Mastodawn

Stephan M Feb 3, 2023

Not going to lie, Twitter killing off free API access hits me in the feels. I remember with great affection the flood of creativity that happened after we opened up the API, and it's heartbreaking to see that unceremoniously strangled.

I'm relieved that we've got better alternatives, though. While this is perhaps the final straw for many bots on Twitter, it's been a long time coming and the API has long been hobbled compared to the early days. Open protocols or bust. ✊

blaine Feb 2, 2023

Meanwhile, has anyone built a Twitter API compatibility shim for Mastodon? 🤔

Russ Garrett Feb 2, 2023

@blaine I made this for my (post-only) bots, but it seems like it's soon to become obsolete for me:

https://github.com/russss/polybot

GitHub - russss/polybot: A framework for making social media bots for multiple networks

A framework for making social media bots for multiple networks - russss/polybot

GitHub

blaine Feb 2, 2023

@russss it should be trivial to just create a twitter-api-compat to mastodon api proxy, right? (I'm roughly 100% certain in this, but haven't looked in detail so I *could* be missing something subtle?).

I'd build it myself but I won't be at a computer for more than a few minutes until Tuesday and I reckon people could be using such a thing before Twitter gates their access.

Russ Garrett Feb 2, 2023

@blaine I wonder if the best approach for would be a set of drop-in library shims for popular twitter client libraries. Running a public proxy seems like a bit of an indefinite maintenance burden...

blaine Feb 2, 2023

@russss yeah, for sure. Language bindings would be a problem, so maybe a proxy that could be run locally?

Simon Fondrie-Teitler Feb 2, 2023

@russss @blaine

Damn, sad I'm just now seeing this, would have been useful. Might still be I guess. Any sense how hard it is to store the state data in something like s3 instead of locally?

I guess I'd also have to figure out how to keep the RSS feed my bots are also creating if I didn't want to just switch everyone to the Mastodon provided one.

blaine Feb 2, 2023

@simon @russss the goal of the thing I'm proposing would be to not require *any* modifications of bots at all, except changing "twitter.com" to something else. If the bot runs in a container, you could even just add an /etc/hosts entry for twitter.com and point it at localhost with a little cert chain fixing.

Simon Fondrie-Teitler Feb 2, 2023

@blaine @russss

Yeah, I think that would be great. But until we have that this seems helpful.

jm3 (John Manoogian III)Feb 3, 2023

Lucy Feb 2, 2023

@blaine there is! BirdsiteLIVE does Twitter-to-ActivityPub bridging so you can follow Twitter users from any ActivityPub-based platform, Mastodon included.

Boris Mann Feb 2, 2023

@blaine I’m wondering most about Twitter logins. But since that does the login on the Twitter site, they wouldn’t be turning THAT off?

blaine Feb 2, 2023

@bmann I assume they're not going to be charging for *logins*. That'd be really dumb and I would laugh at their incompetence. 😂 Restricting access to eg the post API (or even any API access, eg for reader apps) makes marginally more sense.

My thought here is more: switch the "twitter.com" const to "birdbrainsformastodons.com" and all the old bots (and maybe even client apps) just work again?

Boris Mann Feb 2, 2023

@blaine re: logins, since it requires an “app” to be created and API credentials, at this point… 🤷‍♂️

And yes, totally get your point. With @moaparty we don’t really have a bunch of other people running instances so I would expect the same from this.

An initial API shim instance gets collectively managed. Work to have people host some of their own.

bengo Feb 3, 2023

@bmann @blaine @moaparty if only there were a good coordination mechanism, incentives, and demand to build a distributed Map<TweetId, DID>

Simon Willison Feb 2, 2023

@blaine @bmann I'm honestly not confident there's anyone left there who would even think to ask the question "what about sites that use login with a Twitter?" - at least not anyone who's in a position where the people making the decisions would listen to them

Simon Willison Feb 2, 2023

@blaine @bmann might be a Face/Off situation https://fedi.simonwillison.net/@simon/109796126211727051

Simon Willison (@[email protected])

I often find myself wanting to use a metaphor based on the 1997 John Woo film Face/Off to explain my worries about decisions made inside organizations If you haven't seen it this likely won't make much sense to you, but my mental model of a "Face/Off situation" is when the last person inside an organization who understands the rationale for a particular decision has left, leaving a gap in institutional knowledge that results in terrible decisions being made (Yes this is about the bird site)

Mastodon

Jono Ferguson Feb 2, 2023

@simon @blaine @bmann

oh man OpenID seemed like such a good idea and then "login in with x" now i just dread stumbling across something that uses flickr or similar to authenticate

Lucid00 Feb 3, 2023

@jonoabroad @simon @blaine @bmann I think this is why Google, Microsoft and Apple started pushing Passkeys.

Simon Willison Feb 3, 2023

@lucid00 @jonoabroad @blaine @bmann I see Passkeys as mainly being about the fact that passwords are just a TERRIBLE form of authentication for the vast majority of people

They either forget them or they use the same password for every account. Password managers are a useful solution for a tiny fraction of the overall user-base

Boris Mann Feb 3, 2023

@simon @lucid00 @jonoabroad @blaine let me rephrase before Blaine twitches more: password managers are a necessary blight for super users.

Passkeys as a mass market passwordless solution that increases security by default is what we’re betting on at @fission

Jono Ferguson Feb 3, 2023

@bmann @simon @lucid00 @blaine @fission

It worries me that I fall into the super user category.

What are passkeys?

Boris Mann Feb 3, 2023

@jonoabroad @simon @lucid00 @blaine @fission a mass market friendly brand for WebAuthN that uses “software keys” rather than like Yubikeys, supported by Apple / Amazon / Google / Microsoft etc

Here’s Apple https://support.apple.com/en-us/HT213305

About the security of passkeys

Passkeys are a replacement for passwords. They are faster to sign in with, easier to use, and much more secure.

Apple Support

Jono Ferguson Feb 3, 2023

@bmann @simon @lucid00 @blaine @fission cheers!

Todd Smith Feb 4, 2023

@bmann @jonoabroad @simon @lucid00 @blaine @fission I did some reading about passkeys, but couldn't find any information about handling certain real-world problem scenarios. Namely:

"Someone just stole my phone!"

Okay, are there solutions offering support for:

1) Having backup passkeys on secondary devices?

2) Remote invalidation of the lost phone's passkey?

How do passkeys support redundancy and key management? I couldn't find information on that.

Boris Mann Feb 4, 2023

@todd_smith @jonoabroad @simon @lucid00 @blaine @fission the major platforms are backing up / syncing passkeys across devices and in their respective cloud storage.

There is a growing directory of sites where you can try it https://passkeys.directory

And the WebAuthN demo site is likely the most obvious https://webauthn.io

Attached image is the success message after register / authenticate

Passkeys.directory

Boris Mann Feb 5, 2023

@todd_smith @jonoabroad @simon @lucid00 @blaine @fission put together some more resources on Fission’s public wiki https://plnetwork.xyz/@boris/109809707058993453

Boris Mann (@[email protected])

#passkeys really are just getting started, so I put together a page on @fission’s public wiki with links to some resources https://talk.fission.codes/t/passkeys/4086 We’re working on adding passkey support to our #UCAN and #WebnativeSDK libraries which currently use the browser WebCryptoAPI for passwordless logins https://webnative.dev

PL Network

@bmann @simon @lucid00 @jonoabroad @blaine @fission while passkeys will be widely available - I predict low adoption by users for their apps

Boris Mann Feb 3, 2023

@DickHardt @simon @lucid00 @jonoabroad @blaine @fission chicken meet egg. Lots of hacker level devs that would love to outsource / remove passwords, and as this thread indicates, “login with Twitter” not really viable.

@bmann @simon @lucid00 @jonoabroad @blaine @fission website PMs don’t care about getting rid of passwords so much as reducing friction - social login reduced sign up friction - Hellō does that even better and let’s dev outsource all identity

Robin Berjon Feb 2, 2023

@blaine @bmann I don't think that we are safe assuming anything resembling coherent thinking, lack of incompetence, or not being really dumb over there. I mean, there's precedent…

blaine Feb 2, 2023

@robin @bmann extremely fair. I look forward to having a good chuckle. 😂

@blaine @bmann if they had added OpenID Connect then there would not be an “API” call — having recently added support for Twitter to Hellō — the APIs for getting profile data are like all the other APIs — and you need those to know who logged in

Simon Willison Feb 2, 2023

@blaine our old Twitter clone Bugle still has the code Ben Firshman wrote to simulate the Twitter API circa about 2010: https://github.com/devfort/bugle/tree/master/bugle_project/twitter_api

bugle/bugle_project/twitter_api at master · devfort/bugle

Group collaboration tools for hackers in forts. Contribute to devfort/bugle development by creating an account on GitHub.

GitHub

internets Feb 2, 2023

@blaine cc @sportsbots … just trying to assist! hopefully people will just come over one day. thanks for all you do! ❤️

Kevin Marks Feb 3, 2023

@blaine You think Felon Muck wouldn't go full Oracle vs Google on that one?

blaine Feb 4, 2023

@KevinMarks nah, case law seems clear on that. A billion s3 clones support it, and amazon would be in for a rough ride if law ran that way. I'm sure even Twitter has reimplementations of open source APIs. Maybe even closed ones?

Robert George 𓇳𓃀𓁹𓏏𓇥𓆓𓀀 Feb 3, 2023

@blaine @josh I was literally exploring doing this today. I decided I don’t have quite the bandwidth to do it myself because it would require creating an oauth 1 endpoint, and I don’t want to do that. But beyond that, a basic api bridge for posting should be relatively simple.

Blake Leonard Feb 3, 2023

@blaine I don't think such a thing would work because of how fundamentally technically different the two platforms are, i.e. content warnings, privacy levels, multiple instances... It would be much easier to just port bots/apps to use the Mastodon API.

waferbaby Feb 3, 2023

@blaine @paul was just musing about this!

@blaine the Mastodon API is much easier to write against than the Twitter API having implemented both recently

Sebastian Tobie Feb 4, 2023

@blaine i heard nothing about an project that does this.

Tim Ward ⭐🇪🇺🔶 #FBPE Feb 4, 2023

@blaine Yeah, OAuth scares me too. But my Twitter integration is a chunk of code I nicked off the web somewhere, and there appear to be similar chunks of code freely available for Mastodon.

Simon Lucy Feb 4, 2023

@blaine the API is easy enough (sans Activity callback hooks) it's the data model and its variations wherein lies the work.

herchenroder Feb 4, 2023

@blaine wow this is ridiculous. I have written several bots just for fun and now they want me to pay for it? Absurd.

Deven Phillips Feb 4, 2023

@blaine I just updated my #Apache #Camel demo to use Sever-sent Events (SSE) pulled from Mastodon... It was super simple https://github.com/redhat-appdev-practice/supersonic-subatomic-integration/blob/main/src/main/resources/routes/mastodon-stream.yaml

supersonic-subatomic-integration/mastodon-stream.yaml at main · redhat-appdev-practice/supersonic-subatomic-integration

A demonstration of using Apache Camel with Quarkus for Cloud-Native Integration Patterns - supersonic-subatomic-integration/mastodon-stream.yaml at main · redhat-appdev-practice/supersonic-subatomi...

GitHub

@blaine open protocols + an angry mob or bust. But yes ✊😅

Travis A. Everett Feb 2, 2023

@blaine In March 2009 I started a Twitter/SMS-based literary review that uses the API to propagate/archive posts and author bios to our site. We've already needed to discuss whether to continue, but this will force the issue.

It also helped me return to programming as a powerful creative tool (after intro to compsci had snuffed out my interest ~5 years before), which ultimately changed the trajectory of my life.

Gene Cowan 🏳️‍🌈Feb 2, 2023

@blaine @fxgibbons That creativity is what made Twitter a success. So, once again, Elon Musk buys up the creativity and success of others, cuts them off, and declares himself the genius inventor.

Damon Feb 2, 2023

@blaine It literally changed my life. Feeling a deep sense of mourning over here. 😔

Jonw Feb 2, 2023

@blaine agreed, I remember having fun playing with the Twitter API, plus Flickr and eBay and a load of others. Back then it felt like you could be so creative with it all

sleepy Feb 3, 2023

@blaine Twitter only succeeded because of the api, end of.

Andy Piper Feb 3, 2023

@blaine this this this 💔

Defend Democracy 🦋🌊Feb 4, 2023

@blaine
Do people think stopping API access stops bots? It won't.

Also bots are only part of the problem. Troll farms are the main problem. I get the feeling people are in denial of that as it's rarely mentioned. Always about "bots".

Stuart Longland (VK4MSL)Feb 4, 2023

@blaine Said it before, but I'll say it again: #ProtocolsNotApps. If we're to exchange information, let's agree on protocols to do it, not specific implementations.

(And for this argument, we can consider Twitter's API a cloud-hosted "implementation" that non-Twitter people cannot download and run on their own infrastructure.)

anemone Feb 4, 2023

@blaine its also the final straw for being able to prune my tweets

Rich Feb 4, 2023

@blaine have you looked at the bluesky atproto stuff out of interest? Any thoughts?

Tim Ward ⭐🇪🇺🔶 #FBPE Feb 4, 2023

@blaine I have a Twitter bot. I've heard nothing from Twitter about free access ending.

You'd have thought, wouldn't you?, that if free access was going to end I'd have received an email inviting me to pay, and telling me how to pay?

benx Feb 4, 2023

Am I right in saying that many features, that are now core features of Twitter, wouldn't have been implemented if it wasn't for the API allowing 3rd parties to add features to Twitter themselves (inspiring Twitter to make them core features)?

Twitpic is one obvious example I can think of. Hashtags and at-mentions also come to mind but I don't know if those features were dependent on the API.

Katherine ☘️Feb 4, 2023

@blaine Back when I first got Twitterrific when I was on iOS and discovering it had Tweetmarker and I could just pick up where I left off on my iPad. :)

Hans van Zijst Feb 4, 2023

I say, let Twitter go bust.