
> show/username.xml, with the exception that the new profile image I
> used in the curl command is not represented, instead it's still the
> previous image, but on twitter.com/home the image is broken.
>

I faced the same problem. It takes some time for the profile image to
appear along with the tweets. When last checked, it took about an
hour. This doesn't happen if you update your profile image via
twitter.com
website. It is a known issue and apparently someone is looking into
it.
It would be nice if we know when this could be fixed.

Raghu

[twitter-dev] Re: OAuth "Failed to validate oauth signature and token" if application already authorized

[heng]

hi I have experiened this .how to avoid this ?

On Apr 14, 12:31 am, Dimebrain  wrote:
> Hello,
>
> Recently, I have noticed that if I attempt to do a 
> requesttoken/accesstokenexchange, i.e. a new application OAuth workflow, I 
> always
> fail with "Failed to validate oauth signature andtoken" from Twitter
> if the application has already been successfully authorized in a
> previous workflow. If I revoke the application and try again, it works
> fine.
>
> Now I understand the motive for that, to avoid unnecessary load of
> having apps that perform the OAuth exchange on every user session, but
> this was not how it was working before. Did I miss an API
> announcement? My app persists thetoken, so for me this isn't the end
> of the world.
>
> First I'd like to know if this is expected behavior. I can faithfully
> reproduce the scenario of noaccess, gainaccess, try to gainaccess
> again and fail, revokeaccessand try again to succeed. My expectation
> is the OAuth process works even if the user has already grantedaccess
> to the user.
>
> Anyone experiencing this right now?

[twitter-dev] Re: Search API throwing 404's

[Chad Etzel]

Just a quick update:

The problem as popped up again. Doug is aware of this problem, and he
says the servers are all stretched pretty thin (understandable).  Just
curious if anyone else is seeing this as well?

-Chad

On Thu, Apr 16, 2009 at 11:30 PM, Chad Etzel  wrote:
> Ok, dunno what was happening... I gave my server a swift kick with my
> steel-toed boot and all seems well again... weird.
> -Chad
>
> On Thu, Apr 16, 2009 at 10:27 PM, Doug Williams  wrote:
>> I just sent 200 queries through without seeing the 404. Are you still seeing
>> this?
>>
>> Doug Williams
>> Twitter API Support
>> http://twitter.com/dougw
>>
>>
>> On Thu, Apr 16, 2009 at 6:32 PM, Chad Etzel  wrote:
>>>
>>> Search is throwing 404's for search.json about every 7 or 8 requests...
>>>
>>> 
>>> 
>>> 404 Not Found
>>> 
>>> Not Found
>>> The requested URL /search.json was not found on this server.
>>> 
>>>
>>> Also got a "Forbidden" return when trying to connect to
>>> http://search.twitter.com/ about 10 minutes ago.
>>>
>>> -Chad
>>
>>
>

[twitter-dev] Re: acceptable Profile Image Formats

[Cameron Kaiser]

> Maybe animated gifs

If that's so, then in that case I can't wait for them to be rooted out like,
um, unwanted root-like things.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- Denial: it's not just a river in Egypt anymore, is it? -- "True Lies" --

[twitter-dev] Re: acceptable Profile Image Formats

[Petermdenton]

Maybe animated gifs

On Apr 16, 2009, at 8:46 PM, Cameron Kaiser   
wrote:




Yes, and going forward, even GIFs won't be allowed, though some  
remain

in our system.


Not that this makes much difference to TTYtter ;-) but I'm curious  
why.


--
 personal: http://www.cameronkaiser.com/ 
 --

 Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- Had this been an actual emergency, we would have fled already.  
-

[twitter-dev] Re: sending DM to all followers?

[Cameron Kaiser]

> I think this thread has run its course.

We should take it to DM.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- Once used rectally, [it] should not be used orally. --Real thermometer label

[twitter-dev] Re: acceptable Profile Image Formats

[Cameron Kaiser]

> Yes, and going forward, even GIFs won't be allowed, though some remain
> in our system.

Not that this makes much difference to TTYtter ;-) but I'm curious why.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- Had this been an actual emergency, we would have fled already. -

[twitter-dev] Re: Search API throwing 404's

[Chad Etzel]

Ok, dunno what was happening... I gave my server a swift kick with my
steel-toed boot and all seems well again... weird.
-Chad

On Thu, Apr 16, 2009 at 10:27 PM, Doug Williams  wrote:
> I just sent 200 queries through without seeing the 404. Are you still seeing
> this?
>
> Doug Williams
> Twitter API Support
> http://twitter.com/dougw
>
>
> On Thu, Apr 16, 2009 at 6:32 PM, Chad Etzel  wrote:
>>
>> Search is throwing 404's for search.json about every 7 or 8 requests...
>>
>> 
>> 
>> 404 Not Found
>> 
>> Not Found
>> The requested URL /search.json was not found on this server.
>> 
>>
>> Also got a "Forbidden" return when trying to connect to
>> http://search.twitter.com/ about 10 minutes ago.
>>
>> -Chad
>
>

[twitter-dev] Re: Search result pagination bugs

[Chad Etzel]

I can't speak for twitter on the "permission to do that" side, but
that technique will work just fine, so you should be good to go
technically.
-chad

On Thu, Apr 16, 2009 at 9:34 PM, stevenic  wrote:
>
> Matt...  Another thought I just had...
>
> As Chad points out, with my particular query being high volume its
> realistic to think that I'm always going to risk seeing duplicates if
> I try to query for results in real time due to replication lag between
> your servers.  But I see how your using max_id in the paging stuff and
> I don't really need real time results so it seems like I should be
> able to use an ID that's 30 - 60 minutes old and do all of my queries
> using max_id instead of since_id.  In theory this would have me
> trailing the edge of new results coming into the index by 30 - 60
> minutes but it would give the servers more time to replicate so it
> seems like there'd be less of a chance I'd encounter dupes or missing
> entries.
>
> If that approach would work (and you would know) I'd just want to make
> sure you'd be ok with me using max_id instead of since_id given that
> max_id isn't documented
>
> -steve
>
> On Apr 16, 7:58 am, Matt Sanford  wrote:
>> Hi all,
>>
>>     There was a problem yesterday with several of the search back-ends
>> falling behind. This meant that if your page=1 and page=2 queries hit
>> different hosts they could return results that don't line up. If your
>> page=2 query hit a host with more lag you would miss results, and if
>> it hit a host that was more up-to-date you would see duplicates. We're
>> working on fixing this issues and trying to find a way to prevent
>> incorrect pagination in the future. Sorry for the delay in replying
>> but I was focusing all of my attention on fixing the issue and had to
>> let email wait.
>>
>> Thanks;
>>    — Matt Sanford / @mzsanford
>>
>> On Apr 15, 2009, at 09:29 PM, stevenic wrote:
>>
>>
>>
>>
>>
>> > Ok... So I think I know what's going on.  Well I don't know what's
>> > causing the bug obviously but I think I've narrowed down where it
>> > is...
>>
>> > I just issued the Page 1 or "previous" query for the above example and
>> > the ID's don't match the ID's from the original query.  There are
>> > extra rows that come back... 3 to be exact.  So the pagination queries
>> > are working fine.  It's the initial query that's busted.  It looks
>> > like that when you do a pagenation query you get back all rows
>> > matching the filter but a query without max_id sometimes drops rows.
>> > Well in my case it seems to drop rows everytime... This should get
>> > fixed...
>>
>> > *
>> > for:  http://search.twitter.com/search.atom?max_id=1530963910&page=1&q=http
>>
>> > http://base.google.com/ns/1.0"; xml:lang="en-US"
>> > xmlns:openSearch="http://a9.com/-/spec/opensearch/1.1/"; xmlns="http://
>> >www.w3.org/2005/Atom" xmlns:twitter="http://api.twitter.com/";>
>> >  
>> >  adjusted since_id, it was older than allowed> > twitter:warning>
>> >  2009-04-16T03:25:30Z
>> >  15
>> >  en
>> >  
>>
>> >   ...Removed...
>>
>> > 
>> >  tag:search.twitter.com,2005:1530963910
>> >  2009-04-16T03:25:30Z
>> > 
>> > 
>> >  tag:search.twitter.com,2005:1530963908
>> >  2009-04-16T03:25:32Z
>>
>> >  ...Where Did This Come From?...
>>
>> > 
>> > 
>> >  tag:search.twitter.com,2005:1530963898
>> >  2009-04-16T03:25:30Z
>>
>> >  ...And This?...
>>
>> > 
>> >  tag:search.twitter.com,2005:1530963896
>> >  tag:search.twitter.com,2005:1530963895
>> >  tag:search.twitter.com,2005:1530963894
>> > 
>> >  tag:search.twitter.com,2005:1530963892
>> >  2009-04-16T03:25:32Z
>>
>> >  ...And This?...
>>
>> > 
>> >  tag:search.twitter.com,2005:1530963881
>> >  tag:search.twitter.com,2005:1530963865
>> >  tag:search.twitter.com,2005:1530963860
>> >  tag:search.twitter.com,2005:1530963834
>> >  tag:search.twitter.com,2005:1530963833
>> >  tag:search.twitter.com,2005:1530963829
>> >  tag:search.twitter.com,2005:1530963827
>> >  tag:search.twitter.com,2005:1530963812
>> > - Hide quoted text -
>>
>> - Show quoted text -
>

[twitter-dev] Re: OAuth Authentication - clarification needed

[djMax]

If this is true, this is broken from a security perspective, IMHO.
Basically it says that if anyone guesses an oauth_token, they can
login to any site without having any idea who the user that maps to
that token is.

[twitter-dev] Re: Getting Source Parameter in Java from XML returns "<"

[Travis James]

Can anyone show me how I would parse this?
I am not exactly sure how I would go about doing this. Here is the
parsing code I have.

public class TwitterResponse {

private static final String TOP_LEVEL_NODE_NAME = "status"; // the
top level  node to be read
private static final String USER_NODE_NAME = "user";// the 

node which has sub-nodes
private static final String TEXT_NODE_NAME = "#text";   // basic
textual element

DocumentBuilder builder;
NodeList nodes;
HashMap entries = new
HashMap();

/**
 * Create JAXP based parser and read XML from an InputStream.
 *
 * @param xmlStream InputStream with XML data
 *
 * @throws SAXException
 * @throws IOException
 * @throws ParserConfigurationException
 */
public TwitterResponse()
throws SAXException, IOException, ParserConfigurationException {
builder = 
DocumentBuilderFactory.newInstance().newDocumentBuilder();
}

public TwitterResponse parse(InputStream xmlStream)
throws SAXException, IOException, ParseException,
MalformedURLException {

Document d = builder.parse(xmlStream);
nodes = d.getElementsByTagName(TOP_LEVEL_NODE_NAME);
readEntries();
return this;
}

public TwitterResponse parse(String xmlString)
throws SAXException, IOException, ParseException,
MalformedURLException {

Document d = builder.parse(new InputSource(new StringReader
(xmlString)));
nodes = d.getElementsByTagName(TOP_LEVEL_NODE_NAME);
readEntries();
return this;
}

/**
 * Number of items read by this parser
 *
 * @return Get the total number of  nodes returned
 */
public int getNumberOfItems() {
return entries.size();
}

/**
 * Get the index'th  node by walking the DOM
 *
 * @param index the index of the node you want to get
 * @return TwitterEntry representation of that node
 * @throws ParseException
 */
public TwitterEntry getItemAt(int index) {
return entries.get(index);
}

//

private void readEntries()
throws ParseException, MalformedURLException {

for (int i = 0; i < nodes.getLength(); i++) {
entries.put(i, readEntry(i));
}
}

// [FIXME] Need to rewrite the parsing code, does not support #8220;
like codes

private TwitterEntry readEntry(int index)
throws ParseException, MalformedURLException {

TwitterEntry entry = new TwitterEntry();

// nd is the list of child nodes of the  element with 
the
specified index
NodeList nd = nodes.item(index).getChildNodes();

// loop through all the children
for(int i = 0; i < nd.getLength(); i++)
{
// for some reason JAXP treats white space as #text 
nodes, so let's
skip them
if(!nd.item(i).getNodeName().equals(TEXT_NODE_NAME))
{
// the  element has subnodes so we need 
additional
processing

if(nd.item(i).getNodeName().equals(USER_NODE_NAME))
{
// nd_usr will contain all the child 
nodes of 
NodeList nd_usr = 
nd.item(i).getChildNodes();

for(int j=0; j wrote:
> http://code.google.com/p/twitter-api/issues/detail?id=75
>
>
>
> On Thu, Apr 16, 2009 at 16:54, Chad Etzel  wrote:
>
> > On Thu, Apr 16, 2009 at 5:11 PM, Travis James
> >  wrote:
>
> > > Thank you Doug. That is where I was wrong. Is there anyway to excuse
> > > the HTML and just get the Application Name?
>
> > I believe they've stated that will happen in API v2.  Right now you
> > just have to parse through the HTML to grok out the app name.
>
> > -Chad
>
> > > On Apr 16, 12:01 pm, Doug Williams  wrote:
> > >> Source parameters that come from outside apps are encoded HTML. Are you
> > >> accounting for this Travis? See the "source" heading on the Return
> > Values
> > >> page [1]
>
> > >> 1.http://apiwiki.twitter.com/Return-Values
>
> > >> Doug Williams
> > >> Twitter API Supporthttp://twitter.com/dougw
>
> > >> On Thu, Apr 16, 2009 at 9:47 AM, Chad Etzel 
> > wrote:
>
> > >> > On Thu, Apr 16, 2009 at 12:35 PM, Doug Williams 
> > wrote:
> > >> > > What is the source parameter you are passing with your application?
>
> > >> > I don't think that's what he's asking.  I think he's having trouble
> > >> > parsing the source info of tweets coming fr

[twitter-dev] Re: OAuth Authentication - clarification needed

[Dimebrain]

Assuming that the authentication process is handing you off the actual
access token, it makes sense that it can't be exchanged. I don't think
the token will expire on you though, at least today, so you don't
really need any more verification other than maybe running account/
verify_credentials against it.

It should be no different than if you persisted the access token
yourself and went to call the API a few weeks after doing so, you
should be able to trust that your token won't expire.

On Apr 16, 10:46 pm, djMax  wrote:
> Ok, I've dug into some basics of OAuth and also the code of Tweet#.
> After authorization, I'm armed with my user record and a map of it to
> an OAuth token (A) and secret (T1).  Now, weeks later, the user
> returns to my site with no cookies (let's say).  So I show them the
> Twitter signin button.  They click it.  My server calls RequestToken
> from Twitter and gets a token (and a secret?).  It sends them to
> Twitter, they login, and then Twitter redirects to me with a OAuth
> Token (A) on the URL.
>
> That's where I'm confused:what do I do next?  If I try to turn that
> OAuth Token into an access token, it fails, assumedly because it
> already is an auth token.  But I must have to contact Twitter somehow
> to verify that the oauth token the browser passed me is still good
> right?

[twitter-dev] Re: Tweet Corpus creation for NLP research

[djMax]

I've wondered about a distributed version of this... If those of us
who want to sift through the "entire" stream were to pool our API
usage, in theory we could do it w/o knocking over twitter right?

My particular usage is mining for geo content, either lat/lng or NLP
based feature extraction.

[twitter-dev] Re: Tweet Corpus creation for NLP research

[Michele Zappavigna]

Hi Nick,

I am linguist currently working on Twitter. I would be very interested
in using the corpus that you mention you have created.

I work in the area of Systemic Functional Linguistics and am looking
at how people use language to affiliate on Twitter. At the moment I am
working with a corpus of approx 45000 tweets (so rather small).

many thanks,
Michele

On Apr 10, 2:22 am, Nick Arnett  wrote:
> On Thu, Apr 9, 2009 at 7:13 AM, kanny  wrote:
>
> > Caching is something i will definitely be doing, but as i said, to do
> > something complex like semantic model generation, i need access to a
> > user's last, at least 100,000 friends_timeline tweets. For a typical
> > user following 100 reasonably active persons, this would take 2-3
> > months to build, which is not practical to wait for the application to
> > be usable.
>
> I have about 2.3 million cached statuses for more than 10,000 users,
> gathered over the last couple of months for the analysis I do for TwURLed
> News (http://TwURLedNews.com).  There's a sampling bias in favor of people
> who have tended to cite URLs that became popular.
>
> I'm quite interested in the kind of analysis you're doing, so I'd be happy
> to share the data with you or anyone else who might be want it for this sort
> of purpose.  It wouldn't be hard for me to export it in the format you want
> and make it available for download, though if a lot of people want it, that
> would become a problem... but then we can figure out somewhere other than my
> servers to put it on.
>
> So... would this be useful as a one-time offer?  Do you intend to share the
> results of your analysis?
>
> Nick

[twitter-dev] Re: Search result pagination bugs

[stevenic]

Matt...  Another thought I just had...

As Chad points out, with my particular query being high volume its
realistic to think that I'm always going to risk seeing duplicates if
I try to query for results in real time due to replication lag between
your servers.  But I see how your using max_id in the paging stuff and
I don't really need real time results so it seems like I should be
able to use an ID that's 30 - 60 minutes old and do all of my queries
using max_id instead of since_id.  In theory this would have me
trailing the edge of new results coming into the index by 30 - 60
minutes but it would give the servers more time to replicate so it
seems like there'd be less of a chance I'd encounter dupes or missing
entries.

If that approach would work (and you would know) I'd just want to make
sure you'd be ok with me using max_id instead of since_id given that
max_id isn't documented

-steve

On Apr 16, 7:58 am, Matt Sanford  wrote:
> Hi all,
>
>     There was a problem yesterday with several of the search back-ends  
> falling behind. This meant that if your page=1 and page=2 queries hit  
> different hosts they could return results that don't line up. If your  
> page=2 query hit a host with more lag you would miss results, and if  
> it hit a host that was more up-to-date you would see duplicates. We're  
> working on fixing this issues and trying to find a way to prevent  
> incorrect pagination in the future. Sorry for the delay in replying  
> but I was focusing all of my attention on fixing the issue and had to  
> let email wait.
>
> Thanks;
>    — Matt Sanford / @mzsanford
>
> On Apr 15, 2009, at 09:29 PM, stevenic wrote:
>
>
>
>
>
> > Ok... So I think I know what's going on.  Well I don't know what's
> > causing the bug obviously but I think I've narrowed down where it
> > is...
>
> > I just issued the Page 1 or "previous" query for the above example and
> > the ID's don't match the ID's from the original query.  There are
> > extra rows that come back... 3 to be exact.  So the pagination queries
> > are working fine.  It's the initial query that's busted.  It looks
> > like that when you do a pagenation query you get back all rows
> > matching the filter but a query without max_id sometimes drops rows.
> > Well in my case it seems to drop rows everytime... This should get
> > fixed...
>
> > *
> > for:  http://search.twitter.com/search.atom?max_id=1530963910&page=1&q=http
>
> > http://base.google.com/ns/1.0"; xml:lang="en-US"
> > xmlns:openSearch="http://a9.com/-/spec/opensearch/1.1/"; xmlns="http://
> >www.w3.org/2005/Atom" xmlns:twitter="http://api.twitter.com/";>
> >  
> >  adjusted since_id, it was older than allowed > twitter:warning>
> >  2009-04-16T03:25:30Z
> >  15
> >  en
> >  
>
> >   ...Removed...
>
> > 
> >  tag:search.twitter.com,2005:1530963910
> >  2009-04-16T03:25:30Z
> > 
> > 
> >  tag:search.twitter.com,2005:1530963908
> >  2009-04-16T03:25:32Z
>
> >  ...Where Did This Come From?...
>
> > 
> > 
> >  tag:search.twitter.com,2005:1530963898
> >  2009-04-16T03:25:30Z
>
> >  ...And This?...
>
> > 
> >  tag:search.twitter.com,2005:1530963896
> >  tag:search.twitter.com,2005:1530963895
> >  tag:search.twitter.com,2005:1530963894
> > 
> >  tag:search.twitter.com,2005:1530963892
> >  2009-04-16T03:25:32Z
>
> >  ...And This?...
>
> > 
> >  tag:search.twitter.com,2005:1530963881
> >  tag:search.twitter.com,2005:1530963865
> >  tag:search.twitter.com,2005:1530963860
> >  tag:search.twitter.com,2005:1530963834
> >  tag:search.twitter.com,2005:1530963833
> >  tag:search.twitter.com,2005:1530963829
> >  tag:search.twitter.com,2005:1530963827
> >  tag:search.twitter.com,2005:1530963812
> > - Hide quoted text -
>
> - Show quoted text -

[twitter-dev] OAuth Authentication - clarification needed

[djMax]

Ok, I've dug into some basics of OAuth and also the code of Tweet#.
After authorization, I'm armed with my user record and a map of it to
an OAuth token (A) and secret (T1).  Now, weeks later, the user
returns to my site with no cookies (let's say).  So I show them the
Twitter signin button.  They click it.  My server calls RequestToken
from Twitter and gets a token (and a secret?).  It sends them to
Twitter, they login, and then Twitter redirects to me with a OAuth
Token (A) on the URL.

That's where I'm confused:what do I do next?  If I try to turn that
OAuth Token into an access token, it fails, assumedly because it
already is an auth token.  But I must have to contact Twitter somehow
to verify that the oauth token the browser passed me is still good
right?

[twitter-dev] Re: Search API throwing 404's

[Doug Williams]

I just sent 200 queries through without seeing the 404. Are you still seeing
this?

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Thu, Apr 16, 2009 at 6:32 PM, Chad Etzel  wrote:

>
> Search is throwing 404's for search.json about every 7 or 8 requests...
>
> 
> 
> 404 Not Found
> 
> Not Found
> The requested URL /search.json was not found on this server.
> 
>
> Also got a "Forbidden" return when trying to connect to
> http://search.twitter.com/ about 10 minutes ago.
>
> -Chad
>

[twitter-dev] Re: OAuth request to account/verify_credentials returning HTTP 500

[Dossy Shiobara]

What does HTTP 500 mean as a response from account/verify_credentials.  If my 
auth. was bad, shouldn't I get HTTP 401 or 403?

500 suggests server error - something wrong on the server-side trying to handle 
my request ...

-- 
Dossy Shiobara
do...@panoptic.com

-Original Message-
From: Abraham Williams <4bra...@gmail.com>

Date: Thu, 16 Apr 2009 20:16:08 
To: 
Subject: [twitter-dev] Re: OAuth request to account/verify_credentials 
 returning HTTP 500


http://twitter.abrah.am/ is doing  verify_credentials fine.

On Thu, Apr 16, 2009 at 20:04, Dossy Shiobara  wrote:

>
> Hi,
>
> Has anyone successfully made an account/verify_credentials API request
> using OAuth?  I only get HTTP 500 responses.
>
> --
> Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
> Panoptic Computer Network   | http://panoptic.com/
>  "He realized the fastest way to change is to laugh at your own
>folly -- then you can let go and quickly move on." (p. 70)
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.

[twitter-dev] Search API throwing 404's

[Chad Etzel]

Search is throwing 404's for search.json about every 7 or 8 requests...



404 Not Found

Not Found
The requested URL /search.json was not found on this server.


Also got a "Forbidden" return when trying to connect to
http://search.twitter.com/ about 10 minutes ago.

-Chad

[twitter-dev] Re: Twitter user picture sizes

[Doug Williams]

I just pinged the developer who was supposed to be working on this and as he
has had his hand on other fires this week. Thanks for the patience, we
realize it is a pain.

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Thu, Apr 16, 2009 at 5:16 PM, mikejablonski  wrote:

>
> Found another big one killing my scroll butter:
> http://twitter.com/robjcain
>
> On Apr 4, 6:01 pm, Zac Bowling  wrote:
> > Any news?
> >
> > I'm still getting caught up on huge profile images (like this userhttp://
> twitter.com/TheDivawho's  profile image
> is 1024x768 and 324 KB)
> >
> > Really hurting on the mobile side.
> >
> > Zac Bowling
> >
> > On Wed, Apr 1, 2009 at 11:47 AM, Zac Bowling  wrote:
> > > Thanks Alex for making sure this gets taken care of. It's been driving
> > > me nuts here chasing ghosts why my IO appears to be blocked when its
> > > actually trying to just pull a massive image.
> >
> > > Basically I'm having all the same issue other are having... My IO
> > > library doesn't make it easy to cancel a transfer that is partially
> > > complete for our client (doable but increases the complexity a lot),
> > > one big image can invalidate several older images in my cache engine
> > > because of memory constraints and I don't want to write resizing code
> > > before I put it in the cache, and it creates a bottleneck because our
> > > client runs where bandwidth is usually small quiet often, etc, etc.
> > > You know the deal :-)
> >
> > > Zac Bowling
> >
> > > On Mon, Mar 30, 2009 at 12:23 PM, Alex Payne  wrote:
> >
> > >> It's one of our top issues right now.
> >
> > >> On Sun, Mar 29, 2009 at 23:05, Andrew Maizels <
> andrew.maiz...@gmail.com> wrote:
> >
> > >>> We'd really like to see a fix for this too.  Having a few hundred
> > >>> unexpectedly large images floating around is playing havoc with our
> > >>> memory usage.
> >
> > >>> Regards,
> >
> > >>> Andrew Maizels
> > >>> PeopleBrowsr
> >
> > >>> On Mar 26, 2:53 pm, Jason Schroeder  wrote:
> >  Here is a 480x480 _normal image:
> http://s3.amazonaws.com/twitter_production/profile_images/108666778/I...
> >
> >  Any progress on working with the UX team to resize these?
> TwitterBerry
> >  is expecting a 48x48-pixel image.
> >
> >  Cheers,
> >  Jason
> >  TwitterBerry
> >
> >  On Mar 24, 7:49 am, Shannon Whitley 
> wrote:
> >
> >  > Don't forget the _mini. :)
> >
> >  > This is my list:
> >
> >  > (original)
> >  > _mini
> >  > _normal
> >  > _bigger
> >
> >  > On Feb 25, 12:15 am, Dave Briccetti  wrote:
> >
> >  > > Hi. I’ve searched around for 1/2 hour or so, and haven’t found
> an
> >  > > authoritative explanation of the sizes of pictures, and how to
> >  > > retrieve them.
> >
> >  > > It seems that profile_image_url leads to a tiny picture:
> >  > >
> http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM...
> >
> >  > > But there is also a slighter bigger version:
> >  > >
> http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM...
> >
> >  > > And then a proper full-sizeone:
> >  > >
> http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM...
> >
> >  > > Am I correct in this? That the big version URL can be derived
> from
> >  > > that in profile_image_url by dropping the _normal from the name?
> Is
> >  > > this part of the API spec? Safe to use?
> >
> >  > > Thanks.
> >
> > >> --
> > >> Alex Payne - API Lead, Twitter, Inc.
> > >>http://twitter.com/al3x
>

[twitter-dev] Re: OAuth request to account/verify_credentials returning HTTP 500

[Abraham Williams]

http://twitter.abrah.am/ is doing  verify_credentials fine.

On Thu, Apr 16, 2009 at 20:04, Dossy Shiobara  wrote:

>
> Hi,
>
> Has anyone successfully made an account/verify_credentials API request
> using OAuth?  I only get HTTP 500 responses.
>
> --
> Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
> Panoptic Computer Network   | http://panoptic.com/
>  "He realized the fastest way to change is to laugh at your own
>folly -- then you can let go and quickly move on." (p. 70)
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.

[twitter-dev] OAuth request to account/verify_credentials returning HTTP 500

[Dossy Shiobara]

Hi,

Has anyone successfully made an account/verify_credentials API request 
using OAuth?  I only get HTTP 500 responses.


--
Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network   | http://panoptic.com/
  "He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] pagination for statuses; missing statuses?

[Dimebrain]

Consider this code snippet who's task is to display the first page of
a user's tweets:

const double tweetsPerPage = 20;

string screenName = "Dimebrain";
double updatesCount = 821;

double pages = updatesCount / tweetsPerPage;
int last = (int)Math.Floor(pages) - 1; // seek to the last
"full" page

string query = string.Format(
"http://twitter.com/statuses/user_timeline.xml?
screen_name={0}&page={1}", screenName, last);

In this example I would expect that I would actually be asking for the
last page of full tweets (not including the one getaway tweet #821).
But the end result here is I'm asking for page 40, or 40 x 20 = tweets
780 - 800. I'm still missing the final 21. If I try to request page
41, assuming this would give me tweets 800-820, and page 42 gives me
the final tweet, both of these page requests return an empty
collection.

Does total status count include deleted tweets? Is the page parameter
0-based rather than 1-based? I'm assuming neither based on the docs,
so wonder what else is preventing this algorithm from succeeeding in
fetching the first page of a user timeline. It works much worse on
accounts with many more tweets than mine.

[twitter-dev] Re: Search result pagination bugs

[stevenic]

So my project is a sort of tweetmeme or twitturly type thing where I'm
looking to collect a sample of the links being shared through
Twitter.  Unlike those projects I don't have a firehose so I have to
rely on search.  Fortunatly, I don't really need to see every link for
my project just a representive sample.

The actual query I'm using is "http OR www filter:links" where the
"filter:links" constraint helps make sure I exclude tweets like "can't
get http GET to work"  I don't really care about those.

Agreed with this query being a high volume query so maybe it'll never
be in sync but that's ok... Now I'm just ignoring the dupes.  And to
be clear, I have no intention of trying to keep up and use search as a
poor mans firehose.  What ever rate you guys are comfortable with me
hitting you at is what I'll do.  If that's one request/minute so be
it.  Just wanted to get the pagenation working so that I could better
control things and that's when I noticed the dupes.

-steve
(Microsoft Research)

[twitter-dev] Re: Twitter user picture sizes

[mikejablonski]

Found another big one killing my scroll butter:
http://twitter.com/robjcain

On Apr 4, 6:01 pm, Zac Bowling  wrote:
> Any news?
>
> I'm still getting caught up on huge profile images (like this 
> userhttp://twitter.com/TheDivawho's profile image is 1024x768 and 324 KB)
>
> Really hurting on the mobile side.
>
> Zac Bowling
>
> On Wed, Apr 1, 2009 at 11:47 AM, Zac Bowling  wrote:
> > Thanks Alex for making sure this gets taken care of. It's been driving
> > me nuts here chasing ghosts why my IO appears to be blocked when its
> > actually trying to just pull a massive image.
>
> > Basically I'm having all the same issue other are having... My IO
> > library doesn't make it easy to cancel a transfer that is partially
> > complete for our client (doable but increases the complexity a lot),
> > one big image can invalidate several older images in my cache engine
> > because of memory constraints and I don't want to write resizing code
> > before I put it in the cache, and it creates a bottleneck because our
> > client runs where bandwidth is usually small quiet often, etc, etc.
> > You know the deal :-)
>
> > Zac Bowling
>
> > On Mon, Mar 30, 2009 at 12:23 PM, Alex Payne  wrote:
>
> >> It's one of our top issues right now.
>
> >> On Sun, Mar 29, 2009 at 23:05, Andrew Maizels  
> >> wrote:
>
> >>> We'd really like to see a fix for this too.  Having a few hundred
> >>> unexpectedly large images floating around is playing havoc with our
> >>> memory usage.
>
> >>> Regards,
>
> >>> Andrew Maizels
> >>> PeopleBrowsr
>
> >>> On Mar 26, 2:53 pm, Jason Schroeder  wrote:
>  Here is a 480x480 _normal 
>  image:http://s3.amazonaws.com/twitter_production/profile_images/108666778/I...
>
>  Any progress on working with the UX team to resize these? TwitterBerry
>  is expecting a 48x48-pixel image.
>
>  Cheers,
>  Jason
>  TwitterBerry
>
>  On Mar 24, 7:49 am, Shannon Whitley  wrote:
>
>  > Don't forget the _mini. :)
>
>  > This is my list:
>
>  > (original)
>  > _mini
>  > _normal
>  > _bigger
>
>  > On Feb 25, 12:15 am, Dave Briccetti  wrote:
>
>  > > Hi. I’ve searched around for 1/2 hour or so, and haven’t found an
>  > > authoritative explanation of the sizes of pictures, and how to
>  > > retrieve them.
>
>  > > It seems that profile_image_url leads to a tiny picture:
>  > >  http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM...
>
>  > > But there is also a slighter bigger version:
>  > >  http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM...
>
>  > > And then a proper full-sizeone:
>  > >  http://s3.amazonaws.com/twitter_production/profile_images/66123958/IM...
>
>  > > Am I correct in this? That the big version URL can be derived from
>  > > that in profile_image_url by dropping the _normal from the name? Is
>  > > this part of the API spec? Safe to use?
>
>  > > Thanks.
>
> >> --
> >> Alex Payne - API Lead, Twitter, Inc.
> >>http://twitter.com/al3x

[twitter-dev] Re: HALP! Search API requiring employee authorization

[Alex Payne]

Temporary glitch, should be resolved.

On Thu, Apr 16, 2009 at 15:52, Chad Etzel  wrote:
>
> Got several complaints about this from TweetGrid users:
>
> http://twitter.com/VoxAZ/status/1537143626
>
> This can't be good...
>
> -Chad
>



-- 
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] Re: Fast140 Dodginess and OAuth Authorization Clarity

[Chad Etzel]

On Thu, Apr 16, 2009 at 7:19 PM, Chris Messina  wrote:
>
> On Apr 16, 2:59 pm, Lachlan Hardy  wrote:
>>
>> > I would definitely support greater disclosure here, but would avoid
>> > the checkbox model of authorizing different levels of access (http://
>> >www.flickr.com/photos/factoryjoe/2601626420/sizes/o/).
>>
>> Why is that? Do you have any evidence against it?
>>
>> My own (limited, informal) testing tells me people feel more in
>> control with checkboxes.
>>
>
> The evidence contrasting your findings is rather significant and,
> AFAIC, indisputable.
>
> Essentially Google and Facebook (maybe Yahoo as well) have all, at
> various times, tried the "checkbox approach to authorization" and
> found that users freak out, run away, call mom, go home and cry when
> presented with such an interface. Without fail. Or rather, with a
> bucket of fail.
>

+1.  As soon as I add another option/checkbox/knob to tweak in one of
my apps, there's an outcry of "it's too complicated" and they never
come back.  I love checkboxes, and there are certainly those that like
to have super control over everything, but I'm afraid we are in the
very very small minority.

I think "Allow" or "Deny" is all that most people will be able to
handle, so having the appropriate copy surrounding those choices is
the key thing.

-Chad

[twitter-dev] Re: Fast140 Dodginess and OAuth Authorization Clarity

[Chris Messina]

On Apr 16, 2:59 pm, Lachlan Hardy  wrote:
>
> > I would definitely support greater disclosure here, but would avoid
> > the checkbox model of authorizing different levels of access (http://
> >www.flickr.com/photos/factoryjoe/2601626420/sizes/o/).
>
> Why is that? Do you have any evidence against it?
>
> My own (limited, informal) testing tells me people feel more in
> control with checkboxes.
>

The evidence contrasting your findings is rather significant and,
AFAIC, indisputable.

Essentially Google and Facebook (maybe Yahoo as well) have all, at
various times, tried the "checkbox approach to authorization" and
found that users freak out, run away, call mom, go home and cry when
presented with such an interface. Without fail. Or rather, with a
bucket of fail.

Streamlining this procedure while also providing sufficient disclosure
about what's happening seems the nearest approximation we can get here
without having the utility of OAuth completely diminished by
interfaces that presume far too much savvy or sophistication on the
part of the user.

Remember, users are busy, often multitasking and rarely stop to fully
think through decisions that they're making on the web. Doing more
work up front to make it so that certain apps only have the ability to
perform certain functions is one important aspect to keeping people
safe (it's not so much that the app itself might do something harmful,
but that a compromised system might use that app to do something
nefarious) — the other is making it easy for people to provide only as
much access as is necessary for the external application to
functional. Minimal access, minimized potential for harm.

For more on some of the authorization research that's been done, check
this out:

http://sites.google.com/site/oauthgoog/oauth-practices/user-interface

Chris

[twitter-dev] Re: acceptable Profile Image Formats

[Alex Payne]

Yes, and going forward, even GIFs won't be allowed, though some remain
in our system.

On Thu, Apr 16, 2009 at 14:55, TjL  wrote:
>
> http://apiwiki.twitter.com/REST+API+Documentation#account/updateprofileimage
> says
>
>> image.  Required.  Must be a valid GIF, JPG, or PNG image
>
> So it's safe to assume that anything I pull out of 
> is going to be either .gif or .jpg or .png?
>
> TjL
>



-- 
Alex Payne - API Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] Re: Fast140 Dodginess and OAuth Authorization Clarity

[Chris Messina]

On Apr 16, 12:21 pm, Chad Etzel  wrote:
>
> Regarding my "buyer beware" comment:
> I do agree that some/most of the onus is on Twitter to communicate
> what exactly is happening (I'm also for stronger language), but users
> do have to use their brains at some point and quit blindly trusting
> everything that turns their mouse into a hand-pointer.

I hate to sound like a curmudgeon, but requiring people to use their
brains is a recipe for disappointment and mild disaster.

It's not that people are dumb per se, it's just that 1) any
sufficiently advanced technology is indistinguishable from magic and
2) most technology looks like magic to people and as a result will
click through any warning screen you toss up to get the prize on the
other side. Why is phishing effective? Exactly.

Now, for the small small percent of users who will review these
screens, I think that they SHOULD be useful and informative.

The funny thing about the way that people plow through user interfaces
is that, once burned, they tend to be a little more hesitant next time
— so if you DO provide useful information to them, someday they might
actually read it.

So, in sum, this comes down to doing the best you can, being as useful
as you can without getting TOO much in the way and then tweak tweak
tweak.

Chris

[twitter-dev] Re: How is lang tracked for queries?

[Matt Sanford]

Fixed it in a deploy today, yes. No need for a bug report.

— Matt

On Apr 16, 2009, at 04:03 PM, stevenic wrote:



Matt... Did you already fix this?  I was going to file a bug on it and
I just noticed that now the "next" and "previous" links contain the
"lang" param.

So do you still need a bug on it for tracking purposes or did you
already add one?

-steve

[twitter-dev] Re: twitter search API calls are requesting basic Auth sometime

[Matt Sanford]

It was a bug. Someone brought up a new host and it snuck into the  
network configurations. We have removed it and the problem should be  
gone.


— Matt

On Apr 16, 2009, at 04:04 PM, Chad Etzel wrote:



Ditto my previous post.  eek.
-Chad

On Thu, Apr 16, 2009 at 6:57 PM, stephane > wrote:


Hi,

from time to time today, calls to the search json API return an auth
request
"Access - Employees only"

Is it a behavior of the API service when overloaded ?
Is it a temporary ?
is there a way to circumvent this ?

Best,

Stephane Philipakis
@sphilipakis

[twitter-dev] Re: sending DM to all followers?

[Jesse Stay]

On Thu, Apr 16, 2009 at 4:58 PM, Chad Etzel  wrote:

>
> On Thu, Apr 16, 2009 at 6:53 PM, Jesse Stay  wrote:
> > Chad, the value is 1) I get to show a token of appreciation for them
> > following me - even if I can't listen to everyone I am at least willing
> to
> > give them the opportunity to be discovered, and most importantly, 2) I
> want
> > them to have the ability to communicate with me via DM if they want to.
>
> Yes, this is the case where I would like to receive DMs from people
> that I am not following.  I do appreciate the people that follow
> everyone back so they can be DM'd, but I imagine it doesn't help those
> people (or you) really follow the core group of people you'd like to
> very closely (tho there are tools for that, which I'm sure you use),
> and I'm sure it puts a hurt on Twitters servers by having to connect
> all those edges on the graph.
>
> Thank you for your explanation.  I think we're all on the same side of
> the argument here, it's just the implementation/practice we're worried
> about.
>

Unfortunately, until Twitter fixes this, I think applications need to have a
responsibility to fix this flaw by offering opt-out for those that don't
want to receive the DMs their apps send out.

Jesse

[twitter-dev] Re: Fast140 Dodginess and OAuth Authorization Clarity

[Chris Messina]

On Apr 16, 1:02 pm, Rod Begbie  wrote:
> On Thu, Apr 16, 2009 at 12:03 PM, Chris Messina 
> wrote:
>
> > 1. create a directory of known/good apps and promote the ones that are
> > "safe" (see Facebook)
>
> I would not necessarily hold Facebook up as a good example of what to do.
>
> It should be noted that Facebook app developers face a swirling mass of ever
> changing rules, restrictions and policies (When you can post to a feed, what
> it can say, what happens when you click a link, etc).  FB have to spend an
> insane amount of time policing applications, and making there a solid
> penalty for violations of policy.
>
> I really don't think Twitter would want to go down this route.

Not what I was suggesting. Only pointing to Facebook's proposed
directory of "trusted applications".

The idea being that there would be SOME editorial involvement from
Twitter or trusted community members to review apps and determine that
they're on the whole seemingly trustworthy.

It'd be a rat's nest, for sure, but something that might be worthwhile
in lieu of actually trying to trust users.

Chris

[twitter-dev] Re: How is lang tracked for queries?

[stevenic]

Matt... Did you already fix this?  I was going to file a bug on it and
I just noticed that now the "next" and "previous" links contain the
"lang" param.

So do you still need a bug on it for tracking purposes or did you
already add one?

-steve

[twitter-dev] Re: Search result pagination bugs

[Chad Etzel]

the query "http filter:links" (which is a bit redundant) is such a
high volume query that I would doubt that the search servers would
ever be able to keep in sync even when things were running up to
speed.

Try with a less traffic'd query like "twitter"

-Chad

On Thu, Apr 16, 2009 at 6:55 PM, stevenic  wrote:
>
> Thanks for the reply Matt...
>
> Just as an FYI...
>
> I updated my code to track duplicates and then did a sample run over a
> 5 minute period that once a minute paged in new results for the query
> "http filter:links"  This resulted in about 11 pages of results each
> minute and over the 11 pages I saw anywhere from 60 - 150 duplicates
> so it's not just 3 or 4.  My concern isn't really around the extra
> updates it's the fact that sometimes updates are missing.
>
> Anyway... It sounds like you guys are working on it and I just thought
> I'd share that data point with you.
>
> -steve
>

[twitter-dev] Re: sending DM to all followers?

[Chad Etzel]

On Thu, Apr 16, 2009 at 6:53 PM, Jesse Stay  wrote:
> Chad, the value is 1) I get to show a token of appreciation for them
> following me - even if I can't listen to everyone I am at least willing to
> give them the opportunity to be discovered, and most importantly, 2) I want
> them to have the ability to communicate with me via DM if they want to.

Yes, this is the case where I would like to receive DMs from people
that I am not following.  I do appreciate the people that follow
everyone back so they can be DM'd, but I imagine it doesn't help those
people (or you) really follow the core group of people you'd like to
very closely (tho there are tools for that, which I'm sure you use),
and I'm sure it puts a hurt on Twitters servers by having to connect
all those edges on the graph.

Thank you for your explanation.  I think we're all on the same side of
the argument here, it's just the implementation/practice we're worried
about.

-Chad

[twitter-dev] Re: twitter search API calls are requesting basic Auth sometime

[Chad Etzel]

Ditto my previous post.  eek.
-Chad

On Thu, Apr 16, 2009 at 6:57 PM, stephane  wrote:
>
> Hi,
>
> from time to time today, calls to the search json API return an auth
> request
> "Access - Employees only"
>
> Is it a behavior of the API service when overloaded ?
> Is it a temporary ?
> is there a way to circumvent this ?
>
> Best,
>
> Stephane Philipakis
> @sphilipakis
>

[twitter-dev] twitter search API calls are requesting basic Auth sometime

[stephane]

Hi,

from time to time today, calls to the search json API return an auth
request
"Access - Employees only"

Is it a behavior of the API service when overloaded ?
Is it a temporary ?
is there a way to circumvent this ?

Best,

Stephane Philipakis
@sphilipakis

[twitter-dev] Re: OAuth and screen name

[djMax]

I'm not sure you don't have the secret for it.  I'm still trying to
understand the tweet# code, but you were supposed to have saved the
"new" secret for that token when you got the original request token
right?  Right now when trying to exchange that secondary oauth_token
for an access token, tweet# isn't passing a secret.

On Apr 16, 6:14 pm, Dossy Shiobara  wrote:
> On 4/16/09 6:02 PM, Abraham Williams wrote:
>
> > the oauth_token you are returned is only good for getting an access
> > token from oauth/access_token. that access token is what lets you act as
> > the user.
>
> Wait, what?  The oauth_token that's returned from the
> _oauth/authenticate_ method is already an Access Token, for which you
> don't have the secret to.
>
> I'm hoping Twitter fixes this somehow.
>
> --
> Dossy Shiobara              | do...@panoptic.com |http://dossy.org/
> Panoptic Computer Network   |http://panoptic.com/
>    "He realized the fastest way to change is to laugh at your own
>      folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] Re: IP Address range

[billbarn42]

OK, will pursue with my hosted server admins. Thanks!

On Apr 15, 8:06 pm, Alex Payne  wrote:
> You're probably better off writing the firewall rule by domain, if
> possible. Our IP ranges are going to change and grow, and they'll be
> hard to keep track of.
>
>
>
> On Tue, Apr 14, 2009 at 15:12, billbarn42  wrote:
>
> > I've got a python script that is monitoring the playlist for our local
> > public radio station, and tweeting when new tracks come up. It is
> > using @wdav as the twitter ID (although that is not relevant to this
> > question...)
>
> > I am using the twitter.py library to wrap the twitter api.
>
> > Runs fine on my local laptop, but when I deployed it to my hosted
> > server I had to tell them an IP address it was posting to so they
> > could implement a firewall rule to let the traffic through. I gave
> > them 128.121.146.100, since that's what comes back from a ping to
> > twitter.com.
>
> > The problem is that it seems the script is frequently trying to use
> > other ip addresses to reach twitter. Is there a range of IP addresses
> > that might be valid Twitter endpoints, that I need to pass on to the
> > hosted server admin team?
>
> > Any help greatly appreciated!
>
> > Bill
>
> --
> Alex Payne - API Lead, Twitter, Inc.http://twitter.com/al3x

[twitter-dev] Re: Search result pagination bugs

[stevenic]

Thanks for the reply Matt...

Just as an FYI...

I updated my code to track duplicates and then did a sample run over a
5 minute period that once a minute paged in new results for the query
"http filter:links"  This resulted in about 11 pages of results each
minute and over the 11 pages I saw anywhere from 60 - 150 duplicates
so it's not just 3 or 4.  My concern isn't really around the extra
updates it's the fact that sometimes updates are missing.

Anyway... It sounds like you guys are working on it and I just thought
I'd share that data point with you.

-steve

[twitter-dev] Re: sending DM to all followers?

[Jesse Stay]

Chad, the value is 1) I get to show a token of appreciation for them
following me - even if I can't listen to everyone I am at least willing to
give them the opportunity to be discovered, and most importantly, 2) I want
them to have the ability to communicate with me via DM if they want to.
 Note that this does not mean I want Sales or marketing messages from them.
 I can't tell you the number of people I've heard get mad because someone
with x number of followers won't follow them back.  I'm just giving them
that good feeling inside that at least I'm willing to try.

However, as we've all said, the downside is the marketers and sales people
and scammers are all taking advantage of this now.  Yes, I unfollow and
block the people that do it, but doing so up to hundreds of times daily is a
huge waste of time!  This is just one way of using Twitter. I chose to use
it this way because I can.  Apps should take this into consideration, be
considerate, and let me (and hundreds of thousands of others) keep using it
this way if I want to by providing opt-out on DMs I don't want to receive.

@Jesse

On Thu, Apr 16, 2009 at 4:26 PM, Chad Etzel  wrote:

>
> Jesse,
>
> If I may ask (and I promise I'm not trying to make this personal, I
> really am just curious), what is the value of following 14,000 people?
>  Surely you know anyone of them could send you a DM at any time?  How
> do you keep up with them all?
>
> Basically, what is your reason for following a large number of people?
> (I have heard answers from other people following large volumes, but I
> am curious about your use-case).
>
> -Chad
>
> On Thu, Apr 16, 2009 at 6:21 PM, Jesse Stay  wrote:
> > On Thu, Apr 16, 2009 at 4:14 PM, Nicole Simon  wrote:
> >>
> >> On Fri, Apr 17, 2009 at 12:04 AM, Jesse Stay 
> wrote:
> 
>  If you don't have the time to do it, then hire somebody to do it.
> >>>
> >>> Am I really hearing this right?  So now *I* have to lose money because
> >>> I'm getting spam??? Yeah right.
> >>
> >> If you do not know how to use the tools, then please use a manual. There
> >> are enough
> >> basic twitter books around.
> >
> > What does that have to do with me paying to stop receiving spam? Oh, you
> > mean purchase your book.
> >
> >>>
> >>> How do I switch off receiving DMs?  I get DMs no matter what.  I can
> turn
> >>> off notifications, but not DMs.
> >>
> >> Twitter really has not a lot of options. If you do not know how to do
> >> that, you obviously never looked.
> >>
> >> http://twitter.com/account/notifications
> >
> > I don't see anywhere on there that says "turn off my DMs".  I see plenty
> of
> > "don't send me e-mail or SMS when I receive DM".  Nothing turns off my
> DMs.
> >>
> >> May I ask what you do on the _developper_ list if you do not even know
> >> this much?
> >
> > Careful taking this argument personal - see my comment above.
> > Jesse
>

[twitter-dev] HALP! Search API requiring employee authorization

[Chad Etzel]

Got several complaints about this from TweetGrid users:

http://twitter.com/VoxAZ/status/1537143626

This can't be good...

-Chad

[twitter-dev] Re: sending DM to all followers?

[Abraham Williams]

I think this thread has run its course.

-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Madison, Wisconsin, United States

[twitter-dev] Re: OAuth and screen name

[Abraham Williams]

I actually miss read djMix and just saw "authorize" and not "authenticate".
That being said when I was testing oauth/authenticate a few days ago I used
the *exact* same code for both oauth/authorize and oauth/authenticate and
both worked implying a return of a request token. It is possible that I was
not paying attention and was using access tokens from an older session
though. I'll double check later tonight.

Abraham

On Thu, Apr 16, 2009 at 17:14, Dossy Shiobara  wrote:

>
> On 4/16/09 6:02 PM, Abraham Williams wrote:
>
>> the oauth_token you are returned is only good for getting an access
>> token from oauth/access_token. that access token is what lets you act as
>> the user.
>>
>
> Wait, what?  The oauth_token that's returned from the _oauth/authenticate_
> method is already an Access Token, for which you don't have the secret to.
>
> I'm hoping Twitter fixes this somehow.
>
>
> --
> Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
> Panoptic Computer Network   | http://panoptic.com/
>  "He realized the fastest way to change is to laugh at your own
>folly -- then you can let go and quickly move on." (p. 70)
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Madison, Wisconsin, United States

[twitter-dev] Re: sending DM to all followers?

[Chad Etzel]

Jesse,

If I may ask (and I promise I'm not trying to make this personal, I
really am just curious), what is the value of following 14,000 people?
 Surely you know anyone of them could send you a DM at any time?  How
do you keep up with them all?

Basically, what is your reason for following a large number of people?
(I have heard answers from other people following large volumes, but I
am curious about your use-case).

-Chad

On Thu, Apr 16, 2009 at 6:21 PM, Jesse Stay  wrote:
> On Thu, Apr 16, 2009 at 4:14 PM, Nicole Simon  wrote:
>>
>> On Fri, Apr 17, 2009 at 12:04 AM, Jesse Stay  wrote:

 If you don't have the time to do it, then hire somebody to do it.
>>>
>>> Am I really hearing this right?  So now *I* have to lose money because
>>> I'm getting spam??? Yeah right.
>>
>> If you do not know how to use the tools, then please use a manual. There
>> are enough
>> basic twitter books around.
>
> What does that have to do with me paying to stop receiving spam? Oh, you
> mean purchase your book.
>
>>>
>>> How do I switch off receiving DMs?  I get DMs no matter what.  I can turn
>>> off notifications, but not DMs.
>>
>> Twitter really has not a lot of options. If you do not know how to do
>> that, you obviously never looked.
>>
>> http://twitter.com/account/notifications
>
> I don't see anywhere on there that says "turn off my DMs".  I see plenty of
> "don't send me e-mail or SMS when I receive DM".  Nothing turns off my DMs.
>>
>> May I ask what you do on the _developper_ list if you do not even know
>> this much?
>
> Careful taking this argument personal - see my comment above.
> Jesse

[twitter-dev] Re: sending DM to all followers?

[Jesse Stay]

On Thu, Apr 16, 2009 at 4:14 PM, Nicole Simon  wrote:

> On Fri, Apr 17, 2009 at 12:04 AM, Jesse Stay  wrote:
>
>> If you don't have the time to do it, then hire somebody to do it.
>>>
>>
>> Am I really hearing this right?  So now *I* have to lose money because I'm
>> getting spam??? Yeah right.
>>
>
> If you do not know how to use the tools, then please use a manual. There
> are enough
> basic twitter books around.
>

What does that have to do with me paying to stop receiving spam? Oh, you
mean purchase your book.


>
>
>> How do I switch off receiving DMs?  I get DMs no matter what.  I can turn
>> off notifications, but not DMs.
>>
>
> Twitter really has not a lot of options. If you do not know how to do that,
> you obviously never looked.
>
> http://twitter.com/account/notifications
>

I don't see anywhere on there that says "turn off my DMs".  I see plenty of
"don't send me e-mail or SMS when I receive DM".  Nothing turns off my DMs.


> May I ask what you do on the _developper_ list if you do not even know this
> much?
>

Careful taking this argument personal - see my comment above.

Jesse

[twitter-dev] Re: OAuth and screen name

[Dossy Shiobara]

On 4/16/09 6:02 PM, Abraham Williams wrote:

the oauth_token you are returned is only good for getting an access
token from oauth/access_token. that access token is what lets you act as
the user.


Wait, what?  The oauth_token that's returned from the 
_oauth/authenticate_ method is already an Access Token, for which you 
don't have the secret to.


I'm hoping Twitter fixes this somehow.

--
Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network   | http://panoptic.com/
  "He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] Re: sending DM to all followers?

[Nicole Simon]

On Fri, Apr 17, 2009 at 12:04 AM, Jesse Stay  wrote:

> If you don't have the time to do it, then hire somebody to do it.
>>
>
> Am I really hearing this right?  So now *I* have to lose money because I'm
> getting spam??? Yeah right.
>

If you do not know how to use the tools, then please use a manual. There are
enough
basic twitter books around.



> How do I switch off receiving DMs?  I get DMs no matter what.  I can turn
> off notifications, but not DMs.
>

Twitter really has not a lot of options. If you do not know how to do that,
you obviously never looked.

http://twitter.com/account/notifications

May I ask what you do on the _developper_ list if you do not even know this
much?


> btw I am in no way saying that I do agree with Mass DM or anything.
>> It is just that you do blame the wrong part of the equation for it.
>>
>
> It certainly sounds like you do.  What auto-DM or mass-DM service are you
> running again?
>

None. As a matter of fact, as the author of the German twitter book it
specifically
states that you are stupid to use such DM and the best way to loose your
followers,
get banned by twitter, and pointed out by people in other systems like
blogs.

also it is one of the things every single customer of mine gets to hear from
me
if they want or not (in the greater scheme of how to do intelligent social
media).

Every single time I do collect twitter users (like for example for the lists
I do
host about twitter users from certain areas in Germany) I do ask
specifically
for an email address which is then processed by double opt in, clearly
marked
as "do you understand that if you click 'inform me about updates you will
receive such notice".

Of course there will always eb people who then complain about getting
such information like yourself, but for people like you there is the "this
is where you unsubscribe from the information you actually requested".

Nicole

-- 
Jetzt im Buchhandel:
"Twitter - Mit 140 Zeichen zum Web 2.0"
Amazon: http://tinyurl.com/6at9c5

http://mit140zeichen.de - http://twitter.com/m140z

Kontakt:
http://twitter.com/NicoleSimon
https://www.xing.com/profile/Nicole_Simon

skype: nicole.simon / mailto:nicole.si...@mit140zeichen.de
phone: +49 451 899 75 03 / mobile: +49 179 499 7076

[twitter-dev] Re: Getting Source Parameter in Java from XML returns "<"

[Abraham Williams]

http://code.google.com/p/twitter-api/issues/detail?id=75

On Thu, Apr 16, 2009 at 16:54, Chad Etzel  wrote:

>
> On Thu, Apr 16, 2009 at 5:11 PM, Travis James
>  wrote:
> >
> > Thank you Doug. That is where I was wrong. Is there anyway to excuse
> > the HTML and just get the Application Name?
>
> I believe they've stated that will happen in API v2.  Right now you
> just have to parse through the HTML to grok out the app name.
>
> -Chad
>
> >
> > On Apr 16, 12:01 pm, Doug Williams  wrote:
> >> Source parameters that come from outside apps are encoded HTML. Are you
> >> accounting for this Travis? See the "source" heading on the Return
> Values
> >> page [1]
> >>
> >> 1.http://apiwiki.twitter.com/Return-Values
> >>
> >> Doug Williams
> >> Twitter API Supporthttp://twitter.com/dougw
> >>
> >> On Thu, Apr 16, 2009 at 9:47 AM, Chad Etzel 
> wrote:
> >>
> >> > On Thu, Apr 16, 2009 at 12:35 PM, Doug Williams 
> wrote:
> >> > > What is the source parameter you are passing with your application?
> >>
> >> > I don't think that's what he's asking.  I think he's having trouble
> >> > parsing the source info of tweets coming from *other* apps.  I looked
> >> > through the Java and didn't really see where it is doing the parsing
> >> > so I must be missing it.  I'm assuming it is looking at XML version of
> >> > the data?  Is this for REST or Search API?
> >> > -Chad
> >>
> >> > > Doug Williams
> >> > > Twitter API Support
> >> > >http://twitter.com/dougw
> >>
> >> > > On Thu, Apr 16, 2009 at 7:34 AM, Travis James <
> >> > deadscene...@hyperhack.com>
> >> > > wrote:
> >>
> >> > >> package jtwitter;
> >>
> >> > >> import java.net.MalformedURLException;
> >> > >> import java.text.ParseException;
> >> > >> import java.text.SimpleDateFormat;
> >> > >> import java.util.Date;
> >> > >> import java.util.Locale;
> >>
> >> > >> public class TwitterEntry {
> >>
> >> > >>// Twitter Entry Nodes (each corresponds to a XML node with
> the
> >> > >> same
> >> > >> name)
> >> > >>public static final String CREATED_AT = "created_at";
> >> > >>public static final String ID = "id";
> >> > >>public static final String TEXT = "text";
> >> > >>public static final String SOURCE = "source";
> >>
> >> > >>private Date createdAt;
> >> > >>private int id;
> >> > >>private String text;
> >> > >>private String source;
> >> > >>private TwitterUser user;
> >>
> >> > >>//This is currently the date format used by twitter
> >> > >>public static final String TWITTER_DATE_FORMAT = "EEE MMM dd
> >> > >> kk:mm:ss
> >> > >> Z ";
> >>
> >> > >>public TwitterEntry(Date createdAt, int id, String text,
> String
> >> > >> source, TwitterUser user) {
> >> > >>super();
> >> > >>this.createdAt = createdAt;
> >> > >>this.id = id;
> >> > >>this.text = text;
> >> > >>this.source = source;
> >> > >>this.user = user;
> >> > >>}
> >>
> >> > >>public TwitterEntry() {
> >> > >>this.user = new TwitterUser();
> >> > >>}
> >>
> >> > >>public Date getCreatedAt()
> >> > >>{
> >> > >>return createdAt;
> >> > >>}
> >>
> >> > >>public void setCreatedAt(Date createdAt)
> >> > >>{
> >> > >>this.createdAt = createdAt;
> >> > >>}
> >>
> >> > >>public int getId()
> >> > >>{
> >> > >>return id;
> >> > >>}
> >>
> >> > >>public void setId(int id)
> >> > >>{
> >> > >>this.id = id;
> >> > >>}
> >>
> >> > >>public String getText()
> >> > >>{
> >> > >>return text;
> >> > >>}
> >>
> >> > >>public void setText(String text)
> >> > >>{
> >> > >>this.text = text;
> >> > >>}
> >>
> >> > >>public String getSource()
> >> > >>{
> >> > >>return source;
> >> > >>}
> >>
> >> > >>public void setSource(String source)
> >> > >>{
> >> > >>this.source = source;
> >> > >>}
> >>
> >> > >>public TwitterUser getUser()
> >> > >>{
> >> > >>return user;
> >> > >>}
> >>
> >> > >>public void setUser(TwitterUser user)
> >> > >>{
> >> > >>this.user = user;
> >> > >>}
> >>
> >> > >>@Override
> >> > >>public int hashCode()
> >> > >>{
> >> > >>final int PRIME = 31;
> >> > >>int result = 1;
> >> > >>result = PRIME * result + id;
> >> > >>return result;
> >> > >>}
> >>
> >> > >>@Override
> >> > >>public boolean equals(Object obj)
> >> > >>{
> >> > >>if (this == obj)
> >> > >>return true;
> >> > >>if (obj == null)
> >> > >

[twitter-dev] Re: sending DM to all followers?

[Jesse Stay]

On Thu, Apr 16, 2009 at 4:02 PM, Nicole Simon  wrote:

> On Thu, Apr 16, 2009 at 11:59 PM, Jesse Stay  wrote:
>
>> Apps have an ethical responsibility to provide opt-out, plain and simple
>> if they're going to enable the sending of mass-DMs in any way.  I didn't
>> opt-into getting sales advertisements from the people I follow when I joined
>> Twitter.
>>
>
> It is never about the responsible ones, it is always about the stupid ones.
>
> Even if opt out is required, then people will pay people to write the DM
> per hand as there is money to make.
> DM is like email and should be handled the same way.
>
> And btw why it is okay for you to have a gazillion apps with an optout but
> you cannot set up filters to filter out those messages?
>

That's a separate issue. Twitter needs to provide more data to allow filters
and people will write them (and my service, SocialToo, is very much working
on this).  Forcing the source field and the ability to tell what app sent a
DM is one of those steps I'd like to see.  Categorization of users is
another.

Regardless, it's an ethical responsibility for apps to provide opt-out if
they're going to submit us users to this.  I already know users stopping
their use of Twitter because of this type of activity.

Jesse

[twitter-dev] Re: sending DM to all followers?

[Chad Etzel]

On Thu, Apr 16, 2009 at 5:59 PM, Jesse Stay  wrote:
>  I didn't opt-into getting sales advertisements from the
>  people I follow when I joined Twitter.

Uh, yes you did.  Following somebody = opt-in to receive *whatever*
they want to send you.  If the value of the crap they DM or tweet at
you decreases, unfollow them.  You can also follow people through RSS,
or Search, or on TweetGrid in a group, all w/o officially following
them on twitter

-Chad

[twitter-dev] Re: sending DM to all followers?

[TjL]

@TwitReport has, until today, auto-followed anyone who followed it,
for functionality of the app (basically, being able to get a DM with
some basic information about your new follower).

In the last few days apparently it ended up on some "list" of
auto-followers, and I saw about 50 new followers, about half of whom
sent some spammy bull-patty nonsense to me via DM in the guise of a
"Hey, thanks for the follow WANT TO MAKE MONEY" etc.

I don't think most of them were even using the service, they just
wanted to be able to get their message out by any means necessary.

So now @TwitReport doesn't auto-follow, and the usefulness is
decreased, all because some people have to piss all over everything by
turning it into some marketing tool.

For what it's worth.

TjL

[twitter-dev] Re: sending DM to all followers?

[Jesse Stay]

On Thu, Apr 16, 2009 at 4:00 PM, Nicole Simon  wrote:

>
>
> On Thu, Apr 16, 2009 at 11:34 PM, guruvan  wrote:
>
>>
>> Dossy, not this doesn't work for me. I don't really a) have time or b)
>> want to unfollow a new follower (and likely new user of twitter)
>> because of poor first judgement. I would like to simply opt-out of
>> those types of messages. At even just a couple thousand followers, I
>> get so many of those a day I can't see my "real" DMs from people I
>> wish to talk to.
>
>
> If you don't have the time to do it, then hire somebody to do it.
>

Am I really hearing this right?  So now *I* have to lose money because I'm
getting spam??? Yeah right.


>
> Or don't follow people and make better judegement.


I have my own way of using Twitter - why should the spammers dictate this
for me? The minute I lose this control is the minute Twitter loses its value
for me.


> And again; You can switch off receiving DMs.
>

How do I switch off receiving DMs?  I get DMs no matter what.  I can turn
off notifications, but not DMs.

btw I am in no way saying that I do agree with Mass DM or anything.
> It is just that you do blame the wrong part of the equation for it.
>

It certainly sounds like you do.  What auto-DM or mass-DM service are you
running again?

Jesse

[twitter-dev] Re: sending DM to all followers?

[Nicole Simon]

On Thu, Apr 16, 2009 at 11:59 PM, Jesse Stay  wrote:

> Apps have an ethical responsibility to provide opt-out, plain and simple if
> they're going to enable the sending of mass-DMs in any way.  I didn't
> opt-into getting sales advertisements from the people I follow when I joined
> Twitter.
>

It is never about the responsible ones, it is always about the stupid ones.

Even if opt out is required, then people will pay people to write the DM per
hand as there is money to make.
DM is like email and should be handled the same way.

And btw why it is okay for you to have a gazillion apps with an optout but
you cannot set up filters to filter out those messages?

Nicole

[twitter-dev] Re: OAuth and screen name

[Abraham Williams]

the oauth_token you are returned is only good for getting an access token
from oauth/access_token. that access token is what lets you act as the user.

On Thu, Apr 16, 2009 at 16:36, djMax  wrote:

>
> Ok got it.  This explains more.  So when I call authenticate (rather
> than authorize) I get back the original oauth_token I was given in
> authorize.  The thing I'm not getting is how is this authenticated?
> Anybody could find this token somewhere and then just become the user
> in question right?
>
> On Apr 16, 5:32 pm, Matt Sanford  wrote:
> > Hi there,
> >
> >  I recommend calling verify_credentials with your new token to
> > verify the user in question. The screen_name was added as a
> > convenience method because there were a great many complaints about
> > have to do yet another round trip for the screen_name.
> >
> > Thanks;
> >— Matt Sanford
> >
> > On Apr 16, 2009, at 02:11 PM, djMax wrote:
> >
> >
> >
> > > Sorry if this is a noob question, but how can we verify the
> > > screen_name of an OAuth token?  It would seem that having it only out
> > > of band as a query arg means it's subject to spoofing right?  Not sure
> > > how I build secure site login with the core identifier may not match
> > > the token I'm given.
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Madison, Wisconsin, United States

[twitter-dev] Re: sending DM to all followers?

[bmoreslumwatch]

Please don't mess with Twitter and turn it into "just another"
communication tool.  We don't want to mass DM our followers, and we
certainly don't want them mass DM-ing us.  If they can't say what they
want to say to us in 140 characters or less, they can go to the
website and contact us that way.

PLEASE don't create a mass DM feature.  We can't imagine anything
worse.

BSLW

On Apr 16, 5:41 pm, guruvan  wrote:
> I use services to block auto-DMs. If I receive unsolicited links, I
> not only unfollow the user, I block them. I will encourage EVERYONE I
> know to do the same. IIRC the twitter spam policy say thatif enough
> users block you you will have your account suspended.
>
> I will be suggesting to people that they actively start blocking
> anyone and everyone who sends them unsolicited marketing messages
> and / or links via DM.
>
> That's obviously the only way to combat spammers.
>
> It's amazing to see that you people somehow think that because it's a
> DM on twitter it's not spam just like the same junk would be in my
> email.
>
> Mass DMing is one of the things that is dropping the value of a)
> followers and b) bothering with an account on twitter.
>
> On Apr 16, 5:25 pm, Peter Denton  wrote:
>
> > Dont follow the person, they can DM you. Dossy already said this. Twitter
> > has built in preventative controls called un follow.
> > The cost of losing a followers is greater the gain of DM'ing them. If
> > someone wants to DM all of their followers, their should be a relative value
> > to the user. I have done it when everyone was getting something specific to
> > them.  If they dont like it, they can un-follow me.
>
> > On Thu, Apr 16, 2009 at 2:15 PM, emergingtech  wrote:
>
> > > There are plenty of available media sources that support mass
> > > advertising and there is no need to add Twitter to the list.
>
> > > Please bury this idea.
> > > @emergingtech
>
> > > On Apr 14, 4:24 pm, Alex  wrote:
> > > > I'm wondering if there is a way - or if you would consider adding a
> > > > way - to send a DM to all followers via the API?
>
> > > > Obviously we could grab the followers list and iterate over it to send
> > > > the DM to all, though that could require thousands of API calls
> > > > depending on the user. (And could therefore take hours to do with the
> > > > 100 API query/hour limit.)
>
> > --
> > Peter M. Dentonwww.twibs.com
> > i...@twibs.com
>
> > Twibs makes Top 20 apps on Twitter -http://tinyurl.com/bopu6c

[twitter-dev] Re: sending DM to all followers?

[Nicole Simon]

On Thu, Apr 16, 2009 at 11:34 PM, guruvan  wrote:

>
> Dossy, not this doesn't work for me. I don't really a) have time or b)
> want to unfollow a new follower (and likely new user of twitter)
> because of poor first judgement. I would like to simply opt-out of
> those types of messages. At even just a couple thousand followers, I
> get so many of those a day I can't see my "real" DMs from people I
> wish to talk to.


If you don't have the time to do it, then hire somebody to do it.

Or don't follow people and make better judegement.

And again; You can switch off receiving DMs.

You can provide a link to a contact form with your website.

You can even put up your email address in your profile
as the picture.

You have all the tools but you want somebody else to do the
work for you.

btw I am in no way saying that I do agree with Mass DM or anything.
It is just that you do blame the wrong part of the equation for it.

Nicole

[twitter-dev] Re: Fast140 Dodginess and OAuth Authorization Clarity

[Lachlan Hardy]

> The current language "to access and update your data on Twitter" is so
> vague as to be meaningless.

Agreed.

> I would definitely support greater disclosure here, but would avoid
> the checkbox model of authorizing different levels of access (http://
> www.flickr.com/photos/factoryjoe/2601626420/sizes/o/).

Why is that? Do you have any evidence against it?

My own (limited, informal) testing tells me people feel more in
control with checkboxes.

> Instead, you should allow the application developer to pick the
> appropriate API access level it needs (read only, posting, friending,
> direct messaging, all access) and then provide that language to the
> user upon authorization.

You mean, like the Flickr example, yeah?
http://www.flickr.com/photos/factoryjoe/3295727080/sizes/o/

My preferred implementation would not have them as 'levels', but as
'options'. They're different components or aspects of the
functionality.

Some apps need to change your profile, but most don't. Some apps need
to send tweets but not do anything else. Some apps need access to
everything. I'm building an app at the moment where all I need is to
know you own the account. Anything else is superfluous to my needs,
but any user that authorises my app will be giving me the valet key to
the kingdom.

I want to be able to pick the options my app needs in order to work to
fullest effect, and display them to the user as checkboxes. In my
OAuth admin panel, I indicate which functionality is required and
which are just 'nice-to-haves'. Twitter presents the form to the user
as options and indicates which are required for the app. User picks
want they want and validation determines if they meet the minimum for
my app.

I think OAuth tends to have the exact opposite user experience problem
as OpenID. OpenID needs to be faster with less options, whereas OAuth
is rushed and doesn't offer the user enough involvement.


I realise the above is far more work than simply stronger wording on
authorisation form, but I think something of that nature offers a far
superior experience for our customers.

Lachlan Hardy

[twitter-dev] Re: sending DM to all followers?

[Dossy Shiobara]

On 4/16/09 5:34 PM, guruvan wrote:

Unfollow is the wrong choice.


True.  "Block" is more appropriate, but "unfollow" was my more gentle 
suggestion.


--
Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network   | http://panoptic.com/
  "He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] Re: sending DM to all followers?

[Jesse Stay]

Apps that provide this capability have the responsibility to let us opt-out.
I don't see the problem here. If people don't want to receive DMs from your
app, why should they have to. Plain and simple.  I follow people not to
receive marketing DMs from them, but rather so they can communicate with me,
real communication.  If I had to unfollow every single person that did this,
I wouldn't have any time to get anything else done - it's annoying, and
making Twitter worthless to me as a user.
Apps have an ethical responsibility to provide opt-out, plain and simple if
they're going to enable the sending of mass-DMs in any way.  I didn't
opt-into getting sales advertisements from the people I follow when I joined
Twitter.

I don't see what the problem is here - what's so wrong with providing an
opt-out feature?  Is there any way we can get this in the Terms of Use Alex
(Payne)?

Jesse

On Thu, Apr 16, 2009 at 3:49 PM, Nicole Simon  wrote:

> On Thu, Apr 16, 2009 at 11:42 PM, Ed Costello wrote:
>
>> I'm fine with getting DM'd by *people* I follow.  But I don't expect to
>> get DM'd by @cnnbrk or @jetblue unless I'm directly engaging them.  There's
>> no granularity to separate getting DM'd by a friend I follow from DM'd by a
>> bot powering a corporate account.
>
>
> Then why are you following those 'bots powered by corporate account' so
> that they can DM you?
> Especially since every twitter account is also available by RSS?
>
> Alternately, if you want the ability to spam DM everyone who follows a
>> given account, then there must be a corresponding feature to block DMs from
>> accounts one follows.
>>
>
> It is called don't follow but read the content elsewhere.
>
> You can't have the cake and eat it.
>
> Do you really think twitter as a company should spend their dev time in
> making separation which are down to each person to decide rather than
> keeping the system running?
>
> If you want that feature, build a system which retrieves all your DMS and
> allows you to set them as 'friends' and 'bad bots' and only let those
> through which you want to see.
>
> Again: this is not a twitter problem, but a usage tool.
>
> Nicole
>
>
>
>
>

[twitter-dev] Re: Sign in with Twitter

[Abraham Williams]

An idea is to have the oauth/authorize page display login/don't login
instead of accept/deny if the user has already approved the application.

On Thu, Apr 16, 2009 at 16:29, djMax  wrote:

>
> Did this stop working?  All of the sudden I'm getting 500 server
> errors back.  Was working ok 15 minutes ago.
>
> On Apr 16, 12:52 pm, Doug Williams  wrote:
> > Matt has deployed our answer for one click login. It requires only a
> small
> > change to the normal Twitter OAuth workflow and is documented here:
> >
> > http://apiwiki.twitter.com/Sign-in-with-Twitter
> >
> > This is the perfect tool for web applications wanting to offer users the
> > ability to sign in with a Twitter account and a single mouse click. We
> want
> > to see it in the wild so please let us know if you roll this out in your
> > application.
> >
> > Thanks,
> > Doug Williams
> > Twitter API Supporthttp://twitter.com/dougw
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.

[twitter-dev] Re: sending DM to all followers?

[guruvan]

Stevenic,

If I received one, just one tiny little DM from each one of my
followers, every day, I would get more than 30 times the amount of
spam that my email gets. And I've had that same email account (not
this one) for over 10years. Why should I be subjected to every
"twitter secrets" marketing message under the sun?

On Apr 16, 3:41 am, stevenic  wrote:
> Jesse, so what is it about mass DMs that bugs you?  Just curious?  You
> would only recieve one DM and it would look like any other DM. So
> what's the issue?
>
> I agree with Chad though...  There's already a way to do this
> Update your status...   I know where you're going with this feature
> though and what you really want is groups.  But that's just not the
> Twitter way...
>
> -steve

[twitter-dev] Re: Getting Source Parameter in Java from XML returns "<"

[Doug Williams]

No, you will have to parse that client-side.

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Thu, Apr 16, 2009 at 2:11 PM, Travis James wrote:

>
> Thank you Doug. That is where I was wrong. Is there anyway to excuse
> the HTML and just get the Application Name?
>
> On Apr 16, 12:01 pm, Doug Williams  wrote:
> > Source parameters that come from outside apps are encoded HTML. Are you
> > accounting for this Travis? See the "source" heading on the Return Values
> > page [1]
> >
> > 1.http://apiwiki.twitter.com/Return-Values
> >
> > Doug Williams
> > Twitter API Supporthttp://twitter.com/dougw
> >
> > On Thu, Apr 16, 2009 at 9:47 AM, Chad Etzel  wrote:
> >
> > > On Thu, Apr 16, 2009 at 12:35 PM, Doug Williams 
> wrote:
> > > > What is the source parameter you are passing with your application?
> >
> > > I don't think that's what he's asking.  I think he's having trouble
> > > parsing the source info of tweets coming from *other* apps.  I looked
> > > through the Java and didn't really see where it is doing the parsing
> > > so I must be missing it.  I'm assuming it is looking at XML version of
> > > the data?  Is this for REST or Search API?
> > > -Chad
> >
> > > > Doug Williams
> > > > Twitter API Support
> > > >http://twitter.com/dougw
> >
> > > > On Thu, Apr 16, 2009 at 7:34 AM, Travis James <
> > > deadscene...@hyperhack.com>
> > > > wrote:
> >
> > > >> package jtwitter;
> >
> > > >> import java.net.MalformedURLException;
> > > >> import java.text.ParseException;
> > > >> import java.text.SimpleDateFormat;
> > > >> import java.util.Date;
> > > >> import java.util.Locale;
> >
> > > >> public class TwitterEntry {
> >
> > > >>// Twitter Entry Nodes (each corresponds to a XML node with
> the
> > > >> same
> > > >> name)
> > > >>public static final String CREATED_AT = "created_at";
> > > >>public static final String ID = "id";
> > > >>public static final String TEXT = "text";
> > > >>public static final String SOURCE = "source";
> >
> > > >>private Date createdAt;
> > > >>private int id;
> > > >>private String text;
> > > >>private String source;
> > > >>private TwitterUser user;
> >
> > > >>//This is currently the date format used by twitter
> > > >>public static final String TWITTER_DATE_FORMAT = "EEE MMM dd
> > > >> kk:mm:ss
> > > >> Z ";
> >
> > > >>public TwitterEntry(Date createdAt, int id, String text,
> String
> > > >> source, TwitterUser user) {
> > > >>super();
> > > >>this.createdAt = createdAt;
> > > >>this.id = id;
> > > >>this.text = text;
> > > >>this.source = source;
> > > >>this.user = user;
> > > >>}
> >
> > > >>public TwitterEntry() {
> > > >>this.user = new TwitterUser();
> > > >>}
> >
> > > >>public Date getCreatedAt()
> > > >>{
> > > >>return createdAt;
> > > >>}
> >
> > > >>public void setCreatedAt(Date createdAt)
> > > >>{
> > > >>this.createdAt = createdAt;
> > > >>}
> >
> > > >>public int getId()
> > > >>{
> > > >>return id;
> > > >>}
> >
> > > >>public void setId(int id)
> > > >>{
> > > >>this.id = id;
> > > >>}
> >
> > > >>public String getText()
> > > >>{
> > > >>return text;
> > > >>}
> >
> > > >>public void setText(String text)
> > > >>{
> > > >>this.text = text;
> > > >>}
> >
> > > >>public String getSource()
> > > >>{
> > > >>return source;
> > > >>}
> >
> > > >>public void setSource(String source)
> > > >>{
> > > >>this.source = source;
> > > >>}
> >
> > > >>public TwitterUser getUser()
> > > >>{
> > > >>return user;
> > > >>}
> >
> > > >>public void setUser(TwitterUser user)
> > > >>{
> > > >>this.user = user;
> > > >>}
> >
> > > >>@Override
> > > >>public int hashCode()
> > > >>{
> > > >>final int PRIME = 31;
> > > >>int result = 1;
> > > >>result = PRIME * result + id;
> > > >>return result;
> > > >>}
> >
> > > >>@Override
> > > >>public boolean equals(Object obj)
> > > >>{
> > > >>if (this == obj)
> > > >>return true;
> > > >>if (obj == null)
> > > >>return false;
> > > >>if (getClass() != obj.getClass())
> > > >>return false;
> > > >>final TwitterEntry other = (TwitterEntry) obj;
> > > >>if (id != other.id)
> > > >>return false;
> > 

[twitter-dev] acceptable Profile Image Formats

[TjL]

http://apiwiki.twitter.com/REST+API+Documentation#account/updateprofileimage
says

> image.  Required.  Must be a valid GIF, JPG, or PNG image

So it's safe to assume that anything I pull out of 
is going to be either .gif or .jpg or .png?

TjL

[twitter-dev] Re: sending DM to all followers?

[guruvan]

Dossy, not this doesn't work for me. I don't really a) have time or b)
want to unfollow a new follower (and likely new user of twitter)
because of poor first judgement. I would like to simply opt-out of
those types of messages. At even just a couple thousand followers, I
get so many of those a day I can't see my "real" DMs from people I
wish to talk to.

Unfollow is the wrong choice.

On Apr 15, 7:55 am, Dossy Shiobara  wrote:
> On 4/15/09 5:31 AM, Jesse Stay wrote:
>
> > Please, if you do this, provide an opt-out so those that don't want to
> > receive the mass dms don't have to receive them.  I wish more apps would
> > do this, for both mass-dm and auto-dm.
>
> Opt-out = unfollow.  Twitter's already provided the mechanism.
>
> --
> Dossy Shiobara              | do...@panoptic.com |http://dossy.org/
> Panoptic Computer Network   |http://panoptic.com/
>    "He realized the fastest way to change is to laugh at your own
>      folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] Re: sending DM to all followers?

[guruvan]

I use services to block auto-DMs. If I receive unsolicited links, I
not only unfollow the user, I block them. I will encourage EVERYONE I
know to do the same. IIRC the twitter spam policy say thatif enough
users block you you will have your account suspended.

I will be suggesting to people that they actively start blocking
anyone and everyone who sends them unsolicited marketing messages
and / or links via DM.

That's obviously the only way to combat spammers.

It's amazing to see that you people somehow think that because it's a
DM on twitter it's not spam just like the same junk would be in my
email.

Mass DMing is one of the things that is dropping the value of a)
followers and b) bothering with an account on twitter.

On Apr 16, 5:25 pm, Peter Denton  wrote:
> Dont follow the person, they can DM you. Dossy already said this. Twitter
> has built in preventative controls called un follow.
> The cost of losing a followers is greater the gain of DM'ing them. If
> someone wants to DM all of their followers, their should be a relative value
> to the user. I have done it when everyone was getting something specific to
> them.  If they dont like it, they can un-follow me.
>
>
>
>
>
> On Thu, Apr 16, 2009 at 2:15 PM, emergingtech  wrote:
>
> > There are plenty of available media sources that support mass
> > advertising and there is no need to add Twitter to the list.
>
> > Please bury this idea.
> > @emergingtech
>
> > On Apr 14, 4:24 pm, Alex  wrote:
> > > I'm wondering if there is a way - or if you would consider adding a
> > > way - to send a DM to all followers via the API?
>
> > > Obviously we could grab the followers list and iterate over it to send
> > > the DM to all, though that could require thousands of API calls
> > > depending on the user. (And could therefore take hours to do with the
> > > 100 API query/hour limit.)
>
> --
> Peter M. Dentonwww.twibs.com
> i...@twibs.com
>
> Twibs makes Top 20 apps on Twitter -http://tinyurl.com/bopu6c

[twitter-dev] Re: Sign in with Twitter

[djMax]

Did this stop working?  All of the sudden I'm getting 500 server
errors back.  Was working ok 15 minutes ago.

On Apr 16, 12:52 pm, Doug Williams  wrote:
> Matt has deployed our answer for one click login. It requires only a small
> change to the normal Twitter OAuth workflow and is documented here:
>
> http://apiwiki.twitter.com/Sign-in-with-Twitter
>
> This is the perfect tool for web applications wanting to offer users the
> ability to sign in with a Twitter account and a single mouse click. We want
> to see it in the wild so please let us know if you roll this out in your
> application.
>
> Thanks,
> Doug Williams
> Twitter API Supporthttp://twitter.com/dougw

[twitter-dev] Re: sending DM to all followers?

[guruvan]

Please don't do this in any way shape or form. It's bad manners, bad
form, and straight up spamming.

On Apr 14, 7:24 pm, Alex  wrote:
> I'm wondering if there is a way - or if you would consider adding a
> way - to send a DM to all followers via the API?
>
> Obviously we could grab the followers list and iterate over it to send
> the DM to all, though that could require thousands of API calls
> depending on the user. (And could therefore take hours to do with the
> 100 API query/hour limit.)

[twitter-dev] Re: sending DM to all followers?

[guruvan]

Doug,

What kind of use case do you think that would be acceptable in? I
simply can't imagine one that's not going to be spam.

On Apr 14, 7:46 pm, Doug Williams  wrote:
> Alex,
> That sounds very spamish although there are certainly some use cases where
> it is acceptable. Proceed with caution when sending mass DMs.  Ensure the
> messages you are sending are relevant and of value to your followers.
>
> Doug Williams
> Twitter API Supporthttp://twitter.com/dougw
>
>
>
> On Tue, Apr 14, 2009 at 4:41 PM, Chad Etzel  wrote:
>
> > I believe that's called "Tweeting"
> > -Chad
>
> > On Tue, Apr 14, 2009 at 7:24 PM, Alex  wrote:
>
> > > I'm wondering if there is a way - or if you would consider adding a
> > > way - to send a DM to all followers via the API?
>
> > > Obviously we could grab the followers list and iterate over it to send
> > > the DM to all, though that could require thousands of API calls
> > > depending on the user. (And could therefore take hours to do with the
> > > 100 API query/hour limit.)

[twitter-dev] Re: sending DM to all followers?

[mrboilermaker]

Even as a marketer, and someone who uses social media in marketing
efforts I am not in favor of mass DMing. If people are actively
interested in what I have to say they will follow me (or my company) -
if I have an event, webinar, product release, whatever to promote I
update my status and it is in my time line - as soon as we marketers
start pushing things down peoples throats we could possibly kill a
great tool like twitter.

just my .02

@mrboilermaker

[twitter-dev] Re: OAuth and screen name

[djMax]

Ok got it.  This explains more.  So when I call authenticate (rather
than authorize) I get back the original oauth_token I was given in
authorize.  The thing I'm not getting is how is this authenticated?
Anybody could find this token somewhere and then just become the user
in question right?

On Apr 16, 5:32 pm, Matt Sanford  wrote:
> Hi there,
>
>      I recommend calling verify_credentials with your new token to  
> verify the user in question. The screen_name was added as a  
> convenience method because there were a great many complaints about  
> have to do yet another round trip for the screen_name.
>
> Thanks;
>    — Matt Sanford
>
> On Apr 16, 2009, at 02:11 PM, djMax wrote:
>
>
>
> > Sorry if this is a noob question, but how can we verify the
> > screen_name of an OAuth token?  It would seem that having it only out
> > of band as a query arg means it's subject to spoofing right?  Not sure
> > how I build secure site login with the core identifier may not match
> > the token I'm given.

[twitter-dev] Re: sending DM to all followers?

[jmoline]

Yeah, I have to agree with the above post by Nicole.

Believe it or not, the fact that some people don't want this is an
argument for it, because it demonstrates that there is a difference
between simply "updating your status" (as others have suggested as an
alternative) and DMing all followers.

As for it being unpractical to unfollow them because you have so many
users, well, that's a cost of the approach to twitter that advocates
following a bunch of people to build up your own follower list (for
the record, there's nothing wrong with that approach, I'm just
saying).

James

On Apr 16, 2:35 pm, Nicole Simon  wrote:
> On Thu, Apr 16, 2009 at 11:12 PM, ray  wrote:
>
> > I'm with Jesse on this one
>
> This is like giving somebody the key to the house and then complain
> that people can 'just' get into the house.
>
> If you don't want to be DMed by certain people, dont follow them.
> If you do get something from them, unfollow.
>
> Use Optout lists from Services who offer them like tweetlater.
>
> write a skript which will unfollow everyone who dm's you.
>
> Choose not to receive dm.
>
> Or set up a filter in your email programm to spam certain DM automatically.
>
> At the end of the day it all boils down to: If you follow people, they can
> DM you, period. If you dont like it, be more selective about who you
> follow.
>
> Nicole

[twitter-dev] Re: Getting Source Parameter in Java from XML returns "<"

[Chad Etzel]

On Thu, Apr 16, 2009 at 5:11 PM, Travis James
 wrote:
>
> Thank you Doug. That is where I was wrong. Is there anyway to excuse
> the HTML and just get the Application Name?

I believe they've stated that will happen in API v2.  Right now you
just have to parse through the HTML to grok out the app name.

-Chad

>
> On Apr 16, 12:01 pm, Doug Williams  wrote:
>> Source parameters that come from outside apps are encoded HTML. Are you
>> accounting for this Travis? See the "source" heading on the Return Values
>> page [1]
>>
>> 1.http://apiwiki.twitter.com/Return-Values
>>
>> Doug Williams
>> Twitter API Supporthttp://twitter.com/dougw
>>
>> On Thu, Apr 16, 2009 at 9:47 AM, Chad Etzel  wrote:
>>
>> > On Thu, Apr 16, 2009 at 12:35 PM, Doug Williams  wrote:
>> > > What is the source parameter you are passing with your application?
>>
>> > I don't think that's what he's asking.  I think he's having trouble
>> > parsing the source info of tweets coming from *other* apps.  I looked
>> > through the Java and didn't really see where it is doing the parsing
>> > so I must be missing it.  I'm assuming it is looking at XML version of
>> > the data?  Is this for REST or Search API?
>> > -Chad
>>
>> > > Doug Williams
>> > > Twitter API Support
>> > >http://twitter.com/dougw
>>
>> > > On Thu, Apr 16, 2009 at 7:34 AM, Travis James <
>> > deadscene...@hyperhack.com>
>> > > wrote:
>>
>> > >> package jtwitter;
>>
>> > >> import java.net.MalformedURLException;
>> > >> import java.text.ParseException;
>> > >> import java.text.SimpleDateFormat;
>> > >> import java.util.Date;
>> > >> import java.util.Locale;
>>
>> > >> public class TwitterEntry {
>>
>> > >>        // Twitter Entry Nodes (each corresponds to a XML node with the
>> > >> same
>> > >> name)
>> > >>        public static final String CREATED_AT = "created_at";
>> > >>        public static final String ID = "id";
>> > >>        public static final String TEXT = "text";
>> > >>        public static final String SOURCE = "source";
>>
>> > >>        private Date createdAt;
>> > >>        private int id;
>> > >>        private String text;
>> > >>        private String source;
>> > >>        private TwitterUser user;
>>
>> > >>        //This is currently the date format used by twitter
>> > >>        public static final String TWITTER_DATE_FORMAT = "EEE MMM dd
>> > >> kk:mm:ss
>> > >> Z ";
>>
>> > >>        public TwitterEntry(Date createdAt, int id, String text, String
>> > >> source, TwitterUser user) {
>> > >>                super();
>> > >>                this.createdAt = createdAt;
>> > >>                this.id = id;
>> > >>                this.text = text;
>> > >>                this.source = source;
>> > >>                this.user = user;
>> > >>        }
>>
>> > >>        public TwitterEntry() {
>> > >>                this.user = new TwitterUser();
>> > >>        }
>>
>> > >>        public Date getCreatedAt()
>> > >>        {
>> > >>                return createdAt;
>> > >>        }
>>
>> > >>        public void setCreatedAt(Date createdAt)
>> > >>        {
>> > >>                this.createdAt = createdAt;
>> > >>        }
>>
>> > >>        public int getId()
>> > >>        {
>> > >>                return id;
>> > >>        }
>>
>> > >>        public void setId(int id)
>> > >>        {
>> > >>                this.id = id;
>> > >>        }
>>
>> > >>        public String getText()
>> > >>        {
>> > >>                return text;
>> > >>        }
>>
>> > >>        public void setText(String text)
>> > >>        {
>> > >>                this.text = text;
>> > >>        }
>>
>> > >>        public String getSource()
>> > >>        {
>> > >>                return source;
>> > >>        }
>>
>> > >>        public void setSource(String source)
>> > >>        {
>> > >>                this.source = source;
>> > >>        }
>>
>> > >>        public TwitterUser getUser()
>> > >>        {
>> > >>                return user;
>> > >>        }
>>
>> > >>        public void setUser(TwitterUser user)
>> > >>        {
>> > >>                this.user = user;
>> > >>        }
>>
>> > >>       �...@override
>> > >>        public int hashCode()
>> > >>        {
>> > >>                final int PRIME = 31;
>> > >>                int result = 1;
>> > >>                result = PRIME * result + id;
>> > >>                return result;
>> > >>        }
>>
>> > >>       �...@override
>> > >>        public boolean equals(Object obj)
>> > >>        {
>> > >>                if (this == obj)
>> > >>                        return true;
>> > >>                if (obj == null)
>> > >>                        return false;
>> > >>                if (getClass() != obj.getClass())
>> > >>                        return false;
>> > >>                final TwitterEntry other = (TwitterEntry) obj;
>> > >>                if (id != other.id)
>> > >>                        return false;
>> > >>                return true;
>> > >>        }
>>
>> > >>        public void addAttribute(String key, String

[twitter-dev] Re: sending DM to all followers?

[Chad Etzel]

While I don't condone mass DMs (disclosure: i have a "twitter groups"
site that actually allows ppl to DM to groups of people, but not all
of their followers), I'm kind of on the other side of the fence here.

I wish there was a mechanism that would allow people to DM me that I
*don't* follow.

I want people to be able to reach me via DM w/o having to add them to
my "following" and clutter up my timeline.  Having a public
back-and-forth

userA: "@jazzychad can you follow me so i can DM you?"
me: "@userA i'd rather you email me instead"
userA: "@jazzychad ok, what's your email?"
me: "@userA if you weren't an idiot you could find it in the bio link
on my twitter profile"

Dunno, maybe it's just me, but I don't want to have to follow a
billion people to make it easy for them to ask me something privately.

At any rate, if you don't want auto-DMs from somebody, just unfollow
them.  If you're too busy to unfollow somebody, you should just quit
the internet entirely.

-Chad

On Thu, Apr 16, 2009 at 5:42 PM, Ed Costello  wrote:
> On Thu, Apr 16, 2009 at 5:35 PM, Nicole Simon  wrote:
>>
>> If you don't want to be DMed by certain people, dont follow them.
>> If you do get something from them, unfollow.
>
> I'm fine with getting DM'd by *people* I follow.  But I don't expect to get
> DM'd by @cnnbrk or @jetblue unless I'm directly engaging them.  There's no
> granularity to separate getting DM'd by a friend I follow from DM'd by a bot
> powering a corporate account.
> Alternately, if you want the ability to spam DM everyone who follows a given
> account, then there must be a corresponding feature to block DMs from
> accounts one follows.
>
> --
> -ed costello
> @epc
>
>

[twitter-dev] Re: sending DM to all followers?

[Nicole Simon]

On Thu, Apr 16, 2009 at 11:42 PM, Ed Costello  wrote:

> I'm fine with getting DM'd by *people* I follow.  But I don't expect to get
> DM'd by @cnnbrk or @jetblue unless I'm directly engaging them.  There's no
> granularity to separate getting DM'd by a friend I follow from DM'd by a bot
> powering a corporate account.


Then why are you following those 'bots powered by corporate account' so that
they can DM you?
Especially since every twitter account is also available by RSS?

Alternately, if you want the ability to spam DM everyone who follows a given
> account, then there must be a corresponding feature to block DMs from
> accounts one follows.
>

It is called don't follow but read the content elsewhere.

You can't have the cake and eat it.

Do you really think twitter as a company should spend their dev time in
making separation which are down to each person to decide rather than
keeping the system running?

If you want that feature, build a system which retrieves all your DMS and
allows you to set them as 'friends' and 'bad bots' and only let those
through which you want to see.

Again: this is not a twitter problem, but a usage tool.

Nicole

[twitter-dev] Re: OAuth and screen name

[Dossy Shiobara]

On 4/16/09 5:11 PM, djMax wrote:

Sorry if this is a noob question, but how can we verify the
screen_name of an OAuth token?  It would seem that having it only out
of band as a query arg means it's subject to spoofing right?  Not sure
how I build secure site login with the core identifier may not match
the token I'm given.


Right, that's why I keep saying that the callback URL needs to be signed 
... so the consumer can protect against tampering of the request.



--
Dossy Shiobara  | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network   | http://panoptic.com/
  "He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)

[twitter-dev] Re: sending DM to all followers?

[Ed Costello]

On Thu, Apr 16, 2009 at 5:35 PM, Nicole Simon  wrote:

> If you don't want to be DMed by certain people, dont follow them.
> If you do get something from them, unfollow.
>

I'm fine with getting DM'd by *people* I follow.  But I don't expect to get
DM'd by @cnnbrk or @jetblue unless I'm directly engaging them.  There's no
granularity to separate getting DM'd by a friend I follow from DM'd by a bot
powering a corporate account.
Alternately, if you want the ability to spam DM everyone who follows a given
account, then there must be a corresponding feature to block DMs from
accounts one follows.

-- 
-ed costello
@epc

[twitter-dev] Re: sending DM to all followers?

[Abraham Williams]

For me Twitter is a *person* to *person* communication service. Mass DMs
don't fit into that model in a useful way. To stray from this would in my
view be the beginning of the end.

Abraham

On Thu, Apr 16, 2009 at 16:35, Nicole Simon  wrote:

>
>
> On Thu, Apr 16, 2009 at 11:12 PM, ray  wrote:
>
>>
>> I'm with Jesse on this one
>
>
> This is like giving somebody the key to the house and then complain
> that people can 'just' get into the house.
>
> If you don't want to be DMed by certain people, dont follow them.
> If you do get something from them, unfollow.
>
> Use Optout lists from Services who offer them like tweetlater.
>
> write a skript which will unfollow everyone who dm's you.
>
> Choose not to receive dm.
>
> Or set up a filter in your email programm to spam certain DM automatically.
>
> At the end of the day it all boils down to: If you follow people, they can
> DM you, period. If you dont like it, be more selective about who you
> follow.
>
> Nicole
>



-- 
Abraham Williams | http://the.hackerconundrum.com
Hacker | http://abrah.am | http://twitter.com/abraham
Web608 | Community Evangelist | http://web608.org
This email is: [ ] blogable [x] ask first [ ] private.

[twitter-dev] Re: sending DM to all followers?

[Nicole Simon]

On Thu, Apr 16, 2009 at 11:12 PM, ray  wrote:

>
> I'm with Jesse on this one


This is like giving somebody the key to the house and then complain
that people can 'just' get into the house.

If you don't want to be DMed by certain people, dont follow them.
If you do get something from them, unfollow.

Use Optout lists from Services who offer them like tweetlater.

write a skript which will unfollow everyone who dm's you.

Choose not to receive dm.

Or set up a filter in your email programm to spam certain DM automatically.

At the end of the day it all boils down to: If you follow people, they can
DM you, period. If you dont like it, be more selective about who you
follow.

Nicole

[twitter-dev] Re: OAuth and screen name

[Matt Sanford]

Hi there,

I recommend calling verify_credentials with your new token to  
verify the user in question. The screen_name was added as a  
convenience method because there were a great many complaints about  
have to do yet another round trip for the screen_name.


Thanks;
  — Matt Sanford

On Apr 16, 2009, at 02:11 PM, djMax wrote:



Sorry if this is a noob question, but how can we verify the
screen_name of an OAuth token?  It would seem that having it only out
of band as a query arg means it's subject to spoofing right?  Not sure
how I build secure site login with the core identifier may not match
the token I'm given.

[twitter-dev] Re: Sign in with Twitter

[Doug Williams]

Allen,
OAuth is the third-party authorization protocol that we have decided to
embrace. You can search the group's archives [1] for past discussion on
OpenID and the Twitter API.

1.
http://groups.google.com/group/twitter-development-talk/search?group=twitter-development-talk&q=openid&qt_g=Search+this+group

Doug Williams
Twitter API Support
http://twitter.com/dougw


On Thu, Apr 16, 2009 at 12:51 PM, Allen Tom  wrote:

>
> On Apr 16, 9:52 am, Doug Williams  wrote:
> > Matt has deployed our answer for one click login. It requires only a
> small
> > change to the normal Twitter OAuth workflow and is documented here:
> >
> > http://apiwiki.twitter.com/Sign-in-with-Twitter
> >
> > This is the perfect tool for web applications wanting to offer users the
> > ability to sign in with a Twitter account and a single mouse click. We
> want
> > to see it in the wild so please let us know if you roll this out in your
> > application.
> >
>
> Hi Doug,
>
> Signing into websites using your Twitter account is an awesome idea,
> Twitter accounts would make fantastic portable identities that can be
> used to sign into 3rd party sites. Most sites using using Facebook
> Connect or OpenID really just want your profile, follower graph, and
> the ability to receive viral referral traffic by writing to your
> activity stream.
>
> OAuth is great for 3rd party applications that are built on top of
> Twitter, however, I'm not sure if it's appropriate to use OAuth token
> for Signing In to a website, because it allows that site to spam your
> followers by tweeting on your behalf. Using OpenID is safer for Sign-
> in, because OpenID would allow Twitter users to verify their Twitter
> identity, and share their Twitter Profile and Follower Graph (by
> scraping the microformats on the Twitter Profile Page), without having
> to authorize access to their Twitter account. If Twitter users sign in
> with OpenID, 3rd party sites could still generate viral referral
> traffic by giving users a UI to preview and approve the tweet, by
> opening a modal dialog or popup that reuses the user's twitter browser
> session to tweet.
>
> Allen
>

[twitter-dev] Re: Sign in with Twitter

[Matt Sanford]

Hello again,

We've discussed OpenID but adding it is not something we can do  
in the near-term. With OAuth just out the door we felt like this was a  
better user experience than have to continually re-display the Accept/ 
Deny dialog. I'm looking into a few issues raised in this thread that  
may change how the API works slightly. Let me repeat that on a line  
all it's own so people see it:


WERP WERP WERP. Change alert! Danger! Danger, Will Robinson.

I am reviewing this discussion and based on the security/ 
usability feedback I may need to change how this new method works. In  
the case of security it may be a change that breaks the current  
behavior and may be done with very little notice. I encourage people  
to try out the new system but keep it beta until I can confirm we're  
not going to have to alter it significantly.


Thanks;
  — Matt

On Apr 16, 2009, at 12:51 PM, Allen Tom wrote:



On Apr 16, 9:52 am, Doug Williams  wrote:
Matt has deployed our answer for one click login. It requires only  
a small

change to the normal Twitter OAuth workflow and is documented here:

http://apiwiki.twitter.com/Sign-in-with-Twitter

This is the perfect tool for web applications wanting to offer  
users the
ability to sign in with a Twitter account and a single mouse click.  
We want
to see it in the wild so please let us know if you roll this out in  
your

application.



Hi Doug,

Signing into websites using your Twitter account is an awesome idea,
Twitter accounts would make fantastic portable identities that can be
used to sign into 3rd party sites. Most sites using using Facebook
Connect or OpenID really just want your profile, follower graph, and
the ability to receive viral referral traffic by writing to your
activity stream.

OAuth is great for 3rd party applications that are built on top of
Twitter, however, I'm not sure if it's appropriate to use OAuth token
for Signing In to a website, because it allows that site to spam your
followers by tweeting on your behalf. Using OpenID is safer for Sign-
in, because OpenID would allow Twitter users to verify their Twitter
identity, and share their Twitter Profile and Follower Graph (by
scraping the microformats on the Twitter Profile Page), without having
to authorize access to their Twitter account. If Twitter users sign in
with OpenID, 3rd party sites could still generate viral referral
traffic by giving users a UI to preview and approve the tweet, by
opening a modal dialog or popup that reuses the user's twitter browser
session to tweet.

Allen

[twitter-dev] Re: sending DM to all followers?

[Peter Denton]

Dont follow the person, they can DM you. Dossy already said this. Twitter
has built in preventative controls called un follow.
The cost of losing a followers is greater the gain of DM'ing them. If
someone wants to DM all of their followers, their should be a relative value
to the user. I have done it when everyone was getting something specific to
them.  If they dont like it, they can un-follow me.

On Thu, Apr 16, 2009 at 2:15 PM, emergingtech  wrote:

>
> There are plenty of available media sources that support mass
> advertising and there is no need to add Twitter to the list.
>
> Please bury this idea.
> @emergingtech
>
> On Apr 14, 4:24 pm, Alex  wrote:
> > I'm wondering if there is a way - or if you would consider adding a
> > way - to send a DM to all followers via the API?
> >
> > Obviously we could grab the followers list and iterate over it to send
> > the DM to all, though that could require thousands of API calls
> > depending on the user. (And could therefore take hours to do with the
> > 100 API query/hour limit.)
>



-- 
Peter M. Denton
www.twibs.com
i...@twibs.com

Twibs makes Top 20 apps on Twitter - http://tinyurl.com/bopu6c

[twitter-dev] Re: Getting Source Parameter in Java from XML returns "<"

[Travis James]

Thank you Doug. That is where I was wrong. Is there anyway to excuse
the HTML and just get the Application Name?

On Apr 16, 12:01 pm, Doug Williams  wrote:
> Source parameters that come from outside apps are encoded HTML. Are you
> accounting for this Travis? See the "source" heading on the Return Values
> page [1]
>
> 1.http://apiwiki.twitter.com/Return-Values
>
> Doug Williams
> Twitter API Supporthttp://twitter.com/dougw
>
> On Thu, Apr 16, 2009 at 9:47 AM, Chad Etzel  wrote:
>
> > On Thu, Apr 16, 2009 at 12:35 PM, Doug Williams  wrote:
> > > What is the source parameter you are passing with your application?
>
> > I don't think that's what he's asking.  I think he's having trouble
> > parsing the source info of tweets coming from *other* apps.  I looked
> > through the Java and didn't really see where it is doing the parsing
> > so I must be missing it.  I'm assuming it is looking at XML version of
> > the data?  Is this for REST or Search API?
> > -Chad
>
> > > Doug Williams
> > > Twitter API Support
> > >http://twitter.com/dougw
>
> > > On Thu, Apr 16, 2009 at 7:34 AM, Travis James <
> > deadscene...@hyperhack.com>
> > > wrote:
>
> > >> package jtwitter;
>
> > >> import java.net.MalformedURLException;
> > >> import java.text.ParseException;
> > >> import java.text.SimpleDateFormat;
> > >> import java.util.Date;
> > >> import java.util.Locale;
>
> > >> public class TwitterEntry {
>
> > >>        // Twitter Entry Nodes (each corresponds to a XML node with the
> > >> same
> > >> name)
> > >>        public static final String CREATED_AT = "created_at";
> > >>        public static final String ID = "id";
> > >>        public static final String TEXT = "text";
> > >>        public static final String SOURCE = "source";
>
> > >>        private Date createdAt;
> > >>        private int id;
> > >>        private String text;
> > >>        private String source;
> > >>        private TwitterUser user;
>
> > >>        //This is currently the date format used by twitter
> > >>        public static final String TWITTER_DATE_FORMAT = "EEE MMM dd
> > >> kk:mm:ss
> > >> Z ";
>
> > >>        public TwitterEntry(Date createdAt, int id, String text, String
> > >> source, TwitterUser user) {
> > >>                super();
> > >>                this.createdAt = createdAt;
> > >>                this.id = id;
> > >>                this.text = text;
> > >>                this.source = source;
> > >>                this.user = user;
> > >>        }
>
> > >>        public TwitterEntry() {
> > >>                this.user = new TwitterUser();
> > >>        }
>
> > >>        public Date getCreatedAt()
> > >>        {
> > >>                return createdAt;
> > >>        }
>
> > >>        public void setCreatedAt(Date createdAt)
> > >>        {
> > >>                this.createdAt = createdAt;
> > >>        }
>
> > >>        public int getId()
> > >>        {
> > >>                return id;
> > >>        }
>
> > >>        public void setId(int id)
> > >>        {
> > >>                this.id = id;
> > >>        }
>
> > >>        public String getText()
> > >>        {
> > >>                return text;
> > >>        }
>
> > >>        public void setText(String text)
> > >>        {
> > >>                this.text = text;
> > >>        }
>
> > >>        public String getSource()
> > >>        {
> > >>                return source;
> > >>        }
>
> > >>        public void setSource(String source)
> > >>        {
> > >>                this.source = source;
> > >>        }
>
> > >>        public TwitterUser getUser()
> > >>        {
> > >>                return user;
> > >>        }
>
> > >>        public void setUser(TwitterUser user)
> > >>        {
> > >>                this.user = user;
> > >>        }
>
> > >>       �...@override
> > >>        public int hashCode()
> > >>        {
> > >>                final int PRIME = 31;
> > >>                int result = 1;
> > >>                result = PRIME * result + id;
> > >>                return result;
> > >>        }
>
> > >>       �...@override
> > >>        public boolean equals(Object obj)
> > >>        {
> > >>                if (this == obj)
> > >>                        return true;
> > >>                if (obj == null)
> > >>                        return false;
> > >>                if (getClass() != obj.getClass())
> > >>                        return false;
> > >>                final TwitterEntry other = (TwitterEntry) obj;
> > >>                if (id != other.id)
> > >>                        return false;
> > >>                return true;
> > >>        }
>
> > >>        public void addAttribute(String key, String value)
> > >>                throws ParseException, MalformedURLException {
>
> > >>                if(key.equals(CREATED_AT))
> > >>                        this.setCreatedAt(makeDate(value));
> > >>                else if(key.equals(ID))
> > >>                        this.setId(Integer.parseInt(value));
> > >>                else if (key.equals(

[twitter-dev] Re: sending DM to all followers?

[ray]

I'm with Jesse on this one

On Apr 16, 10:03 pm, Jesse Stay  wrote:
> stevenic, after so many followers, that one DM cascades into hundreds.  I
> don't want my DM box filled with people wanting to sell me stuff.  I want
> the choice to control that - I don't want the marketers controlling that.
> I'm surprised there aren't more people here speaking out against this.
> Jesse
>
> On Thu, Apr 16, 2009 at 1:41 AM, stevenic  wrote:
>
> > Jesse, so what is it about mass DMs that bugs you?  Just curious?  You
> > would only recieve one DM and it would look like any other DM. So
> > what's the issue?
>
> > I agree with Chad though...  There's already a way to do this
> > Update your status...   I know where you're going with this feature
> > though and what you really want is groups.  But that's just not the
> > Twitter way...
>
> > -steve

[twitter-dev] OAuth and screen name

[djMax]

Sorry if this is a noob question, but how can we verify the
screen_name of an OAuth token?  It would seem that having it only out
of band as a query arg means it's subject to spoofing right?  Not sure
how I build secure site login with the core identifier may not match
the token I'm given.

[twitter-dev] Re: sending DM to all followers?

[emergingtech]

There are plenty of available media sources that support mass
advertising and there is no need to add Twitter to the list.

Please bury this idea.
@emergingtech

On Apr 14, 4:24 pm, Alex  wrote:
> I'm wondering if there is a way - or if you would consider adding a
> way - to send a DM to all followers via the API?
>
> Obviously we could grab the followers list and iterate over it to send
> the DM to all, though that could require thousands of API calls
> depending on the user. (And could therefore take hours to do with the
> 100 API query/hour limit.)

[twitter-dev] Re: "in reply to" metadata missing for manual replies

[tcdent]

I'm adding my opinion to this thread after a little bit of back-and-
forth with @simX and @KuraFire on Twitter the other day. 140
characters is just not enough to convey a complete argument.

This change of functionality has turned a feature that was in a
definite gray area, to black and white. The application is no longer
assuming a user's intentions (possibly incorrectly), but requiring
them to assign the additional data if they wish. Yes, it takes
additional effort to create additional information, but saving and
displaying assumed-to-be-correct information as fact is wrong.

When you create a new message in Apple Mail (or any other mainstream
mail client I'm aware of) it is not automatically marked as a reply to
the last message you received.  You have to specify which message you
are replying to, and have the choice to start a new thread by replying
to nothing at all. Your solution does not provide this as an option.
All messages prefixed by a username will be treated like a reply with
no way to opt-out.

Your suggestion to include multiple posts on all an individual status
pages is conventionally incorrect. A direct link should only show one
status: the one you asked for. However, Twitter could take advantage
of the 100% accurate metadata present in the new reply functionality
and create conversation pages showing the thread. This, and any other
application taking advantage of the metadata, would be broken if it
contained the false positives your solution introduces.

Travis Dent
@tcdent

[twitter-dev] Re: Sign in with Twitter

[Allen Tom]

On Apr 16, 9:52 am, Doug Williams  wrote:
> Matt has deployed our answer for one click login. It requires only a small
> change to the normal Twitter OAuth workflow and is documented here:
>
> http://apiwiki.twitter.com/Sign-in-with-Twitter
>
> This is the perfect tool for web applications wanting to offer users the
> ability to sign in with a Twitter account and a single mouse click. We want
> to see it in the wild so please let us know if you roll this out in your
> application.
>

Hi Doug,

Signing into websites using your Twitter account is an awesome idea,
Twitter accounts would make fantastic portable identities that can be
used to sign into 3rd party sites. Most sites using using Facebook
Connect or OpenID really just want your profile, follower graph, and
the ability to receive viral referral traffic by writing to your
activity stream.

OAuth is great for 3rd party applications that are built on top of
Twitter, however, I'm not sure if it's appropriate to use OAuth token
for Signing In to a website, because it allows that site to spam your
followers by tweeting on your behalf. Using OpenID is safer for Sign-
in, because OpenID would allow Twitter users to verify their Twitter
identity, and share their Twitter Profile and Follower Graph (by
scraping the microformats on the Twitter Profile Page), without having
to authorize access to their Twitter account. If Twitter users sign in
with OpenID, 3rd party sites could still generate viral referral
traffic by giving users a UI to preview and approve the tweet, by
opening a modal dialog or popup that reuses the user's twitter browser
session to tweet.

Allen

[twitter-dev] Re: Setting user for statuses/show

[Dr. Drang]

*I* am not posting the user's credentials, the browser is. And I've
never had to know how. the statuses/friends_timeline and statuses/
mentions calls have always just worked with no need for me to fiddle
with credentials in the JavaScript.

I've learned that problem can be fixed by inserting the line

  $.post("http://twitter.com/statuses/update.json";, { status: ""});

just before the getJSON line. Doing so makes the statuses/show call
return the proper favorited value, and it doesn't create a new tweet
because Twitter ignores blank tweets. But this seems very kludgy, and
I'd like to know how to do it right.


On Apr 16, 2:28 pm, Chad Etzel  wrote:
> How are you posting the user's credentials to the
> /favorites/(create/destroy) calls?  And how are you avoiding the
> cross-domain ajax limitation?
> -Chad
>
>
>
> On Thu, Apr 16, 2009 at 2:35 PM, Dr. Drang  wrote:
>
> > I'm writing a Twitter webapp using jQuery. One of the features is the
> > ability to toggle the Favorite status of a tweet. The function looks
> > like this:
>
> > function toggleFavorite(msg_id) {
> >  $.getJSON("http://twitter.com/statuses/show/"; + msg_id + ".json",
> >    function(data){
> >      if (data.favorited) {
> >        $.post('http://twitter.com/favorites/destroy/'+ msg_id +
> > '.json',
> >          {id:msg_id},
> >          function(post_return){
> >            $('#msg-' + msg_id + ' a.favorite').css('color', 'black');
> >          }
> >        );
> >      }
> >      else {
> >        $.post('http://twitter.com/favorites/create/'+ msg_id +
> > '.json',
> >          {id:msg_id},
> >          function(post_return){
> >            $('#msg-' + msg_id + ' a.favorite').css('color', 'red');
> >          }
> >        );
> >      }
> >    }
> >  );
> > }
>
> > This used to work fine. But recently (I don't know when it started and
> > I don't know whether it's due to a change in the API or a change I
> > made elsewhere in my code) the "favorited" field began to always
> > return false, even if the tweet had been favorited by the user. The
> > getJSON call seems to be behaving like
>
> >    curlhttp://twitter.com/statuses/show/msg_id.json
>
> > instead of
>
> >    curl -u user:passwordhttp://twitter.com/statuses/show/msg_id.json
>
> > Is there some way to incorporate the user's Twitter ID into the
> > getJSON call to statuses/show?

[twitter-dev] Re: sending DM to all followers?

[Jesse Stay]

stevenic, after so many followers, that one DM cascades into hundreds.  I
don't want my DM box filled with people wanting to sell me stuff.  I want
the choice to control that - I don't want the marketers controlling that.
I'm surprised there aren't more people here speaking out against this.
Jesse

On Thu, Apr 16, 2009 at 1:41 AM, stevenic  wrote:

>
> Jesse, so what is it about mass DMs that bugs you?  Just curious?  You
> would only recieve one DM and it would look like any other DM. So
> what's the issue?
>
> I agree with Chad though...  There's already a way to do this
> Update your status...   I know where you're going with this feature
> though and what you really want is groups.  But that's just not the
> Twitter way...
>
> -steve
>

[twitter-dev] Re: multiple tokens for the same user/application

[Mario Menti]

On Thu, Apr 16, 2009 at 8:17 PM, Doug Williams  wrote:

> Marlo,
> You should currently only have one working token per user per application.
> There is an open issue [1] that will allow multiple tokens per user per
> application.
>
> 1. http://code.google.com/p/twitter-api/issues/detail?id=372
>

Hi Doug - thanks for this.

Strangely, and I just tested this again to make sure, I can update the same
user's status, from the same application, using 2 different tokens - both
status updates work.

BTW, the reason I have multiple tokens is that in my scenario, giving access
to a twitter account doesn't really work on the application level, but on a
feed level (this is twitterfeed.com we're talking about). So if twitterfeed
user "A" gives access to twitterfeed for twitter account "twitterA", this
access should not mean that any other twitterfeed user can now get
twitterfeed to post to that "twitterA" account, but only the user/feed that
authorised it.

The easiest way around this for me is to tie the tokens to individual feeds
rather than twitter accounts (although there are other/ potentially better
but more complex ways around it if necessary), but this assumes that twitter
will allow multiple tokens for the same account.

Cheers,
Mario.

[twitter-dev] Re: Fast140 Dodginess and OAuth Authorization Clarity

[Rod Begbie]

On Thu, Apr 16, 2009 at 12:03 PM, Chris Messina wrote:

> 1. create a directory of known/good apps and promote the ones that are
> "safe" (see Facebook)


(Not speaking on behalf of my employer)

I would not necessarily hold Facebook up as a good example of what to do.

It should be noted that Facebook app developers face a swirling mass of ever
changing rules, restrictions and policies (When you can post to a feed, what
it can say, what happens when you click a link, etc).  FB have to spend an
insane amount of time policing applications, and making there a solid
penalty for violations of policy.

I really don't think Twitter would want to go down this route.


> 2. layer in social awareness into the authorization screen so people
> have a better sense whether to trust an app
>
> Here's my mockup for #2:
>
> http://www.flickr.com/photos/factoryjoe/3448360090/
>

Pretty cool.  I'd support something like that.
Rod.

-- 
:: Rod Begbie :: http://groovymother.com/ ::

[twitter-dev] Re: Fast140 Dodginess and OAuth Authorization Clarity

[Chad Etzel]

On Thu, Apr 16, 2009 at 3:55 PM, Rod Begbie  wrote:
> On Thu, Apr 16, 2009 at 12:21 PM, Chad Etzel  wrote:
>>
>> Thinking along these lines... what if, in the "Connections" tab, each
>> user were able to rate each app they've authorized on a 1-5 star
>> scale?  Then the auth page could show the average rating by users, or
>> something like that...?
>
> Only if there isn't a public API method for authorized apps to rate
> themselves as 5 stars ;)
> Rod.

Darn, you foiled my evil plot! :)
-chad

[twitter-dev] Re: Em-dash, accented characters in updates: Failed to validate...

[Isaac]

Looks like it's working perfectly now. Thanks guys.

-Isaac

On Apr 14, 11:53 am, Matt Sanford  wrote:
> Hey Abraham,
>
>      Checkout the dreaded issue 433 as we found out there is a bug in  
> that RESERVED_CHARACTERS depending on the $KCODE variable.
>
> Thanks;
>    — Matt
>
> On Apr 14, 2009, at 11:35 AM, Abraham Williams wrote:
>
> > I'll try to have a look at this tonight.
>
> > Abraham
>
> > On Fri, Apr 10, 2009 at 19:02, Matt Sanford  wrote:
> > Hi Isaac,
>
> >     The change we implemented seems to have fixed people using a  
> > newer version of the Ruby oauth gem but it sounds like it may have  
> > broken some other libraries. My guess is that there is an encoding  
> > normalization difference between the PHP library and the newest Ruby  
> > version right NOW. The spec does have some normalization information  
> > [1] [2] and it seems like the Ruby code is doing that work via [3]:
>
> > def escape(value)
> >     URI::escape(value.to_s, OAuth::RESERVED_CHARACTERS)
> > end
>
> > And that constant is defined as:
>
> > # reserved character regexp, per section 5.1
> > RESERVED_CHARACTERS = /[^\w\d\-\.\_\~]/
>
> >     I know Abraham reads this Google Group so perhaps he and I can  
> > get together on Monday and compare some pre-signature strings  
> > between Ruby and PHP to figure out what's going on. If you see this  
> > Abraham drop me an email otherwise you can expect one from me on  
> > Monday to sort this out.
>
> > Thanks;
> >   — Matt
>
> > [1] -http://oauth.net/core/1.0/#anchor14
> > [2] -http://oauth.net/core/1.0/#encoding_parameters
> > [3] 
> > -http://github.com/mojodna/oauth/blob/dbd946790a882d91fb111ba64331de00...
> > [4] 
> > -http://github.com/mojodna/oauth/blob/dbd946790a882d91fb111ba64331de00...
>
> > On Apr 10, 2009, at 03:47 PM, Isaac wrote:
>
> >> Hi,
>
> >> I've been using the em-dash when posting status updates, and
> >> apparently this now causes the Twitter API to return "Failed to
> >> validate..." errors. This just started happening within the last  
> >> 24-48
> >> hours.
>
> >> I am using OAuth (specifically, the PHP library written by Abraham
> >> Williams), and my site ishttp://dora.fm.
>
> >> I noticed in the API changelog that accented characters -- and I'm
> >> assuming, characters like the em-dash -- have supposedly been
> >> "fixed" (Fixed (OAuth): Accented characters in statuses were causing
> >> signature error for OAuth clients. This has been corrected.)
>
> >> But I'm finding that this is broken NOW and was working fine before.
>
> >> Suggestions?
>
> >> Thanks.
>
> > --
> > Abraham Williams |http://the.hackerconundrum.com
> > Hacker |http://abrah.am|http://twitter.com/abraham
> > Web608 | Community Evangelist |http://web608.org
> > This email is: [ ] blogable [x] ask first [ ] private.
> > Sent from Madison, Wisconsin, United States

[twitter-dev] Re: Fast140 Dodginess and OAuth Authorization Clarity

[Rod Begbie]

On Thu, Apr 16, 2009 at 12:21 PM, Chad Etzel  wrote:

> Thinking along these lines... what if, in the "Connections" tab, each
> user were able to rate each app they've authorized on a 1-5 star
> scale?  Then the auth page could show the average rating by users, or
> something like that...?


Only if there isn't a public API method for authorized apps to rate
themselves as 5 stars ;)

Rod.

-- 
:: Rod Begbie :: http://groovymother.com/ ::

[twitter-dev] Re: Fast140 Dodginess and OAuth Authorization Clarity

[Rod Begbie]

Yeah, but I think giving people a little bit of a scare is exactly the right
thing to do.  It wasn't until I was writing my first email that I realised
that an authorized app could change my display name and avatar, or block
followers!
Ideally, I would like there to be finer-grained permissions for developers
to request.  If I created an app that, say, updated users' Location based on
FireEagle, it would be nice to only request the "Update Location"
permission, and give users the assurance that I won't tweet as them.  This
would also mean that a compromised database of tokens couldn't be used for
(as much) evil.

(I'd still let it be an all-or-nothing decision for end users to Approve or
Deny)

Rod.

On Thu, Apr 16, 2009 at 8:53 AM, Matt Sanford  wrote:

> Hi there,
> My initial wording for the pages was much stronger and the biggest
> complaint during testing was that it scared people off … so I obviously side
> with stronger language. In the light of how people are using OAuth it seems
> like we need something more. I'll talk with the product folks and see if we
> can't find some middle-ground. Thanks for the feedback everybody.
>
> Thanks;
>   — Matt Sanford / @mzsanford
>
> On Apr 15, 2009, at 08:27 PM, Rod Begbie wrote:
>
> There are two separate questions here:
> 1) Should Twitter make the language on the Authorization page clearer as to
> exactly what an app can do if you click "Approve".  This gives the user some
> amount of a hint at what can happen.  I'd push wholeheartedly for this, as
> the current distinction of "read and update" versus "read" are easy to miss.
>
> 2) Should Twitter introduce a policy/TOS document on expected behaviour for
> apps?  I'd hope for at least a wiki page that can be pointed to as "Things
> that will get your app deauthorized".  This is a policy/community change
> request, not a code one.
>
> Rod.
>
> On Wed, Apr 15, 2009 at 8:09 PM, Chad Etzel  wrote:
>
>>
>> Again with the "OAuth does not prevent a bad app form being bad"
>> point.  All this same stuff can be done with Basic Auth apps.  The
>> point here is that users can prevent further badness by going to their
>> "Connections" tab and revoking the access tokens.
>>
>> No, this doesn't solve the "what happens when I initially authorize
>> this app" problem.
>>
>> imho, "buyer beware".
>> -Chad
>>
>> On Wed, Apr 15, 2009 at 10:51 PM, Abraham Williams <4bra...@gmail.com>
>> wrote:
>> > My thoughts are not having a good enough notice is bad form and users
>> will
>> > start gravitating away from apps with bad form and better competition
>> comes
>> > out.
>> >
>> > But yes. I think it would be good for Twitter to make an official
>> statement
>> > and include it somewhere that that sort of misdirection is frowned upon.
>> >
>> > Abraham
>> >
>> > On Wed, Apr 15, 2009 at 21:21, Cameron Kaiser 
>> wrote:
>> >>
>> >> > From a user expectatins perspective, I'd suggest that the Twitter
>> OAuth
>> >> > dialog also add a bullet list of what "access and update your data"
>> >> > means
>> >> > (like Flickr does) to prevent further surprises.  I'm not sure users
>> >> > appreciate that an authorised app can:
>> >> >
>> >> > * Post and delete tweets in your name
>> >> > * Add and remove users you are following
>> >> > * Block and unblock users
>> >> > * Change your name, email address, location, avatar or description
>> >> >
>> >> > Thoughts?
>> >>
>> >> This is an excellent point.
>> >>
>> >> --
>> >>  personal:
>> >> http://www.cameronkaiser.com/ --
>> >>  Cameron Kaiser * Floodgap Systems * www.floodgap.com *
>> >> ckai...@floodgap.com
>> >> -- Sarcasm is a spiritual gift. -- Paul Austin
>> >> 
>> >
>> >
>> >
>> > --
>> > Abraham Williams | http://the.hackerconundrum.com
>> > Hacker | http://abrah.am | http://twitter.com/abraham
>> > Web608 | Community Evangelist | http://web608.org
>> > This email is: [ ] blogable [x] ask first [ ] private.
>> > Sent from Madison, Wisconsin, United States
>>
>
>
>
> --
> :: Rod Begbie :: http://groovymother.com/ ::
>
>
>


-- 
:: Rod Begbie :: http://groovymother.com/ ::