[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
>Need to verify that the parameters are signed by both consumer secret and
access secret.
I am doing that already. For example, when I call
http://twitter.com/statuses/friends_timeline.json, I pass
consumerSecret, tokenSecret...
Using the JS library, it looks like this to get the signature:
var accessor = { consumerSecret: this.consumerSecret
, tokenSecret : };
var message = { method: "GET"
, action: "http://twitter.com/statuses/friends_timeline.json";
, parameters: new Array()
};
message.parameters.push(["oauth_consumer_key",this.consumerKey]);
message.parameters.push(["oauth_version","1.0"]);
message.parameters.push(["oauth_timestamp", OAuth.timestamp()]);
message.parameters.push(["oauth_nonce", OAuth.nonce(11)]);
message.parameters.push(["oauth_signature_method", "HMAC-SHA1"]);
message.parameters.push(["oauth_token", ]);
OAuth.SignatureMethod.sign(message, accessor);
var signature = OAuth.getParameter(message.parameters,
"oauth_signature");
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
I have found the problem in the library I am using: First, a Twitter request object is created. Second, a signature is generated. Third, params are then added to the request object. This addition of the params after the signing invalidates the signature. All params need to be added before signing. Unfortunately this appears to require quite a bit of rework.
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
I have found the problem in the Perl library I am using.
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
I dont think it has any bug (i have not verified this fix yet). I think the fix is actually for this problem http://groups.google.com/group/twitter-development-talk/browse_thread/thread/a195ea9b9952e297/9f4b9249f9ff96be?lnk=gst&q=consumer+secret#9f4b9249f9ff96be Need to verify that the parameters are signed by both consumer secret and access secret. On Tue, Jul 28, 2009 at 11:44 AM, goodtest wrote: > > BTW, I am using oauth Javascript client library( > http://oauth.googlecode.com/svn/code/javascript/ ) to create > signature. Wondering if it has a bug? > > > > On Jul 27, 10:53 pm, goodtest wrote: > > btw, oauth_playground seems to be down as well. > > > > Also, I don't understand why create account which uses the same core > > method to create signature works but none of the other methods > > (friends_timeline, update statuses) dont work :( waiting for some > > hints > > > > On Jul 27, 9:40 pm, Doug Williams wrote: > > > > > Please use the OAuth playground [1] to test your signatures against the > > > expected result. I am working to gather specifics to help your debug > process > > > (i.e. what changed?) in the mean time. > > > 1.http://googlecodesamples.com/oauth_playground/ > > > > > Thanks, > > > Doug > > > > > On Mon, Jul 27, 2009 at 9:29 PM, winrich wrote: > > > > > > ok guys. > > > > > > so my calls were failing on the verify_credentials call and not on > the > > > > update or timeline calls. the only difference i saw was the the > > > > verify_credential call wasn't secured. i changed it to https and it > > > > worked. ??? lol > > > > > > On Jul 27, 9:19 pm, Chad Etzel wrote: > > > > > On Mon, Jul 27, 2009 at 11:55 PM, Duane > > > > > > > Roelands wrote: > > > > > > RTFM is not a helpful answer, especially when many developers are > > > > > > relying on libraries that they did not write. > > > > > > > That's a risk you run when using code you didn't write. > > > > > > > I'm not saying that this situation doesn't suck for those affected. > > > > > I'm sure that it does. But, for a technology so new as OAuth, the > > > > > libraries may not be mature yet. > > > > > > > Officially, Twitter OAuth is still in Public Beta and has never > been > > > > > officially recommended to integrate into production code. That > being > > > > > said, there could still be a problem on Twitter's end with their > > > > > signature verification mechanism and the libraries could all be > valid. > > > > > I don't have a way of knowing. > > > > > > > I do agree that at least a note that "a security change was pushed > > > > > today" would be nice, though. > > > > > > > -Chad >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
BTW, I am using oauth Javascript client library( http://oauth.googlecode.com/svn/code/javascript/ ) to create signature. Wondering if it has a bug? On Jul 27, 10:53 pm, goodtest wrote: > btw, oauth_playground seems to be down as well. > > Also, I don't understand why create account which uses the same core > method to create signature works but none of the other methods > (friends_timeline, update statuses) dont work :( waiting for some > hints > > On Jul 27, 9:40 pm, Doug Williams wrote: > > > Please use the OAuth playground [1] to test your signatures against the > > expected result. I am working to gather specifics to help your debug process > > (i.e. what changed?) in the mean time. > > 1.http://googlecodesamples.com/oauth_playground/ > > > Thanks, > > Doug > > > On Mon, Jul 27, 2009 at 9:29 PM, winrich wrote: > > > > ok guys. > > > > so my calls were failing on the verify_credentials call and not on the > > > update or timeline calls. the only difference i saw was the the > > > verify_credential call wasn't secured. i changed it to https and it > > > worked. ??? lol > > > > On Jul 27, 9:19 pm, Chad Etzel wrote: > > > > On Mon, Jul 27, 2009 at 11:55 PM, Duane > > > > > Roelands wrote: > > > > > RTFM is not a helpful answer, especially when many developers are > > > > > relying on libraries that they did not write. > > > > > That's a risk you run when using code you didn't write. > > > > > I'm not saying that this situation doesn't suck for those affected. > > > > I'm sure that it does. But, for a technology so new as OAuth, the > > > > libraries may not be mature yet. > > > > > Officially, Twitter OAuth is still in Public Beta and has never been > > > > officially recommended to integrate into production code. That being > > > > said, there could still be a problem on Twitter's end with their > > > > signature verification mechanism and the libraries could all be valid. > > > > I don't have a way of knowing. > > > > > I do agree that at least a note that "a security change was pushed > > > > today" would be nice, though. > > > > > -Chad
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
btw, oauth_playground seems to be down as well. Also, I don't understand why create account which uses the same core method to create signature works but none of the other methods (friends_timeline, update statuses) dont work :( waiting for some hints On Jul 27, 9:40 pm, Doug Williams wrote: > Please use the OAuth playground [1] to test your signatures against the > expected result. I am working to gather specifics to help your debug process > (i.e. what changed?) in the mean time. > 1.http://googlecodesamples.com/oauth_playground/ > > Thanks, > Doug > > On Mon, Jul 27, 2009 at 9:29 PM, winrich wrote: > > > ok guys. > > > so my calls were failing on the verify_credentials call and not on the > > update or timeline calls. the only difference i saw was the the > > verify_credential call wasn't secured. i changed it to https and it > > worked. ??? lol > > > On Jul 27, 9:19 pm, Chad Etzel wrote: > > > On Mon, Jul 27, 2009 at 11:55 PM, Duane > > > > Roelands wrote: > > > > RTFM is not a helpful answer, especially when many developers are > > > > relying on libraries that they did not write. > > > > That's a risk you run when using code you didn't write. > > > > I'm not saying that this situation doesn't suck for those affected. > > > I'm sure that it does. But, for a technology so new as OAuth, the > > > libraries may not be mature yet. > > > > Officially, Twitter OAuth is still in Public Beta and has never been > > > officially recommended to integrate into production code. That being > > > said, there could still be a problem on Twitter's end with their > > > signature verification mechanism and the libraries could all be valid. > > > I don't have a way of knowing. > > > > I do agree that at least a note that "a security change was pushed > > > today" would be nice, though. > > > > -Chad
[twitter-dev] Re: Potential Solution To OAuth Problem
Using Perl libraries. Will mess around and see what I can do. Super annoying.
[twitter-dev] Potential Solution To OAuth Problem
It appears that the problem is related to how certain libraries are doing the URLEncoding of the text of the tweet. Specifically, how spaces are being encoded. For example, take the tweet "this is a test". This can be URLEncoded in either of two ways, depending on how your library works: 1. this+is+a+test 2. this%20is%20a%20test If your library is encoding spaces in the first style, your requests will fail. If your library is encoding spaces in the second style, they appear to work correctly. For those of you using libraries written in .NET, your library is probably using HttpUtility.UrlEncode() to encode the text of the tweet. This encodes spaces as "+" symbols. If you replace this with HttpUtility.UrlPathEncode, the text is encoded properly with the "%20" sequences and the tweet posts as expected.
[twitter-dev] Re: Potential Solution To OAuth Problem
Dang, sorry. Create is working for me. There are almost certainly other differences in the encoding between HttpUtility.URLEncode and HttpUtility.UrlPathEncode. Is your library written in .NET? If so, can you change the encoding on the requests that are failing to see if it fixes the issue for you? On Jul 28, 1:29 am, chinaski007 wrote: > This may solve your problem, but it doesn't work for me. I am getting > errors for API calls that have no spaces, such as create friend, > destroy, etc.
[twitter-dev] Re: Potential Solution To OAuth Problem
This may solve your problem, but it doesn't work for me. I am getting errors for API calls that have no spaces, such as create friend, destroy, etc.
[twitter-dev] Re: Twitter: What did you change in OAuth?
Confirmed. Google Playground does not work.
[twitter-dev] Re: Twitter: What did you change in OAuth?
The OAuth Playground appears to be broken. Fill out the appropriate fields and the "Loading" spinner just spins forever. On Jul 28, 12:39 am, Doug Williams wrote: > Duane,I will gather some specifics and post them here. We appreciate your > patience. > > In the mean time, you can use the OAuth playground to see where your > signature is failing:http://googlecodesamples.com/oauth_playground/ > > Thanks, > Doug > > On Mon, Jul 27, 2009 at 9:27 PM, Duane Roelands > wrote: > > > > > > > Simply telling developers that "something" changed is not sufficient > > information to help us get our applications back online. > > > We need specific information concerning which part of the signature > > generation/validation was changed.
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Google OAuth Playground appears to be broken. Fill in the fields, click "Get a Request Token", and the "Loading" spinner just spins forever. On Jul 28, 12:46 am, Duane Roelands wrote: > From my experimenting, it appears that posting a tweet is successful > if the text contains no spaces. Once you have a space in the tweet, > it fails. Researching... > > On Jul 28, 12:29 am, winrich wrote: > > > > > ok guys. > > > so my calls were failing on the verify_credentials call and not on the > > update or timeline calls. the only difference i saw was the the > > verify_credential call wasn't secured. i changed it to https and it > > worked. ??? lol > > > On Jul 27, 9:19 pm, Chad Etzel wrote: > > > > On Mon, Jul 27, 2009 at 11:55 PM, Duane > > > > Roelands wrote: > > > > RTFM is not a helpful answer, especially when many developers are > > > > relying on libraries that they did not write. > > > > That's a risk you run when using code you didn't write. > > > > I'm not saying that this situation doesn't suck for those affected. > > > I'm sure that it does. But, for a technology so new as OAuth, the > > > libraries may not be mature yet. > > > > Officially, Twitter OAuth is still in Public Beta and has never been > > > officially recommended to integrate into production code. That being > > > said, there could still be a problem on Twitter's end with their > > > signature verification mechanism and the libraries could all be valid. > > > I don't have a way of knowing. > > > > I do agree that at least a note that "a security change was pushed > > > today" would be nice, though. > > > > -Chad
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
If you are using a client library, please specify the library and version. There is a chance that you are all running into the same library-based incompatibility and could work together (or with the maintainer) to determine the fix. Thanks, Doug On Mon, Jul 27, 2009 at 9:40 PM, Doug Williams wrote: > Please use the OAuth playground [1] to test your signatures against the > expected result. I am working to gather specifics to help your debug process > (i.e. what changed?) in the mean time. > 1. http://googlecodesamples.com/oauth_playground/ > > Thanks, > Doug > > > On Mon, Jul 27, 2009 at 9:29 PM, winrich wrote: > >> >> ok guys. >> >> so my calls were failing on the verify_credentials call and not on the >> update or timeline calls. the only difference i saw was the the >> verify_credential call wasn't secured. i changed it to https and it >> worked. ??? lol >> >> >> >> >> On Jul 27, 9:19 pm, Chad Etzel wrote: >> > On Mon, Jul 27, 2009 at 11:55 PM, Duane >> > >> > Roelands wrote: >> > > RTFM is not a helpful answer, especially when many developers are >> > > relying on libraries that they did not write. >> > >> > That's a risk you run when using code you didn't write. >> > >> > I'm not saying that this situation doesn't suck for those affected. >> > I'm sure that it does. But, for a technology so new as OAuth, the >> > libraries may not be mature yet. >> > >> > Officially, Twitter OAuth is still in Public Beta and has never been >> > officially recommended to integrate into production code. That being >> > said, there could still be a problem on Twitter's end with their >> > signature verification mechanism and the libraries could all be valid. >> > I don't have a way of knowing. >> > >> > I do agree that at least a note that "a security change was pushed >> > today" would be nice, though. >> > >> > -Chad >> > >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
>From my experimenting, it appears that posting a tweet is successful if the text contains no spaces. Once you have a space in the tweet, it fails. Researching... On Jul 28, 12:29 am, winrich wrote: > ok guys. > > so my calls were failing on the verify_credentials call and not on the > update or timeline calls. the only difference i saw was the the > verify_credential call wasn't secured. i changed it to https and it > worked. ??? lol > > On Jul 27, 9:19 pm, Chad Etzel wrote: > > > > > On Mon, Jul 27, 2009 at 11:55 PM, Duane > > > Roelands wrote: > > > RTFM is not a helpful answer, especially when many developers are > > > relying on libraries that they did not write. > > > That's a risk you run when using code you didn't write. > > > I'm not saying that this situation doesn't suck for those affected. > > I'm sure that it does. But, for a technology so new as OAuth, the > > libraries may not be mature yet. > > > Officially, Twitter OAuth is still in Public Beta and has never been > > officially recommended to integrate into production code. That being > > said, there could still be a problem on Twitter's end with their > > signature verification mechanism and the libraries could all be valid. > > I don't have a way of knowing. > > > I do agree that at least a note that "a security change was pushed > > today" would be nice, though. > > > -Chad
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Please use the OAuth playground [1] to test your signatures against the expected result. I am working to gather specifics to help your debug process (i.e. what changed?) in the mean time. 1. http://googlecodesamples.com/oauth_playground/ Thanks, Doug On Mon, Jul 27, 2009 at 9:29 PM, winrich wrote: > > ok guys. > > so my calls were failing on the verify_credentials call and not on the > update or timeline calls. the only difference i saw was the the > verify_credential call wasn't secured. i changed it to https and it > worked. ??? lol > > > > > On Jul 27, 9:19 pm, Chad Etzel wrote: > > On Mon, Jul 27, 2009 at 11:55 PM, Duane > > > > Roelands wrote: > > > RTFM is not a helpful answer, especially when many developers are > > > relying on libraries that they did not write. > > > > That's a risk you run when using code you didn't write. > > > > I'm not saying that this situation doesn't suck for those affected. > > I'm sure that it does. But, for a technology so new as OAuth, the > > libraries may not be mature yet. > > > > Officially, Twitter OAuth is still in Public Beta and has never been > > officially recommended to integrate into production code. That being > > said, there could still be a problem on Twitter's end with their > > signature verification mechanism and the libraries could all be valid. > > I don't have a way of knowing. > > > > I do agree that at least a note that "a security change was pushed > > today" would be nice, though. > > > > -Chad >
[twitter-dev] Re: Twitter: What did you change in OAuth?
Duane,I will gather some specifics and post them here. We appreciate your patience. In the mean time, you can use the OAuth playground to see where your signature is failing: http://googlecodesamples.com/oauth_playground/ Thanks, Doug On Mon, Jul 27, 2009 at 9:27 PM, Duane Roelands wrote: > > Simply telling developers that "something" changed is not sufficient > information to help us get our applications back online. > > We need specific information concerning which part of the signature > generation/validation was changed. >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
ok guys. so my calls were failing on the verify_credentials call and not on the update or timeline calls. the only difference i saw was the the verify_credential call wasn't secured. i changed it to https and it worked. ??? lol On Jul 27, 9:19 pm, Chad Etzel wrote: > On Mon, Jul 27, 2009 at 11:55 PM, Duane > > Roelands wrote: > > RTFM is not a helpful answer, especially when many developers are > > relying on libraries that they did not write. > > That's a risk you run when using code you didn't write. > > I'm not saying that this situation doesn't suck for those affected. > I'm sure that it does. But, for a technology so new as OAuth, the > libraries may not be mature yet. > > Officially, Twitter OAuth is still in Public Beta and has never been > officially recommended to integrate into production code. That being > said, there could still be a problem on Twitter's end with their > signature verification mechanism and the libraries could all be valid. > I don't have a way of knowing. > > I do agree that at least a note that "a security change was pushed > today" would be nice, though. > > -Chad
[twitter-dev] Twitter: What did you change in OAuth?
Simply telling developers that "something" changed is not sufficient information to help us get our applications back online. We need specific information concerning which part of the signature generation/validation was changed.
[twitter-dev] Re: error with simple xml load file
JDG is probably correct.
$ch = curl_init('http://search.twitter.com/search.atom?q=Google');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$result = curl_exec($ch);
$sXml = simplexml_load_string($result);
var_dump($sXml);
On Jul 27, 4:45 pm, oscarva wrote:
> Please help :(
>
> On 25 jul, 01:05, oscarva wrote:
>
> > I am tring to do a Api call using simple xml and twitter search API.
>
> > $rss = simplexml_load_file('http://search.twitter.com/search.atom?
> > q=Google');
> > foreach ($rss->channel->item as $item){
> > $title = utf8_decode($item->title);
> > $url = $item->link;
>
> > }
>
> > The error log tells me the following:
>
> > PHP Warning: simplexml_load_file() [function.simplexml-load-file]: I/O warning : failed to load
> > external entity "http://search.twitter.com/search.atom?
> > q=Google" in /home/xxx/public_html/test/status.php on line 10
> > [error] [client 166.210.xxx.xxx] PHP Warning: simplexml_load_file
> > (http://search.twitter.com/search.atom?q=Google) [ > href='function.simplexml-load-file'>function.simplexml-load-file]:
> > failed to open stream: Connection timed out in /home/xxx/public_html/
> > test/status.php on line 10
>
> > PHP Version 5.2.8
>
> > This only happens on my server, since in local working properly. :(
>
> > Please Help. Thaks ;)
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
On Mon, Jul 27, 2009 at 11:55 PM, Duane Roelands wrote: > RTFM is not a helpful answer, especially when many developers are > relying on libraries that they did not write. That's a risk you run when using code you didn't write. I'm not saying that this situation doesn't suck for those affected. I'm sure that it does. But, for a technology so new as OAuth, the libraries may not be mature yet. Officially, Twitter OAuth is still in Public Beta and has never been officially recommended to integrate into production code. That being said, there could still be a problem on Twitter's end with their signature verification mechanism and the libraries could all be valid. I don't have a way of knowing. I do agree that at least a note that "a security change was pushed today" would be nice, though. -Chad
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
On Tue, 2009-07-28 at 00:06 -0400, Bojan Rajkovic wrote: > On Mon, 2009-07-27 at 20:55 -0700, Duane Roelands wrote: > > "I would start by looking at the OAuth spec at Section 9 - Signing > > Process. " > > > > RTFM is not a helpful answer, especially when many developers are > > relying on libraries that they did not write. It's not unreasonable > > to expect some advance notice on breaking changes to the API or > > guidance on what specifically was changed. > > > > > > > > > > On Jul 27, 11:45 pm, chinaski007 wrote: > > > This is frustrating for those of us relying on authentication > > > libraries which now may no longer work. The apparent solution is to > > > either recode the possibly problematic library oneself, or encourage > > > users to swap to Basic Authentication. > > > > > > While I certainly understand Twitter's need to ensure that everything > > > is secure on their end, this is another unannounced API change (like > > > the verify_credentials limit last week) that leaves some of us in the > > > lurch. > > > > > > On Jul 27, 8:35 pm, Chad Etzel wrote: > > > > > > > > > > > > > I would start by looking at the OAuth spec at Section 9 - Signing > > > > Process. > > > > > > >http://oauth.net/core/1.0a#signing_process > > > > > > > In fact, if you (meaning everyone) have never read the whole spec, you > > > > need to. > > > > > > > -Chad > > > > > > > On Mon, Jul 27, 2009 at 11:31 PM, goodtest wrote: > > > > > > > > Yeah, I agree, can you please point out what (in general) we might be > > > > > doing wrong? I still think you probably have a further-regression bug. > I'm with Duane here, some advanced notification of what's changed would > be nice--my OAuth library code worked up until a few days ago, and now > is suddenly failing with "incorrect signature" responses. It would be > nice to know what exactly causes this without having to go read the > specification head to toe to figure it out. A cryptic RTFM is not > helpful. > Hmm. Seems to be a false alarm on my part, since tweeting works--I had seemingly forgotten to URL-encode something when I was testing the OAuth process by hand (my Twitter.API library does the URL encoding programmatically, and sending a tweet via it worked fine). My point about announcing changes and making what's changed more explicit still remains though. -- Bojan Rajkovic Biochemistry '10, Brandeis University PGP Signature Key ID: 0x8783D016 PGP Encryption Key ID: 0x2497B8B2 signature.asc Description: This is a digitally signed message part
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
It appears that this has been a known issue for 10 days, at least judging by this tweet: http://twitter.com/timwhitlock/statuses/2697185141
[twitter-dev] Re: Adding tweets with a certain word them them to a feed on your site?
Yes, there are search widgets you can put in to the HTML for your website. There are also plugins for the various blogging engines which will add a twitter search box to a blog. - h On Sun, Jul 26, 2009 at 02:48, DougMellon wrote: > > Does anyone know of a way I could add tweets with a certain word in > them to a feed on my site? For example if there are tweets that have > say "#somethinghere" in them. If I search twitter for #somethinghere > (#somethinghere) the list of tweets comes up. Is it possible to get > that list of tweets posted on my site? This may be really confusing > and if so let me know and ill try to word it another way. Thanks in > advance, > Doug >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
On Mon, 2009-07-27 at 20:55 -0700, Duane Roelands wrote: > "I would start by looking at the OAuth spec at Section 9 - Signing > Process. " > > RTFM is not a helpful answer, especially when many developers are > relying on libraries that they did not write. It's not unreasonable > to expect some advance notice on breaking changes to the API or > guidance on what specifically was changed. > > > > > On Jul 27, 11:45 pm, chinaski007 wrote: > > This is frustrating for those of us relying on authentication > > libraries which now may no longer work. The apparent solution is to > > either recode the possibly problematic library oneself, or encourage > > users to swap to Basic Authentication. > > > > While I certainly understand Twitter's need to ensure that everything > > is secure on their end, this is another unannounced API change (like > > the verify_credentials limit last week) that leaves some of us in the > > lurch. > > > > On Jul 27, 8:35 pm, Chad Etzel wrote: > > > > > > > > > I would start by looking at the OAuth spec at Section 9 - Signing Process. > > > > >http://oauth.net/core/1.0a#signing_process > > > > > In fact, if you (meaning everyone) have never read the whole spec, you > > > need to. > > > > > -Chad > > > > > On Mon, Jul 27, 2009 at 11:31 PM, goodtest wrote: > > > > > > Yeah, I agree, can you please point out what (in general) we might be > > > > doing wrong? I still think you probably have a further-regression bug. I'm with Duane here, some advanced notification of what's changed would be nice--my OAuth library code worked up until a few days ago, and now is suddenly failing with "incorrect signature" responses. It would be nice to know what exactly causes this without having to go read the specification head to toe to figure it out. A cryptic RTFM is not helpful. -- Bojan Rajkovic Biochemistry '10, Brandeis University PGP Signature Key ID: 0x8783D016 PGP Encryption Key ID: 0x2497B8B2 signature.asc Description: This is a digitally signed message part
[twitter-dev] Re: bug on "more" button
You only need to click on the "more" button once, like a hyperlink and unlike an application icon. Clicking on it twice, in rapid succession as you did, just tells the web backend that you want to load the information and then load it again. - h On Sat, Jul 25, 2009 at 22:00, Douglas Melo wrote: > > Hello developers. I didn't find another way to talk to you that a find > a bug on twitter. > When you "double-click" on the button "more" to see more "messages", > it shows the next messages and as it ends to load them, it loads them > again. It seems to call two times the method to load asynchronously > the message. > I think I'm helping telling 'bout this. Maybe, twitter could have a > bug area...don't know..=P >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
"I would start by looking at the OAuth spec at Section 9 - Signing Process. " RTFM is not a helpful answer, especially when many developers are relying on libraries that they did not write. It's not unreasonable to expect some advance notice on breaking changes to the API or guidance on what specifically was changed. On Jul 27, 11:45 pm, chinaski007 wrote: > This is frustrating for those of us relying on authentication > libraries which now may no longer work. The apparent solution is to > either recode the possibly problematic library oneself, or encourage > users to swap to Basic Authentication. > > While I certainly understand Twitter's need to ensure that everything > is secure on their end, this is another unannounced API change (like > the verify_credentials limit last week) that leaves some of us in the > lurch. > > On Jul 27, 8:35 pm, Chad Etzel wrote: > > > > > I would start by looking at the OAuth spec at Section 9 - Signing Process. > > >http://oauth.net/core/1.0a#signing_process > > > In fact, if you (meaning everyone) have never read the whole spec, you need > > to. > > > -Chad > > > On Mon, Jul 27, 2009 at 11:31 PM, goodtest wrote: > > > > Yeah, I agree, can you please point out what (in general) we might be > > > doing wrong? I still think you probably have a further-regression bug.
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
This is frustrating for those of us relying on authentication libraries which now may no longer work. The apparent solution is to either recode the possibly problematic library oneself, or encourage users to swap to Basic Authentication. While I certainly understand Twitter's need to ensure that everything is secure on their end, this is another unannounced API change (like the verify_credentials limit last week) that leaves some of us in the lurch. On Jul 27, 8:35 pm, Chad Etzel wrote: > I would start by looking at the OAuth spec at Section 9 - Signing Process. > > http://oauth.net/core/1.0a#signing_process > > In fact, if you (meaning everyone) have never read the whole spec, you need > to. > > -Chad > > On Mon, Jul 27, 2009 at 11:31 PM, goodtest wrote: > > > Yeah, I agree, can you please point out what (in general) we might be > > doing wrong? I still think you probably have a further-regression bug. > >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
I would start by looking at the OAuth spec at Section 9 - Signing Process. http://oauth.net/core/1.0a#signing_process In fact, if you (meaning everyone) have never read the whole spec, you need to. -Chad On Mon, Jul 27, 2009 at 11:31 PM, goodtest wrote: > > Yeah, I agree, can you please point out what (in general) we might be > doing wrong? I still think you probably have a further-regression bug. >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Yeah, I agree, can you please point out what (in general) we might be doing wrong? I still think you probably have a further-regression bug. On Jul 27, 8:19 pm, kosso wrote: > agreed. > > please Twitter, tell us WHAT the fix required was. > what should we look for. > > have you tested your 'fix' against all the code examples you link from > the API pages? > > that would be nice. thx. > > I'm getting some posts through. some not. so something's still up/down > > On Jul 27, 8:04 pm, Duane Roelands wrote: > > > You introduced a breaking change into the API with no warning and no > > help for developers as to the specifics of what we need to fix? > > Developers need better support than that. > > > Is there some reason why posting updates to some accounts would work > > and posting to others would not? Using the same code, I'm able to > > post to my development test account but not to my personal account. > > > On Jul 27, 10:59 pm, Doug Williams wrote: > > > > As stated above, some applications were sending invalid signatures which > > > we > > > were accepting as valid. This vulnerability was pointed out by a > > > developer. > > > > Some libraries and code which may have previously worked may be broken by > > > this security fix. > > > > Thanks, > > > Doug > > > > On Mon, Jul 27, 2009 at 7:44 PM, Duane Roelands > > > wrote: > > > > > I am receiving 401 (Unauthorized) when calling > > > >http://twitter.com/statuses/update.xml > > > > and passing the following querystring: > > > > > oauth_consumer_key=[removed] > > > > &oauth_nonce=912352&oauth_signature_method=HMAC- > > > > SHA1&oauth_timestamp=1248748647&oauth_token=19068738- > > > > hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58&oauth_version=1.0&status=This > > > > +is+a+test&oauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d > > > > > This code was working this afternoon and has not been changed. > > > > > On Jul 27, 10:38 pm, goodtest wrote: > > > > > Are we sure there is no further regression bug in this new fix? > > > > > > On Jul 27, 7:14 pm, Doug Williams wrote: > > > > > > > If you are still seeing errors you should check your code to ensure > > > > that you > > > > > > are sending the correct signature. > > > > > > Thanks, > > > > > > Doug > > > > > > > On Mon, Jul 27, 2009 at 7:10 PM, winrich > > > > > > wrote: > > > > > > > > mine broke too. i wonder though, i'm using the oauth python > > > > > > > libraries > > > > > > > > On Jul 27, 6:35 pm, chinaski007 wrote: > > > > > > > > Doug: > > > > > > > > > Does this mean that Marcel made a fix for this? Or rather that > > > > > > > > we > > > > > > > > should examine our code to find the culprit? > > > > > > > > > Thanks, > > > > > > > > Peter Bray > > > > > > > > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > > > > > > > > Updating you guys on this problem. A bug was reported off list > > > > that > > > > > > > informed > > > > > > > > > us we were not always verifying signatures. Today we shipped a > > > > fix for > > > > > > > this > > > > > > > > > problem which ensures that we are correctly verifying > > > > > > > > > signatures. > > > > > > > > > If you are still seeing invalid signature errors you should > > > > examine > > > > > > > > > your code and ensure you are correctly signing requests > > > > > > > > > as per the spec. > > > > > > > > > Thanks, > > > > > > > > > Doug > > > > > > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > Marcel is shipping a fix for this as I type. > > > > > > > > > > > Thanks, > > > > > > > > > > Doug > > > > > > > > > > > 2009/7/27 João Pereira > > > > > > > > > > > Same here. > > > > > > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest < > > > > goodtest...@gmail.com> > > > > > > > wrote: > > > > > > > > > > >>> twitter api server seems to be down (getting invalid > > > > signature) > > > > > > > since > > > > > > > > > >>> 5.15 pm pst
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
agreed. please Twitter, tell us WHAT the fix required was. what should we look for. have you tested your 'fix' against all the code examples you link from the API pages? that would be nice. thx. I'm getting some posts through. some not. so something's still up/down On Jul 27, 8:04 pm, Duane Roelands wrote: > You introduced a breaking change into the API with no warning and no > help for developers as to the specifics of what we need to fix? > Developers need better support than that. > > Is there some reason why posting updates to some accounts would work > and posting to others would not? Using the same code, I'm able to > post to my development test account but not to my personal account. > > On Jul 27, 10:59 pm, Doug Williams wrote: > > > As stated above, some applications were sending invalid signatures which we > > were accepting as valid. This vulnerability was pointed out by a developer. > > > Some libraries and code which may have previously worked may be broken by > > this security fix. > > > Thanks, > > Doug > > > On Mon, Jul 27, 2009 at 7:44 PM, Duane Roelands > > wrote: > > > > I am receiving 401 (Unauthorized) when calling > > >http://twitter.com/statuses/update.xml > > > and passing the following querystring: > > > > oauth_consumer_key=[removed] > > > &oauth_nonce=912352&oauth_signature_method=HMAC- > > > SHA1&oauth_timestamp=1248748647&oauth_token=19068738- > > > hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58&oauth_version=1.0&status=This > > > +is+a+test&oauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d > > > > This code was working this afternoon and has not been changed. > > > > On Jul 27, 10:38 pm, goodtest wrote: > > > > Are we sure there is no further regression bug in this new fix? > > > > > On Jul 27, 7:14 pm, Doug Williams wrote: > > > > > > If you are still seeing errors you should check your code to ensure > > > that you > > > > > are sending the correct signature. > > > > > Thanks, > > > > > Doug > > > > > > On Mon, Jul 27, 2009 at 7:10 PM, winrich wrote: > > > > > > > mine broke too. i wonder though, i'm using the oauth python > > > > > > libraries > > > > > > > On Jul 27, 6:35 pm, chinaski007 wrote: > > > > > > > Doug: > > > > > > > > Does this mean that Marcel made a fix for this? Or rather that we > > > > > > > should examine our code to find the culprit? > > > > > > > > Thanks, > > > > > > > Peter Bray > > > > > > > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > > > > > > > Updating you guys on this problem. A bug was reported off list > > > that > > > > > > informed > > > > > > > > us we were not always verifying signatures. Today we shipped a > > > fix for > > > > > > this > > > > > > > > problem which ensures that we are correctly verifying > > > > > > > > signatures. > > > > > > > > If you are still seeing invalid signature errors you should > > > examine > > > > > > > > your code and ensure you are correctly signing requests > > > > > > > > as per the spec. > > > > > > > > Thanks, > > > > > > > > Doug > > > > > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > > > > > > wrote: > > > > > > > > > Marcel is shipping a fix for this as I type. > > > > > > > > > > Thanks, > > > > > > > > > Doug > > > > > > > > > > 2009/7/27 João Pereira > > > > > > > > > > Same here. > > > > > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest < > > > goodtest...@gmail.com> > > > > > > wrote: > > > > > > > > > >>> twitter api server seems to be down (getting invalid > > > signature) > > > > > > since > > > > > > > > >>> 5.15 pm pst
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
This is very frustrating.
[twitter-dev] Re: error with simple xml load file
does your hosting service allow remote connections to be made? that is, can
you use similar code to connect to any other sites?
On Sat, Jul 25, 2009 at 00:05, oscarva wrote:
>
> I am tring to do a Api call using simple xml and twitter search API.
>
> $rss = simplexml_load_file('http://search.twitter.com/search.atom?
> q=Google' );
> foreach ($rss->channel->item as $item){
>$title = utf8_decode($item->title);
>$url = $item->link;
> }
>
> The error log tells me the following:
>
> PHP Warning: simplexml_load_file() [function.simplexml-load-file]: I/O warning : failed to load
> external entity "http://search.twitter.com/search.atom?
> q=Google" ; in
> /home/xxx/public_html/test/status.php on line 10
> [error] [client 166.210.xxx.xxx] PHP Warning: simplexml_load_file
> (http://search.twitter.com/search.atom?q=Google) [ href='function.simplexml-load-file'>function.simplexml-load-file]:
> failed to open stream: Connection timed out in /home/xxx/public_html/
> test/status.php on line 10
>
> PHP Version 5.2.8
>
> This only happens on my server, since in local working properly. :(
>
> Please Help. Thaks ;)
>
--
Internets. Serious business.
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
You introduced a breaking change into the API with no warning and no help for developers as to the specifics of what we need to fix? Developers need better support than that. Is there some reason why posting updates to some accounts would work and posting to others would not? Using the same code, I'm able to post to my development test account but not to my personal account. On Jul 27, 10:59 pm, Doug Williams wrote: > As stated above, some applications were sending invalid signatures which we > were accepting as valid. This vulnerability was pointed out by a developer. > > Some libraries and code which may have previously worked may be broken by > this security fix. > > Thanks, > Doug > > On Mon, Jul 27, 2009 at 7:44 PM, Duane Roelands > wrote: > > > > > > > I am receiving 401 (Unauthorized) when calling > >http://twitter.com/statuses/update.xml > > and passing the following querystring: > > > oauth_consumer_key=[removed] > > &oauth_nonce=912352&oauth_signature_method=HMAC- > > SHA1&oauth_timestamp=1248748647&oauth_token=19068738- > > hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58&oauth_version=1.0&status=This > > +is+a+test&oauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d > > > This code was working this afternoon and has not been changed. > > > On Jul 27, 10:38 pm, goodtest wrote: > > > Are we sure there is no further regression bug in this new fix? > > > > On Jul 27, 7:14 pm, Doug Williams wrote: > > > > > If you are still seeing errors you should check your code to ensure > > that you > > > > are sending the correct signature. > > > > Thanks, > > > > Doug > > > > > On Mon, Jul 27, 2009 at 7:10 PM, winrich wrote: > > > > > > mine broke too. i wonder though, i'm using the oauth python libraries > > > > > > On Jul 27, 6:35 pm, chinaski007 wrote: > > > > > > Doug: > > > > > > > Does this mean that Marcel made a fix for this? Or rather that we > > > > > > should examine our code to find the culprit? > > > > > > > Thanks, > > > > > > Peter Bray > > > > > > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > > > > > > Updating you guys on this problem. A bug was reported off list > > that > > > > > informed > > > > > > > us we were not always verifying signatures. Today we shipped a > > fix for > > > > > this > > > > > > > problem which ensures that we are correctly verifying signatures. > > > > > > > If you are still seeing invalid signature errors you should > > examine > > > > > > > your code and ensure you are correctly signing requests > > > > > > > as per the spec. > > > > > > > Thanks, > > > > > > > Doug > > > > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > > > > > wrote: > > > > > > > > Marcel is shipping a fix for this as I type. > > > > > > > > > Thanks, > > > > > > > > Doug > > > > > > > > > 2009/7/27 João Pereira > > > > > > > > > Same here. > > > > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest < > > goodtest...@gmail.com> > > > > > wrote: > > > > > > > > >>> twitter api server seems to be down (getting invalid > > signature) > > > > > since > > > > > > > >>> 5.15 pm pst
[twitter-dev] Re: updating follow/shadow/birddog list of users
The feature to update streaming api filter predicates has been put on hold for now. It is still desired, but not in the active development plan. You can backfill with the REST API, as you suggest. Or, you could reconnect every few minutes on the Streaming API. It might be best to have two streaming API accounts -- a /shadow stream that is long-lived and /follow stream that you reconnect with every few minutes when a new user is added. You can migrate accounts from the /follow stream to the /track stream once an hour or so. If the /follow stream runs afoul of a rate limit, at least the /shadow stream is still connected. -John Kalucki http://twitter.com/jkalucki Services, Twitter Inc. On Jul 27, 7:18 pm, nickdella wrote: > Hi, > > I'm working on a similar system in which members on my site > dynamically "subscribe" to Twitter. Thus, my following list is > constantly changing. To provide a reasonable user experience, I'd have > to disconnect/reconnect every couple minutes to ensure their > subscription is recognized in a timely manner :/ > > I understand that the constant disconnect/reconnect cycle is > suboptimal for you guys. So, I have a fallback plan of concurrently > using both the streaming API for existing subscribers while using the > REST API to temporarily poll for status updates for all new > subscribers. Every hour or so, I'd merge these new subscribers into > the main followers list and reconnect the stream. This is possible, > but would definitely be some extra work to build. Alex described the > possible addition of a REST API to dynamically update the followers > list. Is there any chance this is coming in the near future i.e. next > 3 weeks? :) Or do you guys have any other ideas on how I'd go about > solving this given the current set of APIs? Thanks! > > -nick > > On Jul 8, 4:28 pm, John Kalucki wrote: > > > Alexy, > > > First, curl isn't the best approach for developing against theStreamingAPI. > > It's fine for prototyping, but it only goes so far. > > > Yes, the comma separated list should be all on one line if you are > > using curl. > > > If you want to change the user set, you should connect with the new > > set and then disconnect the old set immediately once the data starts > > to flow. This will be hard to coordinate using curl. In some cases, > > Twitter will throw the first user off once the second user connects. > > In other cases it will be more lenient. But, beware: if you want to > > avoid running into various abuse limits, you'd best be sure that your > > coordination between the first and second streams are quite solid and > > that the first stream is always terminated in a timely manner. > > > You can also avoid data loss by using the count parameter, available > > on some, but not all, methods. > > > Please email me with your use case and I'll forward it on to the > > Platform PM to help prioritize the better solution, as outlined by > > Alex. > > > -John Kalucki > > twitter.com/jkalucki > > Services, Twitter Inc. > > > On Jul 8, 12:17 pm, braver wrote: > > > > Uf you have thousands of users, do you really have to cook up a > > > following file with comma-separated say 100,000 user IDs? Should it > > > all be on one line? Now what happens if we want to drop some and add > > > some IDs -- do we have to restart and re-upload all that list again? > > > I see when the curl -d @following ... starts up, it does that. > > > Restarting with huge lists sounds like data loss... > > > > Cheers, > > > Alexy
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
As stated above, some applications were sending invalid signatures which we were accepting as valid. This vulnerability was pointed out by a developer. Some libraries and code which may have previously worked may be broken by this security fix. Thanks, Doug On Mon, Jul 27, 2009 at 7:44 PM, Duane Roelands wrote: > > I am receiving 401 (Unauthorized) when calling > http://twitter.com/statuses/update.xml > and passing the following querystring: > > oauth_consumer_key=[removed] > &oauth_nonce=912352&oauth_signature_method=HMAC- > SHA1&oauth_timestamp=1248748647&oauth_token=19068738- > hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58&oauth_version=1.0&status=This > +is+a+test&oauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d > > This code was working this afternoon and has not been changed. > > On Jul 27, 10:38 pm, goodtest wrote: > > Are we sure there is no further regression bug in this new fix? > > > > On Jul 27, 7:14 pm, Doug Williams wrote: > > > > > > > > > If you are still seeing errors you should check your code to ensure > that you > > > are sending the correct signature. > > > Thanks, > > > Doug > > > > > On Mon, Jul 27, 2009 at 7:10 PM, winrich wrote: > > > > > > mine broke too. i wonder though, i'm using the oauth python libraries > > > > > > On Jul 27, 6:35 pm, chinaski007 wrote: > > > > > Doug: > > > > > > > Does this mean that Marcel made a fix for this? Or rather that we > > > > > should examine our code to find the culprit? > > > > > > > Thanks, > > > > > Peter Bray > > > > > > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > > > > > > Updating you guys on this problem. A bug was reported off list > that > > > > informed > > > > > > us we were not always verifying signatures. Today we shipped a > fix for > > > > this > > > > > > problem which ensures that we are correctly verifying signatures. > > > > > > If you are still seeing invalid signature errors you should > examine > > > > > > your code and ensure you are correctly signing requests > > > > > > as per the spec. > > > > > > Thanks, > > > > > > Doug > > > > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > > > > > wrote: > > > > > > > Marcel is shipping a fix for this as I type. > > > > > > > > > Thanks, > > > > > > > Doug > > > > > > > > > 2009/7/27 João Pereira > > > > > > > > > Same here. > > > > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest < > goodtest...@gmail.com> > > > > wrote: > > > > > > > > >>> twitter api server seems to be down (getting invalid > signature) > > > > since > > > > > > >>> 5.15 pm pst >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
same here. all was working fine (using abraham's php scripts linked from the examples) - has not been working for the past couple of hours. On Jul 27, 7:44 pm, Duane Roelands wrote: > I am receiving 401 (Unauthorized) when > callinghttp://twitter.com/statuses/update.xml > and passing the following querystring: > > oauth_consumer_key=[removed] > &oauth_nonce=912352&oauth_signature_method=HMAC- > SHA1&oauth_timestamp=1248748647&oauth_token=19068738- > hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58&oauth_version=1.0&status=This > +is+a+test&oauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d > > This code was working this afternoon and has not been changed. > > On Jul 27, 10:38 pm, goodtest wrote: > > > Are we sure there is no further regression bug in this new fix? > > > On Jul 27, 7:14 pm, Doug Williams wrote: > > > > If you are still seeing errors you should check your code to ensure that > > > you > > > are sending the correct signature. > > > Thanks, > > > Doug > > > > On Mon, Jul 27, 2009 at 7:10 PM, winrich wrote: > > > > > mine broke too. i wonder though, i'm using the oauth python libraries > > > > > On Jul 27, 6:35 pm, chinaski007 wrote: > > > > > Doug: > > > > > > Does this mean that Marcel made a fix for this? Or rather that we > > > > > should examine our code to find the culprit? > > > > > > Thanks, > > > > > Peter Bray > > > > > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > > > > > Updating you guys on this problem. A bug was reported off list that > > > > informed > > > > > > us we were not always verifying signatures. Today we shipped a fix > > > > > > for > > > > this > > > > > > problem which ensures that we are correctly verifying signatures. > > > > > > If you are still seeing invalid signature errors you should examine > > > > > > your code and ensure you are correctly signing requests > > > > > > as per the spec. > > > > > > Thanks, > > > > > > Doug > > > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > > > > wrote: > > > > > > > Marcel is shipping a fix for this as I type. > > > > > > > > Thanks, > > > > > > > Doug > > > > > > > > 2009/7/27 João Pereira > > > > > > > > Same here. > > > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest > > > > wrote: > > > > > > > >>> twitter api server seems to be down (getting invalid signature) > > > > since > > > > > > >>> 5.15 pm pst
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
I am receiving 401 (Unauthorized) when calling http://twitter.com/statuses/update.xml and passing the following querystring: oauth_consumer_key=[removed] &oauth_nonce=912352&oauth_signature_method=HMAC- SHA1&oauth_timestamp=1248748647&oauth_token=19068738- hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58&oauth_version=1.0&status=This +is+a+test&oauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d This code was working this afternoon and has not been changed. On Jul 27, 10:38 pm, goodtest wrote: > Are we sure there is no further regression bug in this new fix? > > On Jul 27, 7:14 pm, Doug Williams wrote: > > > > > If you are still seeing errors you should check your code to ensure that you > > are sending the correct signature. > > Thanks, > > Doug > > > On Mon, Jul 27, 2009 at 7:10 PM, winrich wrote: > > > > mine broke too. i wonder though, i'm using the oauth python libraries > > > > On Jul 27, 6:35 pm, chinaski007 wrote: > > > > Doug: > > > > > Does this mean that Marcel made a fix for this? Or rather that we > > > > should examine our code to find the culprit? > > > > > Thanks, > > > > Peter Bray > > > > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > > > > Updating you guys on this problem. A bug was reported off list that > > > informed > > > > > us we were not always verifying signatures. Today we shipped a fix for > > > this > > > > > problem which ensures that we are correctly verifying signatures. > > > > > If you are still seeing invalid signature errors you should examine > > > > > your code and ensure you are correctly signing requests > > > > > as per the spec. > > > > > Thanks, > > > > > Doug > > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > > > wrote: > > > > > > Marcel is shipping a fix for this as I type. > > > > > > > Thanks, > > > > > > Doug > > > > > > > 2009/7/27 João Pereira > > > > > > > Same here. > > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest > > > wrote: > > > > > > >>> twitter api server seems to be down (getting invalid signature) > > > since > > > > > >>> 5.15 pm pst
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Are we sure there is no further regression bug in this new fix? On Jul 27, 7:14 pm, Doug Williams wrote: > If you are still seeing errors you should check your code to ensure that you > are sending the correct signature. > Thanks, > Doug > > On Mon, Jul 27, 2009 at 7:10 PM, winrich wrote: > > > mine broke too. i wonder though, i'm using the oauth python libraries > > > On Jul 27, 6:35 pm, chinaski007 wrote: > > > Doug: > > > > Does this mean that Marcel made a fix for this? Or rather that we > > > should examine our code to find the culprit? > > > > Thanks, > > > Peter Bray > > > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > > > Updating you guys on this problem. A bug was reported off list that > > informed > > > > us we were not always verifying signatures. Today we shipped a fix for > > this > > > > problem which ensures that we are correctly verifying signatures. > > > > If you are still seeing invalid signature errors you should examine > > > > your code and ensure you are correctly signing requests > > > > as per the spec. > > > > Thanks, > > > > Doug > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > > wrote: > > > > > Marcel is shipping a fix for this as I type. > > > > > > Thanks, > > > > > Doug > > > > > > 2009/7/27 João Pereira > > > > > > Same here. > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest > > wrote: > > > > > >>> twitter api server seems to be down (getting invalid signature) > > since > > > > >>> 5.15 pm pst
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Still seeing errors, but only when trying to post. Not when reading. On Jul 27, 10:14 pm, Doug Williams wrote: > If you are still seeing errors you should check your code to ensure that you > are sending the correct signature. > Thanks, > Doug > > > > On Mon, Jul 27, 2009 at 7:10 PM, winrich wrote: > > > mine broke too. i wonder though, i'm using the oauth python libraries > > > On Jul 27, 6:35 pm, chinaski007 wrote: > > > Doug: > > > > Does this mean that Marcel made a fix for this? Or rather that we > > > should examine our code to find the culprit? > > > > Thanks, > > > Peter Bray > > > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > > > Updating you guys on this problem. A bug was reported off list that > > informed > > > > us we were not always verifying signatures. Today we shipped a fix for > > this > > > > problem which ensures that we are correctly verifying signatures. > > > > If you are still seeing invalid signature errors you should examine > > > > your code and ensure you are correctly signing requests > > > > as per the spec. > > > > Thanks, > > > > Doug > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > > wrote: > > > > > Marcel is shipping a fix for this as I type. > > > > > > Thanks, > > > > > Doug > > > > > > 2009/7/27 João Pereira > > > > > > Same here. > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest > > wrote: > > > > > >>> twitter api server seems to be down (getting invalid signature) > > since > > > > >>> 5.15 pm pst
[twitter-dev] Re: updating follow/shadow/birddog list of users
Hi, I'm working on a similar system in which members on my site dynamically "subscribe" to Twitter. Thus, my following list is constantly changing. To provide a reasonable user experience, I'd have to disconnect/reconnect every couple minutes to ensure their subscription is recognized in a timely manner :/ I understand that the constant disconnect/reconnect cycle is suboptimal for you guys. So, I have a fallback plan of concurrently using both the streaming API for existing subscribers while using the REST API to temporarily poll for status updates for all new subscribers. Every hour or so, I'd merge these new subscribers into the main followers list and reconnect the stream. This is possible, but would definitely be some extra work to build. Alex described the possible addition of a REST API to dynamically update the followers list. Is there any chance this is coming in the near future i.e. next 3 weeks? :) Or do you guys have any other ideas on how I'd go about solving this given the current set of APIs? Thanks! -nick On Jul 8, 4:28 pm, John Kalucki wrote: > Alexy, > > First, curl isn't the best approach for developing against theStreamingAPI. > It's fine for prototyping, but it only goes so far. > > Yes, the comma separated list should be all on one line if you are > using curl. > > If you want to change the user set, you should connect with the new > set and then disconnect the old set immediately once the data starts > to flow. This will be hard to coordinate using curl. In some cases, > Twitter will throw the first user off once the second user connects. > In other cases it will be more lenient. But, beware: if you want to > avoid running into various abuse limits, you'd best be sure that your > coordination between the first and second streams are quite solid and > that the first stream is always terminated in a timely manner. > > You can also avoid data loss by using the count parameter, available > on some, but not all, methods. > > Please email me with your use case and I'll forward it on to the > Platform PM to help prioritize the better solution, as outlined by > Alex. > > -John Kalucki > twitter.com/jkalucki > Services, Twitter Inc. > > On Jul 8, 12:17 pm, braver wrote: > > > > > Uf you have thousands of users, do you really have to cook up a > > following file with comma-separated say 100,000 user IDs? Should it > > all be on one line? Now what happens if we want to drop some and add > > some IDs -- do we have to restart and re-upload all that list again? > > I see when the curl -d @following ... starts up, it does that. > > Restarting with huge lists sounds like data loss... > > > Cheers, > > Alexy
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
If you are still seeing errors you should check your code to ensure that you are sending the correct signature. Thanks, Doug On Mon, Jul 27, 2009 at 7:10 PM, winrich wrote: > > mine broke too. i wonder though, i'm using the oauth python libraries > > On Jul 27, 6:35 pm, chinaski007 wrote: > > Doug: > > > > Does this mean that Marcel made a fix for this? Or rather that we > > should examine our code to find the culprit? > > > > Thanks, > > Peter Bray > > > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > > > Updating you guys on this problem. A bug was reported off list that > informed > > > us we were not always verifying signatures. Today we shipped a fix for > this > > > problem which ensures that we are correctly verifying signatures. > > > If you are still seeing invalid signature errors you should examine > > > your code and ensure you are correctly signing requests > > > as per the spec. > > > Thanks, > > > Doug > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > wrote: > > > > Marcel is shipping a fix for this as I type. > > > > > > Thanks, > > > > Doug > > > > > > 2009/7/27 João Pereira > > > > > > Same here. > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest > wrote: > > > > > >>> twitter api server seems to be down (getting invalid signature) > since > > > >>> 5.15 pm pst > > > > >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
mine broke too. i wonder though, i'm using the oauth python libraries On Jul 27, 6:35 pm, chinaski007 wrote: > Doug: > > Does this mean that Marcel made a fix for this? Or rather that we > should examine our code to find the culprit? > > Thanks, > Peter Bray > > On Jul 27, 6:24 pm, Doug Williams wrote: > > > Updating you guys on this problem. A bug was reported off list that informed > > us we were not always verifying signatures. Today we shipped a fix for this > > problem which ensures that we are correctly verifying signatures. > > If you are still seeing invalid signature errors you should examine > > your code and ensure you are correctly signing requests > > as per the spec. > > Thanks, > > Doug > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams wrote: > > > Marcel is shipping a fix for this as I type. > > > > Thanks, > > > Doug > > > > 2009/7/27 João Pereira > > > > Same here. > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest wrote: > > > >>> twitter api server seems to be down (getting invalid signature) since > > >>> 5.15 pm pst > >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Doug: Does this mean that Marcel made a fix for this? Or rather that we should examine our code to find the culprit? Thanks, Peter Bray On Jul 27, 6:24 pm, Doug Williams wrote: > Updating you guys on this problem. A bug was reported off list that informed > us we were not always verifying signatures. Today we shipped a fix for this > problem which ensures that we are correctly verifying signatures. > If you are still seeing invalid signature errors you should examine > your code and ensure you are correctly signing requests > as per the spec. > Thanks, > Doug > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams wrote: > > Marcel is shipping a fix for this as I type. > > > Thanks, > > Doug > > > 2009/7/27 João Pereira > > > Same here. > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest wrote: > > >>> twitter api server seems to be down (getting invalid signature) since > >>> 5.15 pm pst > >
[twitter-dev] Re: What's the difference between 'statuses/replies' and 'statuses/mentions' ?
statuses/replies is an alias for statues/mentions. It is completely due to history where mentions used to be called replies. Rather than break apps that relied on statuses/replies, we made an alias to ensure backward compatibility. Thanks, Doug On Sun, Jul 26, 2009 at 9:23 AM, Kuo Yang wrote: > I have read some code about twitter-api and I found the code for replies(or > mentions?) as: > > http://twitter.com/statuses/replies.*format > > *but on apiwiki.twittwer.com it is: > > http://twitter.com/statuses/mentions.*format* > > So,what's the difference between them? > Is that alais? > > >
[twitter-dev] Re: streaming API for DM for multiple users ?
There is currently no Streaming API to receive DMs for a given user. If you have a great use case for this please share it here. We like to have justification for new streaming methods. If you have ideas to help augment a business case for engineering resources, we would love to know about them. Thanks, Doug On Mon, Jul 27, 2009 at 5:24 AM, Fabien Penso wrote: > > Hi. > > I wonder if there is a way to use the streaming API to receive DM for > a list of specific users. > > As far as I understand there isn't, is anyone working on this? Basicly > I want to offer the possibility to receive Apple Push Notifications > and I'll get tons of user, so I want to go the efficient way. > > Thanks. >
[twitter-dev] Re: Search Posting speed
We index tweets very quickly, normally within a few seconds. Thanks, Doug On Mon, Jul 27, 2009 at 4:26 PM, Green McP wrote: > > Hi, > > How quickly are Tweets available in the search results? Should I > assume a minute until it's guaranteed to show up? Five minutes? Just > wondering for an app. >
[twitter-dev] Re: This is a really dumb question. How can I get back to my application information page
Go to your 'settings' - then 'connections' - then the link is on the right, if you have registered apps : http://twitter.com/oauth_clients hth On Jul 26, 2:34 pm, Bob Fishel wrote: > So i registered an application to learn the ins and outs of the > twitter api for a personal project, but I clicked off the page and now > I can't figure out how to get back to change my applications settings > and get my keys. I have honestly looked everywhere I can think of to > try and get back to this page, and my google-fu is failing. > > Any help is appreciated. > > Thanks > > -Bob
[twitter-dev] Re: Change callback url?
Go to http://twitter.com/oauth_clients (assuming it's the oAuth callback url you're asking about) Then select your app and click 'edit application settings' hth On Jul 26, 6:08 pm, Bob Fishel wrote: > How can I change my callback URL?
[twitter-dev] DM-based service and follow limits
Hi, I'm the guy behind http://muuter.com. It's a pretty basic service that allows users to temporarily "mute" people by unfollowing and following back after a set time passes. The service works through a simple web interface, and I developed some simple bookmarklets to make it easy to work with the app. I recently added the option of sending DMs to the @muuter account to send a mute command (something like "d muuter someone 6 h", you can see other options in http://muuter.com/tools). Now, for this to work @muuter has to follow everyone that may send a DM command, so I started following people as soon as they (o)auth to the site. Now, @muuter has around 130 followers and follows 815 users. As this last number got stuck for the last day I started researching a bit and found that @muuter reached a following limit, and the ratios will not improve as the service ages, I suspect the contrary. Is there a way around this? I could programmatically force users to follow @muuter, and it's a VERY low traffic account, but this may freak out some specially vocal people. Any pointers/best practices about this? Thanks in advance. Best, Andres B @andresb http://andresb.net/blog/
[twitter-dev] Re: ASP .NET Development Issue w/OAuth Callback Parameter
1. Don't post your secret values. On Mon, Jul 27, 2009 at 7:19 PM, ramesh s wrote: > > > I am trying hard but not able to generate token. I am using the code from > http://oauth.googlecode.com/svn/code/php/ and I am using it on my test > server. But for some reason it is always giving me > > "invalid consumer" > ___ > > >
[twitter-dev] Change callback url?
How can I change my callback URL?
[twitter-dev] What's the difference between 'statuses/replies' and 'statuses/mentions' ?
I have read some code about twitter-api and I found the code for replies(or mentions?) as: http://twitter.com/statuses/replies.*format *but on apiwiki.twittwer.com it is: http://twitter.com/statuses/mentions.*format* So,what's the difference between them? Is that alais?
[twitter-dev] streaming API for DM for multiple users ?
Hi. I wonder if there is a way to use the streaming API to receive DM for a list of specific users. As far as I understand there isn't, is anyone working on this? Basicly I want to offer the possibility to receive Apple Push Notifications and I'll get tons of user, so I want to go the efficient way. Thanks.
[twitter-dev] Re: user is fallowing me ?
The "following" variable does the opposite of what you're thinking. It shows if you are following them. The only way to find out (someone correct me if I'm wrong, I'd love to know of an easier way) is to just get your list of followers and try to find him there. Nick On Jul 27, 11:39 am, cem wrote: > How can I know from my application that the user sent the reply is > fallowing me . I fallowed myself from another account and the > fallowing=> variable did not changed?
[twitter-dev] DM-based service and follow limits
(sorry if this is a dupe, posted it an hour ago and didn't appear) Hi, I'm the guy behind muuter.com. It's a pretty basic service that allows users to temporarily "mute" people by unfollowing and following back after a set time passes. The service works through a simple web interface, and I developed some simple bookmarklets to make it easy to work with the app. I recently added the option of sending DMs to the @muuter account to send a mute command (something like "d muuter someone 6 h", you can see other options in Tools on the site). Now, for this to work @muuter has to follow everyone that may send a DM command, so I started following people as soon as they (o)auth to the site. Now, @muuter has around 130 followers and follows 815 users. As this last number got stuck for the last day I started researching a bit and found that @muuter reached a following limit, and the ratios will not improve as the service ages, I suspect the contrary. Is there a way around this? I could programmatically force users to follow @muuter, and it's a VERY low traffic account, but this may freak out some specially vocal people. Any pointers/best practices about this? Thanks in advance. Best, Andres B @andresb http://muuter.com
[twitter-dev] Re: oAuth .NET receiving Unauthorized Error (401)
Andy, That was it! Sorting my parameters did the trick. After that I was able to successfully post a web request to Twitter's OAuth request token URL. Now, the next problem. I'm working in a development environment and I can not get the call back argument to work correctly. I've added it as a parameter in my web request and you can see it in the URL when logging into Twitter to get the token. But, Twitter just returns me back to my application that I registered with them (not my development environment that I've setup in my call back argument). -Matt On Jul 26, 4:55 am, Andrew Badera wrote: > On Sat, Jul 25, 2009 at 6:46 PM, mattarnold1977 > wrote: > > > > > Bojan, > > > Thanks for the reply. I'm using ASP .NET. > > > -Matt > > I suspect Bojan was more curious about what OAuth library you're using. If > you're doing it on your own, allow me to suggest DotNetOpenAuth instead. > > Also, are you sorting your parameters correctly? Non-alphabetized sort of > parameters prior to signing will give you a 401. > > Thanks- > - Andy Badera > - and...@badera.us > - Google me:http://www.google.com/search?q=andrew+badera > - This email is: [ ] bloggable [x] ask first [ ] private
[twitter-dev] Re: error with simple xml load file
Please help :(
On 25 jul, 01:05, oscarva wrote:
> I am tring to do a Api call using simple xml and twitter search API.
>
> $rss = simplexml_load_file('http://search.twitter.com/search.atom?
> q=Google');
> foreach ($rss->channel->item as $item){
> $title = utf8_decode($item->title);
> $url = $item->link;
>
> }
>
> The error log tells me the following:
>
> PHP Warning: simplexml_load_file() [function.simplexml-load-file]: I/O warning : failed to load
> external entity "http://search.twitter.com/search.atom?
> q=Google" in /home/xxx/public_html/test/status.php on line 10
> [error] [client 166.210.xxx.xxx] PHP Warning: simplexml_load_file
> (http://search.twitter.com/search.atom?q=Google) [ href='function.simplexml-load-file'>function.simplexml-load-file]:
> failed to open stream: Connection timed out in /home/xxx/public_html/
> test/status.php on line 10
>
> PHP Version 5.2.8
>
> This only happens on my server, since in local working properly. :(
>
> Please Help. Thaks ;)
[twitter-dev] Re: ASP .NET Development Issue w/OAuth Callback Parameter
I am trying hard but not able to generate token. I am using the code from http://oauth.googlecode.com/svn/code/php/ and I am using it on my test server. But for some reason it is always giving me "invalid consumer" ___ OAuthRequest Object ( [parameters:private] => Array ( [oauth_consumer_key] => buWIzbM7RPf1CNM3wlpZhg [oauth_nonce] => [oauth_signature] => = [oauth_signature_method] => HMAC-SHA1 [oauth_timestamp] => 1248735987 [oauth_version] => 1.0 ) [http_method:private] => GET [http_url:private] => http://com:80/example/request_token.php?oauth_consumer_key=buWIzbM7RPf1CNM3wlpZhg&oauth_nonce=01ae9584f72ed7b72e5b3bf7da503802&oauth_signature=VCCIt4nNFKZn6wXhh6OEXwCoc4Y%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1248735987&oauth_version=1.0 [base_string] => ) I am not able to figureout where I am going wrong . Please please help R On Mon, Jul 27, 2009 at 4:10 PM, Abraham Williams <4bra...@gmail.com> wrote: > Are you adding oauth_callback to the oauth/request_token call? Along with > the request_token you should be getting an oauth_callback_confirmed=true. > Passing a callback url with a user when they go to authorize access does not > work anymore: > > > http://groups.google.com/group/twitter-api-announce/browse_frm/thread/472500cfe9e7cdb9?hl=en > > Abraham > > On Mon, Jul 27, 2009 at 15:49, mattarnold1977 > wrote: > >> >> I've been able to create a successful web request to receive an auth >> token from Twitter. However, Twitter is not sending me back to my >> development environment even though I have put the oauth_callback >> parameter on my request. It even shows my call back parameter in the >> URL on the Twitter oAuth authentication page. >> >> I'm wondering if anyone else is using VS 08 (ASP .NET) as their >> development environment and were able to successfully get the oAuth >> call back parameter to redirect back to their development environment? >> >> -Matt >> > > > > -- > Abraham Williams | Community Evangelist | http://web608.org > Hacker | http://abrah.am | http://twitter.com/abraham > Project | http://fireeagle.labs.poseurtech.com > This email is: [ ] blogable [x] ask first [ ] private. >
[twitter-dev] Search Posting speed
Hi, How quickly are Tweets available in the search results? Should I assume a minute until it's guaranteed to show up? Five minutes? Just wondering for an app.
[twitter-dev] This is a really dumb question. How can I get back to my application information page
So i registered an application to learn the ins and outs of the twitter api for a personal project, but I clicked off the page and now I can't figure out how to get back to change my applications settings and get my keys. I have honestly looked everywhere I can think of to try and get back to this page, and my google-fu is failing. Any help is appreciated. Thanks -Bob
[twitter-dev] Re: API only shows messages from last 7 days
Hmm, then i can't use the API for this project, thx for replies guys. On 26 jul, 04:10, Dewald Pretorius wrote: > I believe the tweet retention in Twitter Search has always been 7 > days. > > On Jul 25, 1:18 pm, Flashing Moose wrote: > > > Hello, having some trouble with the API because only the messages from > > the last 7 days show up: > > > example: > > feed://search.twitter.com/search.atom?q=from%3AstimulusHome > > > Yes, there must be older posts in there... but how do i get to them? > > > I read about the Operator Limits: > > filter:links operator: > > results are limited to 7 days > > source: operator: > > results are limited to 7 days > > queries must contain at least one keyword parameter with the source: > > operator > > lang= operator: > > results are limited to 7 days > > location operator: > > results are limited to 7 days > > > but i'm not using filter, source, language or location do i? > > > regards, Moose
[twitter-dev] Adding tweets with a certain word them them to a feed on your site?
Does anyone know of a way I could add tweets with a certain word in them to a feed on my site? For example if there are tweets that have say "#somethinghere" in them. If I search twitter for #somethinghere (#somethinghere) the list of tweets comes up. Is it possible to get that list of tweets posted on my site? This may be really confusing and if so let me know and ill try to word it another way. Thanks in advance, Doug
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Not sure if my message went through. I am also getting this error... "incorrect signature" as of about 30 mins ago. Any ideas??? On Jul 27, 5:26 pm, goodtest wrote: > twitter api server seems to be down (getting invalid signature) since > 5.15 pm pst
[twitter-dev] bug on "more" button
Hello developers. I didn't find another way to talk to you that a find a bug on twitter. When you "double-click" on the button "more" to see more "messages", it shows the next messages and as it ends to load them, it loads them again. It seems to call two times the method to load asynchronously the message. I think I'm helping telling 'bout this. Maybe, twitter could have a bug area...don't know..=P
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Yep, likewise. I am getting 100s of "incorrect signature" errors. On Jul 27, 5:26 pm, goodtest wrote: > twitter api server seems to be down (getting invalid signature) since > 5.15 pm pst
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Updating you guys on this problem. A bug was reported off list that informed us we were not always verifying signatures. Today we shipped a fix for this problem which ensures that we are correctly verifying signatures. If you are still seeing invalid signature errors you should examine your code and ensure you are correctly signing requests as per the spec. Thanks, Doug On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams wrote: > Marcel is shipping a fix for this as I type. > > Thanks, > Doug > > > > > 2009/7/27 João Pereira > > Same here. >> >> >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest wrote: >> >>> >>> twitter api server seems to be down (getting invalid signature) since >>> 5.15 pm pst >> >> >> >> >> >
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Marcel is shipping a fix for this as I type. Thanks, Doug 2009/7/27 João Pereira > Same here. > > > On Tue, Jul 28, 2009 at 1:26 AM, goodtest wrote: > >> >> twitter api server seems to be down (getting invalid signature) since >> 5.15 pm pst > > > > >
[twitter-dev] Re: Whoa There! - Users don't really know whats going on.
sounds good, its way better than "Whoa There" :) On Jul 27, 5:51 pm, Andrew Badera wrote: > On Mon, Jul 27, 2009 at 8:38 PM, goodtest wrote: > > > I totally agree. They should simplify it and say something like: "You > > are not passing all required parameters or not encoding them properly" > > or anything that makes more sense. > > That's not going to make any more sense to users. > > It needs to be simple and imperative. > > "We've experienced an OAuth [authorization [optional]] problem, sorry for > the difficulty! Please let the administrators of [requesting app] know that > they provided duplicate or incorrect OAuth request information." > > --ab
[twitter-dev] Re: Whoa There! - Users don't really know whats going on.
On Mon, Jul 27, 2009 at 8:38 PM, goodtest wrote: > > I totally agree. They should simplify it and say something like: "You > are not passing all required parameters or not encoding them properly" > or anything that makes more sense. > > That's not going to make any more sense to users. It needs to be simple and imperative. "We've experienced an OAuth [authorization [optional]] problem, sorry for the difficulty! Please let the administrators of [requesting app] know that they provided duplicate or incorrect OAuth request information." --ab
[twitter-dev] Re: ASP .NET Development Issue w/OAuth Callback Parameter
On Mon, Jul 27, 2009 at 6:49 PM, mattarnold1977 wrote: > > I've been able to create a successful web request to receive an auth > token from Twitter. However, Twitter is not sending me back to my > development environment even though I have put the oauth_callback > parameter on my request. It even shows my call back parameter in the > URL on the Twitter oAuth authentication page. > > I'm wondering if anyone else is using VS 08 (ASP .NET) as their > development environment and were able to successfully get the oAuth > call back parameter to redirect back to their development environment? > > -Matt > As I think I'd mentioned off-list, I'm able to redirect no problem, using VS05 or VS08 or even VS10 VPC. I'm able to default to my registered callback, and I'm able to provide an oauth_callback value for testing (localhost) that works without difficulty. What oauth_callback value are you providing, and what URL are you ending up at? --ab
[twitter-dev] Re: twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
Same here. On Tue, Jul 28, 2009 at 1:26 AM, goodtest wrote: > > twitter api server seems to be down (getting invalid signature) since > 5.15 pm pst
[twitter-dev] Re: search.twitter.com only returns 30 days of content?
No. We currently only return around 7 days of data with search. You can learn more about this, and the reasons behind it, in our Getting Started materials provided on apiwiki.twitter.com. Thanks, Doug On Mon, Jul 27, 2009 at 2:23 PM, jms wrote: > > We recently hosted conference attendees used twitter to stay in touch. > > We had been pulling in an RSS hash feed of the event and displaying > the comments on our website as part of a post social aspect of the > conference. Recently I noticed that the comments stopped showing up on > the RSS feed... from what I can tell the tweets are disappearing after > 30 days. > > The last comment on the matter has likely been posted, however we'd > like to keep the tweets on our website for those returning to the > site, however the data isn't there. Is there a way to get this > historical data? >
[twitter-dev] Re: Whoa There! - Users don't really know whats going on.
I totally agree. They should simplify it and say something like: "You are not passing all required parameters or not encoding them properly" or anything that makes more sense. On Jul 27, 4:25 pm, Peter Denton wrote: > Hey, > I did some usability testing and 10 out of 10 people did not understand the > "Whoa There" statement. > > - First, probably only engineers/devs are going to understand what a > "token" is. > - Second, stating that "it was probably an honest mistake" is a > completely misleading, irrelevant statement. 'Honest mistake' infers some > type of a human choice, but its a system/technical conflict, without > intent. > > I know this has been brought up before, but I have been trying to > legitimately test these things on users, and it failed. Is there any chance > for customization of error reporting at this level? Will you accept text > considerations? > Another part of my testing was to simply describe the errors and let people > describe to me what that means in there head. In that sense, no one presumed > guilt on the apps behalf. > > Thanks > Peter
[twitter-dev] twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
twitter api server seems to be down (getting invalid signature) since 5.15 pm pst
[twitter-dev] Whoa There! - Users don't really know whats going on.
Hey, I did some usability testing and 10 out of 10 people did not understand the "Whoa There" statement. - First, probably only engineers/devs are going to understand what a "token" is. - Second, stating that "it was probably an honest mistake" is a completely misleading, irrelevant statement. 'Honest mistake' infers some type of a human choice, but its a system/technical conflict, without intent. I know this has been brought up before, but I have been trying to legitimately test these things on users, and it failed. Is there any chance for customization of error reporting at this level? Will you accept text considerations? Another part of my testing was to simply describe the errors and let people describe to me what that means in there head. In that sense, no one presumed guilt on the apps behalf. Thanks Peter
[twitter-dev] Re: ASP .NET Development Issue w/OAuth Callback Parameter
Are you adding oauth_callback to the oauth/request_token call? Along with the request_token you should be getting an oauth_callback_confirmed=true. Passing a callback url with a user when they go to authorize access does not work anymore: http://groups.google.com/group/twitter-api-announce/browse_frm/thread/472500cfe9e7cdb9?hl=en Abraham On Mon, Jul 27, 2009 at 15:49, mattarnold1977 wrote: > > I've been able to create a successful web request to receive an auth > token from Twitter. However, Twitter is not sending me back to my > development environment even though I have put the oauth_callback > parameter on my request. It even shows my call back parameter in the > URL on the Twitter oAuth authentication page. > > I'm wondering if anyone else is using VS 08 (ASP .NET) as their > development environment and were able to successfully get the oAuth > call back parameter to redirect back to their development environment? > > -Matt > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: user is fallowing me ?
friendships show is good too, but I found it very costly though with the rate limit being 150. If a user has hundreds or thousands of friends and you need to find this for each one of them, it becomes a no option. It would have been nice if that information was returned in the response together with following. Any plans to add that in the future? Nick On Jul 27, 2:17 pm, Doug Williams wrote: > We've got a method for > that:http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-show > > Thanks, > Doug > > On Mon, Jul 27, 2009 at 8:39 AM, cem wrote: > > w can I know from my application that the user sent the reply is > > fallowing me . I fallowed myself from another account and the
[twitter-dev] Re: DM-based services
Well, I guess that I could even do that programmatically but I'd like to treat it as a last resort. Regular folks don't know about follow ratios and "follow me so I give you this" sounds petty. On Jul 27, 1:56 pm, Grant Emsley wrote: > Require people to follow you before they can use the service? > > On Jul 27, 10:10 am, Andres B wrote: > > > Hi, I'm having some trouble sending messages to the group, so I'll > > break it down in a couple different messages. > > > I developed muuter.com and my users can send mute commands through DM > > i.e. "d muuter someone 8 h". > > > For this to work, @muuter needs to follow every user, and right now I > > can't because I'm hitting a follow ratio, at 130 followers vs 800 > > following. Is there a best practice to offer services through DM? > > > Thanks in advance. > > > Best, > > Andres B > > @andresb
[twitter-dev] Re: DM-based services
Yes, I'm aware of the daily limits, my main concern is that if I hit a higher number (and still have 150 followers, b/c @muuter is a pretty uninteresting account), I will not be able to follow ALL my users. That's why I'll appreciate any shareable experience receiving DMs from large numbers of users. Thanks! AB On Jul 27, 2:45 pm, Abraham Williams <4bra...@gmail.com> wrote: > There is a limit of how many accounts you can follow each day. Try following > more tomorrow. > > Abraham > > > > On Mon, Jul 27, 2009 at 07:10, Andres B wrote: > > > Hi, I'm having some trouble sending messages to the group, so I'll > > break it down in a couple different messages. > > > I developed muuter.com and my users can send mute commands through DM > > i.e. "d muuter someone 8 h". > > > For this to work, @muuter needs to follow every user, and right now I > > can't because I'm hitting a follow ratio, at 130 followers vs 800 > > following. Is there a best practice to offer services through DM? > > > Thanks in advance. > > > Best, > > Andres B > > @andresb > > -- > Abraham Williams | Community Evangelist |http://web608.org > Hacker |http://abrah.am|http://twitter.com/abraham > Project |http://fireeagle.labs.poseurtech.com > This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] search.twitter.com only returns 30 days of content?
We recently hosted conference attendees used twitter to stay in touch. We had been pulling in an RSS hash feed of the event and displaying the comments on our website as part of a post social aspect of the conference. Recently I noticed that the comments stopped showing up on the RSS feed... from what I can tell the tweets are disappearing after 30 days. The last comment on the matter has likely been posted, however we'd like to keep the tweets on our website for those returning to the site, however the data isn't there. Is there a way to get this historical data?
[twitter-dev] Invalid consumer
Hello All, When I am trying to access twitter with oauth ( I am trying the php code from oauth.net ) , I enter the endpoint, consumer key and consumer secret , but I end up getting this next page which doesnot generate any token. Instead it says Invalid consumer OAuthRequest Object ( [parameters:private] => Array ( [oauth_consumer_key] => . [oauth_nonce] => .. [oauth_signature] => .= [oauth_signature_method] => HMAC-SHA1 [oauth_timestamp] => 1248730389 [oauth_version] => 1.0 ) [http_method:private] => GET [http_url:private] => http://example.com:80/example/request_token.php?oauth_consumer_key=...&oauth_nonce=...&oauth_signature=3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1248730389&oauth_version=1.0 [base_string] => ) I am not sure why it doesnot generate any token. Code can be found at http://oauth.googlecode.com/svn/code/php/ Please help me.. thanks & regards R
[twitter-dev] ASP .NET Development Issue w/OAuth Callback Parameter
I've been able to create a successful web request to receive an auth token from Twitter. However, Twitter is not sending me back to my development environment even though I have put the oauth_callback parameter on my request. It even shows my call back parameter in the URL on the Twitter oAuth authentication page. I'm wondering if anyone else is using VS 08 (ASP .NET) as their development environment and were able to successfully get the oAuth call back parameter to redirect back to their development environment? -Matt
[twitter-dev] Re: Google Android
There are a number of open source applications on Google Code:
http://code.google.com/hosting/search?q=label%3AAndroid+label%3ATwitter
2009/7/25 Christine
>
> HttpClient on Android is the same as HttpClient in general. You create
> a client, create an httpPost and send it to twittter.
>
> It's something like
>
> DefaultHttpClient client = new DefaultHttpClient();
> HttpPost post = new HttpPost(postString);
> localContext = new BasicHttpContext();
> client.getCredentialsProvider().setCredentials(
> new AuthScope(DOMAIN, 80, "Twitter API"),
> new UsernamePasswordCredentials(myUserName, password));
> BasicScheme basicAuth = new BasicScheme();
> localContext.setAttribute("preemptive-auth", basicAuth);
> client.addRequestInterceptor(new PreemptiveAuth(), 0);
> HttpResponse response = client.execute(post, localContext);
> HttpEntity entity = response.getEntity();
> InputStream in = entity.getContent();
>
> etc.
>
>
>
> On Jul 25, 6:28 am, Matthew Jurkoic wrote:
> > Can anyone direct me to some code examples of Google Android
> > connecting to Twitter? I've played with HttpClient but have not had
> > any luck. Thank you.
>
--
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
Project | http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: DM-based services
There is a limit of how many accounts you can follow each day. Try following more tomorrow. Abraham On Mon, Jul 27, 2009 at 07:10, Andres B wrote: > > Hi, I'm having some trouble sending messages to the group, so I'll > break it down in a couple different messages. > > I developed muuter.com and my users can send mute commands through DM > i.e. "d muuter someone 8 h". > > For this to work, @muuter needs to follow every user, and right now I > can't because I'm hitting a follow ratio, at 130 followers vs 800 > following. Is there a best practice to offer services through DM? > > Thanks in advance. > > Best, > Andres B > @andresb > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: API only shows messages from last 7 days
It was at least a month when Twitter acquired Summize. Abraham 2009/7/25 Dewald Pretorius > > I believe the tweet retention in Twitter Search has always been 7 > days. > > > On Jul 25, 1:18 pm, Flashing Moose wrote: > > Hello, having some trouble with the API because only the messages from > > the last 7 days show up: > > > > example: > > feed://search.twitter.com/search.atom?q=from%3AstimulusHome > > > > Yes, there must be older posts in there... but how do i get to them? > > > > I read about the Operator Limits: > > filter:links operator: > > results are limited to 7 days > > source: operator: > > results are limited to 7 days > > queries must contain at least one keyword parameter with the source: > > operator > > lang= operator: > > results are limited to 7 days > > location operator: > > results are limited to 7 days > > > > but i'm not using filter, source, language or location do i? > > > > regards, Moose > -- Abraham Williams | Community Evangelist | http://web608.org Hacker | http://abrah.am | http://twitter.com/abraham Project | http://fireeagle.labs.poseurtech.com This email is: [ ] blogable [x] ask first [ ] private.
[twitter-dev] Re: track syntax
Here is a working example of how to do /track:
$count = 1;
$startparsing = false;
$keyword_needles[] = 'keyword1';
$keyword_needles[] = 'keyword2';
$keyword_needles[] = 'keyword3';
$keyword_needles[] = 'keyword4';
// if your keywords have spaces, they must be urlencoded (twitter does not
support phrases, only the first keyword will be used, the space character
and after will be ignored)
foreach ($keyword_needles AS $i=>$needle) {
$keyword_needles[$i] = urlencode($needle);
}
$poststr = 'track=' . implode(',', $keyword_needles);
$fp = fsockopen("stream.twitter.com", 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)\n";
} else {
$out = "POST /track.json HTTP/1.1\r\n";
$out .= "Host: stream.twitter.com\r\n";
$out .= "User-Agent: YourUserAgent\r\n";
$out .= "Referer: http://yourdomain.com\r\n";;
$out .= "Content-Type: application/x-www-form-urlencoded\r\n";
$out .= "Authorization: Basic " .
base64_encode("username:password")."\r\n";
$out .= "Content-length: " . strlen($poststr) . "\r\n";
$out .= "Connection: Close\r\n\r\n";
$out .= $poststr . "\r\n\r\n";
fwrite($fp, $out);
while (!feof($fp)) {
$line = fgets($fp, 4096);
if ($startparsing) {
if (trim($line) != '') {
//echo trim($line) . "\n";
$tweet_obj = json_decode(trim($line));
// do your stuff here
}
}
else {
// view the header lines: uncomment the below line
//echo trim($line) . "\n";
$header_arr[] = $line;
$headercount = count($header_arr)-1;
if (trim($header_arr[$headercount]) == '') {
$startparsing = true;
$count = 1;
unset($header_arr, $headercount);
}
}
if (trim($line) != '') $count++;
}
fclose($fp);
}
On Mon, Jul 27, 2009 at 11:18 AM, Joseph wrote:
>
> I am trying to use the track streaming API, but I'm having trouble
> with the syntax. The example shows how to use a tracking list stored
> in a file in the format: track = word1, word2, etc..
>
> I tried the following (following a successful fsockopen call to
> stream.twitter.api:
>
> POST /track.json track = Palin, #fubar HTTP/1.1 Host:
> stream.twitter.com User-Agent: UserAgent Authorization: Basic
> cGXybmFzc3TzZGV2OlBhcm5hMzT1Mzl4MDMz Connection: Close
>
> and I am getting the following error code: HTTP/1.1 400 Bad Request
>
> The actual relevant test PHP code is:
>
> $fp = fsockopen($url, 80, $errno, $errstr, 30);
> if (!$fp) {
>echo "$errstr ($errno)\n";
> } else {
>echo "file handle: ".$fp."";
>$header = "POST /track.json track = $trackTerms HTTP/1.1\r\n";
>$header .= "Host: stream.twitter.com\r\n";
>$header .= "User-Agent: UserAgent\r\n";
>$header .= "Authorization: Basic " . base64_encode($twitUsername .
> ':' . $twitPwd)."\r\n";
>$header .= "Connection: Close\r\n\r\n";
>echo $header."";
>fwrite($fp, $header);
>$line = fgets($fp, 4096);
>echo $line;
>fclose($fp);
> }
>
[twitter-dev] Re: DM-based services
Require people to follow you before they can use the service? On Jul 27, 10:10 am, Andres B wrote: > Hi, I'm having some trouble sending messages to the group, so I'll > break it down in a couple different messages. > > I developed muuter.com and my users can send mute commands through DM > i.e. "d muuter someone 8 h". > > For this to work, @muuter needs to follow every user, and right now I > can't because I'm hitting a follow ratio, at 130 followers vs 800 > following. Is there a best practice to offer services through DM? > > Thanks in advance. > > Best, > Andres B > @andresb
[twitter-dev] Re: track syntax
At first glance, your question is really about HTTP, not Track, as
your request appears to be malformed. I'd suggest using an existing
HTTP client if at all possible. You could also contrast your
implementation with: http://tools.ietf.org/html/rfc2616#section-4.1.
Or, get your query working with curl(1) and capture the interaction
with a protocol decoder, perhaps Wireshark. Then analyze your client,
and fix the deltas.
-John Kalucki
http://twitter.com/jkalucki
Services, Twitter Inc.
On Jul 27, 11:18 am, Joseph wrote:
> I am trying to use the track streaming API, but I'm having trouble
> with the syntax. The example shows how to use a tracking list stored
> in a file in the format: track = word1, word2, etc..
>
> I tried the following (following a successful fsockopen call to
> stream.twitter.api:
>
> POST /track.json track = Palin, #fubar HTTP/1.1 Host:
> stream.twitter.com User-Agent: UserAgent Authorization: Basic
> cGXybmFzc3TzZGV2OlBhcm5hMzT1Mzl4MDMz Connection: Close
>
> and I am getting the following error code: HTTP/1.1 400 Bad Request
>
> The actual relevant test PHP code is:
>
> $fp = fsockopen($url, 80, $errno, $errstr, 30);
> if (!$fp) {
> echo "$errstr ($errno)\n";} else {
>
> echo "file handle: ".$fp."";
> $header = "POST /track.json track = $trackTerms HTTP/1.1\r\n";
> $header .= "Host: stream.twitter.com\r\n";
> $header .= "User-Agent: UserAgent\r\n";
> $header .= "Authorization: Basic " . base64_encode($twitUsername .
> ':' . $twitPwd)."\r\n";
> $header .= "Connection: Close\r\n\r\n";
> echo $header."";
> fwrite($fp, $header);
> $line = fgets($fp, 4096);
> echo $line;
> fclose($fp);
>
> }
[twitter-dev] Re: track syntax
Thanks. I should have mentioned that the password is not real (changed
the data, but kept the format to illustrate what exactly is being
used).
On Jul 27, 11:30 am, JDG wrote:
> a) the POST body (i.e. track=Palin) must come after ALL headers.
> b) change your password, you just sent it to the whole dev community.
>
>
>
> On Mon, Jul 27, 2009 at 12:18, Joseph wrote:
>
> > I am trying to use the track streaming API, but I'm having trouble
> > with the syntax. The example shows how to use a tracking list stored
> > in a file in the format: track = word1, word2, etc..
>
> > I tried the following (following a successful fsockopen call to
> > stream.twitter.api:
>
> > POST /track.json track = Palin, #fubar HTTP/1.1 Host:
> > stream.twitter.com User-Agent: UserAgent Authorization: Basic
> > cGXybmFzc3TzZGV2OlBhcm5hMzT1Mzl4MDMz Connection: Close
>
> > and I am getting the following error code: HTTP/1.1 400 Bad Request
>
> > The actual relevant test PHP code is:
>
> > $fp = fsockopen($url, 80, $errno, $errstr, 30);
> > if (!$fp) {
> > echo "$errstr ($errno)\n";
> > } else {
> > echo "file handle: ".$fp."";
> > $header = "POST /track.json track = $trackTerms HTTP/1.1\r\n";
> > $header .= "Host: stream.twitter.com\r\n";
> > $header .= "User-Agent: UserAgent\r\n";
> > $header .= "Authorization: Basic " . base64_encode($twitUsername .
> > ':' . $twitPwd)."\r\n";
> > $header .= "Connection: Close\r\n\r\n";
> > echo $header."";
> > fwrite($fp, $header);
> > $line = fgets($fp, 4096);
> > echo $line;
> > fclose($fp);
> > }
>
> --
> Internets. Serious business.
[twitter-dev] Re: track syntax
a) the POST body (i.e. track=Palin) must come after ALL headers.
b) change your password, you just sent it to the whole dev community.
On Mon, Jul 27, 2009 at 12:18, Joseph wrote:
>
> I am trying to use the track streaming API, but I'm having trouble
> with the syntax. The example shows how to use a tracking list stored
> in a file in the format: track = word1, word2, etc..
>
> I tried the following (following a successful fsockopen call to
> stream.twitter.api:
>
> POST /track.json track = Palin, #fubar HTTP/1.1 Host:
> stream.twitter.com User-Agent: UserAgent Authorization: Basic
> cGXybmFzc3TzZGV2OlBhcm5hMzT1Mzl4MDMz Connection: Close
>
> and I am getting the following error code: HTTP/1.1 400 Bad Request
>
> The actual relevant test PHP code is:
>
> $fp = fsockopen($url, 80, $errno, $errstr, 30);
> if (!$fp) {
>echo "$errstr ($errno)\n";
> } else {
>echo "file handle: ".$fp."";
>$header = "POST /track.json track = $trackTerms HTTP/1.1\r\n";
>$header .= "Host: stream.twitter.com\r\n";
>$header .= "User-Agent: UserAgent\r\n";
>$header .= "Authorization: Basic " . base64_encode($twitUsername .
> ':' . $twitPwd)."\r\n";
>$header .= "Connection: Close\r\n\r\n";
>echo $header."";
>fwrite($fp, $header);
>$line = fgets($fp, 4096);
>echo $line;
>fclose($fp);
> }
--
Internets. Serious business.
[twitter-dev] Re: Updating the APIs authentication limiting policy
Thanks to everyone who has contributed feedback. This approach is what we are going to take. Alex will be making this change shortly. I will update this thread when there is timeframe to share. Thanks, Doug On Mon, Jul 27, 2009 at 7:52 AM, TinBlue wrote: > > What is happening? > > This rollback is taking far too long for something that has affected a > lot of people! > > On Jul 25, 2:32 pm, Dewald Pretorius wrote: > > Doug, > > > > I would prefer to adopt OAuth instead of writing code for Basic Auth. > > > > So, you guys need to move OAuth out of public beta into full > > production sooner rather than later. :-) > > > > I manage 100,000+ Twitter accounts, and I simply cannot take on the > > support workload of answering user tickets when there's a snag with > > OAuth beta. > > > > I monitor these forums and the API Issues and still see too many OAuth > > issues being reported to give me a level of comfort that I can safely > > switch over to OAuth. > > > > On Jul 24, 5:46 pm, Doug Williams wrote: > > > > > > > > > Well said Joshua. > > > > > Dewald, you have identified the risk of using basic authentication. If > > > your users being locked out due to malicious behavior, you should > > > either implement further user-level rate limiting on your side or > > > adopt OAuth. > > > > > Are there any other glaring omissions in our thinking or should we > > > proceed with this as our solution? > > > > > Thanks, > > > Doug > > > > > On Fri, Jul 24, 2009 at 11:08 AM, Joshua Perry wrote: > > > > > > Jim's concern is valid, fortunately OAuth is immune to brute-force > attacks > > > > once the access key has been issued to an application. For this > reason alone > > > > I would urge people to switch to OAuth if at all possible. I would > hope > > > > (and assume) that if login attempts for an account are locked out > that a > > > > user would still be able to successfully use an already authorized > OAuth > > > > driven application. > > > > > > Unfortunately allowing a successful un/pw login while an account is > locked > > > > out even when the correct password is presented effectively bypasses > the > > > > whole reason for a lockout in the first place, preventing brute-force > > > > password attempts. If an attacker used a dictionary or brute-force > attack > > > > and the account was locked out after 15 attempts, then they could > continue > > > > trying even though the system replied "locked out"; if they > eventually sent > > > > the correct password it would just bypass the lockout and they would > then > > > > know the correct password. > > > > > > Perhaps Twitter could implement a selective captcha, I know they are > > > > annoying but if executed properly it could be effective protection > against > > > > brute-force and dictionary attacks. Say after 3 or 4 failed attempts > without > > > > a captch the API would then include a captcha image URL in it's > response > > > > that the application would then need to show to the person and > include the > > > > user's response with the next authentication attempt as a header or > POST > > > > variable. The site stackoverflow.com does this to great effect, if > you > > > > create posts quicker than a certain threshold which a person would > not > > > > exceed then they pop a captcha up, in the normal use of the site you > will > > > > never see one; I've only hit two captchas in the last in the last 8 > months > > > > using the site. > > > > > > Josh > > > > > > Dewald Pretorius wrote: > > > > > >> Jim raised a huge weakness with the authentication rate limiting > that > > > >> could essentially break third-party apps. > > > > > >> Anybody can try to add anybody else's Twitter account to a > third-party > > > >> app using an invalid password. If they do that 15 times with a > Twitter > > > >> account, the real owner of that Twitter account, who may have added > > > >> his account a long time ago with the correct password, is locked out > > > >> from using that app for an hour. > > > > > >> I believe you will absolutely have to reset / remove the lock as > soon > > > >> as the Twitter account uses the correct password. > > > > > >> On Jul 22, 4:58 pm, "jim.renkel" wrote: > > > > > >>> My concern with this proposal is that it opens up denials of > service, > > > >>> not to twitter.com, but to "associated" sites such as twitpic, or > my > > > >>> site twxlate, among others > > > > > >>> For example, Lance Armstrong is a heavy user of twitpic. It is very > > > >>> easy for anyone to find Lance's twitter ID (@lancearmstrong), view > his > > > >>> status updates, and see that he is a frequent user of twitpic. Now, > > > >>> someone that is "unhappy" with Lance, say one of George Hincapie's > > > >>> ardent fans that really believes that Lance was a significant > > > >>> contributor to George not winning the maillot jeune last Sunday, > > > >>> could go to twitpic, fail to login as Lance the requisite number of > > > >>> times, and deny Lance access to twitpic
[twitter-dev] Re: jSon description
I see this is the second post for this same question. Please refrain from posting multiple times. It adds value to the list. You are running into a bug that has been discussed here in the past. The value of the following field was unreliable due to caching constraints. A few weeks ago we deprecated that value and will now return it as null permanently. Please use the friendships/show method [1] to access this data. 1. http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-show Thanks, Doug On Mon, Jul 27, 2009 at 8:25 AM, cem wrote: > > Hi where can I get all the descriptive information to the incoming > Json data ? > > I cannot determine what value the fields get? > > For example : > > Incoming data is : > > Array > ( >[0] => stdClass Object >( >[text] => @cbaykam http://yfrog.com/17tozp lets try this > image again... >[truncated] => >[user] => stdClass Object >( >[following] => >[friends_count] => 33 >[profile_sidebar_fill_color] => e0ff92 >[description] => developer father husband >[screen_name] => botsko >[time_zone] => Pacific Time (US & Canada) >[utc_offset] => -28800 >[favourites_count] => 0 >[profile_sidebar_border_color] => 87bc44 >[created_at] => Tue Jul 15 17:53:28 + 2008 >[url] => http://www.botsko.net >[name] => botsko >[statuses_count] => 289 >[profile_text_color] => 00 >[protected] => >[notifications] => >[profile_background_image_url] => > http://static.twitter.com/images/themes/theme1/bg.gif >[profile_link_color] => ff >[profile_background_tile] => >[verified] => >[profile_background_color] => 9ae4e8 >[followers_count] => 47 >[profile_image_url] => > http://static.twitter.com/images/default_profile_normal.png >[location] => iPhone: 45.535675,-122.891006 >[id] => 15443507 >) > >[in_reply_to_status_id] => 2672240873 >[created_at] => Thu Jul 16 20:45:17 + 2009 >[in_reply_to_user_id] => 49442021 >[favorited] => >[in_reply_to_screen_name] => cbaykam >[id] => 2675863956 >[source] => Tweetie >) > > What will the value of user->fallowing be if the user is fallowing > me ? >
[twitter-dev] track syntax
I am trying to use the track streaming API, but I'm having trouble
with the syntax. The example shows how to use a tracking list stored
in a file in the format: track = word1, word2, etc..
I tried the following (following a successful fsockopen call to
stream.twitter.api:
POST /track.json track = Palin, #fubar HTTP/1.1 Host:
stream.twitter.com User-Agent: UserAgent Authorization: Basic
cGXybmFzc3TzZGV2OlBhcm5hMzT1Mzl4MDMz Connection: Close
and I am getting the following error code: HTTP/1.1 400 Bad Request
The actual relevant test PHP code is:
$fp = fsockopen($url, 80, $errno, $errstr, 30);
if (!$fp) {
echo "$errstr ($errno)\n";
} else {
echo "file handle: ".$fp."";
$header = "POST /track.json track = $trackTerms HTTP/1.1\r\n";
$header .= "Host: stream.twitter.com\r\n";
$header .= "User-Agent: UserAgent\r\n";
$header .= "Authorization: Basic " . base64_encode($twitUsername .
':' . $twitPwd)."\r\n";
$header .= "Connection: Close\r\n\r\n";
echo $header."";
fwrite($fp, $header);
$line = fgets($fp, 4096);
echo $line;
fclose($fp);
}
[twitter-dev] Re: user is fallowing me ?
We've got a method for that: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-friendships-show Thanks, Doug On Mon, Jul 27, 2009 at 8:39 AM, cem wrote: > w can I know from my application that the user sent the reply is > fallowing me . I fallowed myself from another account and the >
[twitter-dev] Re: Json coming data description .
Please see http://apiwiki.twitter.com/Return-Values Thanks, Doug On Mon, Jul 27, 2009 at 8:00 AM, cem wrote: > > Hi I am getting data from twitter in an array but I need detailed > definition of fields there for example what will the value fallowing > get if the user is fallowing me ? Is there a documentation for the > incoming data ? >
[twitter-dev] DM-based services
Hi, I'm having some trouble sending messages to the group, so I'll break it down in a couple different messages. I developed muuter.com and my users can send mute commands through DM i.e. "d muuter someone 8 h". For this to work, @muuter needs to follow every user, and right now I can't because I'm hitting a follow ratio, at 130 followers vs 800 following. Is there a best practice to offer services through DM? Thanks in advance. Best, Andres B @andresb
[twitter-dev] Re: Too Many Requests for a specific user ....
Twitter in their infinite wisdom decided to implement a limit on the verify_credentials API call. I believe its 15 calls per hour. They have since come to their senses and said they will be rolling back to the previous behavior. However, as yet they still haven't done it. But personally, I wish they would hurry up! On Jul 27, 3:07 am, Francis Shanahan wrote: > Sorry that's "403 Forbidden" errors I'm gietting. > > On Jul 26, 10:06 pm, Francis Shanahan > wrote: > > > > > I realise there are limits on the number of times an application can > > call into Twitter in a given time period. > > > In the course of my testing though I tend to fire off a lot of > > requests, nothing crazy just probably 1 per minute as I'm clicking > > through my tests. > > > Sometimes when I'm testing oAuth Login and logging in/out of the > > application, and going back and forth with the Grant/Deny page I am > > experiencing 403 Unauthorized errors with the following data in the > > response > > > /account/ > > verify_credentials.xml?oauth_consumer_key=[removed] > > &oauth_nonce=7959883&oauth_signature_method=HMAC- > > SHA1&oauth_timestamp=1248659818&oauth_token=[removed] > > &oauth_version=1.0&oauth_signature=TH > > %2bFof7ErcFdH6XgVgPeou174yI%3d > > Too many requests in this time period. Try again later. > > > > > This error is just given for my account, other users don't get this > > error. I can log in from the site with another user without issue. > > > So given that I'm not making that many requests and can trigger this > > with just manual clicking, how many are allowed for a given user?
[twitter-dev] Re: Updating the APIs authentication limiting policy
What is happening? This rollback is taking far too long for something that has affected a lot of people! On Jul 25, 2:32 pm, Dewald Pretorius wrote: > Doug, > > I would prefer to adopt OAuth instead of writing code for Basic Auth. > > So, you guys need to move OAuth out of public beta into full > production sooner rather than later. :-) > > I manage 100,000+ Twitter accounts, and I simply cannot take on the > support workload of answering user tickets when there's a snag with > OAuth beta. > > I monitor these forums and the API Issues and still see too many OAuth > issues being reported to give me a level of comfort that I can safely > switch over to OAuth. > > On Jul 24, 5:46 pm, Doug Williams wrote: > > > > > Well said Joshua. > > > Dewald, you have identified the risk of using basic authentication. If > > your users being locked out due to malicious behavior, you should > > either implement further user-level rate limiting on your side or > > adopt OAuth. > > > Are there any other glaring omissions in our thinking or should we > > proceed with this as our solution? > > > Thanks, > > Doug > > > On Fri, Jul 24, 2009 at 11:08 AM, Joshua Perry wrote: > > > > Jim's concern is valid, fortunately OAuth is immune to brute-force attacks > > > once the access key has been issued to an application. For this reason > > > alone > > > I would urge people to switch to OAuth if at all possible. I would hope > > > (and assume) that if login attempts for an account are locked out that a > > > user would still be able to successfully use an already authorized OAuth > > > driven application. > > > > Unfortunately allowing a successful un/pw login while an account is locked > > > out even when the correct password is presented effectively bypasses the > > > whole reason for a lockout in the first place, preventing brute-force > > > password attempts. If an attacker used a dictionary or brute-force attack > > > and the account was locked out after 15 attempts, then they could continue > > > trying even though the system replied "locked out"; if they eventually > > > sent > > > the correct password it would just bypass the lockout and they would then > > > know the correct password. > > > > Perhaps Twitter could implement a selective captcha, I know they are > > > annoying but if executed properly it could be effective protection against > > > brute-force and dictionary attacks. Say after 3 or 4 failed attempts > > > without > > > a captch the API would then include a captcha image URL in it's response > > > that the application would then need to show to the person and include the > > > user's response with the next authentication attempt as a header or POST > > > variable. The site stackoverflow.com does this to great effect, if you > > > create posts quicker than a certain threshold which a person would not > > > exceed then they pop a captcha up, in the normal use of the site you will > > > never see one; I've only hit two captchas in the last in the last 8 months > > > using the site. > > > > Josh > > > > Dewald Pretorius wrote: > > > >> Jim raised a huge weakness with the authentication rate limiting that > > >> could essentially break third-party apps. > > > >> Anybody can try to add anybody else's Twitter account to a third-party > > >> app using an invalid password. If they do that 15 times with a Twitter > > >> account, the real owner of that Twitter account, who may have added > > >> his account a long time ago with the correct password, is locked out > > >> from using that app for an hour. > > > >> I believe you will absolutely have to reset / remove the lock as soon > > >> as the Twitter account uses the correct password. > > > >> On Jul 22, 4:58 pm, "jim.renkel" wrote: > > > >>> My concern with this proposal is that it opens up denials of service, > > >>> not to twitter.com, but to "associated" sites such as twitpic, or my > > >>> site twxlate, among others > > > >>> For example, Lance Armstrong is a heavy user of twitpic. It is very > > >>> easy for anyone to find Lance's twitter ID (@lancearmstrong), view his > > >>> status updates, and see that he is a frequent user of twitpic. Now, > > >>> someone that is "unhappy" with Lance, say one of George Hincapie's > > >>> ardent fans that really believes that Lance was a significant > > >>> contributor to George not winning the maillot jeune last Sunday, > > >>> could go to twitpic, fail to login as Lance the requisite number of > > >>> times, and deny Lance access to twitpic. > > > >>> Not only celebrities would or could be subject to such denials of > > >>> service. I notice that @dougw occasionally uses twitpic! :-) > > > >>> One solution to this problem is to add to each twitter account another > > >>> "private" ID. By default this private ID would be equal to the > > >>> existing (public) ID (If not equal to the account's public ID, it > > >>> would have to be unique among all twitter IDs, both public and > > >>> private.). > > > >>> The public ID wo
[twitter-dev] Json coming data description .
Hi I am getting data from twitter in an array but I need detailed definition of fields there for example what will the value fallowing get if the user is fallowing me ? Is there a documentation for the incoming data ?
