[twitter-dev] Re: New Twist To Follow Terms Violations

2009-07-24 Thread Joshua Perry
Think about a bot who just bulk follows random people, it then would kept track of users who didn't blindly or automatically follow back and dump them quickly and try following another batch of users so that it wouldn't bust it's follow ratio limit. Using this strategy a bot could eventually

[twitter-dev] Re: Updating the APIs authentication limiting policy

2009-07-24 Thread Joshua Perry
Jim's concern is valid, fortunately OAuth is immune to brute-force attacks once the access key has been issued to an application. For this reason alone I would urge people to switch to OAuth if at all possible. I would hope (and assume) that if login attempts for an account are locked out th

[twitter-dev] Native OAuth Flow PIN Checksum

2009-07-09 Thread Joshua Perry
I opened an issue for this if anyone is interested in starring it: http://code.google.com/p/twitter-api/issues/detail?id=823

[twitter-dev] Re: OAuth Desktop Application Changes - Incompatibility Alert

2009-07-05 Thread Joshua Perry
Would it be possible to make the last number of the PIN a mod 10 checkdigit? This would allow applications to validate the PIN without having to do a hit to the oAuth webservice, say in the case that the user accidentally missed one of the digits when copying them from the page, or perhaps the

[twitter-dev] Re: OAuth Desktop Application Changes - Incompatibility Alert

2009-07-05 Thread Joshua Perry
Can we change the wording on the PIN page of the desktop workflow? Currently it is worded as follows: You've successfully granted access to ! Enter the following PIN when prompted by Obviously a desktop application has no idea that this flow actually completed, and hence has no way to "prompt

[twitter-dev] Re: IP Address range

2009-04-18 Thread Joshua Perry
I'll be honest, filtering outbound traffic is very draconian. Is this a company server, or are you guys renting a hosted server yourselves? If it is the latter I would tell them to accept all outbound traffic or switch hosts. billbarn42 wrote: I've got a python script that is monitoring t

[twitter-dev] Re: Rate limit status with OAuth

2009-04-03 Thread Joshua Perry
The best thing to do is watch the ticket... I believe that Matt ( a Twitter developer) is actively working it and could use some input. http://code.google.com/p/twitter-api/issues/detail?id=376 personalhypequoti...@gmail.com wrote: I'm seeing the same thing. If I use Basic Auth, everything

[twitter-dev] Re: reply_to_status_id == 0

2009-04-01 Thread Joshua Perry
http://twitter.com/dougw On Tue, Mar 31, 2009 at 9:15 PM, Joshua Perry <mailto:j...@6bit.com>> wrote: I'm working on Favorites and a user of ours has status id #773146783 which for some reason is showing reply_to_status_id of 0. This is mucking with my parsing code and I

[twitter-dev] reply_to_status_id == 0

2009-03-31 Thread Joshua Perry
I'm working on Favorites and a user of ours has status id #773146783 which for some reason is showing reply_to_status_id of 0. This is mucking with my parsing code and I'd rather not add a special-case. Any one else seeing similar issues, have suggestions?

[twitter-dev] Re: Source Tag

2009-03-31 Thread Joshua Perry
CURLOPT_USERPWD, "$username:$password"); $buffer = curl_exec($curl_handle); curl_close($curl_handle); On Tue, Mar 31, 2009 at 7:54 PM, Joshua Perry <mailto:j...@6bit.com>> wrote: There isn't alot of information out there about Source=Tagname. Does this ha

[twitter-dev] Source Tag

2009-03-31 Thread Joshua Perry
There isn't alot of information out there about Source=Tagname. Does this have to be supplied on the querystring? It doesn't seem to be working when we send it as a post variable. Josh

[twitter-dev] Re: statuses/replies now include mentions

2009-03-31 Thread Joshua Perry
This hasn't been said but I'm assuming this is only for tweets from this point forward, as I don't see any tweets from the past that "mention" my username... Doug Williams wrote: Devs, Before today calls to statuses/replies [1] would return only tweets that were prefixed with a @username. A

[twitter-dev] Re: The OAuth Conundrum

2009-03-28 Thread Joshua Perry
Matt, Thank you for putting an official word in here, it is nice to not have to speculate on some matters any longer. I can tell by the lack of responses to my posts that people don't totally agree with my feelings on the subject. I don't try to be confrontational, I just tend to be very li

[twitter-dev] Re: Fsockopen Over SSL?

2009-03-28 Thread Joshua Perry
Are you correctly formatting the HOST header? http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.23 Abraham Williams wrote: I've been playing around using fsockopen to interact with the API but I"m having issues getting ssl to work. My understanding is the call should look something

[twitter-dev] Re: The OAuth Conundrum

2009-03-27 Thread Joshua Perry
give them the impression that everything is great. Use OAuth where it was meant and designed to be used, in the realm of third party delegation and revocation, and leave it there. Steve Brunton wrote: On Fri, Mar 27, 2009 at 12:33 PM, Joshua Perry wrote: Seriously guys, whats the point

[twitter-dev] Re: The OAuth Conundrum

2009-03-27 Thread Joshua Perry
Seriously guys, whats the point in implementing OAuth for stuff like this? Why do you need to "delegate" access rights to your scripts, your scripts _are_ you, acting as a proxy to the Twitter API as you. OAuth is for delegating access to a third party and is not the right tool for this job,

[twitter-dev] Re: "Invalid / expired Token" for all calls after successful connection made

2009-03-27 Thread Joshua Perry
When my application had OAuth I was doing all of the requests using OAuth in the headers and it worked fine... Perhaps you are experiencing a transient issues. If you have never been able to make a protected resource request there may be an error in your implementation. Dimebrain wrote: Ju

[twitter-dev] Re: Proof of identity rather than authorization

2009-03-26 Thread Joshua Perry
OAuth is a delegation API, it will never have support for Authentication only (authentication is verifying identity, authorization is validating access to some resource based on that identity). That is the job of OpenID and is a service much better provided for by OpenID. That said, it woul

[twitter-dev] Re: The OAuth Conundrum

2009-03-26 Thread Joshua Perry
Wrong, if the app went rogue the user could uninstall it, or just not run it. And like I said in my other message, you don't need to follow the rules if you are trying to be evil, so the whole argument against allowing proxy applications to exist just because one could go rogue is a moot poi

[twitter-dev] Re: The OAuth Conundrum

2009-03-26 Thread Joshua Perry
See, I think the problem is that we are talking about two different things in the same way. There is a big difference Proxy != Delegate! OS's do have a built in proxy authentication scheme, Windows calls it CardSpaces, everyone else calls it OpenID. There is a standard credential -> access to

[twitter-dev] Re: The OAuth Conundrum

2009-03-26 Thread Joshua Perry
if you have had experience in directly supporting end-users but it is a flow like this that makes the system completely break down for the lay-person. It's ugly, its unnecessary, and it is even described by the OAuth spec itself as undefined. Gavin Bell wrote: On 26 Mar 2009, at 16:14

[twitter-dev] The OAuth Conundrum

2009-03-26 Thread Joshua Perry
A friend of mine and I have been working on a desktop Twitter client. Recently I went through and implemented OAuth and was excited to have it working. I'm not sure exactly why I was excited, maybe it was the shiny OAuth buzzword or the technical challenge of the implementation itself. Eith

[twitter-dev] Re: paid pro accounts

2009-03-26 Thread Joshua Perry
Not to start speculating but when Biz says "Will there be opportunities for introducing customers to businesses on Twitter?" it makes me nervous, because what this really means is, "Will there be opportunities to get paid to let companies spam our users?". And I say this because with Twitter c

[twitter-dev] OAuth authenticated requests to rate_limit_status

2009-03-23 Thread Joshua Perry
I made an issue for this, when authenticated via OAuth requests to rate_limit_status seems to return the IP specific rate-limit status and not the users. http://code.google.com/p/twitter-api/issues/detail?id=376 Please star it if you are using OAuth and you show or use the rate-limit.

[twitter-dev] Multiple OAuth AccessTokens for a single application

2009-03-21 Thread Joshua Perry
I've been going through testing OAuth with my desktop application on my laptop and on my desktop computer. I noticed that when I get an AccessToken with my laptop, my desktop then starts getting 401 unauthorized errors and vice versa. I'm not able to have the same application authorized on t

[twitter-dev] Rate limit status with OAuth

2009-03-20 Thread Joshua Perry
Is anyone else having issues getting the rate limit stats when using OAuth? It seems to just be returning 100 remaining and an hour until reset at every request. Josh

[twitter-dev] Re: Can OAuth approval process work in an IFRAME?

2009-03-20 Thread Joshua Perry
The interesting thing is, that you could omit the callback URL in your application registration with Twitter. On your site when the user clicks the "connect twitter" button you would go and grab a request token and pop a new window with that request token in the URI like usual. The user wou

[twitter-dev] Re: Where has the following tag gone??

2009-03-20 Thread Joshua Perry
d what is being learned now will make it's way into future releases, like the v2 milestone on the horizon. Doug Williams Twitter API Support http://twitter.com/dougw On Thu, Mar 19, 2009 at 4:08 PM, Joshua Perry <mailto:j...@6bit.com>> wrote: I started getting errors

[twitter-dev] Re: Invalid OAuth request on posting to /statuses/update

2009-03-20 Thread Joshua Perry
Are you including your url-encoded form variables in your signature calculation? Celso Pinto wrote: Hi all, I'm trying to set up a client and I want to use OAuth. The oauth authorization went ok, my app shows on my settings page but when I try to make an OAuth post to /statuses/update.json I

[twitter-dev] Re: Invalid Oauth Request - Twitter

2009-03-19 Thread Joshua Perry
Yes you are right, my mistake, though querystrings are often written in plaintext to server logs. Also, OAuth should be able to work securely in a non-SSL secured context, so having sensitive oauth data anywhere in the request is a bad idea ( and against the specification ). Cameron Kaiser wr

[twitter-dev] Where has the following tag gone??

2009-03-19 Thread Joshua Perry
I started getting errors in my client when retrieving extended user information using the verify_credentials method. Suddenly the false no longer appears in the returned dataset. Is this tag not being included any longer? I know schemas are not RESTy but it is really annoying to have 13 dif

[twitter-dev] Re: Missing Authenticate Header with OAuth

2009-03-19 Thread Joshua Perry
with Twitter because I've authorized my app but it doesn't appear in http://twitter.com/account/connections Gonna keep trying different things until something appears to work but if anyone has suggestions on using Perl for Twitter OAuth, please chime in. Cheers, Pankaj On Mar 19, 8:40 pm, Jo

[twitter-dev] Re: Invalid Oauth Request - Twitter

2009-03-19 Thread Joshua Perry
uding that parameter erroneously... Joshua Perry wrote: Just an FYI, there should be nothing sensitive in an OAuth URI... Which is a good thing because even under SSL nothing in a querystring is encrypted. Thank you for bringing this up... because there is something sensitive in your UR

[twitter-dev] Re: Invalid Oauth Request - Twitter

2009-03-19 Thread Joshua Perry
Just an FYI, there should be nothing sensitive in an OAuth URI... Which is a good thing because even under SSL nothing in a querystring is encrypted. Thank you for bringing this up... because there is something sensitive in your URI which is also sent by my own implementation, the oauth_to

[twitter-dev] Re: Missing Authenticate Header with OAuth

2009-03-19 Thread Joshua Perry
I don't know if this will help you, I'm using C# so I don't know exactly how Net::OAuth is supposed to work, but here is a capture of the HTTP request that I am making, perhaps you can compare with your own: GET /statuses/friends_timeline.xml?count=50&since_id=1 HTTP/1.1 Authorization: OAuth o

[twitter-dev] Re: Open Source Applications and OAuth

2009-03-16 Thread Joshua Perry
Zachary, I have some similar concerns, our client isn't open-source (yet...) but it is a desktop client and still requires that the key be embedded in the application in some fashion. Since Twitter is not using the secret to identify the application securely for any purpose it really isn't

[twitter-dev] Re: OAuth preparation

2009-03-16 Thread Joshua Perry
Well, maybe it is a caching issue, because as I navigate through the app settings or refresh the oauth_clients page my application shows intermittently. Josh Joshua Perry wrote: My application is now showing on the page, perhaps there is still an authorization queue. Brooks Bennett

[twitter-dev] Re: OAuth preparation

2009-03-16 Thread Joshua Perry
My application is now showing on the page, perhaps there is still an authorization queue. Brooks Bennett wrote: I am having the same issue, so it seems like a bug... On Mar 16, 10:06 pm, Joshua Perry wrote: I registered an application and it went back to the register page where it

[twitter-dev] Re: OAuth preparation

2009-03-16 Thread Joshua Perry
I registered an application and it went back to the register page where it still says "You have not yet registered an application". I didn't see an error, but when I try to register my App again it says the name is taken, so I assume it is in a queue for authorization. Josh Cameron Kaiser

[twitter-dev] Re: OAuth preparation

2009-03-16 Thread Joshua Perry
In that case I would like to formally ask for access to the public beta as I would love to implement OAuth and be done with HTTP basic auth forever. Abraham Williams wrote: http://www.techcrunch.com/2009/03/16/twitters-oauth-support-now-in-public-beta/ 2009/3/16 Steve Brunton mailto:sbrun...@g

[twitter-dev] Re: OAuth preparation

2009-03-16 Thread Joshua Perry
ken in querystring. 3: user approves access on twitter. 4: user comes back to app and clicks on a continue button. 5: app behind the scene trades request token for access token. 6: app saves access token and interacts with the API. A good example to look at is Flickr's Uploadr app. Abraham 2009/

[twitter-dev] OAuth preparation

2009-03-16 Thread Joshua Perry
I am attempting to get our desktop Twitter application ready for OAuth; we were not in the business of creating an application when the OAuth beta happened or we probably would have applied to join. Is Twitter going to be using querystring, cookie, or the form field based method of passing the

[twitter-dev] Re: Archive

2009-03-15 Thread Joshua Perry
The problem is that PreAuthenticate doesn't actually preauthenticate. After one successful 401 Authentication Required it will then send the credentials with every subsequent request. The is the code I use to hit API's where auth is optional: XDocument GetXDocumentFromUri(Uri uri)

[twitter-dev] Re: Status link without user name

2009-03-13 Thread Joshua Perry
Thanks for the input guys, we do have the screen name also, I just assumed since the status_id was unique that there was an HTML URL that would go directly to it. Nick Arnett wrote: On Fri, Mar 13, 2009 at 5:32 PM, Doug Williams > wrote: Nick, If you only

[twitter-dev] Status link without user name

2009-03-13 Thread Joshua Perry
Say I have status_id 3244325. What is the URL to view that status on the web that doesn't include the username?

[twitter-dev] Re: Pushing Twitter data into the clients

2009-03-13 Thread Joshua Perry
cussion. Josh Andrew Badera wrote: Last I'd checked, the whole "Twitter needs to rebuild as a messaging architecture" conversation is many months old, and probably well on its way to being implemented. http://blog.twitter.com/2009/01/building-on-open-source.html On Thu, Mar

[twitter-dev] Re: Batch Request

2009-03-12 Thread Joshua Perry
before returning the data. Also, it would be at new URI so it would not be changing existing interfaces for current applications. Josh Joshua Perry wrote: > And now something perhaps a little more sane and do-able. > > It would be very useful to have a batch request API that wo

[twitter-dev] Batch Request

2009-03-12 Thread Joshua Perry
And now something perhaps a little more sane and do-able. It would be very useful to have a batch request API that would allow requesting multiple datasets simultaneously. Something like this: http://twitter.com/batch_request.xml?friend_timeline_since_id=2345&replies_since_id=5366&direct_messa

[twitter-dev] Re: Pushing Twitter data into the clients

2009-03-12 Thread Joshua Perry
I actually hopped on to request a stopgap feature in a similar vein and saw this thread so I thought I'd add kind of a free-associative reply. You know, thinking out-loud. I think the biggest problem with push is that polling is too ingrained into Twitter's architecture to be able to bolt-on

[twitter-dev] Re: Retrieve tweets with ID greater than a passed-in ID?

2009-03-10 Thread Joshua Perry
Greg, It looks like the code (in jetchJSONObjectForURL) is using a shortcut method of grabbing data from the web with NSString:initWithContentsOfURL: which creates an NSString from the contents at a specific URL ( go figure! ). I'm not sure if that method utilizes the credential store, if no

[twitter-dev] Re: Slow API Responses

2009-03-10 Thread Joshua Perry
I think you were on to something, because twitter is hard-down now... Ammo Collector wrote: > We've been getting abnormally slow API responses lately. Here's a > couple from 9am PST: > > xml 21.5534 usecs: [http://twitter.com/statuses/followers/ > Ascendancy.xml?page=4] > xml 93.52413 usecs: [ht