is provided.
>
> That being the case, I don't understand why services like twitterank need my
> password.
>
>
> From: Alex Payne <[EMAIL PROTECTED]>
> To: twitter-development-talk@googlegroups.com
> Sent: Monday, November 17, 2008 12:51:
> OK - but you don't have to authenticate as ME to get my friends or updates,
> right?
> So why does twitterank (for example) need my password?
Twitterank uses your password to post porn spam links. I mean, it uses it
to look at your replies:
http://blogs.zdnet.com/collaboration/?p=164
er 17, 2008 1:03:49 PM
Subject: Re: No OAuth Support just made Techmeme
On Mon, Nov 17, 2008 at 11:57 AM, Michael Pelz-Sherman
<[EMAIL PROTECTED]> wrote:
> Thanks. Looks like "user_timeline" also does not require authentication when
> an id is provided.
> That being the c
On Mon, Nov 17, 2008 at 11:57 AM, Michael Pelz-Sherman
<[EMAIL PROTECTED]> wrote:
> Thanks. Looks like "user_timeline" also does not require authentication when
> an id is provided.
> That being the case, I don't understand why services like twitterank need my
> password.
Unauthenticated requests
tter-development-talk@googlegroups.com
Sent: Monday, November 17, 2008 12:51:31 PM
Subject: Re: No OAuth Support just made Techmeme
Feature.
On Mon, Nov 17, 2008 at 09:49, Michael Pelz-Sherman
<[EMAIL PROTECTED]> wrote:
> Unless I'm mistaken, it appears some of the API methods do not, in fact,
Feature.
On Mon, Nov 17, 2008 at 09:49, Michael Pelz-Sherman
<[EMAIL PROTECTED]> wrote:
> Unless I'm mistaken, it appears some of the API methods do not, in fact,
> require authentication (contrary to the docs).
> curl http://twitter.com/statuses/friends/jack.xml
> ... dumps a list of jack's foll
Unless I'm mistaken, it appears some of the API methods do not, in fact,
require authentication (contrary to the docs).
curl http://twitter.com/statuses/friends/jack.xml
... dumps a list of jack's followers without any need to authenticate.
Is this a bug, or a feature? :-)
- Michael
On Nov 14, 12:28 pm, "Alex Payne" <[EMAIL PROTECTED]> wrote:
>
> The downside is that OAuth suffers from many of the frustrating user
> experience issues and phishing scenarios that OpenID does. The
> workflow of opening an application, being bounced to your browser,
> having to login to twitte
Let me get this out of my head - I will never implement it and raise
my kids at the same time...
The way I would like this to work if for one to generate a key/
password for the application and specify what things it can do (can
read my followers but cannot change them, cannot read my email, etc)
Jesse Stay wrote:
>
> I'm okay with anything - OAuth or not, so long as we're not forced to
> store plain-text credentials.
I just don't want a user's password. A proxy (API key token, OAuth
secret, whatever) is better, even if it doesn't afford any extra actual
security.
Users are educated ov
I'm okay with anything - OAuth or not, so long as we're not forced to
store plain-text credentials.
Jesse
On Nov 14, 2008, at 1:28 PM, Alex Payne wrote:
I'd like to confirm that Cameron's interpretation of email is the
intended one. He wrote:
"I read Alex's E-mail to say, '*sooner* wit
I'd like to confirm that Cameron's interpretation of email is the
intended one. He wrote:
"I read Alex's E-mail to say, '*sooner* with minimal effort' [but
will occur regardless of the effort required], emphasis mine. So far I
haven't seen anything to dispute that interpretation."
Indeed, whe
On Fri, Nov 14, 2008 at 1:20 PM, Jesse Stay <[EMAIL PROTECTED]> wrote:
> there's absolutely nothing we can do about it because we have no option
> but to store passwords in plain text.
>
Store the passwords encrypted then decrypt them when you need to
use them. There's a chicken-and-egg problem w
Frankly, I'm in your boat. I've seen this over and over in the last
year or two - the bug report says it's low priority, which is a
concern for me. All it takes is for some developer (I actually saw
this the other day in a proof of concept by another developer) to
build an app that coll
On Fri, Nov 14, 2008 at 11:20 AM, Dossy Shiobara <[EMAIL PROTECTED]> wrote:
>
> Ed Finkler wrote:
>> I do understand the frustration, really. But I think I can safely say
>> that the dudes who post here from Twitter bust their ass for you and
>> me, and this kind of thing really doesn't help.
>
>
Ed Finkler wrote:
> I do understand the frustration, really. But I think I can safely say
> that the dudes who post here from Twitter bust their ass for you and
> me, and this kind of thing really doesn't help.
So, what would help? Sycophantic cheerleading? I don't think so.
Lets talk about re
I love free stuff! But hard to get disappointed when it doesn't work
out the way we hope, yes?
I do understand the frustration, really. But I think I can safely say
that the dudes who post here from Twitter bust their ass for you and
me, and this kind of thing really doesn't help.
--
Ed Finkler
Ed Finkler wrote:
> Why are you still watching, then?
Because it's free?
--
Dossy Shiobara | [EMAIL PROTECTED] | http://dossy.org/
Panoptic Computer Network | http://panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go a
Why are you still watching, then?
On Fri, Nov 14, 2008 at 8:50 AM, Dossy Shiobara <[EMAIL PROTECTED]> wrote:
>
> Cameron Kaiser wrote:
>> 2) I read Alex's E-mail to say, '*sooner* with minimal effort' [but will
>> occur regardless of the effort required], emphasis mine. So far I haven't
>> seen
On Fri, Nov 14, 2008 at 6:52 AM, Dossy Shiobara <[EMAIL PROTECTED]> wrote:
>
> OAuth won't happen until Twitter has to shut down the service when
> someone steals 50% of the user's passwords through some poorly written
> API-using app that gets pwnt.
>
And... people have to change their password.
We are working on a members website.
Users will join create a profile and add things like youtube feeds,
images etc,
We would like users to be able to add there twitter account details
and feed all their tweets into their profile and randomly pull out
tweets from different members onto the
Cameron Kaiser wrote:
> 2) I read Alex's E-mail to say, '*sooner* with minimal effort' [but will
> occur regardless of the effort required], emphasis mine. So far I haven't
> seen anything to dispute that interpretation.
Right. Just like "IM to Twitter will eventually come back" became
"sorry, w
> > Thanks for being open about it Alex - it helps us plan better, and it's
> > comforting to know it is a priority.
>
> Dude, the only priority it has is LOW. Did you an I read different
> emails? Alex wrote:
>
> "If we can deliver it sooner with minimal effort, though, we will."
>
> Basical
Jesse Stay wrote:
>
> Thanks for being open about it Alex - it helps us plan better, and it's
> comforting to know it is a priority.
Dude, the only priority it has is LOW. Did you an I read different
emails? Alex wrote:
"If we can deliver it sooner with minimal effort, though, we will."
Basi
Alex Payne wrote:
> Hope that helps. Long story short, we've been punting on OAuth to try
> to minimize duplication of labor as we transition to some new
> technologies, but we're willing to be pragmatic if the libraries have
> improved.
Ugh. If the available OAuth implementations (libraries) s
Thanks for being open about it Alex - it helps us plan better, and
it's comforting to know it is a priority.
Jesse
On Nov 13, 2008, at 7:50 PM, Alex Payne wrote:
For what it's worth, and in the spirit of open communication, Matt
just showed me a prototype of an OAuth-enabled Twitter this
For what it's worth, and in the spirit of open communication, Matt
just showed me a prototype of an OAuth-enabled Twitter this afternoon.
I'd done a similar project a few months back, and found that while it
was easy to get up and running as an OAuth provider, the quality of
the libraries at the
I think we know this already, and allowing a flavor of the day story
to influence things unduly would be overreaction.
I trust Alex, Matt and co. to make the proper decisions in regards to
what takes precedence.
--
Ed Finkler
http://funkatron.com
AIM: funka7ron
ICQ: 3922133
Skype: funka7ron
On
I'm sure you're aware of this, but the lack of OAuth or secure login
support just got really public as it made Techmeme. IMO, for my App
at least, this would be first priority if I were to ask for anything.
Anyone else agree? Here's the Meme:
http://www.techmeme.com/081113/p38#a081113p
29 matches
Mail list logo