Google Gadget + IRC Bot
RickMeasham
They're both at beta stage. My biggest problem with both is that I
need the user's password in cleartext as there is no token
authentication like flickr/google uses.
They both currently 'register' you once and store your auth details so
as to reduce the number of times they're sent in the clear. However
I'd LOVE to see some better third-party authentication model. (I'd
also love to see faster response times from twitter...)
If you want to have a go, the gadget can be added to your Google
Homepage by going to:
Add Stuff > Add by URL (next to the search button) >
http://twitter.isite.net.au/twitter.xml
The IRC bot is in #twitter on Freenode.
!help to get help
!identify if he doesn't respond (coz he needs to identify himself)
then try !help again.
Cheers!
Rick Measham
Alex Payne
What kind of API authentication would work for you? Keep in mind
that we need to preserve the relative privacy of statuses.
We're adding more servers shortly, which should hopefully improve
response times. Trust us, we don't like the site being slow any more
than you do!
Thanks!
--
Alex Payne
Obvious
http://twitter.com/al3x
Rick Measham
>
> Nice work, Rick!
>
> What kind of API authentication would work for you? Keep in mind that
> we need to preserve the relative privacy of statuses.
Flickr's works quite nicely, so something similar would be good:
I register and get an API key for my app, then if someone wants to use
my app, I send them to http://twitter.com/something/<api-key>/<r|w|rw>
That page says "Are you sure you want to allow <application name> access
to (read|write|read and write) to your twitter"
If they accept then my api-key plus a 'secret' known only to my app are
allowed to read and/or write to their twitter.
At any time, they can revoke that permission from twitter and I can no
longer access their information.
(Once this is done, any writes my registered application does can be
noted as "from Foobar" in Twitter rather than the generic "from Web"
which solves that other problem)
The privacy issue is a deal between the user and my application. If they
chose to allow me to read their status, then they're saying they trust
my application to do whatever it's said it's going to do. If my app
abuses that trust, they have the option of immediately revoking the
permission they gave me.
Rather than authentication with basic-auth, we'd then include the auth
triplet (api-key, user_id, secret) to build the request:
api-key=98726412983476129847&user_id=324873&status=Drying+my+lentils&checksum=8adc76da
The checksum is an md5sum of the secret plus all the name/values in the
query. (see sub sign_args in
http://search.cpan.org/src/IAMCAL/Flickr-API-0.08/lib/Flickr/API.pm)
If any of this is unclear, or you can see holes, I'm happy to continue
the discussion.
Cheers!
Rick Measham
(aka RickMeasham)
sub...@gmail.com
Very sweet! Theres also development of an IRC bot going on in the
#twitter channel on wyldryde.org, when active it filters the public
timeline on keywords for display in-channel, as you can imagine 'SXSW'
produced quite a few.</TotalPlug> I think it's dev has just joined
this group, too.
I'd also like to see some good auth, some clients are looking to 'tap
in'. The flickr method is solid.
Oh, I tried the Google Gadget, but am 99% positive I entered invalid
credentials (doh), resulting in a snippet of XML output.
Cheers,
Rob Beckett
Santa Cruz Tech
Rick Measham
> Oh, I tried the Google Gadget, but am 99% positive I entered invalid
> credentials (doh), resulting in a snippet of XML output.
Thanks for the feedback, I'll test entering bad creds and fix whatever
the problem is.
Cheers!
Rick Measham