[twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-09-01 Thread Michael Babcock 
Well, as a testimony to this less than elegant solution (IMHO), I have
rolled out my app (a PHP add-on for a popular CMS) with the the
customer_key and customer_secret fields blank in a settings type
control panel (db storage). I was very clear to provide a thorough
walk through of the dev.twitter.com application registration process
for my user-base. The walk through takes the site admin all the way
through initial installation, app registration, twitter account
authentication and sending their first tweet using the app. So, far I
have had very few questions as to how to set up the app using the new
system. And I have had no complaints. Hurray!

On Aug 31, 2:08 am, Ken  wrote:
> oops. really, I had thought this through but got carried away with the
> 'transparent installation' idea.
>
> During the installation, the user would authenticate (via the software
> provider or directly with twitter?) - and then be delivered the
> credentials. Sorry.
>
> On Aug 31, 10:58 am, Ken  wrote:
>
>
>
> > It seems that we are talking about two categories of applications.
>
> > 1.) As in the subject of this thread, open-source CMS or other multi-
> > user, membership or blogging systems. This type of system usually has
> > some facility for the admin user/webmaster to change settings such as
> > admin email address, error messages, API keys, etc. It makes sense for
> > each deployment of such a system/module to be registered as a Twitter
> > application (even if it is not an "original" unique application) if
> > only because that way, the source or "via" tag would be a link back to
> > the individual deployment and not to the original developers of the
> > software. In these cases the person installing the system can probably
> > be counted on to have the ability and willingness to go to twitter.com
> > and register an app, following the instructions provided by the
> > software developers (you guys).
>
> > 2.) Single-user server or open-source desktop app. I don't know all
> > the details of Xauth, but it seems to involve some manual effort by
> > Twitter. So apologies up front if the following already exists, has
> > been rejected, or doesn't make sense: If the single-user server or
> > open-source desktop app has been approved by Twitter, why not build in
> > to the app a call to the Twitter API that would create and install the
> > needed credentials? The callback url would be defined by the app, the
> > other properties could be taken from the details proved by the user at
> > install time. This could even be executed transparently during the
> > installation. This new API endpoint would return something like what
> > we now get using "My Access Token."
>
> > Ken
>
> > On Aug 31, 2:30 am, John SJ Anderson  wrote:
>
> > > > I think it's far better developer/business practice to design
> > > > *proprietary* applications that are secure and register them with 
> > > > Twitter
> > > > using xAuth.
>
> > > As has been said time and time again, "proprietary" is not a solution
> > > for this, as any non-hosted app using OAuth can have the keys
> > > extracted from it.
>
> > > Additionally, some of us would like to write Free or Open Source
> > > applications, that people can use on their own machines, without
> > > requiring them to register as Twitter developers. It used to be
> > > possible to do this. 
>
> > > j.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-08-31 Thread Ken 
oops. really, I had thought this through but got carried away with the
'transparent installation' idea.

During the installation, the user would authenticate (via the software
provider or directly with twitter?) - and then be delivered the
credentials. Sorry.

On Aug 31, 10:58 am, Ken  wrote:
> It seems that we are talking about two categories of applications.
>
> 1.) As in the subject of this thread, open-source CMS or other multi-
> user, membership or blogging systems. This type of system usually has
> some facility for the admin user/webmaster to change settings such as
> admin email address, error messages, API keys, etc. It makes sense for
> each deployment of such a system/module to be registered as a Twitter
> application (even if it is not an "original" unique application) if
> only because that way, the source or "via" tag would be a link back to
> the individual deployment and not to the original developers of the
> software. In these cases the person installing the system can probably
> be counted on to have the ability and willingness to go to twitter.com
> and register an app, following the instructions provided by the
> software developers (you guys).
>
> 2.) Single-user server or open-source desktop app. I don't know all
> the details of Xauth, but it seems to involve some manual effort by
> Twitter. So apologies up front if the following already exists, has
> been rejected, or doesn't make sense: If the single-user server or
> open-source desktop app has been approved by Twitter, why not build in
> to the app a call to the Twitter API that would create and install the
> needed credentials? The callback url would be defined by the app, the
> other properties could be taken from the details proved by the user at
> install time. This could even be executed transparently during the
> installation. This new API endpoint would return something like what
> we now get using "My Access Token."
>
> Ken
>
> On Aug 31, 2:30 am, John SJ Anderson  wrote:
>
> > > I think it's far better developer/business practice to design
> > > *proprietary* applications that are secure and register them with Twitter
> > > using xAuth.
>
> > As has been said time and time again, "proprietary" is not a solution
> > for this, as any non-hosted app using OAuth can have the keys
> > extracted from it.
>
> > Additionally, some of us would like to write Free or Open Source
> > applications, that people can use on their own machines, without
> > requiring them to register as Twitter developers. It used to be
> > possible to do this. 
>
> > j.
>
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-08-31 Thread Ken 
It seems that we are talking about two categories of applications.

1.) As in the subject of this thread, open-source CMS or other multi-
user, membership or blogging systems. This type of system usually has
some facility for the admin user/webmaster to change settings such as
admin email address, error messages, API keys, etc. It makes sense for
each deployment of such a system/module to be registered as a Twitter
application (even if it is not an "original" unique application) if
only because that way, the source or "via" tag would be a link back to
the individual deployment and not to the original developers of the
software. In these cases the person installing the system can probably
be counted on to have the ability and willingness to go to twitter.com
and register an app, following the instructions provided by the
software developers (you guys).

2.) Single-user server or open-source desktop app. I don't know all
the details of Xauth, but it seems to involve some manual effort by
Twitter. So apologies up front if the following already exists, has
been rejected, or doesn't make sense: If the single-user server or
open-source desktop app has been approved by Twitter, why not build in
to the app a call to the Twitter API that would create and install the
needed credentials? The callback url would be defined by the app, the
other properties could be taken from the details proved by the user at
install time. This could even be executed transparently during the
installation. This new API endpoint would return something like what
we now get using "My Access Token."

Ken

On Aug 31, 2:30 am, John SJ Anderson  wrote:
> > I think it's far better developer/business practice to design
> > *proprietary* applications that are secure and register them with Twitter
> > using xAuth.
>
> As has been said time and time again, "proprietary" is not a solution
> for this, as any non-hosted app using OAuth can have the keys
> extracted from it.
>
> Additionally, some of us would like to write Free or Open Source
> applications, that people can use on their own machines, without
> requiring them to register as Twitter developers. It used to be
> possible to do this. 
>
> j.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-08-30 Thread John SJ Anderson 
> I think it's far better developer/business practice to design
> *proprietary* applications that are secure and register them with Twitter
> using xAuth.

As has been said time and time again, "proprietary" is not a solution
for this, as any non-hosted app using OAuth can have the keys
extracted from it.

Additionally, some of us would like to write Free or Open Source
applications, that people can use on their own machines, without
requiring them to register as Twitter developers. It used to be
possible to do this. 

j.

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

Re: [twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-08-30 Thread M. Edward (Ed) Borasky 

On Aug 18, 4:22 am, Ken  wrote:

I am new to this thread having seen it over the past few weeks and
wondered what all the fuss was about.

The solution by MindcrimeNL above seems optimal, why is it a
workaround?

Do developers not really want their users to register their own
Twitter app? It's not exactly hard to do. You just need to tell them
what to put for the callback URL...

For opensource systems targeted at non-technical users, don't you
provide a 'control panel' where the admin user can edit their
preferences such as webmaster's email etc?  Just like inserting your
Google maps API key, Adsense id, Amazon associates id, etc.

For applications with a more technical installation, you'd just have
them edit a config file.



Quoting Michael Babcock :


I think the issue is really that it is not a very elegant solution and
is outside the realm of a standard non-technical persons experience.
The whole idea of having the end-user register a pre-built app as
their own is cumbersome. That said it is the only real solution to the
dilemma. It is the solution that I have chosen for my own apps.


It depends on the end user and application. If the application  
provides a compelling solution to a real problem that they have, the  
inconvenience of oAuth registration won't matter. If it doesn't, the  
*application* won't matter. ;-)


I suspect that Twitter's human infrastructure, if not its technical  
one, would rebel at a mass-market application where each of hundreds  
or thousands of users had his/her own consumer key and secret in  
addition to a Twitter account. I think it's far better  
developer/business practice to design *proprietary* applications that  
are secure and register them with Twitter using xAuth.


--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb

"A mathematician is a device for turning coffee into theorems." - Paul Erdos


--
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk?hl=en

[twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-08-30 Thread Michael Babcock 
I think the issue is really that it is not a very elegant solution and
is outside the realm of a standard non-technical persons experience.
The whole idea of having the end-user register a pre-built app as
their own is cumbersome. That said it is the only real solution to the
dilemma. It is the solution that I have chosen for my own apps.


On Aug 18, 4:22 am, Ken  wrote:
> I am new to this thread having seen it over the past few weeks and
> wondered what all the fuss was about.
>
> The solution by MindcrimeNL above seems optimal, why is it a
> workaround?
>
> Do developers not really want their users to register their own
> Twitter app? It's not exactly hard to do. You just need to tell them
> what to put for the callback URL...
>
> For opensource systems targeted at non-technical users, don't you
> provide a 'control panel' where the admin user can edit their
> preferences such as webmaster's email etc?  Just like inserting your
> Google maps API key, Adsense id, Amazon associates id, etc.
>
> For applications with a more technical installation, you'd just have
> them edit a config file.
>
> On Aug 18, 11:34 am, MindcrimeNL  wrote:
>
>
>
> > Still no 
> > solution:http://groups.google.com/group/twitter-development-talk/msg/58b4b54d4...
> > After that initial message, it is apparently still not available...
>
> > I've released my module by explaining in the readme how webmasters can
> > add their own application and obtain the consumer public and secret
> > key for their application and giving them an option to enter them in
> > the module.
> > I'm not really happy about this workaround... It just sucks...
>
> > On Aug 1, 2:19 am, Michael Babcock  wrote:
>
> > > Sorry for the confusion. I mean web application developers. There are
> > > quit a number ofopen-sourceweb apps for twitter. Besides standalone
> > > apps, there are also, add-ons for all the various CMS solutions out
> > > there, written in PHP, Perl, etc.
>
> > > On Jul 27, 2:02 pm, "M. Edward (Ed) Borasky" 
> > > research.net> wrote:
> > > > There are plenty ofopensource*library* developers, and plenty of  
> > > > applications that useopensourcelibraries, but not all that many  
> > > >opensourcefull applications. The only ones I can think of at the  
> > > > moment are Gwibber (Gnome), Choqok (KDE), mine (Social Media Analytics  
> > > > Research Toolkit), Spaz, get2gnow, and ttytter. IMHO Choqok and  
> > > > Gwibber are lame - I use CoTweet or Twitter.com on my desktop and  
> > > > mobile.twitter.com, Twitter, Twidroid, Seesmic, Touiteur and Peep on  
> > > > my HTC Verizon Droid Incredible.
>
> > > > The Twitter piece of Social Media Analytics Research Toolkit is at the  
> > > > moment read only, and as I noted earlier the main reason I even looked  
> > > > at oAuth was to get the 1500 (read) API calls per hour. Given the  
> > > > small number of users I have at the moment, it wouldn't be all that  
> > > > difficult to "upgrade" them to oAuth and 350 calls per hour one at a  
> > > > time by hand - all that would be required is to license that piece of  
> > > > code separately. ;-)
> > > > --
> > > > M. Edward (Ed) 
> > > > Boraskyhttp://borasky-research.nethttp://twitter.com/znmeb
>
> > > > "A mathematician is a device for turning coffee into theorems." - Paul 
> > > > Erdos
>
> > > > Quoting Michael Babcock :
>
> > > > > Correct me if I am wrong, but doesn't Twitter risk loosing a large
> > > > > percentage of their third partyopen-sourcedevelopers, by not having
> > > > > a solid solution for the required OAuth security changes in time for
> > > > > the deadline?
>
> > > > > I can only guess, but, I would think that theopen-sourcesegment
> > > > > would count for quite a large number of independent developers, all
> > > > > eager to build for and promote the Twitter vision.
>
> > > > > Michael
>
> > > > > On Jul 27, 8:59 am, Taylor Singletary 
> > > > > wrote:
> > > > >> Hi Folks,
>
> > > > >> There are a few hold ups to rolling this out more widely, the most 
> > > > >> pressing
> > > > >> being that we are currently unable to serve SSL content on
> > > > >> dev.twitter.com-- there are also better solutions than this
> > > > >> rudimentary one that we simply
> > > > >> can't implement yet. We're also concerned with releasing (and 
> > > > >> supporting) a
> > > > >> solution widely that we'll soon want to deprecate.
>
> > > > >> Taylor
>
> > > > >> On Tue, Jul 27, 2010 at 8:53 AM, Cameron Kaiser 
> > > > >> wrote:
>
> > > > >> > > I have the same question. I need to add Twitter OAuth to my 
> > > > >> > > widely
> > > > >> > > distributed PHP basedopen-sourceCMS add-on. All the documentation
> > > > >> > > says never ever distribute your consumer secret, which I 
> > > > >> > > understand
> > > > >> > > why this would be a bad idea. Yet all of the 
> > > > >> > > documentation/examples I
> > > > >> > > have found require that the consumer secret be hard-coded into 
> > > > >> > > the
> > > > >> > >source.
>
> > > > >> > > The clo

[twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-08-18 Thread Ken 
I am new to this thread having seen it over the past few weeks and
wondered what all the fuss was about.

The solution by MindcrimeNL above seems optimal, why is it a
workaround?

Do developers not really want their users to register their own
Twitter app? It's not exactly hard to do. You just need to tell them
what to put for the callback URL...

For opensource systems targeted at non-technical users, don't you
provide a 'control panel' where the admin user can edit their
preferences such as webmaster's email etc?  Just like inserting your
Google maps API key, Adsense id, Amazon associates id, etc.

For applications with a more technical installation, you'd just have
them edit a config file.

On Aug 18, 11:34 am, MindcrimeNL  wrote:
> Still no 
> solution:http://groups.google.com/group/twitter-development-talk/msg/58b4b54d4...
> After that initial message, it is apparently still not available...
>
> I've released my module by explaining in the readme how webmasters can
> add their own application and obtain the consumer public and secret
> key for their application and giving them an option to enter them in
> the module.
> I'm not really happy about this workaround... It just sucks...
>
> On Aug 1, 2:19 am, Michael Babcock  wrote:
>
> > Sorry for the confusion. I mean web application developers. There are
> > quit a number of open-source web apps for twitter. Besides standalone
> > apps, there are also, add-ons for all the various CMS solutions out
> > there, written in PHP, Perl, etc.
>
> > On Jul 27, 2:02 pm, "M. Edward (Ed) Borasky" 
> > research.net> wrote:
> > > There are plenty of open source *library* developers, and plenty of  
> > > applications that use open source libraries, but not all that many  
> > > open source full applications. The only ones I can think of at the  
> > > moment are Gwibber (Gnome), Choqok (KDE), mine (Social Media Analytics  
> > > Research Toolkit), Spaz, get2gnow, and ttytter. IMHO Choqok and  
> > > Gwibber are lame - I use CoTweet or Twitter.com on my desktop and  
> > > mobile.twitter.com, Twitter, Twidroid, Seesmic, Touiteur and Peep on  
> > > my HTC Verizon Droid Incredible.
>
> > > The Twitter piece of Social Media Analytics Research Toolkit is at the  
> > > moment read only, and as I noted earlier the main reason I even looked  
> > > at oAuth was to get the 1500 (read) API calls per hour. Given the  
> > > small number of users I have at the moment, it wouldn't be all that  
> > > difficult to "upgrade" them to oAuth and 350 calls per hour one at a  
> > > time by hand - all that would be required is to license that piece of  
> > > code separately. ;-)
> > > --
> > > M. Edward (Ed) Boraskyhttp://borasky-research.nethttp://twitter.com/znmeb
>
> > > "A mathematician is a device for turning coffee into theorems." - Paul 
> > > Erdos
>
> > > Quoting Michael Babcock :
>
> > > > Correct me if I am wrong, but doesn't Twitter risk loosing a large
> > > > percentage of their third party open-source developers, by not having
> > > > a solid solution for the required OAuth security changes in time for
> > > > the deadline?
>
> > > > I can only guess, but, I would think that the open-source segment
> > > > would count for quite a large number of independent developers, all
> > > > eager to build for and promote the Twitter vision.
>
> > > > Michael
>
> > > > On Jul 27, 8:59 am, Taylor Singletary 
> > > > wrote:
> > > >> Hi Folks,
>
> > > >> There are a few hold ups to rolling this out more widely, the most 
> > > >> pressing
> > > >> being that we are currently unable to serve SSL content on
> > > >> dev.twitter.com-- there are also better solutions than this
> > > >> rudimentary one that we simply
> > > >> can't implement yet. We're also concerned with releasing (and 
> > > >> supporting) a
> > > >> solution widely that we'll soon want to deprecate.
>
> > > >> Taylor
>
> > > >> On Tue, Jul 27, 2010 at 8:53 AM, Cameron Kaiser 
> > > >> wrote:
>
> > > >> > > I have the same question. I need to add Twitter OAuth to my widely
> > > >> > > distributed PHP based open-source CMS add-on. All the documentation
> > > >> > > says never ever distribute your consumer secret, which I understand
> > > >> > > why this would be a bad idea. Yet all of the 
> > > >> > > documentation/examples I
> > > >> > > have found require that the consumer secret be hard-coded into the
> > > >> > > source.
>
> > > >> > > The closes thing I have found, that doesn't require the consumer
> > > >> > > secret embedded in the source, is a description of how it might 
> > > >> > > work,
>
> > > >> >http://groups.google.com/group/twitter-development-talk/browse_thread...
> > > >> > > But, I cannot find any docs/examples where this scenario has 
> > > >> > > actually
> > > >> > > been implemented.
>
> > > >> > It does exist. While I can't speak for Twitter and whatever  
> > > >> internal issues
> > > >> > are slowing up its rollout, TTYtter has been a test bed for the key
> > > >> > exchange
> > > >> > for s

[twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-08-18 Thread MindcrimeNL 
Still no solution:
http://groups.google.com/group/twitter-development-talk/msg/58b4b54d41b3ce4f
After that initial message, it is apparently still not available...

I've released my module by explaining in the readme how webmasters can
add their own application and obtain the consumer public and secret
key for their application and giving them an option to enter them in
the module.
I'm not really happy about this workaround... It just sucks...


On Aug 1, 2:19 am, Michael Babcock  wrote:
> Sorry for the confusion. I mean web application developers. There are
> quit a number of open-source web apps for twitter. Besides standalone
> apps, there are also, add-ons for all the various CMS solutions out
> there, written in PHP, Perl, etc.
>
> On Jul 27, 2:02 pm, "M. Edward (Ed) Borasky" 
> research.net> wrote:
> > There are plenty of open source *library* developers, and plenty of  
> > applications that use open source libraries, but not all that many  
> > open source full applications. The only ones I can think of at the  
> > moment are Gwibber (Gnome), Choqok (KDE), mine (Social Media Analytics  
> > Research Toolkit), Spaz, get2gnow, and ttytter. IMHO Choqok and  
> > Gwibber are lame - I use CoTweet or Twitter.com on my desktop and  
> > mobile.twitter.com, Twitter, Twidroid, Seesmic, Touiteur and Peep on  
> > my HTC Verizon Droid Incredible.
>
> > The Twitter piece of Social Media Analytics Research Toolkit is at the  
> > moment read only, and as I noted earlier the main reason I even looked  
> > at oAuth was to get the 1500 (read) API calls per hour. Given the  
> > small number of users I have at the moment, it wouldn't be all that  
> > difficult to "upgrade" them to oAuth and 350 calls per hour one at a  
> > time by hand - all that would be required is to license that piece of  
> > code separately. ;-)
> > --
> > M. Edward (Ed) Boraskyhttp://borasky-research.nethttp://twitter.com/znmeb
>
> > "A mathematician is a device for turning coffee into theorems." - Paul Erdos
>
> > Quoting Michael Babcock :
>
> > > Correct me if I am wrong, but doesn't Twitter risk loosing a large
> > > percentage of their third party open-source developers, by not having
> > > a solid solution for the required OAuth security changes in time for
> > > the deadline?
>
> > > I can only guess, but, I would think that the open-source segment
> > > would count for quite a large number of independent developers, all
> > > eager to build for and promote the Twitter vision.
>
> > > Michael
>
> > > On Jul 27, 8:59 am, Taylor Singletary 
> > > wrote:
> > >> Hi Folks,
>
> > >> There are a few hold ups to rolling this out more widely, the most 
> > >> pressing
> > >> being that we are currently unable to serve SSL content on
> > >> dev.twitter.com-- there are also better solutions than this
> > >> rudimentary one that we simply
> > >> can't implement yet. We're also concerned with releasing (and 
> > >> supporting) a
> > >> solution widely that we'll soon want to deprecate.
>
> > >> Taylor
>
> > >> On Tue, Jul 27, 2010 at 8:53 AM, Cameron Kaiser 
> > >> wrote:
>
> > >> > > I have the same question. I need to add Twitter OAuth to my widely
> > >> > > distributed PHP based open-source CMS add-on. All the documentation
> > >> > > says never ever distribute your consumer secret, which I understand
> > >> > > why this would be a bad idea. Yet all of the documentation/examples I
> > >> > > have found require that the consumer secret be hard-coded into the
> > >> > > source.
>
> > >> > > The closes thing I have found, that doesn't require the consumer
> > >> > > secret embedded in the source, is a description of how it might work,
>
> > >> >http://groups.google.com/group/twitter-development-talk/browse_thread...
> > >> > > But, I cannot find any docs/examples where this scenario has actually
> > >> > > been implemented.
>
> > >> > It does exist. While I can't speak for Twitter and whatever  
> > >> internal issues
> > >> > are slowing up its rollout, TTYtter has been a test bed for the key
> > >> > exchange
> > >> > for some time now. Most of the users have found the process painless. 
> > >> > You
> > >> > can
> > >> > see how a sample workflow works in the documentation, or try it 
> > >> > yourself.
> > >> > The
> > >> > app itself is open Perl.
>
> > >> >        http://www.floodgap.com/software/ttytter/
>
> > >> > I'm sure Taylor will comment on what will be happening to roll it out 
> > >> > to
> > >> > more
> > >> > potential consumers.
>
> > >> > --
> > >> >  personal:
> > >> >http://www.cameronkaiser.com/--
> > >> >  Cameron Kaiser * Floodgap Systems *www.floodgap.com*
> > >> > ckai...@floodgap.com
> > >> > -- People are weird. -- Law & Order SVU
> > >> > ---

[twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-08-01 Thread Michael Babcock 
Sorry for the confusion. I mean web application developers. There are
quit a number of open-source web apps for twitter. Besides standalone
apps, there are also, add-ons for all the various CMS solutions out
there, written in PHP, Perl, etc.

On Jul 27, 2:02 pm, "M. Edward (Ed) Borasky"  wrote:
> There are plenty of open source *library* developers, and plenty of  
> applications that use open source libraries, but not all that many  
> open source full applications. The only ones I can think of at the  
> moment are Gwibber (Gnome), Choqok (KDE), mine (Social Media Analytics  
> Research Toolkit), Spaz, get2gnow, and ttytter. IMHO Choqok and  
> Gwibber are lame - I use CoTweet or Twitter.com on my desktop and  
> mobile.twitter.com, Twitter, Twidroid, Seesmic, Touiteur and Peep on  
> my HTC Verizon Droid Incredible.
>
> The Twitter piece of Social Media Analytics Research Toolkit is at the  
> moment read only, and as I noted earlier the main reason I even looked  
> at oAuth was to get the 1500 (read) API calls per hour. Given the  
> small number of users I have at the moment, it wouldn't be all that  
> difficult to "upgrade" them to oAuth and 350 calls per hour one at a  
> time by hand - all that would be required is to license that piece of  
> code separately. ;-)
> --
> M. Edward (Ed) Boraskyhttp://borasky-research.nethttp://twitter.com/znmeb
>
> "A mathematician is a device for turning coffee into theorems." - Paul Erdos
>
> Quoting Michael Babcock :
>
> > Correct me if I am wrong, but doesn't Twitter risk loosing a large
> > percentage of their third party open-source developers, by not having
> > a solid solution for the required OAuth security changes in time for
> > the deadline?
>
> > I can only guess, but, I would think that the open-source segment
> > would count for quite a large number of independent developers, all
> > eager to build for and promote the Twitter vision.
>
> > Michael
>
> > On Jul 27, 8:59 am, Taylor Singletary 
> > wrote:
> >> Hi Folks,
>
> >> There are a few hold ups to rolling this out more widely, the most pressing
> >> being that we are currently unable to serve SSL content on
> >> dev.twitter.com-- there are also better solutions than this
> >> rudimentary one that we simply
> >> can't implement yet. We're also concerned with releasing (and supporting) a
> >> solution widely that we'll soon want to deprecate.
>
> >> Taylor
>
> >> On Tue, Jul 27, 2010 at 8:53 AM, Cameron Kaiser 
> >> wrote:
>
> >> > > I have the same question. I need to add Twitter OAuth to my widely
> >> > > distributed PHP based open-source CMS add-on. All the documentation
> >> > > says never ever distribute your consumer secret, which I understand
> >> > > why this would be a bad idea. Yet all of the documentation/examples I
> >> > > have found require that the consumer secret be hard-coded into the
> >> > > source.
>
> >> > > The closes thing I have found, that doesn't require the consumer
> >> > > secret embedded in the source, is a description of how it might work,
>
> >> >http://groups.google.com/group/twitter-development-talk/browse_thread...
> >> > > But, I cannot find any docs/examples where this scenario has actually
> >> > > been implemented.
>
> >> > It does exist. While I can't speak for Twitter and whatever  
> >> internal issues
> >> > are slowing up its rollout, TTYtter has been a test bed for the key
> >> > exchange
> >> > for some time now. Most of the users have found the process painless. You
> >> > can
> >> > see how a sample workflow works in the documentation, or try it yourself.
> >> > The
> >> > app itself is open Perl.
>
> >> >        http://www.floodgap.com/software/ttytter/
>
> >> > I'm sure Taylor will comment on what will be happening to roll it out to
> >> > more
> >> > potential consumers.
>
> >> > --
> >> >  personal:
> >> >http://www.cameronkaiser.com/--
> >> >  Cameron Kaiser * Floodgap Systems *www.floodgap.com*
> >> > ckai...@floodgap.com
> >> > -- People are weird. -- Law & Order SVU
> >> > ---

Re: [twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-07-29 Thread John SJ Anderson 
On Tue, Jul 27, 2010 at 17:02, M. Edward (Ed) Borasky
 wrote:
> There are plenty of open source *library* developers, and plenty of
> applications that use open source libraries, but not all that many open
> source full applications. The only ones I can think of at the moment are
> Gwibber (Gnome), Choqok (KDE), mine (Social Media Analytics Research
> Toolkit), Spaz, get2gnow, and ttytter.

It's not quite ready for "civilian" usage and I've been lax with new
development work while waiting for Twitter to figure out this
particular issue, but



is a "full application" too.


chrs,
john.

Re: [twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-07-28 Thread M. Edward (Ed) Borasky 
Is this scheme available for all open source applications to test, or  
is TTYtter the only one using it at the moment?

--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb

"A mathematician is a device for turning coffee into theorems." - Paul Erdos


Quoting Cameron Kaiser :


I have the same question. I need to add Twitter OAuth to my widely
distributed PHP based open-source CMS add-on. All the documentation
says never ever distribute your consumer secret, which I understand
why this would be a bad idea. Yet all of the documentation/examples I
have found require that the consumer secret be hard-coded into the
source.

The closes thing I have found, that doesn't require the consumer
secret embedded in the source, is a description of how it might work,
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c18ade9d86c8b239
But, I cannot find any docs/examples where this scenario has actually
been implemented.


It does exist. While I can't speak for Twitter and whatever internal issues
are slowing up its rollout, TTYtter has been a test bed for the key exchange
for some time now. Most of the users have found the process painless. You can
see how a sample workflow works in the documentation, or try it yourself. The
app itself is open Perl.

http://www.floodgap.com/software/ttytter/

I'm sure Taylor will comment on what will be happening to roll it out to more
potential consumers.

--
 personal:   
http://www.cameronkaiser.com/ --

  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- People are weird. -- Law & Order SVU   
---

Re: [twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-07-27 Thread M. Edward (Ed) Borasky 
There are plenty of open source *library* developers, and plenty of  
applications that use open source libraries, but not all that many  
open source full applications. The only ones I can think of at the  
moment are Gwibber (Gnome), Choqok (KDE), mine (Social Media Analytics  
Research Toolkit), Spaz, get2gnow, and ttytter. IMHO Choqok and  
Gwibber are lame - I use CoTweet or Twitter.com on my desktop and  
mobile.twitter.com, Twitter, Twidroid, Seesmic, Touiteur and Peep on  
my HTC Verizon Droid Incredible.


The Twitter piece of Social Media Analytics Research Toolkit is at the  
moment read only, and as I noted earlier the main reason I even looked  
at oAuth was to get the 1500 (read) API calls per hour. Given the  
small number of users I have at the moment, it wouldn't be all that  
difficult to "upgrade" them to oAuth and 350 calls per hour one at a  
time by hand - all that would be required is to license that piece of  
code separately. ;-)

--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb

"A mathematician is a device for turning coffee into theorems." - Paul Erdos


Quoting Michael Babcock :


Correct me if I am wrong, but doesn't Twitter risk loosing a large
percentage of their third party open-source developers, by not having
a solid solution for the required OAuth security changes in time for
the deadline?

I can only guess, but, I would think that the open-source segment
would count for quite a large number of independent developers, all
eager to build for and promote the Twitter vision.

Michael

On Jul 27, 8:59 am, Taylor Singletary 
wrote:

Hi Folks,

There are a few hold ups to rolling this out more widely, the most pressing
being that we are currently unable to serve SSL content on
dev.twitter.com-- there are also better solutions than this
rudimentary one that we simply
can't implement yet. We're also concerned with releasing (and supporting) a
solution widely that we'll soon want to deprecate.

Taylor

On Tue, Jul 27, 2010 at 8:53 AM, Cameron Kaiser wrote:



> > I have the same question. I need to add Twitter OAuth to my widely
> > distributed PHP based open-source CMS add-on. All the documentation
> > says never ever distribute your consumer secret, which I understand
> > why this would be a bad idea. Yet all of the documentation/examples I
> > have found require that the consumer secret be hard-coded into the
> > source.

> > The closes thing I have found, that doesn't require the consumer
> > secret embedded in the source, is a description of how it might work,

>http://groups.google.com/group/twitter-development-talk/browse_thread...
> > But, I cannot find any docs/examples where this scenario has actually
> > been implemented.

> It does exist. While I can't speak for Twitter and whatever   
internal issues

> are slowing up its rollout, TTYtter has been a test bed for the key
> exchange
> for some time now. Most of the users have found the process painless. You
> can
> see how a sample workflow works in the documentation, or try it yourself.
> The
> app itself is open Perl.

>        http://www.floodgap.com/software/ttytter/

> I'm sure Taylor will comment on what will be happening to roll it out to
> more
> potential consumers.

> --
>  personal:
>http://www.cameronkaiser.com/--
>  Cameron Kaiser * Floodgap Systems *www.floodgap.com*
> ckai...@floodgap.com
> -- People are weird. -- Law & Order SVU
> ---

[twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-07-27 Thread Michael Babcock 
Correct me if I am wrong, but doesn't Twitter risk loosing a large
percentage of their third party open-source developers, by not having
a solid solution for the required OAuth security changes in time for
the deadline?

I can only guess, but, I would think that the open-source segment
would count for quite a large number of independent developers, all
eager to build for and promote the Twitter vision.

Michael

On Jul 27, 8:59 am, Taylor Singletary 
wrote:
> Hi Folks,
>
> There are a few hold ups to rolling this out more widely, the most pressing
> being that we are currently unable to serve SSL content on
> dev.twitter.com-- there are also better solutions than this
> rudimentary one that we simply
> can't implement yet. We're also concerned with releasing (and supporting) a
> solution widely that we'll soon want to deprecate.
>
> Taylor
>
> On Tue, Jul 27, 2010 at 8:53 AM, Cameron Kaiser wrote:
>
>
>
> > > I have the same question. I need to add Twitter OAuth to my widely
> > > distributed PHP based open-source CMS add-on. All the documentation
> > > says never ever distribute your consumer secret, which I understand
> > > why this would be a bad idea. Yet all of the documentation/examples I
> > > have found require that the consumer secret be hard-coded into the
> > > source.
>
> > > The closes thing I have found, that doesn't require the consumer
> > > secret embedded in the source, is a description of how it might work,
>
> >http://groups.google.com/group/twitter-development-talk/browse_thread...
> > > But, I cannot find any docs/examples where this scenario has actually
> > > been implemented.
>
> > It does exist. While I can't speak for Twitter and whatever internal issues
> > are slowing up its rollout, TTYtter has been a test bed for the key
> > exchange
> > for some time now. Most of the users have found the process painless. You
> > can
> > see how a sample workflow works in the documentation, or try it yourself.
> > The
> > app itself is open Perl.
>
> >        http://www.floodgap.com/software/ttytter/
>
> > I'm sure Taylor will comment on what will be happening to roll it out to
> > more
> > potential consumers.
>
> > --
> >  personal:
> >http://www.cameronkaiser.com/--
> >  Cameron Kaiser * Floodgap Systems *www.floodgap.com*
> > ckai...@floodgap.com
> > -- People are weird. -- Law & Order SVU
> > ---

Re: [twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-07-27 Thread Taylor Singletary 
Hi Folks,

There are a few hold ups to rolling this out more widely, the most pressing
being that we are currently unable to serve SSL content on
dev.twitter.com-- there are also better solutions than this
rudimentary one that we simply
can't implement yet. We're also concerned with releasing (and supporting) a
solution widely that we'll soon want to deprecate.

Taylor

On Tue, Jul 27, 2010 at 8:53 AM, Cameron Kaiser wrote:

> > I have the same question. I need to add Twitter OAuth to my widely
> > distributed PHP based open-source CMS add-on. All the documentation
> > says never ever distribute your consumer secret, which I understand
> > why this would be a bad idea. Yet all of the documentation/examples I
> > have found require that the consumer secret be hard-coded into the
> > source.
> >
> > The closes thing I have found, that doesn't require the consumer
> > secret embedded in the source, is a description of how it might work,
> >
> http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c18ade9d86c8b239
> > But, I cannot find any docs/examples where this scenario has actually
> > been implemented.
>
> It does exist. While I can't speak for Twitter and whatever internal issues
> are slowing up its rollout, TTYtter has been a test bed for the key
> exchange
> for some time now. Most of the users have found the process painless. You
> can
> see how a sample workflow works in the documentation, or try it yourself.
> The
> app itself is open Perl.
>
>http://www.floodgap.com/software/ttytter/
>
> I'm sure Taylor will comment on what will be happening to roll it out to
> more
> potential consumers.
>
> --
>  personal:
> http://www.cameronkaiser.com/ --
>  Cameron Kaiser * Floodgap Systems * www.floodgap.com *
> ckai...@floodgap.com
> -- People are weird. -- Law & Order SVU
> ---
>

Re: [twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-07-27 Thread Cameron Kaiser 
> I have the same question. I need to add Twitter OAuth to my widely
> distributed PHP based open-source CMS add-on. All the documentation
> says never ever distribute your consumer secret, which I understand
> why this would be a bad idea. Yet all of the documentation/examples I
> have found require that the consumer secret be hard-coded into the
> source.
> 
> The closes thing I have found, that doesn't require the consumer
> secret embedded in the source, is a description of how it might work,
> http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c18ade9d86c8b239
> But, I cannot find any docs/examples where this scenario has actually
> been implemented.

It does exist. While I can't speak for Twitter and whatever internal issues
are slowing up its rollout, TTYtter has been a test bed for the key exchange
for some time now. Most of the users have found the process painless. You can
see how a sample workflow works in the documentation, or try it yourself. The
app itself is open Perl.

http://www.floodgap.com/software/ttytter/

I'm sure Taylor will comment on what will be happening to roll it out to more
potential consumers.

-- 
 personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckai...@floodgap.com
-- People are weird. -- Law & Order SVU ---

Re: [twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-07-27 Thread M. Edward (Ed) Borasky 
I too have been developing open source Twitter applications. I'm using  
Perl though, not PHP. I am about to release all of my code that  
operates *unauthenticated* in open source form, but I am strongly  
leaning now towards *not* providing open source solutions for  
authenticated access to the Twitter API.


The risks are too great and the rewards are too small. Perhaps when  
the oAuth-authenticated API is *delivering* the 1500 calls per hour  
promised, the rewards will change, but right now, for things like  
tweet and user data acquisition, there's not enough difference between  
the unauthenticated 150 and the oAuth 350 calls per hour to justify  
the extra code.


--
M. Edward (Ed) Borasky
http://borasky-research.net http://twitter.com/znmeb

"A mathematician is a device for turning coffee into theorems." - Paul Erdos

[twitter-dev] Re: Open Source CMS Module and Consumer Secret

2010-07-27 Thread Michael Babcock 
I have the same question. I need to add Twitter OAuth to my widely
distributed PHP based open-source CMS add-on. All the documentation
says never ever distribute your consumer secret, which I understand
why this would be a bad idea. Yet all of the documentation/examples I
have found require that the consumer secret be hard-coded into the
source.

The closes thing I have found, that doesn't require the consumer
secret embedded in the source, is a description of how it might work,
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c18ade9d86c8b239
But, I cannot find any docs/examples where this scenario has actually
been implemented.

On Jul 23, 6:06 am, MindcrimeNL  wrote:
> I'm sorry if this has been asked before:
>
> I've written a twitter module for ClanSphere Clan CMS and I'm now
> converting it to use OAuth.
> I finally got it working, but I have question about theConsumerSecret.
>
> I registered the application under my twitter account and obtained 
> aConsumerKey andConsumerSecret.
>
> The module is (will be) publicly available for download and webmasters
> just have to install the module in their own ClanSphere Clan CMS to be
> able to use it and make it possible for all users on their website to
> post tweets via that module.
>
> But, to prevent the hassle of all these webmasters, so that they not
> need to register an application on their own and install their ownConsumerKey 
> andConsumerSecret. How do I make it possible that every
> can make use of my registered application? As I understand from the
> name, theConsumerSecretis "secret", so I should not distribute it
> to the community...
>
> Every user should (as access tokens currently don't expire) only need
> to allow my application only once, in order to be able to use the
> twitter module:
> "An application would like to connect to your account
> The application ClanSphere Module by Mindcrime, Geh aB Clan would like
> the ability to access and update your data on Twitter. Not using
> Twitter? Sign up and Join the Conversation!
>
> ALLOW | DENY"
>
> Sorry, but a lot of the webmasters, using CMS systems, don't know
> anything about code/PHPand are just capable of uploading some
> files... I would not like to think that I have to explain to them how
> to register the application in Twitter and change the code in the
> correct place...
>
> How can anyone make a public module that way?
>
> Thanks for the help...