[twitter-dev] Re: Problem with in reply to status id

[Abraham Williams]

2009/8/6 Sam Street 

> 2. replying to a status id that you posted yourself from the same
> account
>

This is actually incorrect. I've posted replies to myself from the web
interface.

Abraham

-- 
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
Project | http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Wasilla, Alaska, United States

[twitter-dev] Re: Read Status in API

[Abraham Williams]

I've heard Al3x mention adding flags so that application A tells twitter the
user read their friends timeline up to stats xyz so when they start using
application B it can jump over already read statuses. I have no idea the
status of this feature or if it is still being considered.

Abraham

2009/8/6 JDG 

> What does it mean to be "read" though? A public tweet can be "read" by
> anyone by any widget that pulls it. If it's DL'ed by any of the various
> *hose feeds, does that mean it's been "read"? What if it's searched and
> found?
>
> I find it very hard to believe that this makes sense in Twitter's paradigm
>
>
> On Thu, Aug 6, 2009 at 11:06, Chris  wrote:
>
>>
>> I'm sorry if this has already been discussed. I have a hard time
>> believing this hasn't already been discussed.
>>
>> Is there a way to add a flag in the API on whether a tweet/reply/dm
>> has been read or not? This would allow syncing of read status across
>> various devices. It would be a nice addition.
>>
>
>
>
> --
> Internets. Serious business.
>



-- 
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
Project | http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Wasilla, Alaska, United States

[twitter-dev] Re: local dev + sub-domains and oauth

[Abraham Williams]

You will want to use oauth_callback that was added in OAuth 1.0a:
http://groups.google.com/group/twitter-api-announce/browse_frm/thread/472500cfe9e7cdb9?hl=en

Abraham

2009/8/6 Robert Fishel 

>
> Perhaps set a cookie when they come to your site noting their
> preferred language then check for the cookie on the callback page.
>
> -Bob
>
> On Thu, Aug 6, 2009 at 12:35 PM, peter_tellgren
> wrote:
> >
> > I am running a site where I use sub-domains for the different
> > languages I support on the site.
> >
> > e.g. en.example.com/.. for English and fr.example.com/.. for French
> >
> > I just wonder if I go from my en.example.com/twitter site to the
> > twitter to have my user accept my site as a consumer do I have to have
> > a callback URL to en.example.com/twitter_callback or do I in the best
> > way solve this.
> >
> > I assume there must be a better way since I am not to eager of
> > creating one app for each language. Any tips welcome.
> >
> > Also today when I created a new app on the twitter site and added a
> > callback URL and app URL that are local to my machine. I got a pin
> > code instead of a callback. I tried to remove the app with and adding
> > it again with the same result. Is there a temporary glitch in the
> > twitter API or am I missing something?
> > And this afternoon I am unable to update my Twitter App:
> >
> > I go to http://twitter.com/apps, enter my app that I want to edit. I
> > do my changes but when I click save It does not work.
> >
> > Any ideas on these topics are welcome
> >
> >
>



-- 
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
Project | http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.
Sent from Wasilla, Alaska, United States

[twitter-dev] Re: /statuses/user_timeline.json is redirecting

[Abraham Williams]

I would imagine since it started with the DDOS attacks it will subside with
them or shortly thereafter.

Abraham

2009/8/6 Jonathan 

>
> Anthony -
>
> My app is seeing the same thing (circular redirection) on calls to
> search.twitter.com/search.json. It seems as if in the past hour I've
> had a few calls succeed though, so I don't know if that means we'll
> all be fixed eventually, or whether the API team will need to
> reinstate third-party app access on an ad-hoc basis.
>
> -jonathan
>
> On Aug 6, 4:08 pm, Anthony Eden  wrote:
> > Since the DDoS attack, OAuthed calls to /statuses/user_timeline.json
> > are redirecting to the same URL with a string after it, like so:
> > /statuses/user_timeline.json?c6b33390
> >
> > I'm using John Nunemaker's ruby twitter library which is choking
> > because it doesn't handle the redirect.
> >
> > Thoughts? Thanks!
> >
> > Sincerely,
> > Anthony Eden
> > --
> > GMU/IT d- s: a32 C++()$ UL@ P--- L+(++) !E W+++$ !N o? K? w--- !O
> > M++ V PS+ PE Y PGP t+ !5 X- R tv b++ DI+ D++ G- e++ h r+++ y**
> >
> > http://anthony.mp
>



-- 
Abraham Williams | Community Evangelist | http://web608.org
Hacker | http://abrah.am | http://twitter.com/abraham
Project | http://fireeagle.labs.poseurtech.com
This email is: [ ] blogable [x] ask first [ ] private.

[twitter-dev] Re: Gardenhose API

[chinaski007]

My whitelisted IPs were 20k limit, then blocked, then 20k limit, and
now blocked again.

Can't you somehow sync the API whitelist ips with the host?

On Aug 6, 11:18 pm, John Kalucki  wrote:
> The DDoS continues. Your stream could dry up due to any number of
> network components hitting saturation. Upstream, created tweets could
> go to zero if users can't get in to update their status. Downstream,
> there are many causes of congestion and/or failure that could cause
> your stream to become quite slow and or stop.
>
> Please feel free to disconnect and reconnect if the stream appears too
> slow. I've eased the anti-abuse system, and I'll ease it more if
> needed to allow clients to ride this out.
>
> -John Kaluckihttp://twitter.com/jkalucki
> Services, Twitter Inc.
>
> On Aug 6, 10:12 pm, Kris Jirapinyo  wrote:
>
> > Anybody experiencing trouble connecting to gardenhose?  My app connects fine
> > for an hour then gets throttled to 0.  Do I need to give the machine's IP to
> > someone to whitelist it?
>
> > Thanks,
> > Kris.
>
>

[twitter-dev] Re: Gardenhose API

[John Kalucki]

The DDoS continues. Your stream could dry up due to any number of
network components hitting saturation. Upstream, created tweets could
go to zero if users can't get in to update their status. Downstream,
there are many causes of congestion and/or failure that could cause
your stream to become quite slow and or stop.

Please feel free to disconnect and reconnect if the stream appears too
slow. I've eased the anti-abuse system, and I'll ease it more if
needed to allow clients to ride this out.

-John Kalucki
http://twitter.com/jkalucki
Services, Twitter Inc.



On Aug 6, 10:12 pm, Kris Jirapinyo  wrote:
> Anybody experiencing trouble connecting to gardenhose?  My app connects fine
> for an hour then gets throttled to 0.  Do I need to give the machine's IP to
> someone to whitelist it?
>
> Thanks,
> Kris.

[twitter-dev] Re: oauth redirects fail....

[Rich]

I have the same issue, After 'allow' it simply times out so no new
users can login to their new Twitter client.

On Aug 7, 3:07 am, hansamann  wrote:
> I experience the same, hope this is just the Twitter DOS attack
> aftermath. My app cannot request a requestToken for example, which
> results in a time out on my pages as this is the first thing you do
> before you redirect to twitter.
>
> Also, I cannot seem to get the friends timeline, friends and
> followers at least not regularly I believe.
>
> Anyone else?
>
> Cheers
> Sven
>
> On Aug 6, 5:31 pm, Howard Siegel  wrote:
>
>
>
> > If this has only been happening since this morning, then it is likely this
> > is just part of the aftermath of the DOS attack on Twitter.
>
> > - h
>
> > On Thu, Aug 6, 2009 at 15:53, yuf  wrote:
>
> > > I have yet to get oAuth callbacks to work properly.  After clicking
> > > Allow, I end up on a completely blank twittter.com/oauth/authorize
> > > page.  If I try to look at the source, it asked if should resend.  If
> > > I do, the source comes back that contains the redirect.  But if I'm
> > > not looking at the source, the page just hangs for a while, and then
> > > ends up blank.
>
> > > What is up here?  I've tried a variety of callback urls, from
> > > localhost, to the actual domain I'm using for development.
>
> > > Any one experience similar?

[twitter-dev] Re: Why is Biz saying things are "back in action"?

[Rich]

The most frustrating thing is oAuth being down, meaning new users
can't sign in to oAuth apps!

On Aug 7, 6:40 am, Jesse Stay  wrote:
> The more communication, to both us and the public, the better.  That's the
> best thing Twitter can do right now - I definitely feel their pain, as we're
> all going through it right now.  It's just harder on us because we're not
> privy to what Twitter knows right now (nor do we have the control they
> have).  Communication is key. (and tell Rodney I said hi Sean!)
>
> Jesse
>
> On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan wrote:
>
>
>
>
>
> > Yeah Jesse, I hear you and am super bummed out. My service,
> > TweetPhoto.com, is also down in terms of users being able to login
> > through basic auth. It's been like that all day. No one has been able
> > to upload photos. I emailed Doug at Twitter and he requested my
> > server's IP address which I provided. I guess they are slowly trying
> > to bring apps back online. I just wish this happened a little sooner.
> > I feel totally helpless at the moment. What are your thoughts?
>
> > On Aug 6, 6:25 pm, Jesse Stay  wrote:
> > > Why is Biz saying things are "back in action" when apps like mine, and
> > many
> > > other very large names are still broken from it.  Sending this message to
> > > users sends a false message to them stating they should expect we should
> > be
> > > up as well.  At a very minimum, please state the API is still having
> > issues
> > > so users can know what to expect:
>
> > >http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html
>
> > > Jesse

[twitter-dev] Re: Why is Biz saying things are "back in action"?

[Jesse Stay]

The more communication, to both us and the public, the better.  That's the
best thing Twitter can do right now - I definitely feel their pain, as we're
all going through it right now.  It's just harder on us because we're not
privy to what Twitter knows right now (nor do we have the control they
have).  Communication is key. (and tell Rodney I said hi Sean!)

Jesse

On Fri, Aug 7, 2009 at 12:59 AM, Sean Callahan wrote:

>
> Yeah Jesse, I hear you and am super bummed out. My service,
> TweetPhoto.com, is also down in terms of users being able to login
> through basic auth. It's been like that all day. No one has been able
> to upload photos. I emailed Doug at Twitter and he requested my
> server's IP address which I provided. I guess they are slowly trying
> to bring apps back online. I just wish this happened a little sooner.
> I feel totally helpless at the moment. What are your thoughts?
>
> On Aug 6, 6:25 pm, Jesse Stay  wrote:
> > Why is Biz saying things are "back in action" when apps like mine, and
> many
> > other very large names are still broken from it.  Sending this message to
> > users sends a false message to them stating they should expect we should
> be
> > up as well.  At a very minimum, please state the API is still having
> issues
> > so users can know what to expect:
> >
> > http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html
> >
> > Jesse
>

[twitter-dev] Re: Introducing Chad Etzel, Twitter Platform Support

[Sean Callahan]

Kudos to you Chad. Keep up the good work!

Sean

On Jul 31, 4:39 pm, Sam Street  wrote:
> Welcome :)
>
> On Jul 31, 9:59 pm, Doug Williams  wrote:
>
>
>
> > Hi all --
> > We are excited to announce that Chad Etzel has joined our team part-time to
> > support the developer community. He is the one man show behind TweetGrid [1]
> > amongst other projects [2]. We reached out to Chad to join our team after
> > his continual and valuable participation in the community made his passion
> > for the Platform evident. The Platform team is not the only Twitter team
> > that noticed his value. On a recent trip to our local coffee shop [3], a
> > search engineer shared that Chad often notices search defects and suggests
> > fixes consistently ahead of most other developers.
>
> > He is one of the most experienced Twitter API developers in the community
> > and we feel this experience will serve developers' interests well. Chad will
> > be helping to answer requests that enter our support channels [3] to bolster
> > our support to developer community. He will be working remotely from his
> > home in North Carolina. You can follow him on Twitter 
> > athttp://twitter.com/jazzychad.
>
> > We are happy to have Chad on our team an look forward to continuing to build
> > support as a pillar of our offering .The API is hiring passionate developers
> > and evangelists so if you are interested in getting involved, please let us
> > know.
>
> > 1.http://tweetgrid.com
> > 2.http://jazzychad.net
> > 3.http://twitpic.com/a99zj(@noradioand @al3x in frame)
>
> > Thanks,
> > Doug- Hide quoted text -
>
> - Show quoted text -

[twitter-dev] Gardenhose API

[Kris Jirapinyo]

Anybody experiencing trouble connecting to gardenhose?  My app connects fine
for an hour then gets throttled to 0.  Do I need to give the machine's IP to
someone to whitelist it?

Thanks,
Kris.

[twitter-dev] Re: New blocks still happening

[Sean Callahan]

Users on our site Jesse provide username and password and still can't
login. It has been like that all day. I feel your pain and wish we
could get back online quicker.

On Aug 6, 6:16 pm, Jesse Stay  wrote:
> This is also another nick against OAuth.  My users can't even log in right
> now because we're relying on OAuth for login.
> Jesse
>
>
>
> On Thu, Aug 6, 2009 at 8:45 PM, Dewald Pretorius  wrote:
>
> > I have seen the same thing.
>
> > So, if you have white listed IPs that are still showing a rate limit
> > of 20,000, DO NOT use them right now.
>
> > After a few minutes of use their rate limits are cut down to 150 per
> > hour.
>
> > Dewald
>
> > On Aug 6, 8:58 pm, Tinychat  wrote:
> > > So, like everyone else I was receiving 408's from all our production
> > > servers. Wasnt sure what was causing it, but it turned out to be that
> > > twitter is blocking the IPs. Ok, must be related to the ddos stuff
> > > from earlier on- Must have gotten caught in the crossfire.
>
> > > So I go ahead and use some development servers to start sending
> > > requests- All is fine, for about a hour. They are blocked now. So to
> > > anyone out there, there is no point using a new IP- It will get
> > > blocked within a hour or so. I guess we have to wait for twitters host
> > > to fix it, or use actionscript/ajax to have the end user request the
> > > data himself (Which is what I am going to do) so its always a unique IP- 
> > > Hide quoted text -
>
> - Show quoted text -

[twitter-dev] Re: Why is Biz saying things are "back in action"?

[Sean Callahan]

Yeah Jesse, I hear you and am super bummed out. My service,
TweetPhoto.com, is also down in terms of users being able to login
through basic auth. It's been like that all day. No one has been able
to upload photos. I emailed Doug at Twitter and he requested my
server's IP address which I provided. I guess they are slowly trying
to bring apps back online. I just wish this happened a little sooner.
I feel totally helpless at the moment. What are your thoughts?

On Aug 6, 6:25 pm, Jesse Stay  wrote:
> Why is Biz saying things are "back in action" when apps like mine, and many
> other very large names are still broken from it.  Sending this message to
> users sends a false message to them stating they should expect we should be
> up as well.  At a very minimum, please state the API is still having issues
> so users can know what to expect:
>
> http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html
>
> Jesse

[twitter-dev] Re: HTTP 409 on status update via API

[Ryan]

I'm getting the same thing on any type of profile or background image
I attempt to update. Any know anything about this?? All I get are 400
or 408's

Ugh

On Aug 6, 7:24 pm, briantroy  wrote:
> They went away for a bit... and now not only am I getting 408's on
> update but validate credentials is failing as well
>
> On Aug 6, 2:56 pm, briantroy  wrote:
>
> > Now twitter search API calls are hanging... just stall until they time
> > out on my side
>
> > On Aug 6, 2:30 pm, Matthew F  wrote:
>
> > > I'm getting 408s trying to authenticate with OAuth
>
> > > On Aug 6, 10:20 pm, John Kalucki  wrote:
>
> > > > This should be fixed for the Streaming API.
>
> > > > -John
>
> > > > On Aug 6, 1:59 pm, Jennie Lees  wrote:
>
> > > > > Getting the same thing using the track function of the API.
>
> > > > > On Thu, Aug 6, 2009 at 9:43 PM, briantroy  
> > > > > wrote:
>
> > > > > > Sorry... these are HTTP 408s...
>
> > > > > > On Aug 6, 1:20 pm, briantroy  wrote:
> > > > > > > This just started today. It was working fine before and early this
> > > > > > > morning.
>
> > > > > > > I'm send in user updates from a widget via API. My server is
> > > > > > > whitelisted and I've got a registered "service". I get a HTTP 409 
> > > > > > > on
> > > > > > > every attempt to submit a status.
>
> > > > > > > Not sure why... You can try it 
> > > > > > > here:http://briantroy.com/blog/about
>
> > > > > > > I know a 409 should mean timed out... but the response comes back 
> > > > > > > in
> > > > > > > one second (or just really really fast).
>
> > > > > > > Any help appreciated...
>
> > > > > > > Brian Roy
>
> > > > > > > justSignal
>
> > > > > --
> > > > > Jennie Lees
> > > > > Founder, Affect Labs
> > > > > jen...@affectlabs.comhttp://twitter.com/jennielees

[twitter-dev] Re: Why is Biz saying things are "back in action"?

[hansamann]

+1

On Aug 6, 6:25 pm, Jesse Stay  wrote:
> Why is Biz saying things are "back in action" when apps like mine, and many
> other very large names are still broken from it.  Sending this message to
> users sends a false message to them stating they should expect we should be
> up as well.  At a very minimum, please state the API is still having issues
> so users can know what to expect:
>
> http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html
>
> Jesse

[twitter-dev] Question About Post Commands

[Dan Kurszewski]

Does anyone know if there is a way with VB.Net or C# to login to
twitter, call 100 post commands, and then logout?

Here is my code for making a single post command in VB.Net.  As you
can see every time I call this function it has to login.  I would love
to have an array of url's and/or data that need to be processed for
the same username and password and having only one login.  I have
tried rearranging things several different ways with no luck.

Any help would be greatly appreciated.

---

Public Function ExecutePostCommand(ByVal url As String, ByVal
username As String, ByVal password As String, _
ByVal data As String) As String

Try
Dim request As HttpWebRequest = HttpWebRequest.Create(url)
request.ServicePoint.Expect100Continue = False

If Not String.IsNullOrEmpty(username) And Not
String.IsNullOrEmpty(password) Then
request.Credentials = New NetworkCredential(username,
password)
request.ContentType = "application/x-www-form-
urlencoded"
request.Method = "POST"

Dim bytes As Byte() = Encoding.UTF8.GetBytes(data)

request.ContentLength = bytes.Length

Dim s As Stream
s = request.GetRequestStream
s.Write(bytes, 0, bytes.Length)

Dim r As HttpWebResponse
r = request.GetResponse

Dim sr As StreamReader
sr = New StreamReader(r.GetResponseStream)

Return sr.ReadToEnd

Else
Throw New Exception("Username or Password is Null")
End If

Catch ex As Exception
Throw ex
End Try

End Function

[twitter-dev] Re: 401 Unauthorized

[Duane Roelands]

I think Twitter is still experiencing issues from this morning's DDOS
attack.  I've been working on code tonight and things were working
swimmingly and now my app can't connect.

On Aug 6, 8:38 pm, Goldbird  wrote:
> Are anyone experiencing "401 Unauthorized " errors? Everything worked
> fine before yesterday. Now we are getting 401 Unauthorized  on both
> basic authorization and OAuth on 80% of the calls. Other 20% works
> fine.
>
> What's happening?

[twitter-dev] Re: verify_credentials limit

[J.D.]

I also wanted to mention this limit makes it incredibly frustrating
when testing the application. I have to have a special condition so
the application doesn't call the api when running tests, or I will
quite easily reach the 15 call limit and then have to wait a full hour
before continuing.

[twitter-dev] Re: oauth redirects fail....

[hansamann]

I experience the same, hope this is just the Twitter DOS attack
aftermath. My app cannot request a requestToken for example, which
results in a time out on my pages as this is the first thing you do
before you redirect to twitter.

Also, I cannot seem to get the friends timeline, friends and
followers at least not regularly I believe.

Anyone else?

Cheers
Sven

On Aug 6, 5:31 pm, Howard Siegel  wrote:
> If this has only been happening since this morning, then it is likely this
> is just part of the aftermath of the DOS attack on Twitter.
>
> - h
>
> On Thu, Aug 6, 2009 at 15:53, yuf  wrote:
>
> > I have yet to get oAuth callbacks to work properly.  After clicking
> > Allow, I end up on a completely blank twittter.com/oauth/authorize
> > page.  If I try to look at the source, it asked if should resend.  If
> > I do, the source comes back that contains the redirect.  But if I'm
> > not looking at the source, the page just hangs for a while, and then
> > ends up blank.
>
> > What is up here?  I've tried a variety of callback urls, from
> > localhost, to the actual domain I'm using for development.
>
> > Any one experience similar?

[twitter-dev] verify_credentials limit

[J.D.]

Any news as to why a call with valid credentials does not reset this
limit? I've optimized my application to only call this API once each
time it is used, but people can still run in to the 15 calls per hour
limit. Is there really a security issue with resetting it after a
valid call?

[twitter-dev] Why is Biz saying things are "back in action"?

[Jesse Stay]

Why is Biz saying things are "back in action" when apps like mine, and many
other very large names are still broken from it.  Sending this message to
users sends a false message to them stating they should expect we should be
up as well.  At a very minimum, please state the API is still having issues
so users can know what to expect:

http://blog.twitter.com/2009/08/update-on-todays-dos-attacks.html

Jesse

[twitter-dev] Re: New blocks still happening

[Jesse Stay]

This is also another nick against OAuth.  My users can't even log in right
now because we're relying on OAuth for login.
Jesse

On Thu, Aug 6, 2009 at 8:45 PM, Dewald Pretorius  wrote:

>
> I have seen the same thing.
>
> So, if you have white listed IPs that are still showing a rate limit
> of 20,000, DO NOT use them right now.
>
> After a few minutes of use their rate limits are cut down to 150 per
> hour.
>
> Dewald
>
> On Aug 6, 8:58 pm, Tinychat  wrote:
> > So, like everyone else I was receiving 408's from all our production
> > servers. Wasnt sure what was causing it, but it turned out to be that
> > twitter is blocking the IPs. Ok, must be related to the ddos stuff
> > from earlier on- Must have gotten caught in the crossfire.
> >
> > So I go ahead and use some development servers to start sending
> > requests- All is fine, for about a hour. They are blocked now. So to
> > anyone out there, there is no point using a new IP- It will get
> > blocked within a hour or so. I guess we have to wait for twitters host
> > to fix it, or use actionscript/ajax to have the end user request the
> > data himself (Which is what I am going to do) so its always a unique IP
>

[twitter-dev] Re: New blocks still happening

[Dewald Pretorius]

I have seen the same thing.

So, if you have white listed IPs that are still showing a rate limit
of 20,000, DO NOT use them right now.

After a few minutes of use their rate limits are cut down to 150 per
hour.

Dewald

On Aug 6, 8:58 pm, Tinychat  wrote:
> So, like everyone else I was receiving 408's from all our production
> servers. Wasnt sure what was causing it, but it turned out to be that
> twitter is blocking the IPs. Ok, must be related to the ddos stuff
> from earlier on- Must have gotten caught in the crossfire.
>
> So I go ahead and use some development servers to start sending
> requests- All is fine, for about a hour. They are blocked now. So to
> anyone out there, there is no point using a new IP- It will get
> blocked within a hour or so. I guess we have to wait for twitters host
> to fix it, or use actionscript/ajax to have the end user request the
> data himself (Which is what I am going to do) so its always a unique IP

[twitter-dev] 401 Unauthorized

[Goldbird]

Are anyone experiencing "401 Unauthorized " errors? Everything worked
fine before yesterday. Now we are getting 401 Unauthorized  on both
basic authorization and OAuth on 80% of the calls. Other 20% works
fine.

What's happening?

[twitter-dev] Re: oauth redirects fail....

[Howard Siegel]

If this has only been happening since this morning, then it is likely this
is just part of the aftermath of the DOS attack on Twitter.

- h

On Thu, Aug 6, 2009 at 15:53, yuf  wrote:

>
> I have yet to get oAuth callbacks to work properly.  After clicking
> Allow, I end up on a completely blank twittter.com/oauth/authorize
> page.  If I try to look at the source, it asked if should resend.  If
> I do, the source comes back that contains the redirect.  But if I'm
> not looking at the source, the page just hangs for a while, and then
> ends up blank.
>
> What is up here?  I've tried a variety of callback urls, from
> localhost, to the actual domain I'm using for development.
>
> Any one experience similar?
>

[twitter-dev] Re: HTTP 409 on status update via API

[briantroy]

They went away for a bit... and now not only am I getting 408's on
update but validate credentials is failing as well

On Aug 6, 2:56 pm, briantroy  wrote:
> Now twitter search API calls are hanging... just stall until they time
> out on my side
>
> On Aug 6, 2:30 pm, Matthew F  wrote:
>
>
>
> > I'm getting 408s trying to authenticate with OAuth
>
> > On Aug 6, 10:20 pm, John Kalucki  wrote:
>
> > > This should be fixed for the Streaming API.
>
> > > -John
>
> > > On Aug 6, 1:59 pm, Jennie Lees  wrote:
>
> > > > Getting the same thing using the track function of the API.
>
> > > > On Thu, Aug 6, 2009 at 9:43 PM, briantroy  
> > > > wrote:
>
> > > > > Sorry... these are HTTP 408s...
>
> > > > > On Aug 6, 1:20 pm, briantroy  wrote:
> > > > > > This just started today. It was working fine before and early this
> > > > > > morning.
>
> > > > > > I'm send in user updates from a widget via API. My server is
> > > > > > whitelisted and I've got a registered "service". I get a HTTP 409 on
> > > > > > every attempt to submit a status.
>
> > > > > > Not sure why... You can try it here:http://briantroy.com/blog/about
>
> > > > > > I know a 409 should mean timed out... but the response comes back in
> > > > > > one second (or just really really fast).
>
> > > > > > Any help appreciated...
>
> > > > > > Brian Roy
>
> > > > > > justSignal
>
> > > > --
> > > > Jennie Lees
> > > > Founder, Affect Labs
> > > > jen...@affectlabs.comhttp://twitter.com/jennielees

[twitter-dev] New blocks still happening

[Tinychat]

So, like everyone else I was receiving 408's from all our production
servers. Wasnt sure what was causing it, but it turned out to be that
twitter is blocking the IPs. Ok, must be related to the ddos stuff
from earlier on- Must have gotten caught in the crossfire.

So I go ahead and use some development servers to start sending
requests- All is fine, for about a hour. They are blocked now. So to
anyone out there, there is no point using a new IP- It will get
blocked within a hour or so. I guess we have to wait for twitters host
to fix it, or use actionscript/ajax to have the end user request the
data himself (Which is what I am going to do) so its always a unique IP

[twitter-dev] oauth redirects fail....

[yuf]

I have yet to get oAuth callbacks to work properly.  After clicking
Allow, I end up on a completely blank twittter.com/oauth/authorize
page.  If I try to look at the source, it asked if should resend.  If
I do, the source comes back that contains the redirect.  But if I'm
not looking at the source, the page just hangs for a while, and then
ends up blank.

What is up here?  I've tried a variety of callback urls, from
localhost, to the actual domain I'm using for development.

Any one experience similar?

[twitter-dev] Re: /statuses/user_timeline.json is redirecting

[Jonathan]

Anthony -

My app is seeing the same thing (circular redirection) on calls to
search.twitter.com/search.json. It seems as if in the past hour I've
had a few calls succeed though, so I don't know if that means we'll
all be fixed eventually, or whether the API team will need to
reinstate third-party app access on an ad-hoc basis.

-jonathan

On Aug 6, 4:08 pm, Anthony Eden  wrote:
> Since the DDoS attack, OAuthed calls to /statuses/user_timeline.json
> are redirecting to the same URL with a string after it, like so:
> /statuses/user_timeline.json?c6b33390
>
> I'm using John Nunemaker's ruby twitter library which is choking
> because it doesn't handle the redirect.
>
> Thoughts? Thanks!
>
> Sincerely,
> Anthony Eden
> --
> GMU/IT d- s: a32 C++()$ UL@ P--- L+(++) !E W+++$ !N o? K? w--- !O
> M++ V PS+ PE Y PGP t+ !5 X- R tv b++ DI+ D++ G- e++ h r+++ y**
>
> http://anthony.mp

[twitter-dev] Re: local dev + sub-domains and oauth

[Robert Fishel]

Perhaps set a cookie when they come to your site noting their
preferred language then check for the cookie on the callback page.

-Bob

On Thu, Aug 6, 2009 at 12:35 PM, peter_tellgren wrote:
>
> I am running a site where I use sub-domains for the different
> languages I support on the site.
>
> e.g. en.example.com/.. for English and fr.example.com/.. for French
>
> I just wonder if I go from my en.example.com/twitter site to the
> twitter to have my user accept my site as a consumer do I have to have
> a callback URL to en.example.com/twitter_callback or do I in the best
> way solve this.
>
> I assume there must be a better way since I am not to eager of
> creating one app for each language. Any tips welcome.
>
> Also today when I created a new app on the twitter site and added a
> callback URL and app URL that are local to my machine. I got a pin
> code instead of a callback. I tried to remove the app with and adding
> it again with the same result. Is there a temporary glitch in the
> twitter API or am I missing something?
> And this afternoon I am unable to update my Twitter App:
>
> I go to http://twitter.com/apps, enter my app that I want to edit. I
> do my changes but when I click save It does not work.
>
> Any ideas on these topics are welcome
>
>

[twitter-dev] Re: Read Status in API

[JDG]

What does it mean to be "read" though? A public tweet can be "read" by
anyone by any widget that pulls it. If it's DL'ed by any of the various
*hose feeds, does that mean it's been "read"? What if it's searched and
found?

I find it very hard to believe that this makes sense in Twitter's paradigm

On Thu, Aug 6, 2009 at 11:06, Chris  wrote:

>
> I'm sorry if this has already been discussed. I have a hard time
> believing this hasn't already been discussed.
>
> Is there a way to add a flag in the API on whether a tweet/reply/dm
> has been read or not? This would allow syncing of read status across
> various devices. It would be a nice addition.
>



-- 
Internets. Serious business.

[twitter-dev] Re: Using twitter for internal enterprise communication

[Michael Ekstrand]

Andrew Badera wrote:
> On Wed, Aug 5, 2009 at 11:15 AM, michel777  > wrote:
>
>
> Dear group,
>
> some questions for using twitter in a closed group (enterprise):
>
> 1) is there already a solution using twitter for a closed group ?
> 2) is it possible to integrate LDAP for authentication /
> authorization ?
> 3) is also possible to communicate via https + client certificate ?
>
> Thanks in advance,
>
> Michel
>
>
> It's called "Yammer."
>
There is also laconi.ca, which can be self-hosted.  status.net should be
providing laconi.ca hosting sometime soon, but I am unsure on the
timeline and on their support for closed networks.

- Michael

-- 
mouse, n: A device for pointing at the xterm in which you want to type.
Confused by the strange files?  I cryptographically sign my messages.
For more information see .




signature.asc
Description: OpenPGP digital signature

[twitter-dev] Re: Tracking Retweets

[Michael Ekstrand]

Andrew Badera wrote:
> Witty I think is using the recycling symbol ...
As is Gwibber.
>
> On Tue, Aug 4, 2009 at 6:17 PM, Peter Denton  > wrote:
>
> Hello,
> Does anyone have a list of RT conventions they are using to track?
>
> Right now, I am seeing:
>
> * RT
> * via
> * HT (hat tip)
> * c/o
>
> Does anyone track anything else?
>
Part of this will depend on what you want to count as a retweet.  If I
take a link you posted and tweet it, with my own text, and possibly my
own shortening, and use HT or via to credit you as the source, do you
want that to count as a retweet?  Or is it only supposed to be a retweet
if I use some of your text too?  What if I got the link from your blog
post rather than a tweet, but use HT or via to credit you?

The use case you have for tracking retweets will likely affect how you
want to handle these.

- Michael

-- 
mouse, n: A device for pointing at the xterm in which you want to type.
Confused by the strange files?  I cryptographically sign my messages.
For more information see .




signature.asc
Description: OpenPGP digital signature

[twitter-dev] /statuses/user_timeline.json is redirecting

[Anthony Eden]

Since the DDoS attack, OAuthed calls to /statuses/user_timeline.json
are redirecting to the same URL with a string after it, like so:
/statuses/user_timeline.json?c6b33390

I'm using John Nunemaker's ruby twitter library which is choking
because it doesn't handle the redirect.

Thoughts? Thanks!

Sincerely,
Anthony Eden
-- 
GMU/IT d- s: a32 C++()$ UL@ P--- L+(++) !E W+++$ !N o? K? w--- !O
M++ V PS+ PE Y PGP t+ !5 X- R tv b++ DI+ D++ G- e++ h r+++ y**

http://anthony.mp

[twitter-dev] Re: Problem with in reply to status id

[Sam Street]

The message will not include 'in reply to X' if you are
1. replying to an invalid status id
2. replying to a status id that you posted yourself from the same
account

On Aug 6, 9:50 pm, Duane Roelands  wrote:
> Difficult to spot the error without knowing the values of "message"
> and "in inreply".
>
> Are you sure these values are correctly populated when this code
> executes?
>
> On Aug 6, 4:25 pm, digi  wrote:
>
> > I hate to bump this... but I need help... anybody
>
> > On Aug 6, 9:39 am, digi  wrote:
>
> > > hello there,
>
> > > I have been trying to fix this for so long but It is not working.
> > > I am developing a wndows mobile application for twitter in C#  am
> > > trying to reply to a status id. The message gets posted but it is not
> > > posted as a reply but just an update message. I dont know what I am
> > > missing... Please help. I am pasting my code too
> > > //Code
>
> > > postString = "source=MyApp&status=" + Uri.EscapeUriString(message) +
> > > "&in_reply_to_status_id=" + Uri.EscapeUriString(inreply);
>
> > >             HttpWebRequest webRequest = (HttpWebRequest)
> > > WebRequest.Create(sendTweetUrl);
> > >             NetworkCredential credentials = new NetworkCredential
> > > (Username, Password);
> > >             webRequest.Credentials = credentials;
>
> > >             ASCIIEncoding encoding = new ASCIIEncoding();
> > >             byte[] postData = encoding.GetBytes(postString);
>
> > >             webRequest.Method = "POST";
> > >             webRequest.Timeout = 2;
> > >             webRequest.ContentLength = postData.Length;
> > >             webRequest.AllowWriteStreamBuffering = true;
> > >             webRequest.ProtocolVersion = HttpVersion.Version11;
> > >             webRequest.ProtocolVersion = HttpVersion.Version10;
> > >       try
> > >             {
> > >                 using (Stream outStream = webRequest.GetRequestStream
> > > ())
> > >                 {
> > >                     outStream.Write(postData, 0, postData.Length);
> > >                     outStream.Flush();
> > >                 }
> > >             }
> > >             catch (Exception ex)
> > >             {
> > >                   throw new customException("Connection
> > > unsuccessful.", ex);
> > >             }
> > >          try
> > >             {
> > >                 using (HttpWebResponse response = (HttpWebResponse)
> > > webRequest.GetResponse())
> > >                 {
> > >                     using (StreamReader reader = new StreamReader
> > > (response.GetResponseStream()))
> > >                     {
> > >                         reader.ReadToEnd();
> > >                     }
> > >                 }
> > >             }
> > >             catch (WebException ex)
> > >             {throw new customException("Update unsuccessful.", ex);}
>
> > > Let me know if there is anything I am missing.
> > > in btw I am also including the @ in the reply to the status
> > > id.
>
> > > Is there anything else?

[twitter-dev] Re: OAuth and twitter.com home authentication strange behavior

[Sam Street]

My app also dies straight during auth http://twicli.com/auth

On Aug 6, 10:45 pm, Rich  wrote:
> Especially annoying seeing as I've gone totally oAuth now.  I don't
> blame Twitter, just the idiots that initiated the DDoS attack
>
> On Aug 6, 10:33 pm, Andreu Pere  wrote:
>
> > The same behaviour for my application. When the app wants to start the oAuth
> > workflow in order to authenticate and login the user, the server returns a
> > timeout fromhttps://twitter.com/oauth/authenticate?parameters
>
> > On Thu, Aug 6, 2009 at 11:24 PM, Rich  wrote:
>
> > > I can't get oAuth to authenticate on any of my clients either.  It
> > > works when the client has previously authenticated... but trying to
> > > get a new token it fails when clicking 'Allow'
>
> > > On Aug 6, 7:42 pm, stephane  wrote:
> > > > It's probably linked to the current DDOS but the authentication flow
> > > > shows some strange behavior :
>
> > > > 1 - I try to initiate an OAuth authentication fromwww.twazzup.com
> > > >   <- twazzup server gets a timeout trying to connect to twitter for
> > > > oauth token (ApplicationError 5 on appengine)
> > > > 3 - I go to twitter.com click "sign-in"
> > > >   <- strangely twitter redirects me to the oauth authorization form
> > > > (do you want to allow twazzup blabla ...)
>
> > > > So I have to questions there :
> > > > A / did you block incoming OAuth reqs from appengine ?
> > > > B/ is the strange behavior (twitter home authentication mixing with
> > > > another OAuth flow) something we, 3rd party app developers, can or
> > > > should take care of ?
>
> > > > Cheers,
>
> > > > Stephanewww.twazzup.com

[twitter-dev] Re: HTTP 409 on status update via API

[briantroy]

Now twitter search API calls are hanging... just stall until they time
out on my side

On Aug 6, 2:30 pm, Matthew F  wrote:
> I'm getting 408s trying to authenticate with OAuth
>
> On Aug 6, 10:20 pm, John Kalucki  wrote:
>
>
>
> > This should be fixed for the Streaming API.
>
> > -John
>
> > On Aug 6, 1:59 pm, Jennie Lees  wrote:
>
> > > Getting the same thing using the track function of the API.
>
> > > On Thu, Aug 6, 2009 at 9:43 PM, briantroy  
> > > wrote:
>
> > > > Sorry... these are HTTP 408s...
>
> > > > On Aug 6, 1:20 pm, briantroy  wrote:
> > > > > This just started today. It was working fine before and early this
> > > > > morning.
>
> > > > > I'm send in user updates from a widget via API. My server is
> > > > > whitelisted and I've got a registered "service". I get a HTTP 409 on
> > > > > every attempt to submit a status.
>
> > > > > Not sure why... You can try it here:http://briantroy.com/blog/about
>
> > > > > I know a 409 should mean timed out... but the response comes back in
> > > > > one second (or just really really fast).
>
> > > > > Any help appreciated...
>
> > > > > Brian Roy
>
> > > > > justSignal
>
> > > --
> > > Jennie Lees
> > > Founder, Affect Labs
> > > jen...@affectlabs.comhttp://twitter.com/jennielees

[twitter-dev] my question re: DDoS is ...

[Andrew Badera]

Given that DDoS is typically motivated by a) efforts at hacker cred or b)
efforts at extortion ... has Twitter HQ received a ransom note during all of
this mess?

Thanks-
- Andy Badera
- and...@badera.us
- Google me: http://www.google.com/search?q=andrew+badera
- This email is: [ ] bloggable [x] ask first [ ] private

[twitter-dev] Re: OAuth and twitter.com home authentication strange behavior

[Rich]

Especially annoying seeing as I've gone totally oAuth now.  I don't
blame Twitter, just the idiots that initiated the DDoS attack

On Aug 6, 10:33 pm, Andreu Pere  wrote:
> The same behaviour for my application. When the app wants to start the oAuth
> workflow in order to authenticate and login the user, the server returns a
> timeout fromhttps://twitter.com/oauth/authenticate?parameters
>
>
>
> On Thu, Aug 6, 2009 at 11:24 PM, Rich  wrote:
>
> > I can't get oAuth to authenticate on any of my clients either.  It
> > works when the client has previously authenticated... but trying to
> > get a new token it fails when clicking 'Allow'
>
> > On Aug 6, 7:42 pm, stephane  wrote:
> > > It's probably linked to the current DDOS but the authentication flow
> > > shows some strange behavior :
>
> > > 1 - I try to initiate an OAuth authentication fromwww.twazzup.com
> > >   <- twazzup server gets a timeout trying to connect to twitter for
> > > oauth token (ApplicationError 5 on appengine)
> > > 3 - I go to twitter.com click "sign-in"
> > >   <- strangely twitter redirects me to the oauth authorization form
> > > (do you want to allow twazzup blabla ...)
>
> > > So I have to questions there :
> > > A / did you block incoming OAuth reqs from appengine ?
> > > B/ is the strange behavior (twitter home authentication mixing with
> > > another OAuth flow) something we, 3rd party app developers, can or
> > > should take care of ?
>
> > > Cheers,
>
> > > Stephanewww.twazzup.com

[twitter-dev] Re: API Calls to unauthenticated methods

[Andrew Badera]

On Thu, Aug 6, 2009 at 5:40 PM, Rich  wrote:

>
> I did have similar problems, occasionally I still get some problems
> with this though.
>
> oAuth still down for me though.  Personally I hope the little 
> that caused this gets brought to justice.
>
>

Without damages, it's hard to pursue this kind of case. With no, or a
limited, revenue model, it's tough to show damages ... but depending on the
resources used to bring the ddos, maybe electronic trespass or
botnet-related charges may, eventually, some day, years down the road, be
filed ...

[twitter-dev] Re: API Calls to unauthenticated methods

[Rich]

I did have similar problems, occasionally I still get some problems
with this though.

oAuth still down for me though.  Personally I hope the little 
that caused this gets brought to justice.

On Aug 6, 10:22 pm, Matthew F  wrote:
> Seems like calls to account/rate_limit_status are throwing errors
> (presumably all unauthenticated calls are too), is this due to the
> ddos attack? If so when/will they be back up again?

[twitter-dev] Re: API Calls During DoS Attack

[stephane]

Same thing here on google appengine side for www.twazzup.com

Stephane
@sphilipakis
www.twazzup.com

On Aug 6, 2:30 pm, Hayes Davis  wrote:
>  I'm also seeing this same behavior for my whitelisted production IPs for
> CheapTweet.com and TweetReach.com. (Those were whitelisted under the
> @CheapTweet and @appozite accounts, respectively.) It works in development,
> but no requests are getting through to twitter.com on our production
> servers.
>
> I know you all have a lot on your plate right now but let us know what we
> can do to get un-blocked.
>
> Hayes
> --
> Hayes Davis
> Founder, Appozitehttp://cheaptweet.comhttp://tweetreach.com
>
> On Thu, Aug 6, 2009 at 3:56 PM, Mario Menti  wrote:
> > Thanks Alex - just to confirm, no requests from twitterfeed have been
> > getting though ever since the DOS attack. It does appear to be IP based, as
> > requests from non-production machines (ironically the non-whitelisted IPs)
> > get through, but all production IPs appear to be blocked.
>
> > On Thu, Aug 6, 2009 at 9:40 PM, Alex Payne  wrote:
>
> >> We're talking to our operations team about it, who in turn is talking
> >> to our hosting provider. It seems that some aggressive IP filtering
> >> may have been catching some web-based third-party Twitter
> >> applications, as well as data centers used by mobile providers.
>
> >> On Thu, Aug 6, 2009 at 12:52, Jonathan
> >> wrote:
>
> >> > I would also appreciate an answer to this question. My calls to the
> >> > Search API are failing because of circular redirection, and
>
> >> >     curlhttp://twitter.com
>
> >> > returns nothing at all from my production server, which seems like a
> >> > sign that its IP has been blocked.
>
> >> > My app works fine from my dev box.
>
> >> > -jonathan
>
> >> > On Aug 6, 1:35 pm, Dewald Pretorius  wrote:
> >> >> Chad,
>
> >> >> I know it's a little late in asking, but should we switch off cron
> >> >> jobs that make a lot of API calls while this DoS is going on, or while
> >> >> you are recovering from it?
>
> >> >> I don't want my IP addresses to be blocked because they are making a
> >> >> lot of calls! I've seen in the past that Ops lay down carpet bombing
> >> >> with cluster munitions when under attack.
>
> >> >> Will it help you to recover if we switched off the cron jobs?
>
> >> >> Right now most of my connections are just being refused.
>
> >> >> Do you guys at least check against the list of white listed IP
> >> >> addresses before you block an IP address in times like these?
>
> >> >> Will there be innocent bystanders caught in the cross-fire again?
>
> >> >> This is the kind of info that we developers need...
>
> >> >> Dewald
>
> >> --
> >> Alex Payne - Platform Lead, Twitter, Inc.
> >>http://twitter.com/al3x

[twitter-dev] Re: Streaming API -- Recheck your clients -- post DDoS cleanup

[Shannon Clark]

Not specific to only developers but at the moment http://search.twitter.com 
  is not loading on my iPhone though search via an iPhone app  
(twitterfon is what I tried) is working.

Shannon

Sent from my iPhone

On Aug 6, 2009, at 2:19 PM, John Kalucki  wrote:

>
> Some users were unable to connect to the Streaming API at various
> times during the DDoS. This has been fixed for the majority of
> Streaming API clients. The connection count is now approaching
> yesterday's count.
>
> If your Streaming API client is still receiving 409 redirects,
> connection timeouts, or any other issue that started today, please
> contact me with your account name and IP address, and I'll work to
> resolve the issue.
>
> -John Kalucki
> http://twitter.com/jkalucki
> Services, Twitter Inc.
>
>

[twitter-dev] Re: HTTP 409 on status update via API

[Matthew F]

I'm getting 408s trying to authenticate with OAuth

On Aug 6, 10:20 pm, John Kalucki  wrote:
> This should be fixed for the Streaming API.
>
> -John
>
> On Aug 6, 1:59 pm, Jennie Lees  wrote:
>
>
>
> > Getting the same thing using the track function of the API.
>
> > On Thu, Aug 6, 2009 at 9:43 PM, briantroy  wrote:
>
> > > Sorry... these are HTTP 408s...
>
> > > On Aug 6, 1:20 pm, briantroy  wrote:
> > > > This just started today. It was working fine before and early this
> > > > morning.
>
> > > > I'm send in user updates from a widget via API. My server is
> > > > whitelisted and I've got a registered "service". I get a HTTP 409 on
> > > > every attempt to submit a status.
>
> > > > Not sure why... You can try it here:http://briantroy.com/blog/about
>
> > > > I know a 409 should mean timed out... but the response comes back in
> > > > one second (or just really really fast).
>
> > > > Any help appreciated...
>
> > > > Brian Roy
>
> > > > justSignal
>
> > --
> > Jennie Lees
> > Founder, Affect Labs
> > jen...@affectlabs.comhttp://twitter.com/jennielees

[twitter-dev] API Calls to unauthenticated methods

[Matthew F]

Seems like calls to account/rate_limit_status are throwing errors
(presumably all unauthenticated calls are too), is this due to the
ddos attack? If so when/will they be back up again?

[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...

[Alex Payne]

Things are going to be a little wonky until we're out of the woods on
this DDoS attack.

On Thu, Aug 6, 2009 at 13:51, Haewoon wrote:
>
> me, too.
>
> In my case, one of 10 IPs has reverted.
>
> On Aug 7, 5:43 am, chinaski007  wrote:
>> Even worse... IPs are showing 0/150 remaining hits constantly, thus
>> bringing my app to a total HALT.
>>
>> On Aug 6, 1:39 pm, chinaski007  wrote:
>>
>>
>>
>> > UGH!  All of my whitelisted IPs have reverted from 20k/hour limit to a
>> > 150/hour limit.
>>
>> > Anyone else??
>>
>> > What the heck?!
>



-- 
Alex Payne - Platform Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...

[chinaski007]

Okay, IPs now appear to be back to 20k.

On Aug 6, 1:51 pm, Haewoon  wrote:
> me, too.
>
> In my case, one of 10 IPs has reverted.
>
> On Aug 7, 5:43 am, chinaski007  wrote:
>
> > Even worse... IPs are showing 0/150 remaining hits constantly, thus
> > bringing my app to a total HALT.
>
> > On Aug 6, 1:39 pm, chinaski007  wrote:
>
> > > UGH!  All of my whitelisted IPs have reverted from 20k/hour limit to a
> > > 150/hour limit.
>
> > > Anyone else??
>
> > > What the heck?!
>
>

[twitter-dev] Re: OAuth and twitter.com home authentication strange behavior

[Andreu Pere]

The same behaviour for my application. When the app wants to start the oAuth
workflow in order to authenticate and login the user, the server returns a
timeout from https://twitter.com/oauth/authenticate?parameters

On Thu, Aug 6, 2009 at 11:24 PM, Rich  wrote:

>
> I can't get oAuth to authenticate on any of my clients either.  It
> works when the client has previously authenticated... but trying to
> get a new token it fails when clicking 'Allow'
>
> On Aug 6, 7:42 pm, stephane  wrote:
> > It's probably linked to the current DDOS but the authentication flow
> > shows some strange behavior :
> >
> > 1 - I try to initiate an OAuth authentication fromwww.twazzup.com
> >   <- twazzup server gets a timeout trying to connect to twitter for
> > oauth token (ApplicationError 5 on appengine)
> > 3 - I go to twitter.com click "sign-in"
> >   <- strangely twitter redirects me to the oauth authorization form
> > (do you want to allow twazzup blabla ...)
> >
> > So I have to questions there :
> > A / did you block incoming OAuth reqs from appengine ?
> > B/ is the strange behavior (twitter home authentication mixing with
> > another OAuth flow) something we, 3rd party app developers, can or
> > should take care of ?
> >
> > Cheers,
> >
> > Stephanewww.twazzup.com
>

[twitter-dev] Re: API Calls During DoS Attack

[Hayes Davis]

 I'm also seeing this same behavior for my whitelisted production IPs for
CheapTweet.com and TweetReach.com. (Those were whitelisted under the
@CheapTweet and @appozite accounts, respectively.) It works in development,
but no requests are getting through to twitter.com on our production
servers.

I know you all have a lot on your plate right now but let us know what we
can do to get un-blocked.

Hayes
--
Hayes Davis
Founder, Appozite
http://cheaptweet.com
http://tweetreach.com



On Thu, Aug 6, 2009 at 3:56 PM, Mario Menti  wrote:

> Thanks Alex - just to confirm, no requests from twitterfeed have been
> getting though ever since the DOS attack. It does appear to be IP based, as
> requests from non-production machines (ironically the non-whitelisted IPs)
> get through, but all production IPs appear to be blocked.
>
>
> On Thu, Aug 6, 2009 at 9:40 PM, Alex Payne  wrote:
>
>>
>> We're talking to our operations team about it, who in turn is talking
>> to our hosting provider. It seems that some aggressive IP filtering
>> may have been catching some web-based third-party Twitter
>> applications, as well as data centers used by mobile providers.
>>
>> On Thu, Aug 6, 2009 at 12:52, Jonathan
>> wrote:
>> >
>> > I would also appreciate an answer to this question. My calls to the
>> > Search API are failing because of circular redirection, and
>> >
>> > curl http://twitter.com
>> >
>> > returns nothing at all from my production server, which seems like a
>> > sign that its IP has been blocked.
>> >
>> > My app works fine from my dev box.
>> >
>> > -jonathan
>> >
>> > On Aug 6, 1:35 pm, Dewald Pretorius  wrote:
>> >> Chad,
>> >>
>> >> I know it's a little late in asking, but should we switch off cron
>> >> jobs that make a lot of API calls while this DoS is going on, or while
>> >> you are recovering from it?
>> >>
>> >> I don't want my IP addresses to be blocked because they are making a
>> >> lot of calls! I've seen in the past that Ops lay down carpet bombing
>> >> with cluster munitions when under attack.
>> >>
>> >> Will it help you to recover if we switched off the cron jobs?
>> >>
>> >> Right now most of my connections are just being refused.
>> >>
>> >> Do you guys at least check against the list of white listed IP
>> >> addresses before you block an IP address in times like these?
>> >>
>> >> Will there be innocent bystanders caught in the cross-fire again?
>> >>
>> >> This is the kind of info that we developers need...
>> >>
>> >> Dewald
>> >
>>
>>
>>
>> --
>> Alex Payne - Platform Lead, Twitter, Inc.
>> http://twitter.com/al3x
>>
>
>

[twitter-dev] Re: OAuth and twitter.com home authentication strange behavior

[Rich]

I can't get oAuth to authenticate on any of my clients either.  It
works when the client has previously authenticated... but trying to
get a new token it fails when clicking 'Allow'

On Aug 6, 7:42 pm, stephane  wrote:
> It's probably linked to the current DDOS but the authentication flow
> shows some strange behavior :
>
> 1 - I try to initiate an OAuth authentication fromwww.twazzup.com
>   <- twazzup server gets a timeout trying to connect to twitter for
> oauth token (ApplicationError 5 on appengine)
> 3 - I go to twitter.com click "sign-in"
>   <- strangely twitter redirects me to the oauth authorization form
> (do you want to allow twazzup blabla ...)
>
> So I have to questions there :
> A / did you block incoming OAuth reqs from appengine ?
> B/ is the strange behavior (twitter home authentication mixing with
> another OAuth flow) something we, 3rd party app developers, can or
> should take care of ?
>
> Cheers,
>
> Stephanewww.twazzup.com

[twitter-dev] Re: Twitter API Wiki Ruby example

[Hedley Robertson]

Yes

http://twitterapi.pbworks.com/OAuth+Example+-+Ruby

Has been busted for me for about a week now.

On Thu, Aug 6, 2009 at 9:11 AM, peter_tellgren wrote:

>
> I would like to know if I am the only one not being able to see the
> Ruby OAuth Example on the twitter API wiki.
>
> When going here:
> http://twitterapi.pbworks.com/OAuth+Example+-+Ruby
>
> Path: twitter.com -> API -> OAuth Examples -> The official Twitter
> Ruby on Rails OAuth tutorial
>
> I get this:
> Access Denied
> You don't have permission to look at OAuth Example - Ruby.
>
> I am logged in and can access any othe examples (most of them
> redirects to external though)
>
>

[twitter-dev] Re: HTTP 409 on status update via API

[John Kalucki]

This should be fixed for the Streaming API.

-John


On Aug 6, 1:59 pm, Jennie Lees  wrote:
> Getting the same thing using the track function of the API.
>
>
>
> On Thu, Aug 6, 2009 at 9:43 PM, briantroy  wrote:
>
> > Sorry... these are HTTP 408s...
>
> > On Aug 6, 1:20 pm, briantroy  wrote:
> > > This just started today. It was working fine before and early this
> > > morning.
>
> > > I'm send in user updates from a widget via API. My server is
> > > whitelisted and I've got a registered "service". I get a HTTP 409 on
> > > every attempt to submit a status.
>
> > > Not sure why... You can try it here:http://briantroy.com/blog/about
>
> > > I know a 409 should mean timed out... but the response comes back in
> > > one second (or just really really fast).
>
> > > Any help appreciated...
>
> > > Brian Roy
>
> > > justSignal
>
> --
> Jennie Lees
> Founder, Affect Labs
> jen...@affectlabs.comhttp://twitter.com/jennielees

[twitter-dev] Streaming API -- Recheck your clients -- post DDoS cleanup

[John Kalucki]

Some users were unable to connect to the Streaming API at various
times during the DDoS. This has been fixed for the majority of
Streaming API clients. The connection count is now approaching
yesterday's count.

If your Streaming API client is still receiving 409 redirects,
connection timeouts, or any other issue that started today, please
contact me with your account name and IP address, and I'll work to
resolve the issue.

-John Kalucki
http://twitter.com/jkalucki
Services, Twitter Inc.

[twitter-dev] Re: API Calls During DoS Attack

[twitscoop]

Hi Alex,

Same thing happening to twitscoop. Our production IP is being blocked
for all streaming apis, oAuth api etc.

Do we need to send an email to the usual api address or have you
identified the third-parties being affected ?

Please let us know if there is anything we can do to help.

Many thanks in advance.

Regards,

Pierre
co-founder twitscoop.com

On Aug 6, 10:40 pm, Alex Payne  wrote:
> We're talking to our operations team about it, who in turn is talking
> to our hosting provider. It seems that some aggressive IP filtering
> may have been catching some web-based third-party Twitter
> applications, as well as data centers used by mobile providers.
>
>
>
> On Thu, Aug 6, 2009 at 12:52, Jonathan wrote:
>
> > I would also appreciate an answer to this question. My calls to the
> > Search API are failing because of circular redirection, and
>
> >     curlhttp://twitter.com
>
> > returns nothing at all from my production server, which seems like a
> > sign that its IP has been blocked.
>
> > My app works fine from my dev box.
>
> > -jonathan
>
> > On Aug 6, 1:35 pm, Dewald Pretorius  wrote:
> >> Chad,
>
> >> I know it's a little late in asking, but should we switch off cron
> >> jobs that make a lot of API calls while this DoS is going on, or while
> >> you are recovering from it?
>
> >> I don't want my IP addresses to be blocked because they are making a
> >> lot of calls! I've seen in the past that Ops lay down carpet bombing
> >> with cluster munitions when under attack.
>
> >> Will it help you to recover if we switched off the cron jobs?
>
> >> Right now most of my connections are just being refused.
>
> >> Do you guys at least check against the list of white listed IP
> >> addresses before you block an IP address in times like these?
>
> >> Will there be innocent bystanders caught in the cross-fire again?
>
> >> This is the kind of info that we developers need...
>
> >> Dewald
>
> --
> Alex Payne - Platform Lead, Twitter, Inc.http://twitter.com/al3x

[twitter-dev] Re: HTTP 409 on status update via API

[Tinychat]

Same here. 408's on all production servers. Tested on dev servers and
thats ok. Might be related to accidental bans from the ddos carpet
bombing blocks.

On Aug 6, 4:20 pm, briantroy  wrote:
> This just started today. It was working fine before and early this
> morning.
>
> I'm send in user updates from a widget via API. My server is
> whitelisted and I've got a registered "service". I get a HTTP 409 on
> every attempt to submit a status.
>
> Not sure why... You can try it here:http://briantroy.com/blog/about
>
> I know a 409 should mean timed out... but the response comes back in
> one second (or just really really fast).
>
> Any help appreciated...
>
> Brian Roy
>
> justSignal

[twitter-dev] Re: API Calls During DoS Attack

[Mario Menti]

Thanks Alex - just to confirm, no requests from twitterfeed have been
getting though ever since the DOS attack. It does appear to be IP based, as
requests from non-production machines (ironically the non-whitelisted IPs)
get through, but all production IPs appear to be blocked.

On Thu, Aug 6, 2009 at 9:40 PM, Alex Payne  wrote:

>
> We're talking to our operations team about it, who in turn is talking
> to our hosting provider. It seems that some aggressive IP filtering
> may have been catching some web-based third-party Twitter
> applications, as well as data centers used by mobile providers.
>
> On Thu, Aug 6, 2009 at 12:52, Jonathan
> wrote:
> >
> > I would also appreciate an answer to this question. My calls to the
> > Search API are failing because of circular redirection, and
> >
> > curl http://twitter.com
> >
> > returns nothing at all from my production server, which seems like a
> > sign that its IP has been blocked.
> >
> > My app works fine from my dev box.
> >
> > -jonathan
> >
> > On Aug 6, 1:35 pm, Dewald Pretorius  wrote:
> >> Chad,
> >>
> >> I know it's a little late in asking, but should we switch off cron
> >> jobs that make a lot of API calls while this DoS is going on, or while
> >> you are recovering from it?
> >>
> >> I don't want my IP addresses to be blocked because they are making a
> >> lot of calls! I've seen in the past that Ops lay down carpet bombing
> >> with cluster munitions when under attack.
> >>
> >> Will it help you to recover if we switched off the cron jobs?
> >>
> >> Right now most of my connections are just being refused.
> >>
> >> Do you guys at least check against the list of white listed IP
> >> addresses before you block an IP address in times like these?
> >>
> >> Will there be innocent bystanders caught in the cross-fire again?
> >>
> >> This is the kind of info that we developers need...
> >>
> >> Dewald
> >
>
>
>
> --
> Alex Payne - Platform Lead, Twitter, Inc.
> http://twitter.com/al3x
>

[twitter-dev] Re: HTTP 409 on status update via API

[Jennie Lees]

Getting the same thing using the track function of the API.
On Thu, Aug 6, 2009 at 9:43 PM, briantroy  wrote:

>
> Sorry... these are HTTP 408s...
>
> On Aug 6, 1:20 pm, briantroy  wrote:
> > This just started today. It was working fine before and early this
> > morning.
> >
> > I'm send in user updates from a widget via API. My server is
> > whitelisted and I've got a registered "service". I get a HTTP 409 on
> > every attempt to submit a status.
> >
> > Not sure why... You can try it here:http://briantroy.com/blog/about
> >
> > I know a 409 should mean timed out... but the response comes back in
> > one second (or just really really fast).
> >
> > Any help appreciated...
> >
> > Brian Roy
> >
> > justSignal
>



-- 
Jennie Lees
Founder, Affect Labs
jen...@affectlabs.com
http://twitter.com/jennielees

[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...

[Haewoon]

me, too.

In my case, one of 10 IPs has reverted.

On Aug 7, 5:43 am, chinaski007  wrote:
> Even worse... IPs are showing 0/150 remaining hits constantly, thus
> bringing my app to a total HALT.
>
> On Aug 6, 1:39 pm, chinaski007  wrote:
>
>
>
> > UGH!  All of my whitelisted IPs have reverted from 20k/hour limit to a
> > 150/hour limit.
>
> > Anyone else??
>
> > What the heck?!

[twitter-dev] Re: Problem with in reply to status id

[Duane Roelands]

Difficult to spot the error without knowing the values of "message"
and "in inreply".

Are you sure these values are correctly populated when this code
executes?

On Aug 6, 4:25 pm, digi  wrote:
> I hate to bump this... but I need help... anybody
>
> On Aug 6, 9:39 am, digi  wrote:
>
>
>
> > hello there,
>
> > I have been trying to fix this for so long but It is not working.
> > I am developing a wndows mobile application for twitter in C#  am
> > trying to reply to a status id. The message gets posted but it is not
> > posted as a reply but just an update message. I dont know what I am
> > missing... Please help. I am pasting my code too
> > //Code
>
> > postString = "source=MyApp&status=" + Uri.EscapeUriString(message) +
> > "&in_reply_to_status_id=" + Uri.EscapeUriString(inreply);
>
> >             HttpWebRequest webRequest = (HttpWebRequest)
> > WebRequest.Create(sendTweetUrl);
> >             NetworkCredential credentials = new NetworkCredential
> > (Username, Password);
> >             webRequest.Credentials = credentials;
>
> >             ASCIIEncoding encoding = new ASCIIEncoding();
> >             byte[] postData = encoding.GetBytes(postString);
>
> >             webRequest.Method = "POST";
> >             webRequest.Timeout = 2;
> >             webRequest.ContentLength = postData.Length;
> >             webRequest.AllowWriteStreamBuffering = true;
> >             webRequest.ProtocolVersion = HttpVersion.Version11;
> >             webRequest.ProtocolVersion = HttpVersion.Version10;
> >       try
> >             {
> >                 using (Stream outStream = webRequest.GetRequestStream
> > ())
> >                 {
> >                     outStream.Write(postData, 0, postData.Length);
> >                     outStream.Flush();
> >                 }
> >             }
> >             catch (Exception ex)
> >             {
> >                   throw new customException("Connection
> > unsuccessful.", ex);
> >             }
> >          try
> >             {
> >                 using (HttpWebResponse response = (HttpWebResponse)
> > webRequest.GetResponse())
> >                 {
> >                     using (StreamReader reader = new StreamReader
> > (response.GetResponseStream()))
> >                     {
> >                         reader.ReadToEnd();
> >                     }
> >                 }
> >             }
> >             catch (WebException ex)
> >             {throw new customException("Update unsuccessful.", ex);}
>
> > Let me know if there is anything I am missing.
> > in btw I am also including the @ in the reply to the status
> > id.
>
> > Is there anything else?

[twitter-dev] Re: HTTP 409 on status update via API

[briantroy]

Sorry... these are HTTP 408s...

On Aug 6, 1:20 pm, briantroy  wrote:
> This just started today. It was working fine before and early this
> morning.
>
> I'm send in user updates from a widget via API. My server is
> whitelisted and I've got a registered "service". I get a HTTP 409 on
> every attempt to submit a status.
>
> Not sure why... You can try it here:http://briantroy.com/blog/about
>
> I know a 409 should mean timed out... but the response comes back in
> one second (or just really really fast).
>
> Any help appreciated...
>
> Brian Roy
>
> justSignal

[twitter-dev] rate limit has reverted from 20000 to 150 for my IPs...

[chinaski007]

UGH!  All of my whitelisted IPs have reverted from 20k/hour limit to a
150/hour limit.

Anyone else??

What the heck?!

[twitter-dev] Re: rate limit has reverted from 20000 to 150 for my IPs...

[chinaski007]

Even worse... IPs are showing 0/150 remaining hits constantly, thus
bringing my app to a total HALT.

On Aug 6, 1:39 pm, chinaski007  wrote:
> UGH!  All of my whitelisted IPs have reverted from 20k/hour limit to a
> 150/hour limit.
>
> Anyone else??
>
> What the heck?!

[twitter-dev] Re: API Calls During DoS Attack

[Alex Payne]

We're talking to our operations team about it, who in turn is talking
to our hosting provider. It seems that some aggressive IP filtering
may have been catching some web-based third-party Twitter
applications, as well as data centers used by mobile providers.

On Thu, Aug 6, 2009 at 12:52, Jonathan wrote:
>
> I would also appreciate an answer to this question. My calls to the
> Search API are failing because of circular redirection, and
>
>     curl http://twitter.com
>
> returns nothing at all from my production server, which seems like a
> sign that its IP has been blocked.
>
> My app works fine from my dev box.
>
> -jonathan
>
> On Aug 6, 1:35 pm, Dewald Pretorius  wrote:
>> Chad,
>>
>> I know it's a little late in asking, but should we switch off cron
>> jobs that make a lot of API calls while this DoS is going on, or while
>> you are recovering from it?
>>
>> I don't want my IP addresses to be blocked because they are making a
>> lot of calls! I've seen in the past that Ops lay down carpet bombing
>> with cluster munitions when under attack.
>>
>> Will it help you to recover if we switched off the cron jobs?
>>
>> Right now most of my connections are just being refused.
>>
>> Do you guys at least check against the list of white listed IP
>> addresses before you block an IP address in times like these?
>>
>> Will there be innocent bystanders caught in the cross-fire again?
>>
>> This is the kind of info that we developers need...
>>
>> Dewald
>



-- 
Alex Payne - Platform Lead, Twitter, Inc.
http://twitter.com/al3x

[twitter-dev] Re: API Calls During DoS Attack

[Account Support]

I turned our crons off, just to be safe.  Plus there isn't much of a
point of running them when the majority of the api calls still aren't
getting through.

On Aug 6, 1:35 pm, Dewald Pretorius  wrote:
> Chad,
>
> I know it's a little late in asking, but should we switch off cron
> jobs that make a lot of API calls while this DoS is going on, or while
> you are recovering from it?
>
> I don't want my IP addresses to be blocked because they are making a
> lot of calls! I've seen in the past that Ops lay down carpet bombing
> with cluster munitions when under attack.
>
> Will it help you to recover if we switched off the cron jobs?
>
> Right now most of my connections are just being refused.
>
> Do you guys at least check against the list of white listed IP
> addresses before you block an IP address in times like these?
>
> Will there be innocent bystanders caught in the cross-fire again?
>
> This is the kind of info that we developers need...
>
> Dewald

[twitter-dev] Re: Problem with in reply to status id

[digi]

I hate to bump this... but I need help... anybody

On Aug 6, 9:39 am, digi  wrote:
> hello there,
>
> I have been trying to fix this for so long but It is not working.
> I am developing a wndows mobile application for twitter in C#  am
> trying to reply to a status id. The message gets posted but it is not
> posted as a reply but just an update message. I dont know what I am
> missing... Please help. I am pasting my code too
> //Code
>
> postString = "source=MyApp&status=" + Uri.EscapeUriString(message) +
> "&in_reply_to_status_id=" + Uri.EscapeUriString(inreply);
>
>             HttpWebRequest webRequest = (HttpWebRequest)
> WebRequest.Create(sendTweetUrl);
>             NetworkCredential credentials = new NetworkCredential
> (Username, Password);
>             webRequest.Credentials = credentials;
>
>             ASCIIEncoding encoding = new ASCIIEncoding();
>             byte[] postData = encoding.GetBytes(postString);
>
>             webRequest.Method = "POST";
>             webRequest.Timeout = 2;
>             webRequest.ContentLength = postData.Length;
>             webRequest.AllowWriteStreamBuffering = true;
>             webRequest.ProtocolVersion = HttpVersion.Version11;
>             webRequest.ProtocolVersion = HttpVersion.Version10;
>       try
>             {
>                 using (Stream outStream = webRequest.GetRequestStream
> ())
>                 {
>                     outStream.Write(postData, 0, postData.Length);
>                     outStream.Flush();
>                 }
>             }
>             catch (Exception ex)
>             {
>                   throw new customException("Connection
> unsuccessful.", ex);
>             }
>          try
>             {
>                 using (HttpWebResponse response = (HttpWebResponse)
> webRequest.GetResponse())
>                 {
>                     using (StreamReader reader = new StreamReader
> (response.GetResponseStream()))
>                     {
>                         reader.ReadToEnd();
>                     }
>                 }
>             }
>             catch (WebException ex)
>             {throw new customException("Update unsuccessful.", ex);}
>
> Let me know if there is anything I am missing.
> in btw I am also including the @ in the reply to the status
> id.
>
> Is there anything else?

[twitter-dev] HTTP 409 on status update via API

[briantroy]

This just started today. It was working fine before and early this
morning.

I'm send in user updates from a widget via API. My server is
whitelisted and I've got a registered "service". I get a HTTP 409 on
every attempt to submit a status.

Not sure why... You can try it here: http://briantroy.com/blog/about

I know a 409 should mean timed out... but the response comes back in
one second (or just really really fast).


Any help appreciated...


Brian Roy

justSignal

[twitter-dev] Re: API Calls During DoS Attack

[Jonathan]

I would also appreciate an answer to this question. My calls to the
Search API are failing because of circular redirection, and

 curl http://twitter.com

returns nothing at all from my production server, which seems like a
sign that its IP has been blocked.

My app works fine from my dev box.

-jonathan

On Aug 6, 1:35 pm, Dewald Pretorius  wrote:
> Chad,
>
> I know it's a little late in asking, but should we switch off cron
> jobs that make a lot of API calls while this DoS is going on, or while
> you are recovering from it?
>
> I don't want my IP addresses to be blocked because they are making a
> lot of calls! I've seen in the past that Ops lay down carpet bombing
> with cluster munitions when under attack.
>
> Will it help you to recover if we switched off the cron jobs?
>
> Right now most of my connections are just being refused.
>
> Do you guys at least check against the list of white listed IP
> addresses before you block an IP address in times like these?
>
> Will there be innocent bystanders caught in the cross-fire again?
>
> This is the kind of info that we developers need...
>
> Dewald

[twitter-dev] OAuth and twitter.com home authentication strange behavior

[stephane]

It's probably linked to the current DDOS but the authentication flow
shows some strange behavior :

1 - I try to initiate an OAuth authentication from www.twazzup.com
  <- twazzup server gets a timeout trying to connect to twitter for
oauth token (ApplicationError 5 on appengine)
3 - I go to twitter.com click "sign-in"
  <- strangely twitter redirects me to the oauth authorization form
(do you want to allow twazzup blabla ...)

So I have to questions there :
A / did you block incoming OAuth reqs from appengine ?
B/ is the strange behavior (twitter home authentication mixing with
another OAuth flow) something we, 3rd party app developers, can or
should take care of ?

Cheers,

Stephane
www.twazzup.com

[twitter-dev] Read Status in API

[Chris]

I'm sorry if this has already been discussed. I have a hard time
believing this hasn't already been discussed.

Is there a way to add a flag in the API on whether a tweet/reply/dm
has been read or not? This would allow syncing of read status across
various devices. It would be a nice addition.

[twitter-dev] local dev + sub-domains and oauth

[peter_tellgren]

I am running a site where I use sub-domains for the different
languages I support on the site.

e.g. en.example.com/.. for English and fr.example.com/.. for French

I just wonder if I go from my en.example.com/twitter site to the
twitter to have my user accept my site as a consumer do I have to have
a callback URL to en.example.com/twitter_callback or do I in the best
way solve this.

I assume there must be a better way since I am not to eager of
creating one app for each language. Any tips welcome.

Also today when I created a new app on the twitter site and added a
callback URL and app URL that are local to my machine. I got a pin
code instead of a callback. I tried to remove the app with and adding
it again with the same result. Is there a temporary glitch in the
twitter API or am I missing something?
And this afternoon I am unable to update my Twitter App:

I go to http://twitter.com/apps, enter my app that I want to edit. I
do my changes but when I click save It does not work.

Any ideas on these topics are welcome

[twitter-dev] Re: Getting a 500 Error with oAuth Plus Signpost (Java)

[msea85]

Tried that, tried moving sign() all over the place to no avail.

for what its worth, I seem to be able to do GETS just fine.

URL url = new URL("http://twitter.com/statuses/friends_timeline.xml";);
HttpURLConnection request = (HttpURLConnection) url.openConnection();
consumer.sign(request);
request.connect();

Works perfectly.

On Aug 5, 3:55 pm, John Kristian  wrote:
> Call setRequestMethod before you call sign.  The signature is a
> function of the method, among other things.
>
> On Aug 4, 7:18 pm, msea85  wrote:
>
>
>
> > URL url = new URL("http://twitter.com/statuses/update.xml";);
> > HttpURLConnection request = (HttpURLConnection) url.openConnection();
> > consumer.sign(request);
> > request.setRequestMethod("POST");- Hide quoted text -
>
> - Show quoted text -

[twitter-dev] Twitter API Wiki Ruby example

[peter_tellgren]

I would like to know if I am the only one not being able to see the
Ruby OAuth Example on the twitter API wiki.

When going here:
http://twitterapi.pbworks.com/OAuth+Example+-+Ruby

Path: twitter.com -> API -> OAuth Examples -> The official Twitter
Ruby on Rails OAuth tutorial

I get this:
Access Denied
You don't have permission to look at OAuth Example - Ruby.

I am logged in and can access any othe examples (most of them
redirects to external though)

[twitter-dev] Re: Knowing how to judge Search API rate limits

[steve]

I will start investigating the streaming API - thanks.

steve


On Aug 5, 3:18 pm, John Kalucki  wrote:
> Steve,
>
> It sounds like you should consider the /follow method in the streaming
> API. You'll get similar results with no latency or rate limits. If you
> need to follow more users, apply for the /shadow method. If you also
> want mentions, you can use /track.
>
> -John Kaluckihttp://twitter.com/jkalucki
> Services, Inc.
>
> On Aug 4, 9:50 am, steve  wrote:
>
> > There are a lot of messages and details around saying that the REST
> > API is 150 per hour, with whitelisting up to 20k per hour.  The Search
> > API is "more than" the 150, but no specifics.
>
> > >> Note that the Search API is not limited by the same 150 requests per 
> > >> hour limit as the REST API.
> > >> The number is quite a bit higher and we feel it is both liberal and 
> > >> sufficient for most applications.
>
> > My question is this, I have just soft launchedwww.twitparade.co.uk,
> > and although the site is in early days, a lot of work is in the
> > scheduler that grabs, stores and publishes individual tweets.
>
> > The way I am doing it is as follows:
>
> > 1. Load a list of people in a specific time slice to check
> > 2. Loop through each person on list, pausing for 5 seconds after each
> > person (except the last)
> > 3. Pause for 20 seconds at the end of the list
> > 4. Pick up the next time slice and start again
>
> > The time slicing allows me to prioritise the people how have tweeted
> > more recently, by checking them more frequently.
>
> > With the pauses I am currently using, assuming each search is instant,
> > then in any 1 minute, I am carrying out a maximum of 12 searches,
> > equating to 720 an hour. If the minute spans a list change, then there
> > is a 20 second pause, so I would only carry out 8 searches, equating
> > to 480 an hour. This can mean that it takes 20 minutes for some Tweets
> > to be picked up, if that person hasn't tweeted for a while (as I check
> > them less often) - I would like to improve that.
>
> > The gatherer is desktop application, so doesn't have a referrer, but I
> > have set the User-Agent to list my app name and the URL of the final
> > site that the data is gathered for, so hopefully Twitter can ID my app
> > (aside: How can we tell that our User-Agent makes it through?). I am
> > also on a fixed IP address, so should be identifiable to the back-end
> > systems at Twitter's end.
>
> > So how aggressive with cutting my pauses can I be? The Search API
> > numbers are not publicized so I have no idea if I'm knocking on the
> > limits, or whether I can with much lower pauses.
>
> > If I cut step 2 down to 1 and step 3 to 5 seconds, then my max rate
> > would be 60 per minute = 3600 per hour, or 2700 per hour. Is this
> > within the unknown limits?
>
> > If someone from Twitter could confirm/deny that my use of caching,
> > user-agent and shorter pauses all works together, I'd appreciate it.
>
> > Thanks,
>
> > Steve
> > --
> > Quick Web Ltd
> > UK

[twitter-dev] Re: Tutorial article posted - "Twitter OAuth using Perl"

[Jesse Stay]

Scott, I am for this week. Leaving back to my home in Salt Lake on Monday
though.
Jesse

On Thu, Aug 6, 2009 at 3:03 PM, Scott Carter wrote:

>
>
> I just posted an article that goes into quite a bit of detail about
> how to create your own Twitter OAuth solution using Perl.
>
> http://www.bigtweet.com/twitter-oauth-using-perl.html
>
> I included quite a few code samples and several references.
>
> Hopefully this might save a fellow Perl hacker some time in putting
> together their own implementation.
>
> BTW - are there any fellow Twitter Perl developers in the Boston
> area?
>
> - Scott
> @scott_carter
>
>

[twitter-dev] Re: friends timeline change: Temporary or permanent?

[Chad Etzel]

This is an artifact from the current DDoS situation. We're working
hard to restore everything back to normal.

Thanks,
-Chad

On Thu, Aug 6, 2009 at 3:57 PM, TjL wrote:
>
> I just tried this
>
> curl -D - -s --netrc
> 'http://twitter.com/statuses/friends_timeline.xml?since_id=3166251802&count=200'
>
> and got back this:
>
> HTTP/1.1 302 Moved Temporarily
> Content-Length: 0
> Location: 
> /statuses/friends_timeline.xml?since_id=3166251802&count=200?0115dfe8
>
> Since my program is designed to look for HTTP Status 200, it's failing.
>
> I can re-code it to deal with the 302, but if this IS just a temporary
> change (hence the 302) I might just wait it out.
>
> TjL
>

[twitter-dev] Re: What Twitter account is used for important announcements?

[Andrew Badera]

On Thu, Aug 6, 2009 at 4:05 PM, Chad Etzel  wrote:

>
> Hello,
>
> For API related issues, there is the @twitterAPI account. For overall
> Twitter related issues, http://status.twitter.com/ and/or
> http://blog.twitter.com/ should be your first stop for information
> when the site/service itself is having problems. It is hard to send
> out information through Twitter accounts when the site itself is down.
>
> We appreciate your patience, and please know that we are doing
> everything we can to restore everything to normal.
>
> Thanks,
> -Chad
>
>

It would be nice if those sources were updated in a more timely fashion. An
attack or other similar situation was pretty obvious early on, but no
official announcement on the given Twitter channels. Why did I have to get
confirmation via Biz's memo to CNN?

--ab

[twitter-dev] Re: What Twitter account is used for important announcements?

[Chad Etzel]

Hello,

For API related issues, there is the @twitterAPI account. For overall
Twitter related issues, http://status.twitter.com/ and/or
http://blog.twitter.com/ should be your first stop for information
when the site/service itself is having problems. It is hard to send
out information through Twitter accounts when the site itself is down.

We appreciate your patience, and please know that we are doing
everything we can to restore everything to normal.

Thanks,
-Chad

On Thu, Aug 6, 2009 at 1:32 PM, Howard Siegel wrote:
> Don't know if there is an @twitterstatus account, but there is the Twitter
> Status Blog at http://status.twitter.com/.
>
> - h
>
>
>
>

[twitter-dev] friends timeline change: Temporary or permanent?

[TjL]

I just tried this

curl -D - -s --netrc
'http://twitter.com/statuses/friends_timeline.xml?since_id=3166251802&count=200'

and got back this:

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: /statuses/friends_timeline.xml?since_id=3166251802&count=200?0115dfe8

Since my program is designed to look for HTTP Status 200, it's failing.

I can re-code it to deal with the 302, but if this IS just a temporary
change (hence the 302) I might just wait it out.

TjL

[twitter-dev] API Calls During DoS Attack

[Dewald Pretorius]

Chad,

I know it's a little late in asking, but should we switch off cron
jobs that make a lot of API calls while this DoS is going on, or while
you are recovering from it?

I don't want my IP addresses to be blocked because they are making a
lot of calls! I've seen in the past that Ops lay down carpet bombing
with cluster munitions when under attack.

Will it help you to recover if we switched off the cron jobs?

Right now most of my connections are just being refused.

Do you guys at least check against the list of white listed IP
addresses before you block an IP address in times like these?

Will there be innocent bystanders caught in the cross-fire again?

This is the kind of info that we developers need...

Dewald

[twitter-dev] Re: Rate Limiting Question

[srikanth reddy]

@Dewald Pretorius

<>

I believe 20k limit per user is the desirable  behavior, but i don't think
twitter will allow you to make infinite calls in which case they will black
list you.

<< I have not checked whether it is actually fixed. But, it's easy to
check. Just do a GET call from a whitelisted IP with one user's
credentials, check the remaining rate limit number, and then do the
same call with another user's credentials. If each call gives you
19,999 remaining, then you know the bug still exists, and consequently
no IP rate limiting is currently being done.>>

You can verify this here http://twxlate.com

This bug was closed very recently (about a month and a half ago) as working
as intended

http://code.google.com/p/twitter-api/issues/detail?id=617


<>
we dont know  the rationale behind that number but if the limit is per IP
then your app is easily susceptible to DOS attacks.
I believe there are many apps (not whitelisted) out there  which make more
than 20k calls/hour (150 users /hour and 150 calls)
The limit should always be per user(whether IP is whitelisted or not)


On Thu, Aug 6, 2009 at 10:54 PM, Dewald Pretorius  wrote:

>
> Just some background. I talked with Doug about this a few months ago,
> because I observed in the Rate Limit Header of get calls that the
> 20,000 number decremented by user, not by IP address in aggregate.
>
> Doug informed me that he was going to hand the issue over to Matt, who
> was on vacation at that point, to look into when he got back from
> vacation.
>
> Doug specifically said that the intended behavior was for the 20,000
> rate limit to be by IP address only.
>
> So, the point I'm trying to make is, at one point the API did count
> the 20,000 rate limit per IP address per user, but that was a bug that
> should have been fixed.
>
> I have not checked whether it is actually fixed. But, it's easy to
> check. Just do a GET call from a whitelisted IP with one user's
> credentials, check the remaining rate limit number, and then do the
> same call with another user's credentials. If each call gives you
> 19,999 remaining, then you know the bug still exists, and consequently
> no IP rate limiting is currently being done.
>
> Dewald
>
> On Aug 6, 2:04 pm, Chad Etzel  wrote:
> > Hi Dewald,
> >
> > I asked "The Powers That Be" about it, and that was the response I
> > got. However, I am double and triple checking because that does sound
> > too good to be true :)
> >
> > -Chad
> >
> > On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretorius
> wrote:
> >
> > > Chad,
> >
> > > Are you 100% sure of that?
> >
> > > I mean, in terms of rate limiting that simply does not make sense.
> >
> > > For my site, TweetLater.com, it would mean I have an effective hourly
> > > rate limit, per IP address, of 2 BILLION IP GET calls per hour!
> > > (20,000 per user for 100,000 users).
> >
> > > It sounds wrong to me.
> >
> > > Dewald
> >
> > > On Aug 6, 1:37 pm, Chad Etzel  wrote:
> > >> Hi Inspector Gadget, er... Bob,
> >
> > >> Yes, the current whitelisted IP rate-limit allows 20k calls per hour
> > >> *per user* on Basic Auth or OAuth or a combination thereof.
> >
> > >> Go, go gadget data!
> >
> > >> -Chad
> > >> Twitter Platform Support
> >
> > >> On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishel
> wrote:
> >
> > >> > Well it seems as though Twitter is saying that 20k calls per user is
> > >> > the intended functionality. Chad or someone else can you confirm
> this?
> >
> > >> > Also if the correct functionality is 20k per ip per hour will you
> then
> > >> > fail over to 150 per user per hour or is it cut off?
> >
> > >> > Thanks
> >
> > >> > -Bob
> >
> > >> > On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretorius
> wrote:
> >
> > >> >> Bob,
> >
> > >> >> Don't base your app on the assumption that it is 20,000 calls per
> hour
> > >> >> per user.
> >
> > >> >> You get 20,000 GET calls per whitelisted IP address, period. It
> does
> > >> >> not matter if you use those calls for one Twitter account or 10,000
> > >> >> Twitter accounts.
> >
> > >> >> If the API is currently behaving differently, then it is a bug.
> >
> > >> >> I have had discussions with Twitter engineers about this, and the
> > >> >> intended behavior is an aggregate 20,000 calls per whitelisted IP
> > >> >> address as I mentioned above.
> >
> > >> >> Dewald
> >
> > >> >> On Aug 6, 4:09 am, Robert Fishel  wrote:
> > >> >>> Wowzers (bonus points for getting the reference)
> >
> > >> >>> It appears as if each user does get 20k (according to the linked
> > >> >>> threads) this is I think what they intended and makes apps a LOT
> > >> >>> easier to develop as you can now do rate limiting (ie caching and
> > >> >>> sleeping etc...) based on each user and not on an entire server
> pool,
> > >> >>> makes sessions much cleaner.
> >
> > >> >>> I am whitelisted and I'll test this tomorrow evening to make
> double
> > >> >>> sure but this sounds great!.
> >
> > >> >>> Thanks
> >
> > >> >>> -Bob
> >
> > >> >>> On Thu, Aug 6, 2009 at 2:53 AM, srikan

[twitter-dev] Re: Sign in with Twitter

[Coderanger]

> Some users aren't comfortable giving their Twitter password to another
> website.  For them, it's sort of a good thing to be sent to Twitter's
I would hazard a guess that they really are the long tail. Only a
small percentage of people would care, most would not but they are
going to be penalized with a more complicated system ... seems a bit
backward to me.

One possibility is for your application (which is what I will do in
twitcher) to offer both methods. Then both sets of users are covered,
most people can get in quickly and easily by entering name and
password; but those that are more careful/concerened can go the more
complicated oauth route.

Problem is, twitter are going to shut off Basic Auth at some point
which is a big mistake IMHO, but hey ho.

[twitter-dev] Tutorial article posted - "Twitter OAuth using Perl"

[Scott Carter]

I just posted an article that goes into quite a bit of detail about
how to create your own Twitter OAuth solution using Perl.

http://www.bigtweet.com/twitter-oauth-using-perl.html

I included quite a few code samples and several references.

Hopefully this might save a fellow Perl hacker some time in putting
together their own implementation.

BTW - are there any fellow Twitter Perl developers in the Boston
area?

- Scott
@scott_carter

[twitter-dev] Re: Current Twitter site status

[John Kalucki]

Monitor the Twitter Blog, but yes, various services are still
recovering and/or flapping. For the next few hours, I'd assume it's a
problem on Twitter's side, not on your side.

On Aug 6, 11:43 am, David Fisher  wrote:
> Is the Search API being effected? I thought at first that I had messed
> up my code, but I rolled back pretty far and I'm still getting really
> odd errors
>
> /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:56:in
> `setup_raw_request': undefined method `request_uri' for # 0x7ff36a8295f0> (NoMethodError)
>         from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
> 39:in `perform'
>         from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
> 99:in `handle_response'
>         from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
> 40:in `perform'
>         from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:156:in
> `perform_request'
>         from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:122:in
> `get'
>         from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb:
> 100:in `fetch'
>         from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb:
> 108:in `each'
>
> On Aug 6, 11:45 am, Stuart  wrote:
>
> > 2009/8/6 Chad Etzel :
>
> > > Some of you may already be aware that the main Twitter site is under a
> > > DDoS attack.  Please keep a close eye onhttp://status.twitter.com/
> > > and this list for details and updates.
>
> > "Encountered seemingly neverending redirects" - that can't be helping!!
>
> >http://titsup.net/http://twitter.com/
>
> > -Stuart
>
> > --http://stut.net/

[twitter-dev] Re: Current Twitter site status

[shiplu]

I see. Thats the reason why I can register my new app ! ! !
:(

-- 
A K M Mokaddim
http://talk.cmyweb.net
http://twitter.com/shiplu
Stop Top Posting !!
বাংলিশ লেখার চাইতে বাংলা লেখা অনেক ভাল
Sent from Dhaka, Bangladesh

[twitter-dev] Re: Current Twitter site status

[David Fisher]

Is the Search API being effected? I thought at first that I had messed
up my code, but I rolled back pretty far and I'm still getting really
odd errors

/var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:56:in
`setup_raw_request': undefined method `request_uri' for # (NoMethodError)
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
39:in `perform'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
99:in `handle_response'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty/request.rb:
40:in `perform'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:156:in
`perform_request'
from /var/lib/gems/1.8/gems/httparty-0.4.3/lib/httparty.rb:122:in
`get'
from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb:
100:in `fetch'
from /var/lib/gems/1.8/gems/twitter-0.6.13/lib/twitter/search.rb:
108:in `each'


On Aug 6, 11:45 am, Stuart  wrote:
> 2009/8/6 Chad Etzel :
>
>
>
> > Some of you may already be aware that the main Twitter site is under a
> > DDoS attack.  Please keep a close eye onhttp://status.twitter.com/
> > and this list for details and updates.
>
> "Encountered seemingly neverending redirects" - that can't be helping!!
>
> http://titsup.net/http://twitter.com/
>
> -Stuart
>
> --http://stut.net/

[twitter-dev] Re: Updating the APIs authentication limiting policy

[Grant Emsley]

Perhaps a better approach to the lockout:

Lock the account for x minutes after 15 *unique* bad passwords.  So if
the user changes their password, and another program keeps trying with
their old password, that only counts as 1 attempt.
It still only gives them 15 guesses, but would cause fewer lockouts
because of badly behaved programs like the spam bots mentioned above.

[twitter-dev] Re: Updating the APIs authentication limiting policy

[Alex Payne]

We've just heard from our operations and deploy staff that we won't be
able to deploy any code (for the API or otherwise) until Monday due to
the DDoS attack and other issues. That means that the revert to the
old rate limiting policy for this method won't go out this week. My
apologies.

On Thu, Aug 6, 2009 at 02:43, Goblin wrote:
>
> Alex, is that *not* estimated or was it an iPhone being daft and
> changing now to not?
>
> On Aug 5, 7:11 pm, Alex Payne  wrote:
>> The change did not go live yesterday due to some deploy issues. It's
>> not estimated to go out tomorrow. Once again, sorry for the delay.
>>
>>
>>
>> On Wed, Aug 5, 2009 at 07:48, Dewald Pretorius wrote:
>>
>> > Alex,
>>
>> > Did the change go live on Tuesday?
>>
>> > I have very irate users due to this issue. There are spam bots out
>> > there that got hold of users' credentials. The users have changed
>> > their Twitter passwords to get rid of the spam tweets published in
>> > their timelines, but now those bots are locking them out 24x7 from all
>> > apps that use the API.
>>
>> > On Aug 3, 2:56 pm, Alex Payne  wrote:
>> >> The rollback should be deployed tomorrow. Sorry for the delay.
>>
>> >> On Sat, Aug 1, 2009 at 23:36, Jesse Stay wrote:
>> >> > A timeframe would be very helpful. This is turning out to be a headache 
>> >> > as
>> >> > I'm testing. If my own user is having to log in over and over to test my
>> >> > app, I'm quickly hitting the verify_credentials limit (and I'm even 
>> >> > using
>> >> > OAuth).  I'm getting really frustrated.
>> >> > Jesse
>>
>> >> > On Fri, Jul 31, 2009 at 8:01 PM, Bob Thomson 
>> >> > wrote:
>>
>> >> >> Hi Doug,
>>
>> >> >> Is there a timescale for rolling back / making the change to the new
>> >> >> scheme?
>>
>> >> >> We're just putting the finishing touches to moving to OAuth and we're
>> >> >> experiencing the issue when using verify_credentials to get the users
>> >> >> basic details once we've got the token back from the authentication
>> >> >> process. We're experiencing the issue when:
>>
>> >> >> 1. Testing our login and authentication processes
>> >> >> 2. When users login and logout of our application frequently
>>
>> >> >> A heads up on when these changes will be made would be useful. Thanks,
>>
>> >> >> Bob
>>
>> >> >> On Jul 29, 6:37 pm, Grant Emsley  wrote:
>> >> >> > Locked out of authenticated resources for that account, or will that
>> >> >> > IP not be able to login to any account?
>>
>> >> >> > On Jul 29, 1:14 pm, Doug Williams  wrote:
>>
>> >> >> > > Ray,For clarity, we will roll back the current restriction of 15 
>> >> >> > > calls
>> >> >> > > per
>> >> >> > > user per hour to account/verify_credentials, and implement the
>> >> >> > > proposed
>> >> >> > > scheme:
>>
>> >> >> > > > ... we will limit the total number of unsuccessful
>> >> >> > > > attempts to access authenticated resources to 15 an hour per user
>> >> >> > > > per IP
>> >> >> > > > address. If a single IP address makes 15 attempts to access a
>> >> >> > > > protected resource unsuccessfully for a given user (as indicated 
>> >> >> > > > by
>> >> >> > > > an
>> >> >> > > HTTP 401),
>> >> >> > > > then the user will be locked out of authenticated resources from
>> >> >> > > > that
>> >> >> > > > IP address for 1 hour.
>>
>> >> >> > > Thanks,
>> >> >> > > Doug
>>
>> >> >> > > On Wed, Jul 29, 2009 at 9:51 AM, Ray  wrote:
>>
>> >> >> > > > Doug,
>>
>> >> >> > > > I'm in a similar situation as that voiced by TinBlue.  This 
>> >> >> > > > change
>> >> >> > > > has
>> >> >> > > > affected our iPhone App.  We also want to encourage you to 
>> >> >> > > > rollback
>> >> >> > > > this change ASAP.
>>
>> >> >> > > > When you say "This approach is what we are going to take.", do 
>> >> >> > > > you
>> >> >> > > > mean rolling back the fix so as not to affect multiple, 
>> >> >> > > > successful,
>> >> >> > > > authorized logins?  I'm hopeful that "this approach" means that 
>> >> >> > > > our
>> >> >> > > > apps will not be affected yet again by changing to a new auth
>> >> >> > > > approach.
>>
>> >> >> > > > I appreciate you all keeping this thread informed.
>>
>> >> >> > > > Ray
>>
>> >> >> > > > On Jul 27, 11:23 am, Doug Williams  wrote:
>> >> >> > > > > Thanks to everyone who has contributed feedback. This approach 
>> >> >> > > > > is
>> >> >> > > > > what we
>> >> >> > > > > are going to take.
>> >> >> > > > > Alex will be making this change shortly. I will update this 
>> >> >> > > > > thread
>> >> >> > > > > when
>> >> >> > > > > there is timeframe to share.
>>
>> >> >> > > > > Thanks,
>> >> >> > > > > Doug
>>
>> >> >> > > > > On Mon, Jul 27, 2009 at 7:52 AM, TinBlue 
>> >> >> > > > > wrote:
>>
>> >> >> > > > > > What is happening?
>>
>> >> >> > > > > > This rollback is taking far too long for something that has
>> >> >> > > > > > affected a
>> >> >> > > > > > lot of people!
>>
>> >> >> > > > > > On Jul 25, 2:32 pm, Dewald Pretorius  
>> >> >> > > > > > wrote:
>> >> >> > > > > > > Doug,
>>
>> >> >> > > > > > > I 

[twitter-dev] Re: Rate Limiting Question

[Jesse Stay]

I got the same response from Alex awhile back (and I think confirmed by
Doug).  And I'm seeing the same results, as well.  I'm pretty sure it's
20,000 per IP without regard to user.
Jesse

On Thu, Aug 6, 2009 at 1:24 PM, Dewald Pretorius  wrote:

>
> Just some background. I talked with Doug about this a few months ago,
> because I observed in the Rate Limit Header of get calls that the
> 20,000 number decremented by user, not by IP address in aggregate.
>
> Doug informed me that he was going to hand the issue over to Matt, who
> was on vacation at that point, to look into when he got back from
> vacation.
>
> Doug specifically said that the intended behavior was for the 20,000
> rate limit to be by IP address only.
>
> So, the point I'm trying to make is, at one point the API did count
> the 20,000 rate limit per IP address per user, but that was a bug that
> should have been fixed.
>
> I have not checked whether it is actually fixed. But, it's easy to
> check. Just do a GET call from a whitelisted IP with one user's
> credentials, check the remaining rate limit number, and then do the
> same call with another user's credentials. If each call gives you
> 19,999 remaining, then you know the bug still exists, and consequently
> no IP rate limiting is currently being done.
>
> Dewald
>
> On Aug 6, 2:04 pm, Chad Etzel  wrote:
> > Hi Dewald,
> >
> > I asked "The Powers That Be" about it, and that was the response I
> > got. However, I am double and triple checking because that does sound
> > too good to be true :)
> >
> > -Chad
> >
> > On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretorius
> wrote:
> >
> > > Chad,
> >
> > > Are you 100% sure of that?
> >
> > > I mean, in terms of rate limiting that simply does not make sense.
> >
> > > For my site, TweetLater.com, it would mean I have an effective hourly
> > > rate limit, per IP address, of 2 BILLION IP GET calls per hour!
> > > (20,000 per user for 100,000 users).
> >
> > > It sounds wrong to me.
> >
> > > Dewald
> >
> > > On Aug 6, 1:37 pm, Chad Etzel  wrote:
> > >> Hi Inspector Gadget, er... Bob,
> >
> > >> Yes, the current whitelisted IP rate-limit allows 20k calls per hour
> > >> *per user* on Basic Auth or OAuth or a combination thereof.
> >
> > >> Go, go gadget data!
> >
> > >> -Chad
> > >> Twitter Platform Support
> >
> > >> On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishel
> wrote:
> >
> > >> > Well it seems as though Twitter is saying that 20k calls per user is
> > >> > the intended functionality. Chad or someone else can you confirm
> this?
> >
> > >> > Also if the correct functionality is 20k per ip per hour will you
> then
> > >> > fail over to 150 per user per hour or is it cut off?
> >
> > >> > Thanks
> >
> > >> > -Bob
> >
> > >> > On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretorius
> wrote:
> >
> > >> >> Bob,
> >
> > >> >> Don't base your app on the assumption that it is 20,000 calls per
> hour
> > >> >> per user.
> >
> > >> >> You get 20,000 GET calls per whitelisted IP address, period. It
> does
> > >> >> not matter if you use those calls for one Twitter account or 10,000
> > >> >> Twitter accounts.
> >
> > >> >> If the API is currently behaving differently, then it is a bug.
> >
> > >> >> I have had discussions with Twitter engineers about this, and the
> > >> >> intended behavior is an aggregate 20,000 calls per whitelisted IP
> > >> >> address as I mentioned above.
> >
> > >> >> Dewald
> >
> > >> >> On Aug 6, 4:09 am, Robert Fishel  wrote:
> > >> >>> Wowzers (bonus points for getting the reference)
> >
> > >> >>> It appears as if each user does get 20k (according to the linked
> > >> >>> threads) this is I think what they intended and makes apps a LOT
> > >> >>> easier to develop as you can now do rate limiting (ie caching and
> > >> >>> sleeping etc...) based on each user and not on an entire server
> pool,
> > >> >>> makes sessions much cleaner.
> >
> > >> >>> I am whitelisted and I'll test this tomorrow evening to make
> double
> > >> >>> sure but this sounds great!.
> >
> > >> >>> Thanks
> >
> > >> >>> -Bob
> >
> > >> >>> On Thu, Aug 6, 2009 at 2:53 AM, srikanth
> >
> > >> >>> reddy wrote:
> > >> >>> > With a whitelisted IP you can make 20k auth calls per hour for
> each user.
> > >> >>> > Once you reach this limit for a user you cannot make  any auth
> calls from
> > >> >>> > that IP in that duration. But the user can still use his 150
> limit from
> > >> >>> > other apps.
> >
> > >> >>> >
> http://groups.google.com/group/twitter-development-talk/browse_thread...
> >
> > >> >>> > On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel <
> b...@bobforthejob.com> wrote:
> >
> > >> >>> >> From the Rate Limiting documentation:
> >
> > >> >>> >> "IP whitelisting takes precedence to account rate limits. GET
> requests
> > >> >>> >> from a whitelisted IP address made on a user's behalf will be
> deducted
> > >> >>> >> from the whitelisted IP's limit, not the users. Therefore,
> IP-based
> > >> >>> >> whitelisting is a best practice for applications that request
> man

[twitter-dev] Re: What Twitter account is used for important announcements?

[Howard Siegel]

Don't know if there is an @twitterstatus account, but there is the Twitter
Status Blog at http://status.twitter.com/.

- h

[twitter-dev] Re: What Twitter account is used for important announcements?

[Peter Denton]

Hey Kee,
@apiannounce was recently created for changes to the api.

On Thu, Aug 6, 2009 at 10:15 AM, Kee Hinckley  wrote:

>
> I used to subscribe to SMS notifications from the @twitter account, which
> was used to send notifications about blog updates and site downtime. That
> was great. Then a few weeks some idiot in PR apparently took over the
> account and now it sends frequent postings about asteroid strikes,
> celebrities, and how often people at Twitter HQ wash their clothes. Just the
> kind of thing I want texted to my phone.
>
> The final straw. Today Twitter is down for half the day from a DoS attack.
> Do I get a text notification of the problem (which should be doable even if
> you're under attack)? Nope. Do I get an explanation afterwards? Nope. I get
> a text message about how it's "quiet but lots of sun" at Twitter HQ,
> complete with a picture. Talk about complete disregard for your customers.
>
> I've sent multiple complaints to the @twitter account, but evidently nobody
> actually *reads* the responses. Perhaps we should send @comcast_cares over
> to Twitter HQ to give a lesson on how to use Twitter?
>
> Is anyone there taking the service seriously? Are you going to force
> several hundred thousand followers to switch to following a different
> account if they want to get useful information? Or are you going to start
> using @twitter for it's original purpose? Or do you think that sending
> customers urgent information isn't important?
>
> Come on guys. Stop drinking the koolaid and start acting like a responsible
> company providing a responsible service.
>

[twitter-dev] Re: Rate Limiting Question

[Dewald Pretorius]

Just some background. I talked with Doug about this a few months ago,
because I observed in the Rate Limit Header of get calls that the
20,000 number decremented by user, not by IP address in aggregate.

Doug informed me that he was going to hand the issue over to Matt, who
was on vacation at that point, to look into when he got back from
vacation.

Doug specifically said that the intended behavior was for the 20,000
rate limit to be by IP address only.

So, the point I'm trying to make is, at one point the API did count
the 20,000 rate limit per IP address per user, but that was a bug that
should have been fixed.

I have not checked whether it is actually fixed. But, it's easy to
check. Just do a GET call from a whitelisted IP with one user's
credentials, check the remaining rate limit number, and then do the
same call with another user's credentials. If each call gives you
19,999 remaining, then you know the bug still exists, and consequently
no IP rate limiting is currently being done.

Dewald

On Aug 6, 2:04 pm, Chad Etzel  wrote:
> Hi Dewald,
>
> I asked "The Powers That Be" about it, and that was the response I
> got. However, I am double and triple checking because that does sound
> too good to be true :)
>
> -Chad
>
> On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretorius wrote:
>
> > Chad,
>
> > Are you 100% sure of that?
>
> > I mean, in terms of rate limiting that simply does not make sense.
>
> > For my site, TweetLater.com, it would mean I have an effective hourly
> > rate limit, per IP address, of 2 BILLION IP GET calls per hour!
> > (20,000 per user for 100,000 users).
>
> > It sounds wrong to me.
>
> > Dewald
>
> > On Aug 6, 1:37 pm, Chad Etzel  wrote:
> >> Hi Inspector Gadget, er... Bob,
>
> >> Yes, the current whitelisted IP rate-limit allows 20k calls per hour
> >> *per user* on Basic Auth or OAuth or a combination thereof.
>
> >> Go, go gadget data!
>
> >> -Chad
> >> Twitter Platform Support
>
> >> On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishel wrote:
>
> >> > Well it seems as though Twitter is saying that 20k calls per user is
> >> > the intended functionality. Chad or someone else can you confirm this?
>
> >> > Also if the correct functionality is 20k per ip per hour will you then
> >> > fail over to 150 per user per hour or is it cut off?
>
> >> > Thanks
>
> >> > -Bob
>
> >> > On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretorius wrote:
>
> >> >> Bob,
>
> >> >> Don't base your app on the assumption that it is 20,000 calls per hour
> >> >> per user.
>
> >> >> You get 20,000 GET calls per whitelisted IP address, period. It does
> >> >> not matter if you use those calls for one Twitter account or 10,000
> >> >> Twitter accounts.
>
> >> >> If the API is currently behaving differently, then it is a bug.
>
> >> >> I have had discussions with Twitter engineers about this, and the
> >> >> intended behavior is an aggregate 20,000 calls per whitelisted IP
> >> >> address as I mentioned above.
>
> >> >> Dewald
>
> >> >> On Aug 6, 4:09 am, Robert Fishel  wrote:
> >> >>> Wowzers (bonus points for getting the reference)
>
> >> >>> It appears as if each user does get 20k (according to the linked
> >> >>> threads) this is I think what they intended and makes apps a LOT
> >> >>> easier to develop as you can now do rate limiting (ie caching and
> >> >>> sleeping etc...) based on each user and not on an entire server pool,
> >> >>> makes sessions much cleaner.
>
> >> >>> I am whitelisted and I'll test this tomorrow evening to make double
> >> >>> sure but this sounds great!.
>
> >> >>> Thanks
>
> >> >>> -Bob
>
> >> >>> On Thu, Aug 6, 2009 at 2:53 AM, srikanth
>
> >> >>> reddy wrote:
> >> >>> > With a whitelisted IP you can make 20k auth calls per hour for each 
> >> >>> > user.
> >> >>> > Once you reach this limit for a user you cannot make  any auth calls 
> >> >>> > from
> >> >>> > that IP in that duration. But the user can still use his 150 limit 
> >> >>> > from
> >> >>> > other apps.
>
> >> >>> >http://groups.google.com/group/twitter-development-talk/browse_thread...
>
> >> >>> > On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel  
> >> >>> > wrote:
>
> >> >>> >> From the Rate Limiting documentation:
>
> >> >>> >> "IP whitelisting takes precedence to account rate limits. GET 
> >> >>> >> requests
> >> >>> >> from a whitelisted IP address made on a user's behalf will be 
> >> >>> >> deducted
> >> >>> >> from the whitelisted IP's limit, not the users. Therefore, IP-based
> >> >>> >> whitelisting is a best practice for applications that request many
> >> >>> >> users' data."
>
> >> >>> >> Say for example I wanted to simply replicate the twitter website. 
> >> >>> >> One
> >> >>> >> page per user that just monitors for new statuses with authenticated
> >> >>> >> (to catch protected users) calls to
> >> >>> >>http://twitter.com/statuses/friends_timeline.json
>
> >> >>> >> Say I was very popular and had 20k people on the site. Would this
> >> >>> >> limit me to 1 call per minute per user or would it fall over to the
> >>

[twitter-dev] Re: API converting + text character to white space...

[JDG]

+ is the RFC-defined way to send a space. You have to encode your parameters
using the API, so + will become %xx, where xx is the hex ascii code for +.

On Thu, Aug 6, 2009 at 11:15, HatMan  wrote:

>
> John+Jane will appear as John Jane when the text is sent via the API
> but remains John+Jane when the text is sent via the web.
>
> Is this an API bug or some API policy intentionally imposed to support
> certain text characters and not others when text is sent via API?




-- 
Internets. Serious business.

[twitter-dev] API converting + text character to white space...

[HatMan]

John+Jane will appear as John Jane when the text is sent via the API
but remains John+Jane when the text is sent via the web.

Is this an API bug or some API policy intentionally imposed to support
certain text characters and not others when text is sent via API?

[twitter-dev] What Twitter account is used for important announcements?

[Kee Hinckley]

I used to subscribe to SMS notifications from the @twitter account,  
which was used to send notifications about blog updates and site  
downtime. That was great. Then a few weeks some idiot in PR apparently  
took over the account and now it sends frequent postings about  
asteroid strikes, celebrities, and how often people at Twitter HQ wash  
their clothes. Just the kind of thing I want texted to my phone.


The final straw. Today Twitter is down for half the day from a DoS  
attack. Do I get a text notification of the problem (which should be  
doable even if you're under attack)? Nope. Do I get an explanation  
afterwards? Nope. I get a text message about how it's "quiet but lots  
of sun" at Twitter HQ, complete with a picture. Talk about complete  
disregard for your customers.


I've sent multiple complaints to the @twitter account, but evidently  
nobody actually *reads* the responses. Perhaps we should send  
@comcast_cares over to Twitter HQ to give a lesson on how to use  
Twitter?


Is anyone there taking the service seriously? Are you going to force  
several hundred thousand followers to switch to following a different  
account if they want to get useful information? Or are you going to  
start using @twitter for it's original purpose? Or do you think that  
sending customers urgent information isn't important?


Come on guys. Stop drinking the koolaid and start acting like a  
responsible company providing a responsible service.

[twitter-dev] Re: Rate Limiting Question

[Dewald Pretorius]

That would be the same as having no rate limit at all, because really,
which app would beed to make 20,000 GET calls per hour on one Twitter
account?

If that's how it is enforced currently, then that is the reason why
the API often gets so overloaded and slow.

Dewald

On Aug 6, 2:04 pm, Chad Etzel  wrote:
> Hi Dewald,
>
> I asked "The Powers That Be" about it, and that was the response I
> got. However, I am double and triple checking because that does sound
> too good to be true :)
>
> -Chad
>
> On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretorius wrote:
>
> > Chad,
>
> > Are you 100% sure of that?
>
> > I mean, in terms of rate limiting that simply does not make sense.
>
> > For my site, TweetLater.com, it would mean I have an effective hourly
> > rate limit, per IP address, of 2 BILLION IP GET calls per hour!
> > (20,000 per user for 100,000 users).
>
> > It sounds wrong to me.
>
> > Dewald
>
> > On Aug 6, 1:37 pm, Chad Etzel  wrote:
> >> Hi Inspector Gadget, er... Bob,
>
> >> Yes, the current whitelisted IP rate-limit allows 20k calls per hour
> >> *per user* on Basic Auth or OAuth or a combination thereof.
>
> >> Go, go gadget data!
>
> >> -Chad
> >> Twitter Platform Support
>
> >> On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishel wrote:
>
> >> > Well it seems as though Twitter is saying that 20k calls per user is
> >> > the intended functionality. Chad or someone else can you confirm this?
>
> >> > Also if the correct functionality is 20k per ip per hour will you then
> >> > fail over to 150 per user per hour or is it cut off?
>
> >> > Thanks
>
> >> > -Bob
>
> >> > On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretorius wrote:
>
> >> >> Bob,
>
> >> >> Don't base your app on the assumption that it is 20,000 calls per hour
> >> >> per user.
>
> >> >> You get 20,000 GET calls per whitelisted IP address, period. It does
> >> >> not matter if you use those calls for one Twitter account or 10,000
> >> >> Twitter accounts.
>
> >> >> If the API is currently behaving differently, then it is a bug.
>
> >> >> I have had discussions with Twitter engineers about this, and the
> >> >> intended behavior is an aggregate 20,000 calls per whitelisted IP
> >> >> address as I mentioned above.
>
> >> >> Dewald
>
> >> >> On Aug 6, 4:09 am, Robert Fishel  wrote:
> >> >>> Wowzers (bonus points for getting the reference)
>
> >> >>> It appears as if each user does get 20k (according to the linked
> >> >>> threads) this is I think what they intended and makes apps a LOT
> >> >>> easier to develop as you can now do rate limiting (ie caching and
> >> >>> sleeping etc...) based on each user and not on an entire server pool,
> >> >>> makes sessions much cleaner.
>
> >> >>> I am whitelisted and I'll test this tomorrow evening to make double
> >> >>> sure but this sounds great!.
>
> >> >>> Thanks
>
> >> >>> -Bob
>
> >> >>> On Thu, Aug 6, 2009 at 2:53 AM, srikanth
>
> >> >>> reddy wrote:
> >> >>> > With a whitelisted IP you can make 20k auth calls per hour for each 
> >> >>> > user.
> >> >>> > Once you reach this limit for a user you cannot make  any auth calls 
> >> >>> > from
> >> >>> > that IP in that duration. But the user can still use his 150 limit 
> >> >>> > from
> >> >>> > other apps.
>
> >> >>> >http://groups.google.com/group/twitter-development-talk/browse_thread...
>
> >> >>> > On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel  
> >> >>> > wrote:
>
> >> >>> >> From the Rate Limiting documentation:
>
> >> >>> >> "IP whitelisting takes precedence to account rate limits. GET 
> >> >>> >> requests
> >> >>> >> from a whitelisted IP address made on a user's behalf will be 
> >> >>> >> deducted
> >> >>> >> from the whitelisted IP's limit, not the users. Therefore, IP-based
> >> >>> >> whitelisting is a best practice for applications that request many
> >> >>> >> users' data."
>
> >> >>> >> Say for example I wanted to simply replicate the twitter website. 
> >> >>> >> One
> >> >>> >> page per user that just monitors for new statuses with authenticated
> >> >>> >> (to catch protected users) calls to
> >> >>> >>http://twitter.com/statuses/friends_timeline.json
>
> >> >>> >> Say I was very popular and had 20k people on the site. Would this
> >> >>> >> limit me to 1 call per minute per user or would it fall over to the
> >> >>> >> user limit of 150 an hour once I hit my 20k? If so how can I tell it
> >> >>> >> has fallen over besides for simply keeping track of the number of
> >> >>> >> calls per hour my server has made.
>
> >> >>> >> Thanks
>
> >> >>> >> -Bob

[twitter-dev] Re: Rate Limiting Question

[Chad Etzel]

Hi Dewald,

I asked "The Powers That Be" about it, and that was the response I
got. However, I am double and triple checking because that does sound
too good to be true :)

-Chad

On Thu, Aug 6, 2009 at 1:01 PM, Dewald Pretorius wrote:
>
> Chad,
>
> Are you 100% sure of that?
>
> I mean, in terms of rate limiting that simply does not make sense.
>
> For my site, TweetLater.com, it would mean I have an effective hourly
> rate limit, per IP address, of 2 BILLION IP GET calls per hour!
> (20,000 per user for 100,000 users).
>
> It sounds wrong to me.
>
> Dewald
>
> On Aug 6, 1:37 pm, Chad Etzel  wrote:
>> Hi Inspector Gadget, er... Bob,
>>
>> Yes, the current whitelisted IP rate-limit allows 20k calls per hour
>> *per user* on Basic Auth or OAuth or a combination thereof.
>>
>> Go, go gadget data!
>>
>> -Chad
>> Twitter Platform Support
>>
>> On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishel wrote:
>>
>> > Well it seems as though Twitter is saying that 20k calls per user is
>> > the intended functionality. Chad or someone else can you confirm this?
>>
>> > Also if the correct functionality is 20k per ip per hour will you then
>> > fail over to 150 per user per hour or is it cut off?
>>
>> > Thanks
>>
>> > -Bob
>>
>> > On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretorius wrote:
>>
>> >> Bob,
>>
>> >> Don't base your app on the assumption that it is 20,000 calls per hour
>> >> per user.
>>
>> >> You get 20,000 GET calls per whitelisted IP address, period. It does
>> >> not matter if you use those calls for one Twitter account or 10,000
>> >> Twitter accounts.
>>
>> >> If the API is currently behaving differently, then it is a bug.
>>
>> >> I have had discussions with Twitter engineers about this, and the
>> >> intended behavior is an aggregate 20,000 calls per whitelisted IP
>> >> address as I mentioned above.
>>
>> >> Dewald
>>
>> >> On Aug 6, 4:09 am, Robert Fishel  wrote:
>> >>> Wowzers (bonus points for getting the reference)
>>
>> >>> It appears as if each user does get 20k (according to the linked
>> >>> threads) this is I think what they intended and makes apps a LOT
>> >>> easier to develop as you can now do rate limiting (ie caching and
>> >>> sleeping etc...) based on each user and not on an entire server pool,
>> >>> makes sessions much cleaner.
>>
>> >>> I am whitelisted and I'll test this tomorrow evening to make double
>> >>> sure but this sounds great!.
>>
>> >>> Thanks
>>
>> >>> -Bob
>>
>> >>> On Thu, Aug 6, 2009 at 2:53 AM, srikanth
>>
>> >>> reddy wrote:
>> >>> > With a whitelisted IP you can make 20k auth calls per hour for each 
>> >>> > user.
>> >>> > Once you reach this limit for a user you cannot make  any auth calls 
>> >>> > from
>> >>> > that IP in that duration. But the user can still use his 150 limit from
>> >>> > other apps.
>>
>> >>> >http://groups.google.com/group/twitter-development-talk/browse_thread...
>>
>> >>> > On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel  
>> >>> > wrote:
>>
>> >>> >> From the Rate Limiting documentation:
>>
>> >>> >> "IP whitelisting takes precedence to account rate limits. GET requests
>> >>> >> from a whitelisted IP address made on a user's behalf will be deducted
>> >>> >> from the whitelisted IP's limit, not the users. Therefore, IP-based
>> >>> >> whitelisting is a best practice for applications that request many
>> >>> >> users' data."
>>
>> >>> >> Say for example I wanted to simply replicate the twitter website. One
>> >>> >> page per user that just monitors for new statuses with authenticated
>> >>> >> (to catch protected users) calls to
>> >>> >>http://twitter.com/statuses/friends_timeline.json
>>
>> >>> >> Say I was very popular and had 20k people on the site. Would this
>> >>> >> limit me to 1 call per minute per user or would it fall over to the
>> >>> >> user limit of 150 an hour once I hit my 20k? If so how can I tell it
>> >>> >> has fallen over besides for simply keeping track of the number of
>> >>> >> calls per hour my server has made.
>>
>> >>> >> Thanks
>>
>> >>> >> -Bob
>

[twitter-dev] Re: Rate Limiting Question

[Dewald Pretorius]

Chad,

Are you 100% sure of that?

I mean, in terms of rate limiting that simply does not make sense.

For my site, TweetLater.com, it would mean I have an effective hourly
rate limit, per IP address, of 2 BILLION IP GET calls per hour!
(20,000 per user for 100,000 users).

It sounds wrong to me.

Dewald

On Aug 6, 1:37 pm, Chad Etzel  wrote:
> Hi Inspector Gadget, er... Bob,
>
> Yes, the current whitelisted IP rate-limit allows 20k calls per hour
> *per user* on Basic Auth or OAuth or a combination thereof.
>
> Go, go gadget data!
>
> -Chad
> Twitter Platform Support
>
> On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishel wrote:
>
> > Well it seems as though Twitter is saying that 20k calls per user is
> > the intended functionality. Chad or someone else can you confirm this?
>
> > Also if the correct functionality is 20k per ip per hour will you then
> > fail over to 150 per user per hour or is it cut off?
>
> > Thanks
>
> > -Bob
>
> > On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretorius wrote:
>
> >> Bob,
>
> >> Don't base your app on the assumption that it is 20,000 calls per hour
> >> per user.
>
> >> You get 20,000 GET calls per whitelisted IP address, period. It does
> >> not matter if you use those calls for one Twitter account or 10,000
> >> Twitter accounts.
>
> >> If the API is currently behaving differently, then it is a bug.
>
> >> I have had discussions with Twitter engineers about this, and the
> >> intended behavior is an aggregate 20,000 calls per whitelisted IP
> >> address as I mentioned above.
>
> >> Dewald
>
> >> On Aug 6, 4:09 am, Robert Fishel  wrote:
> >>> Wowzers (bonus points for getting the reference)
>
> >>> It appears as if each user does get 20k (according to the linked
> >>> threads) this is I think what they intended and makes apps a LOT
> >>> easier to develop as you can now do rate limiting (ie caching and
> >>> sleeping etc...) based on each user and not on an entire server pool,
> >>> makes sessions much cleaner.
>
> >>> I am whitelisted and I'll test this tomorrow evening to make double
> >>> sure but this sounds great!.
>
> >>> Thanks
>
> >>> -Bob
>
> >>> On Thu, Aug 6, 2009 at 2:53 AM, srikanth
>
> >>> reddy wrote:
> >>> > With a whitelisted IP you can make 20k auth calls per hour for each 
> >>> > user.
> >>> > Once you reach this limit for a user you cannot make  any auth calls 
> >>> > from
> >>> > that IP in that duration. But the user can still use his 150 limit from
> >>> > other apps.
>
> >>> >http://groups.google.com/group/twitter-development-talk/browse_thread...
>
> >>> > On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel  
> >>> > wrote:
>
> >>> >> From the Rate Limiting documentation:
>
> >>> >> "IP whitelisting takes precedence to account rate limits. GET requests
> >>> >> from a whitelisted IP address made on a user's behalf will be deducted
> >>> >> from the whitelisted IP's limit, not the users. Therefore, IP-based
> >>> >> whitelisting is a best practice for applications that request many
> >>> >> users' data."
>
> >>> >> Say for example I wanted to simply replicate the twitter website. One
> >>> >> page per user that just monitors for new statuses with authenticated
> >>> >> (to catch protected users) calls to
> >>> >>http://twitter.com/statuses/friends_timeline.json
>
> >>> >> Say I was very popular and had 20k people on the site. Would this
> >>> >> limit me to 1 call per minute per user or would it fall over to the
> >>> >> user limit of 150 an hour once I hit my 20k? If so how can I tell it
> >>> >> has fallen over besides for simply keeping track of the number of
> >>> >> calls per hour my server has made.
>
> >>> >> Thanks
>
> >>> >> -Bob

[twitter-dev] Re: Rate Limiting Question

[Chad Etzel]

Good questions. I agree the phrasing surrounding this topic in the
documentation is not extremely clear. I am digging for answers.
-Chad

On Thu, Aug 6, 2009 at 12:44 PM, Jesse Stay wrote:
> Chad, did that change recently?  I was told by Alex and others there that it
> was 20,000 calls per hour, period, per IP.  When did that change and why
> weren't we notified?  This will save me a lot of money if it is indeed true.
> Jesse
>
> On Thu, Aug 6, 2009 at 12:37 PM, Chad Etzel  wrote:
>>
>> Hi Inspector Gadget, er... Bob,
>>
>> Yes, the current whitelisted IP rate-limit allows 20k calls per hour
>> *per user* on Basic Auth or OAuth or a combination thereof.
>>
>> Go, go gadget data!
>>
>> -Chad
>> Twitter Platform Support
>>
>> On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishel wrote:
>> >
>> > Well it seems as though Twitter is saying that 20k calls per user is
>> > the intended functionality. Chad or someone else can you confirm this?
>> >
>> > Also if the correct functionality is 20k per ip per hour will you then
>> > fail over to 150 per user per hour or is it cut off?
>> >
>> > Thanks
>> >
>> > -Bob
>> >
>> > On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretorius
>> > wrote:
>> >>
>> >> Bob,
>> >>
>> >> Don't base your app on the assumption that it is 20,000 calls per hour
>> >> per user.
>> >>
>> >> You get 20,000 GET calls per whitelisted IP address, period. It does
>> >> not matter if you use those calls for one Twitter account or 10,000
>> >> Twitter accounts.
>> >>
>> >> If the API is currently behaving differently, then it is a bug.
>> >>
>> >> I have had discussions with Twitter engineers about this, and the
>> >> intended behavior is an aggregate 20,000 calls per whitelisted IP
>> >> address as I mentioned above.
>> >>
>> >> Dewald
>> >>
>> >> On Aug 6, 4:09 am, Robert Fishel  wrote:
>> >>> Wowzers (bonus points for getting the reference)
>> >>>
>> >>> It appears as if each user does get 20k (according to the linked
>> >>> threads) this is I think what they intended and makes apps a LOT
>> >>> easier to develop as you can now do rate limiting (ie caching and
>> >>> sleeping etc...) based on each user and not on an entire server pool,
>> >>> makes sessions much cleaner.
>> >>>
>> >>> I am whitelisted and I'll test this tomorrow evening to make double
>> >>> sure but this sounds great!.
>> >>>
>> >>> Thanks
>> >>>
>> >>> -Bob
>> >>>
>> >>> On Thu, Aug 6, 2009 at 2:53 AM, srikanth
>> >>>
>> >>> reddy wrote:
>> >>> > With a whitelisted IP you can make 20k auth calls per hour for each
>> >>> > user.
>> >>> > Once you reach this limit for a user you cannot make  any auth calls
>> >>> > from
>> >>> > that IP in that duration. But the user can still use his 150 limit
>> >>> > from
>> >>> > other apps.
>> >>>
>> >>>
>> >>> > >http://groups.google.com/group/twitter-development-talk/browse_thread...
>> >>>
>> >>> > On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel 
>> >>> > wrote:
>> >>>
>> >>> >> From the Rate Limiting documentation:
>> >>>
>> >>> >> "IP whitelisting takes precedence to account rate limits. GET
>> >>> >> requests
>> >>> >> from a whitelisted IP address made on a user's behalf will be
>> >>> >> deducted
>> >>> >> from the whitelisted IP's limit, not the users. Therefore, IP-based
>> >>> >> whitelisting is a best practice for applications that request many
>> >>> >> users' data."
>> >>>
>> >>> >> Say for example I wanted to simply replicate the twitter website.
>> >>> >> One
>> >>> >> page per user that just monitors for new statuses with
>> >>> >> authenticated
>> >>> >> (to catch protected users) calls to
>> >>> >>http://twitter.com/statuses/friends_timeline.json
>> >>>
>> >>> >> Say I was very popular and had 20k people on the site. Would this
>> >>> >> limit me to 1 call per minute per user or would it fall over to the
>> >>> >> user limit of 150 an hour once I hit my 20k? If so how can I tell
>> >>> >> it
>> >>> >> has fallen over besides for simply keeping track of the number of
>> >>> >> calls per hour my server has made.
>> >>>
>> >>> >> Thanks
>> >>>
>> >>> >> -Bob
>> >
>
>

[twitter-dev] Re: Account Verify Credentials

[Jesse Stay]

What Robert said.  You still need to verify.

On Thu, Aug 6, 2009 at 12:01 PM, Robert Fishel  wrote:

>
> Chris,
>
> I too thought that one should call verify credentials with Oauth. How
> are you suggesting we verify that the token is still active, another
> call to oauth_authenicate/authorize?
>
> Thanks
>
> -Bob
>
> On Thu, Aug 6, 2009 at 7:51 AM, Chris Babcock
> wrote:
> >
> >
> >
> > On Aug 5, 10:15 pm, Jesse Stay  wrote:
> >> On Wed, Aug 5, 2009 at 3:04 AM, Chris Babcock <
> cbabc...@kolonelpanic.com>wrote:
> >>
> >>
> >>
> >> > I would strongly recommend OAuth for verifying users, or at least
> >> > making it an option, as there is a DoS attack possible against service
> >> > providers who rely on this API for access to their app.
> >>
> >> > Chris Babcock
> >>
> >> I'm not sure how OAuth helps, as the problem still exists, even with
> OAuth
> >> users.  Even with OAuth, it is still 15 requests per user per hour on
> >> verify_credentials.  Of course, you probably don't have to run
> >> verify_credentials as often with OAuth, but the problem still exists,
> and
> >> there are cases where I can see this could become an issue.
> >>
> >> Jesse
> >
> > No, you *never* use verify_credentials with OAuth because you never
> > handle user passwords.
> >
> > Take for example those users whose accounts are being slammed by
> > SpamBots. They can still log into Twitter, just not those services
> > that rely on verify_credentials service. Because they can still log in
> > on the Twitter site, they could still authorize OAuth tokens. You will
> > know that they have valid credentials on Twitter if the token has been
> > authorized when they return to your site. It's not necessary for your
> > app to obtain and verify the credentials directly. Your app can
> > completely bypass the rate limited service with its DoS potential.
> >
> > Chris Babcock
> >
> >
>

[twitter-dev] Re: Rate Limiting Question

[Jesse Stay]

Chad, did that change recently?  I was told by Alex and others there that it
was 20,000 calls per hour, period, per IP.  When did that change and why
weren't we notified?  This will save me a lot of money if it is indeed true.
Jesse

On Thu, Aug 6, 2009 at 12:37 PM, Chad Etzel  wrote:

>
> Hi Inspector Gadget, er... Bob,
>
> Yes, the current whitelisted IP rate-limit allows 20k calls per hour
> *per user* on Basic Auth or OAuth or a combination thereof.
>
> Go, go gadget data!
>
> -Chad
> Twitter Platform Support
>
> On Thu, Aug 6, 2009 at 12:13 PM, Robert Fishel wrote:
> >
> > Well it seems as though Twitter is saying that 20k calls per user is
> > the intended functionality. Chad or someone else can you confirm this?
> >
> > Also if the correct functionality is 20k per ip per hour will you then
> > fail over to 150 per user per hour or is it cut off?
> >
> > Thanks
> >
> > -Bob
> >
> > On Thu, Aug 6, 2009 at 7:54 AM, Dewald Pretorius
> wrote:
> >>
> >> Bob,
> >>
> >> Don't base your app on the assumption that it is 20,000 calls per hour
> >> per user.
> >>
> >> You get 20,000 GET calls per whitelisted IP address, period. It does
> >> not matter if you use those calls for one Twitter account or 10,000
> >> Twitter accounts.
> >>
> >> If the API is currently behaving differently, then it is a bug.
> >>
> >> I have had discussions with Twitter engineers about this, and the
> >> intended behavior is an aggregate 20,000 calls per whitelisted IP
> >> address as I mentioned above.
> >>
> >> Dewald
> >>
> >> On Aug 6, 4:09 am, Robert Fishel  wrote:
> >>> Wowzers (bonus points for getting the reference)
> >>>
> >>> It appears as if each user does get 20k (according to the linked
> >>> threads) this is I think what they intended and makes apps a LOT
> >>> easier to develop as you can now do rate limiting (ie caching and
> >>> sleeping etc...) based on each user and not on an entire server pool,
> >>> makes sessions much cleaner.
> >>>
> >>> I am whitelisted and I'll test this tomorrow evening to make double
> >>> sure but this sounds great!.
> >>>
> >>> Thanks
> >>>
> >>> -Bob
> >>>
> >>> On Thu, Aug 6, 2009 at 2:53 AM, srikanth
> >>>
> >>> reddy wrote:
> >>> > With a whitelisted IP you can make 20k auth calls per hour for each
> user.
> >>> > Once you reach this limit for a user you cannot make  any auth calls
> from
> >>> > that IP in that duration. But the user can still use his 150 limit
> from
> >>> > other apps.
> >>>
> >>> >
> http://groups.google.com/group/twitter-development-talk/browse_thread...
> >>>
> >>> > On Thu, Aug 6, 2009 at 7:50 AM, Bob Fishel 
> wrote:
> >>>
> >>> >> From the Rate Limiting documentation:
> >>>
> >>> >> "IP whitelisting takes precedence to account rate limits. GET
> requests
> >>> >> from a whitelisted IP address made on a user's behalf will be
> deducted
> >>> >> from the whitelisted IP's limit, not the users. Therefore, IP-based
> >>> >> whitelisting is a best practice for applications that request many
> >>> >> users' data."
> >>>
> >>> >> Say for example I wanted to simply replicate the twitter website.
> One
> >>> >> page per user that just monitors for new statuses with authenticated
> >>> >> (to catch protected users) calls to
> >>> >>http://twitter.com/statuses/friends_timeline.json
> >>>
> >>> >> Say I was very popular and had 20k people on the site. Would this
> >>> >> limit me to 1 call per minute per user or would it fall over to the
> >>> >> user limit of 150 an hour once I hit my 20k? If so how can I tell it
> >>> >> has fallen over besides for simply keeping track of the number of
> >>> >> calls per hour my server has made.
> >>>
> >>> >> Thanks
> >>>
> >>> >> -Bob
> >
>