On sale now!

A multi-volume chronology and reference guide set detailing three years of the Mexican Drug War between 2010 and 2012. Rantburg.com and borderlandbeat.com correspondent and author Chris Covert presents his first non-fiction work detailing the drug and gang related violence in Mexico. Chris gives us Mexican press dispatches of drug and gang war violence over three years, presented in a multi volume set intended to chronicle the death, violence and mayhem which has dominated Mexico for six years.

Click here for more information

On Sale Now!

The threat of civil war hangs over an isolated ficticious southeastern Oklahoma town.

Rantburg.com and Borderlandbeat.com correspondent and author Chris Covert presents Newtonville, his first, epic novel of love and betrayal set in the turbulent late 1960s. Click here to buy

Twitter Goes All In for Oauth
2010-09-19
Posted by: badanov

I received an email from Twitter.com outlining authentication changes from their old method to oauth.

Yes, I have a Twitter account here. Until August 31st I was using a "direct method" using a username and password pair, the code of which was directly embedded into the application I used to post new stores to the Free Fire Zone, which went through the application programming interface (API).

It was quick, easy and worry free. But now, a little more than a year later, Twitter is implementing security measures to make it a little harder to crack their security. As a result, none of the updates from new stories posted after August 31st were posted to Twitter. Plus, and as an added bonus, any new updates will have to be done manually until I can rewrite the embedded code using the new oath implementation.

Fun, huh?

I spent a good deal of last night reading the application programming interface, how it will work and how to fit applications into the oauth security scheme.

I can see all kinds of cool methods of locking down Twitter updates including rotating HMAC, MD5 and SHA encryption. The problem is that Twitter expects a server to receive their reply upon authentication, and that is where security can potentially get dicey.

My decision is whether I should program a script to receive the reply, or to program a net application to listen to a specific non-privileged port.

Being lazy, I like the idea of just pounding out a perl script to receive the reply over http, however, the script would have to tied to a single URL, and it would have to have a signed SSL certificate to work securely.

The net application, then, would be a good alternative. You post a story and as a result, it starts up a server daemon which waits for the reply from Twitter, then on reception, dies until the next story is posted.

Secure, to be sure and I like that, except I have zero experience programming net applications and daemons.

So until I can make a decision, I guess I will posting to Twitter manually, not updating until I get sick and tired of posting manually, as well as have the time to do the actual programming.

If you have something to add, Fire Away!

Number of Comments so far: 0

Click here for a list of stories in the Unix and Computer category