Slandr oAuth based login now default
The basic auth (login with your username and password) days are over. Twitter is slowy decreasing the amount of API calls for this method and therefore I’ve swapped our beta oAuth environment with the basic oauth version.
This might have some implications from countries where twitter.com is blocked. You can still use http://M2.slandr.net for basic auth login (username, passwd) but I don’t know how long twitter will keep on supporting some calls via this method…
Happy Slandring!
Slandr oAuth beta now live for public testing
As Twitter is gradually going to phase out HTTP Basic Auth login (username+password) via the API, I finally found some time to implement oAuth for Slandr Mobile Twitter. Test it for yourself at the temporarily subdomain http://m2.slandr.net. Twitter will shut down Basic Auth login at 16th of August and so will we.
At the moment photo uploading is not supporting yet via the oAuth beta. Will be soon though.
Please find some time to test and try the new login method over at http://m2.slandr.net
A special note for users from countries where Twitter is blocked:
At the moment we are in the process of getting xAuth permissions so users from countries where Twitter is being blocked will still be able to login to tweet via Slandr after the Oauthcalypse. This depends on Twitter’s judging of Slandr being eligible to use xAuth however.
Doubled Slandr’s server to increase response, and kill downtimes
Dear Slandr users,
as some of you might have seen the past few months Slandr sometimes suffered some downtime due to increasing popularity and intense usage of our mobile twitter application. Thanks for that :D
This morning I increased the dedicated virtual server on which the site is hosted to double of it’s previous max performance. Downtimes should hopefully be reduced to 0 from now on.
Increasing the server’s performance and bandwidth also brings extra costs so feel free to visit some of our site’s sponsors by clicking or retweeting their ad’s or become a featured user!
introducing Slandr Featured User, gain instant popularity on Twitter!
Dear Users,
As of today we offer Slandr Featured User advertising. Being featured on almost all our pages gets you a lot of traffic and followers and can be an easy way to grow your online popularity. Thank you Twittercounter for this inspirational business model
We introduced featured user to keep up with higher and higher bandwidth and server costs. We only allow interesting people to be featured. We ask featured users to be an active tweeter as featured users appear within everybodies timelines with their latest tweet. You can follow and retweet featured users tweets.
Check out the pricing and signup >
Hacking Slandr: XSS and CSRF vulnerabilities patched
Last sunday I received an alarming email from Aviv Raff (@avivra on Twitter). This is what he wrote:
Slandr suffers from XSS and CSRF vulnerabilities. The m.slandr.net
search page does not encode HTML entities in the search form field,
which can allow the injection of scripts. Also, the update form on the
index.php page does not use authenticity code in order to validate
that the HTTP request post is coming from the slandr web application.
As this can be used by an attacker to create a Twitter worm, it would
be great if you can fix this vulnerability as soon as possible.
I’m going to publish information about this vulnerability as part of
“Month of Twitter Bugs” initiative …. (…)
Aviv was so kind to attach two links proofing his concept :D. After carefully analyzing his suggestions I implemented various fixes, to ensure maximum security on Slandr Mobile Twitter once again. Please note that these vulnerabilities have not been exploited.
For you tech-savvies and interested people out there: The fixes I implemented vary from using htmlentites()-encoding on more spots in the code, to token-based-solutions to check POSTs are coming from Slandr itself rather than from third pary (malicious) websites. Inspiration for the CSRF-fix came from Chris Siflett’s post on Cross Site Request Forgeries and OWASP on CSRF. At first I tried implementing the CSRF-magic fix. With this php-class only a single include protects every form against CSRF injections. A great solution to quickly safeguard your site once again however it did not go well with existing Slandr code..
So thanks once again Aviv for pointing out these weak spots in Slandr Mobile Twitter! Happy Slandring once again!
Conversations-feature in Slandr Mobile Twitter premiering at SXSW 2009
A most wanted feature which has not yet been added to the Twitter API are the ‘conversations’. Having said that I am happy to announce that from now on you DO CAN HAZ READ ‘CONVERSATIONS’ ON DZE SLANDRZ TWITTR MOBILZ!
Why is the new conversations in Slandr method so cool? Imagine a tweet like:
- roelandp: ‘@slandr yeah that would be great’.
If you would see this in your timeline this tweet wouldn’t mean a thing. Context=everything as @2525 once said.
Clicking on the new button next to that tweet 
(conversation bubbles), brings you to the Conversations page, where the complete threat is displayed, which contextualizes the previous mentioned example tweet:
- slandr: ‘@roelandp would you like me to give you € 10.000?’
- roelandp: ‘@slandr yeah that would be great’.
Please note that Conversations is a wanted feature on the Twitter API development list, as I can conclude from threads in the Twitter development talk group. Enabling conversations through the API would be a great add-on for Twitter, as this is where Twitter is heading too. Ofcourse search is great for monitoring on going live events, but in depth listing of person-to-person chats is a must in the Moscow!
The ‘conversations’ implementation on Slandr is hack and only a hack. “Hacked by dope demand” -RoelandP . It is not supported by Twitter. Maybe it is even illegal, ooooh.
Happy conversationalising, Happy SXSW-ing, Happy Slandring.
Spread the word people! Slandr is the greatest mobile twitter client site out there! See you all at http://m.slandr.net
View everybody’s favourites!
Enabled the ‘view favourites’ functions in Slandr. Since Slandr’s launch you could already manage and view your own favourites (via Extra > Favourites). As of today you can also see the favourites of every public twitter user.
Find the favourites via the ‘single user view’ (click on a username) and click on the ‘view favs!’ link.
Happy Slandring!
Added TwitterTrends: Follow trending topics from Search, Tweetmeme and Twitturl!
Twitter is all about the realtime web. From now on you can find trending links and topics in the Slandr Mobile Twitter Client Site. Trending links are provided by Tweetmeme.com and TwittUrls.com. Trending topics are provided by Twittersearch.
Find the Trending links/urls via the menu ‘Extra > Trends’. Trending topics are displayed below the search field under the menu ‘Search’.
Thank you @Amabacha for your suggestion!
Happy Slandring!
TwitterCounter integrated in Slandr. How many followers do you have on Twitter?
As of today, Slandr Mobile Twitter now integrates TwitterCounter.com’s stats through their recently released API. From now on you can directly check the latest changes in a certain users’ followerscount through Slandr.
Find the TwitterCounter link on every single user page. Click on a username anywhere in Slandr to get to the single user page. Find the link ‘twittercounter’ below the person’s bio. TwitterCounter integration in Slandr is thankfully relying on the TwitterCounter API as well as on Google Chart API.
Why? Because we can! Happy Slandring!
Upload your photos to MobyPicture or Twitpic directly through Slandr mobile Twitter!
Added another feature to the ever extending featurelist of your favorite mobile Twitter browser: As of today you can accompany a tweet with a picture by using our build-in Pic & Tweet uploader.
Find the Pic & Tweet uploader by clicking the ‘extra’-tab and afterwards the ‘Pic & Tweet’ subnavigation item. Type your message and attach a photo by hitting the browse button and browse to an image on your phone. Click the ‘upload and tweet’ - button to start the transfer.
Please note that this feature might consume some bandwidth, depending on the filesize of the image you are uploading!
Custom setting: avatars on or off. Save bandwidth!
As of today you can choose whether you want to show or disable the avatars in front of each tweet, potentially saving your bandwidth costs!
Go to your personal settings page, by clicking your username in the top navbar. From your userpane, click the ‘edit settings’ link, next to ‘It’s You!’. A new page will open called ‘Kustom-ice’. Under the advanced-settings you can now set your preference regarding avatar display.
Happy slandring!
Election 08 on Slandr
For Election day and night I’ve just launched ‘Slandr Election’. It is an aggregator service optimized for mobile browser, showing you: the latest election related tweets from Twitter and election news provided by Yahoo and Google.
If you login to Twitter via Slandr you can also view the tweets from Obama and McCain and post your own tweets on the timeline (#E08 automatically appended).
Quicklaunch icon for your mobile
At wap.getjar.com you can download a so called ‘visual bookmark’, which is basically a quicklaunch bookmark for m.slandr.net nested in your phone’s apps-folder. Clicking on this bookmark opens up your device’s browser.
The Visual Bookmark is available for Windows Mobile, Blackberry, Nokia (see warning below), all other phones supporting Java/J2ME apps.
Nokia users please note: There are several reports that the .SIS installers are not working properly. The java/j2me app. works fine though!
go to the download page »>
View Twitpics directly in the timeline!
Twitpic is a popular ‘photo-to-twitter’ tool, which lets you post pictures to your twitterstream, including a link to a dedicated twitpic page with the image, and the location where the picture was taken.
As from today Slandr will automagically translate Twitpic urls to display thumbnails of the pictures, directly in your timeline. Clicking on a thumbnail will open a new page with a larger version of the Twitpicture.
By the way: Slandr offered this feature already for quite some time for two other ‘photo-to-twitter’ services: Mobypicture.com and Autopostr.com
Highlighting: it is YOU in the spotlight!
Added another minor feature today. From now on you can easily detect tweets to or about you in the main-timeline (index) or single user view, because they are now highlighted with a different background-color and have a tiny border around the tweet. Hope u like it!
