Twitterbox failures

It might be noticed that the Twitterbox is currently not working. This is due to the Twitter Corporation having deprecated the previous method of authenticating one's account that the Twitterbox used (via username and password) and instead requiring that all Twitter applications use the "Oauth" method.

I'm afraid that I have not updated the Twitterbox to use this, as there are some basic issues to overcome. Either the web application side of the Twitterbox must handle the Oauth side of things, or the LSL side must. Whilst people far cleverer than I have gotten Oauth working with LSL, I am not going to release a script that I do not understand from first principles, and I do not understand LL Oauth from first principles, and I am not going to spend the time required to work it all out, I'm afraid.

The conclusion then is that the web application side of the Twitterbox needs to be updated. This should be quite a bit easier than the LSL route and require less messing about with updating objects. I do plan to do this. An updated HUD will probably be required - I will put this on Xstreet as, as yet, there seems to be no restriction on free items.

The concise version of this post is therefore: "the Twitterbox doesn't work at the moment, I know why, I will release an update but if you cannot wait please do use alternatives".

Trackback URL for this post:

http://ordinalmalaprop.com/engine/trackback/305
Babbage Linden's picture
07 Sep201011:13
Babbage Linden (not verified)

So, you've asked SL residents to trust you with their Twitter passwords for several years, but you don't trust an open source OAuth library written by the LSL community? That's some pretty asymmetric trust you've got going on there, Ordinal.

Using OAuth on the back end is going to require you to rewrite a bunch of the LSL that exists in the OAuth library to display authentication pages in SL, you should save yourself the time and use the LSL OAuth library: applications like Twitterbox are exactly what it was designed for. I'll give you a hand if you like.

Ordinal Malaprop's picture
07 Sep201011:40
Ordinal Malaprop

I do trust it; I just don't know how it works, and if somebody says to me "oh hello Ordinal why does your Twitterbox script do X", if there are components which I don't understand I will not necessarily be able to answer them. I don't even understand how OAuth works to be quite honest.

It might be that it is easiest to do everything in LSL with the libraries. I really don't know at this stage.

Icterus Dagger's picture
09 Sep201018:57
Icterus Dagger (not verified)

Way to stick in a sideways jab at one of SL's greatest citizens, Babbage. If you'd READ what Dame Ordinal wrote, you'd see that she's falling squarely on the side of customer support. Something the Lab could do well to learn from.

-iD

Allen Kerensky's picture
09 Sep201021:18
Allen Kerensky (not verified)

Babbage, I think you've unfairly characterized Ordinal and her stance here in your comment.

Ordinal has provided twitterbox free for years as opensource as well.
She includes the middleware php code to run on a server of your own for the express purpose of letting you own both halves of twitterbox yourself.

And her LSL side script comments and online documentation describe the security issues quite clearly AND how to avoid giving your twitter login to her.

Her comment about understanding a script from first principles is a good one, and the LL Oauth library includes Sha1 hashing bits and other *nitpicky critical bits*.

I applaud Ordinal for being the kind of developer she is, especially for wanting to understand the dependencies, protocols, APIs, and assumptions first, rather than run off and code on ill-understood quicksand as so many others do.

As you well know, hashing and crypto functions have to be handled very carefully, and that's all she said she was doing. Don't take that as some misperceived criticism of the digital wizardry in LL Oauth. Its more wanting to understand the proper way to hold and aim the weapon before pulling the trigger on it.

Just my .02L$.

I am grateful to you BOTH for the coding you've done for everyone's benefit.
My comments here are to prevent misunderstanding from propagating becoming codified as "the truth" by appearing on the Internet for permanent archival in search engines and archive sites forevermore.

Fleep Tuque's picture
20 Sep201018:02
Fleep Tuque (not verified)

Indeed, the Chilbo Community has been very grateful for Ordinal's work. We modified the original open source script she provided to create public Twitter stations in our community and they worked like a charm until Twitter made its authentication change.

Just wanted to pipe in and give thanks for past use and if there is anything we can do to help support future development, we'd like to do so! It's really a fantastic tool and has helped keep our community informed of each others' activities.

Opensource Obscure's picture
28 Feb201112:45
Opensource Obscure (not verified)

....any enlightenment since then?

Ordinal Malaprop's picture
06 Mar201100:44
Ordinal Malaprop

To be quite honest, no.

I have thought of another project that uses Twitter authentication, a by-product of which (if it ever proceeds to that stage) might be that the Twitterbox is revived. But I confess that I have a very poor record of reviving dead projects.