August 10, 2012
Twitter has gone OAuth-only and it is judgement day for the scores of Twitter apps still using basic authentication. Developers have had a few months to switch across to the new OAuth protocol (and the deadline was extended again to accommodate the World Cup), but it seems like quite a few never made the switch, or still have users running older versions of their software. A quick Twitter search reveals some frustration.
What does a tool maker do when his tool breaks? He builds a new tool to patch the broken one. At least that is what David Beckemeyer (Mr Blog) did when his tweeting garage door opener was threatened by the approaching OAuthpocalypse. This date with destiny for all Twitter programmers is the planned June 30th cutoff of basic authentication. At that point all Twitter apps must communicate with the API through OAuth authentication instead of the much less complicated user name/password form of HTTP Authentication. There are many good reasons for this change, which have been repeated endlessly on the Twitter developer forum, but in practice it is a lot of added complexity, more complexity than David wanted to build into his little, simple garage door device.
As Pinterest endures its second attack in as many weeks, Twitter is subsequently auto-flooded with fake weight-loss posts that are designed to lure followers into a trap that could expose personal information and account credentials. For its part, Pinterest's lack of transparency regarding the matter stands in contrast to industry standard best practices for such breaches.