“Real-timeness” of info may be doing more harm for Twitter
Posted by: Jym, in Internet, Opinions, TechnologyIt’s ironic that real-timeness of information that made Twitter famous is now giving them a hard time. It started first with a couple of “worms” that irritated users. Now from end-users, it switched to developers who adopted public beta OAuth protocol into their services and are now affected by another security issue with the protocol.
OAuth is a means for 3rd party services to perform tasks on behalf of users (eg. update status) without the need of keeping users’ passwords, a user must first authorize these participating services via Twitter’s authorization page. Coming from a security stand-point, the worm blunders by Twitter indicates something deeper in terms of their development practices that have room for improvement.
However, this OAuth issue is not entirely Twitter’s fault. As the developer behind TweetSG, obviously it was annoying initially to learn that suddenly my sign-up is totally stalled by Twitter’s brake on their authorization page.
That being said, even after being in the trade, knowing the theory, designing and implementing systems, I still find a loop hole in my own TweetSG system which is yet to be fixed & I can’t now since their page is halted. It is truely not easy and straight forward to have an air tight system and I am not saying these to exclude anyone or myself from the responsibilities of keeping systems secure.
Looking at a bigger picture, I believe what Twitter did is right by stopping the affected portion of the system for a while to fix it.
As far as their service is concern, Twitter did not totally turned off OAuth per se since my TweetSG users are still able to update via OAuth. It was the authorization flow that had issues and it was not the doing of Twitter when it comes to designing the protocol. Twitter happened to be one of the early adopters alongside with Google, Yahoo and a few.
Yet because of the real-timeness in information powered by Twitter, it really gave a bigger punch in the face when it came to negative PR. This incident is another lesson of bitching folks and ignorant internet-repeaters spouting nonsense like the OAuth was being exploited when people are trying to prevent it from happening in the first place, are really a force to reckon with, and not the technology.
Entries (RSS)
June 15th, 2009 at 4:39 am
Great fan of tweet.sg but have a question to ask and i dont know where to,
can we like post images via tweet.sg?
like if we mms to tweet.sg number, will the image be auto uploaded to maybe twitpic and then appear as url on our tweets?
another thing is, for the no tweet.sg ad url, you posted the code “border=”0″” wrongly. it should be at the image there. (:
thanks
thanks for creating tweet.sg
June 29th, 2009 at 5:16 pm
“One joker that literally pasted the example”
“This is also quite amusing, maybe these users can only read up to 140 characters? So I shorten my instruction for the sake of such users.”
“Again I will not entertain requests, you can use some other services, I don’t really care.”
“Customer is king s h it mentality”
“Well, screw you. Even with the web traffic generated from those URL, ads dollars merely brought in a miserable $20SGD so far. So unless you got some spare cash to give, you can Shutup & Sitdown.”
I mean wow… how is being a complete f u c king prick working out for you? You have the opportunity to actually have a decent business here but newsflash m or on – people don’t like a s sholes.