Yeah, I agree, can you please point out what (in general) we might be doing wrong? I still think you probably have a further-regression bug.
On Jul 27, 8:19 pm, kosso <kos...@gmail.com> wrote: > agreed. > > please Twitter, tell us WHAT the fix required was. > what should we look for. > > have you tested your 'fix' against all the code examples you link from > the API pages? > > that would be nice. thx. > > I'm getting some posts through. some not. so something's still up/down > > On Jul 27, 8:04 pm, Duane Roelands <duane.roela...@gmail.com> wrote: > > > You introduced a breaking change into the API with no warning and no > > help for developers as to the specifics of what we need to fix? > > Developers need better support than that. > > > Is there some reason why posting updates to some accounts would work > > and posting to others would not? Using the same code, I'm able to > > post to my development test account but not to my personal account. > > > On Jul 27, 10:59 pm, Doug Williams <d...@twitter.com> wrote: > > > > As stated above, some applications were sending invalid signatures which > > > we > > > were accepting as valid. This vulnerability was pointed out by a > > > developer. > > > > Some libraries and code which may have previously worked may be broken by > > > this security fix. > > > > Thanks, > > > Doug > > > > On Mon, Jul 27, 2009 at 7:44 PM, Duane Roelands > > > <duane.roela...@gmail.com>wrote: > > > > > I am receiving 401 (Unauthorized) when calling > > > >http://twitter.com/statuses/update.xml > > > > and passing the following querystring: > > > > > oauth_consumer_key=[removed] > > > > &oauth_nonce=912352&oauth_signature_method=HMAC- > > > > SHA1&oauth_timestamp=1248748647&oauth_token=19068738- > > > > hKO8qRlHPfJWqRHRkd62dGb4IiyXaXUy35Cqz58&oauth_version=1.0&status=This > > > > +is+a+test&oauth_signature=Fl0kqJdHY5MkvxjUZQ%2bFn%2fxGORo%3d > > > > > This code was working this afternoon and has not been changed. > > > > > On Jul 27, 10:38 pm, goodtest <goodtest...@gmail.com> wrote: > > > > > Are we sure there is no further regression bug in this new fix? > > > > > > On Jul 27, 7:14 pm, Doug Williams <d...@twitter.com> wrote: > > > > > > > If you are still seeing errors you should check your code to ensure > > > > that you > > > > > > are sending the correct signature. > > > > > > Thanks, > > > > > > Doug > > > > > > > On Mon, Jul 27, 2009 at 7:10 PM, winrich <winric...@gmail.com> > > > > > > wrote: > > > > > > > > mine broke too. i wonder though, i'm using the oauth python > > > > > > > libraries > > > > > > > > On Jul 27, 6:35 pm, chinaski007 <chinaski...@gmail.com> wrote: > > > > > > > > Doug: > > > > > > > > > Does this mean that Marcel made a fix for this? Or rather that > > > > > > > > we > > > > > > > > should examine our code to find the culprit? > > > > > > > > > Thanks, > > > > > > > > Peter Bray > > > > > > > > > On Jul 27, 6:24 pm, Doug Williams <d...@twitter.com> wrote: > > > > > > > > > > Updating you guys on this problem. A bug was reported off list > > > > that > > > > > > > informed > > > > > > > > > us we were not always verifying signatures. Today we shipped a > > > > fix for > > > > > > > this > > > > > > > > > problem which ensures that we are correctly verifying > > > > > > > > > signatures. > > > > > > > > > If you are still seeing invalid signature errors you should > > > > examine > > > > > > > > > your code and ensure you are correctly signing requests > > > > > > > > > as per the spec. > > > > > > > > > Thanks, > > > > > > > > > Doug > > > > > > > > > > On Mon, Jul 27, 2009 at 6:05 PM, Doug Williams > > > > > > > > > <d...@twitter.com > > > > > > > > wrote: > > > > > > > > > > Marcel is shipping a fix for this as I type. > > > > > > > > > > > Thanks, > > > > > > > > > > Doug > > > > > > > > > > > 2009/7/27 João Pereira <joaomiguel.pere...@gmail.com> > > > > > > > > > > > Same here. > > > > > > > > > > >> On Tue, Jul 28, 2009 at 1:26 AM, goodtest < > > > > goodtest...@gmail.com> > > > > > > > wrote: > > > > > > > > > > >>> twitter api server seems to be down (getting invalid > > > > signature) > > > > > > > since > > > > > > > > > >>> 5.15 pm pst