Stuart Breckenridge

Twitter Prices Third Party Developers Off of Platform

Juli Clover, for Macrumors:

Third-party Twitter app developers will be required to purchase a Premium or Enterprise Account Activity API package to access a full set of activities related to a Twitter account including Tweets, @mentions, Replies, Retweets, Quote Tweets, Retweets of Quoted Tweets, Likes, Direct Messages Sent, Direct Messages Received, Follows, Blocks, Mutes, typing indicators, and read receipts.

Premium API access, which provides access to up to 250 accounts, is priced at $2,899 per month, while enterprise access is more expensive, with pricing quotes available from Twitter following an application for an enterprise account.

$2,899 per month is an insane amount of money for third party developers like Tapbots or The Iconfactory to be paying each month. As pointed out on Apps of a Feather, this will equate to over $16 per month for each user. It’s unaffordable and it would therefore appear that August 16th, 2018 will be the end of the road for third party clients.

What I don’t understand is why there is no middle ground for Twitter and third party clients? For example, make the Activity API available to third party client developers for free on the proviso that they include Twitter ads in the stream1? (My assumption is that this is mostly about monetisation.)

  1. And just live without streaming and push notifications. ↩︎

Critical Vulnerabilities Discovered in PGP and S/MIME

A group of European security researchers have released a warning about a set of vulnerabilities affecting users of PGP and S/MIME. EFF has been in communication with the research team, and can confirm that these vulnerabilities pose an immediate risk to those using these tools for email communication, including the potential exposure of the contents of past messages.

The full details will be published in a paper on Tuesday at 07:00 AM UTC (3:00 AM Eastern, midnight Pacific). In order to reduce the short-term risk, we and the researchers have agreed to warn the wider PGP user community in advance of its full publication.

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

Excel Gains JavaScript User Defined Functions

Frederic Lardinois, writing for TechCrunch:

Microsoft is launching a couple of features to Excel today that make the ubiquitous spreadsheet software a bit more powerful. Among the new features is support for Azure Machine Learning and custom JavaScript functions to Excel to extend its capabilities.


Developers could already write their own complex scripts with Visual Basic for Applications (VBA). There are some advantages to using JavaScript, though, not in the least its popularity and ability to easily connect to third-party services, but also the simple fact that these functions can run on any platform. Microsoft first tested custom functions through the Office Insider Program, and it’s now ready to roll it out to a wider audience.

The instructions seem a little convoluted at this stage 1, but I’m keen to try this out.

  1. It is early access. ↩︎

Github, Twitter Stored Passwords in Clear Text


During the course of regular auditing, GitHub discovered that a recently introduced bug exposed a small number of users’ passwords to our internal logging system […]


Due to a bug, passwords were written to an internal log before completing the hashing process.

It seems that Github and Twitter are using the same underlying technology. Regardless, you should change your password.