156 items tagged “twitter”
2009
The Twitpocalypse is Near: Will Your Twitter Client Survive? Twitter tweet IDs will shortly tick over past the maximum signed 32 bit integer, potentially breaking applications. I learnt this lesson when the same thing happened to Flickr photo IDs: never store numeric IDs from external systems as integers, always use strings.
Muck Rack: Links posted by Guardian Journalists on Twitter. I’m rather impressed by the Sawhorse Media collection of Twitter aggregation sites (Muck Rack aggregates journalists)—a simple idea very well executed. Here’s a nice example—this page shows links posted to Twitter by known Guardian journalists, but goes a step further and scrapes in the favicon, the real title of the page and resolves the domain from any shortened links.
TwitterAlikeExample—redis. Excellent example of how you design a moderately complex system against a scalable key-value store (in this case redis). Most “how to build Twitter” code examples fail to address the hard problem of scaling user inboxes, but this one tackles it head on.
I used to think Twitter would never catch on in the mainstream because it’s somewhat stupid. Now I realize I was exactly wrong. Twitter will catch on in the mainstream because it’s somewhat stupid. It’s blogging dumbed down for the masses, and if there’s one surefire way to build something popular, it’s to take something else that is already popular and simplify.
peeping into memcached. “Peep uses ptrace to freeze a running memcached server, dump the internal key metadata, and return the server to a running state”—you can then load the resulting data in to MySQL using LOAD LOCAL INFILE and analyse it using standard SQL queries.
Sign in with Twitter. Intriguing: Twitter are now an OpenID-style identity provider... using OAuth.
17-year-old claims responsibility for Twitter worm. It was a text book XSS attack—the URL on the user profile wasn’t properly escaped, allowing an attacker to insert a script element linking out to externally hosted JavaScript which then used Ajax to steal any logged-in user’s anti-CSRF token and use it to self-replicate in to their profile.
Twitter: blaming Ruby for their mistakes? The comments on the entry include replies from Twitter employees and the RabbitMQ consultant they brought in, and provide a full rebuttal to the various accusations of NIH that were thrown around recently.
Mending The Bitter Absence of Reasoned Technical Discussion. Not at all surprised to see Alex Payne write this considering the low quality of discussion around anything technical to do with Twitter.
Streams, affordances, Facebook, and rounding errors. I asked Kellan about scaling activity streams the other day. Here he suggests the best technique is not to promise a perfect stream (like Twitter does)—Facebook used to get away with 80% loss of update messages, but their new redesign has changed the contract with their users.
Parallel merge sort in Erlang. Thoughts on an Erlang-y way of implementing a combined activity stream (e.g. Facebook and Twitter). Activity streams are a Really Hard Problem—as far as I know there’s no best practise for implementing them yet.
The Internet Archive should actively partner with bit.ly / tinyurl.com / icanhaz.com etc. and maintain a mirror database of their redirects
— Me, on Twitter
How search.twitter.com uses Varnish. Includes examples of the configuration options they use.
Kestrel. Twitter’s Robey Pointer rewrote their Starling message queue in 1500 lines of Scala, adding reliable fetch (where consumers can confirm their receipt of an item) and blocking fetches, which reduce the need for consumers to poll for updates (and hence solve my only beef with the original Starling). I haven’t tried running this on a low spec VPS yet but it looks very promising.
Oscars 2009: the interactive results | guardian.co.uk. My latest project for the Guardian, put together on very short notice. Updates live as the results are announced, and allows Twitter users to vote on their favourite for each category by sending a specially formatted message to @guardianfilm—jQuery and Ajax polling against S3 under the hood.
Twitter Don’t Click Exploit. Someone ran a successful ClickJacking exploit against Twitter users, using a transparent iframe holding the Twitter homepage with a status message fed in by a query string parameter. Thiss will definitely help raise awareness of ClickJacking! Twitter has now added framebusting JavaScript to prevent the exploit.
Four reasons why public Facebook status updates won’t kill Twitter. Mike Butcher highlights the importance of “follow” rather than “friend” in social software.
FluidDB domain names available early (and free) for Twitter users. It’s interesting how Twitter has revitalised the concept of usernames as first class identifiers. FluidDB hasn’t even launched yet, but it’s allowing people to reserve their Twitter username within the FluidDB system just by following @fluidDB.
Rate limiting with memcached
On Monday, several high profile “celebrity” Twitter accounts started spouting nonsense, the victims of stolen passwords. Wired has the full story—someone ran a dictionary attack against a Twitter staff member, discovered their password and used Twitter’s admin tools to reset the passwords on the accounts they wanted to steal.
[... 910 words]Weak Password Brings “Happiness” to Twitter Hacker. The full story on the Twitter admin account hack. I bet there are a LOT of web applications out there that don’t track and rate-limit failed password attempts.
The Twitter administrator hack was a dictionary attack. I quoted Blaine earlier suggesting that the recent Twitter mass-hack was due to a Twitter admin password being scooped up by a rogue third party application—this was not the case, as Alex Payne explains in a comment.
Update on the “antipatterns for sale” Twply auction (via) The collected username and password database is NOT included in the auction.
As more details become available, it seems what happened is that a Twitter administrator (i.e., employee) gave their password to a 3rd party site because their API requires it, which was then used to compromise Twitter's admin interface.
The username/password key's major disadvantage is that it open all the doors to the house. The OAuth key only opens a couple doors; the scope of the credentials is limited. That's a benefit, to be sure, but in Twitter's case, a malicious application that registered for OAuth with both read and write privileges can do most evil things a user might be worried about.
Antipatterns for sale. Twply collected over 800 Twitter usernames and passwords (OAuth can’t arrive soon enough) and was promptly auctioned off on SitePoint to the highest bidder.
2008
Now You Can Sign Into Friend Connect Sites With Your Twitter ID. Great. Now even Google is asking me for my Twitter password. Slow clap. How’s that Twitter OAuth beta coming along?
Responders will tell you that broadcasters are condescending talking heads who think they're too good for the community. Broadcasters wish responders would take their nonsensical patter to a chat room, where they could natter on in privacy. Everyone agrees that members of the other group are total jackasses who don't know how to use Twitter.
It's funny, when I sit down to write something for Phoenix I feel like I have to get into my "Phoenix character." [...] I try to be the eternal optimist because people are getting so upset about the mission coming to an end, and I'm trying to lessen that grief.
Interview @MarsPhoenix (via) “For over a year, Veronica McGregor has been Twittering from Mars.”—an interview with the Twitter voice of the Mars Phoenix lander.
Tweetersation. Nat and my latest side project: a JSONP API powered tool to more easily follow conversations between people on Twitter, by combining their tweets in to a single timeline.