幹壞事是進步最大的原動力
Twitter 把我本來 read-only 的兩個應用程式停用掉了,加上這陣子的新聞,就改用其他方式來處理。
用的是先前在「用 RSS-Bridge 接服務」提到的 RSS-Bridge,可以將 Twitter 的資料轉成 JSON Feed。
其中 RSS-Bridge 是 PHP 寫的,剛好就拿先前在「在 Fly.io 上面跑 PHP」這邊提到的方法丟上 Fly.io,不需要自己架主機跑了。
然後把 twitter2facebook 與 twitter2plurk 這兩個專案裡面本來抓 Twitter API 的程式碼改成抓 JSON Feed。
先這樣子弄,之後再看看要不要搬...
從 Twitter 上看到的公告:
Today we are launching our new Twitter API access tiers! We’re excited to share more details about our self-serve access. 🧵
— Twitter Dev (@TwitterDev) March 29, 2023
然後這次的 prior notice 是 30 天:
Over the next 30 days, we will deprecate current access tiers such as Standard (v1.1), Essential (v2), Elevated (v2), and Premium so we recommend that you migrate to the new tiers as soon as possible for a smooth transition.
— Twitter Dev (@TwitterDev) March 29, 2023
而在「Use Cases, Tutorials, & Documentation」這頁上可以看到各種方案了:
可以看到付費方案對業餘開發者其實頗不友善,現在比較不確定的是這邊 free tier 提到的 write-only 是連自己的 timeline 都不能抓,還是指不能抓其他人的... 如果是前者的話就得用其他方法跑 twitter2facebook 與 twitter2plurk 了,或是乾脆跳船了?
在 Hacker News 上看到「Twitter Lost $60M a Year Because 390 Telcos Used Bot Accounts to Pump A2P SMS (commsrisk.com)」這篇,內文報導是這裡:「Elon Musk Says Twitter Lost $60mn a Year Because 390 Telcos Used Bot Accounts to Pump A2P SMS」。
簡訊的實際成本極低,但利潤超級高,發送方與接收方都有極大的獲利空間。
而這邊提到的 SMS pumping 的方式就是電信商自己做,或是電信商與第三方合作,利用各種發簡訊的方式 (內容不重要),讓 app 端要付出大量的簡訊成本,進而產生出大量的利潤。
在 Twilio 的「SMS Traffic Pumping Fraud」這頁就有這張圖:
簡訊的特點是很好 scale,你無法同時間接大量的電話,但可以同時間收大量的簡訊。在「SMS Fraud is costing you more than you realize」這邊也有提到這個問題。
這個問題在去年年底在我們自家的服務上就有看到跡象 (東南亞市場頗明顯),當時搜尋有一些討論,而現在看起來 Elon Musk 這次吵應該又會有更多熱度...
話說這樣演化下去,SMS 認證的退場又多了一個理由,除了 SS7 在資安上的安全問題外,看起來成本問題也會跑進來。
先前在「Twitter 宣佈要廢掉免費的 API 權限」這邊有提到在 2/9 要廢掉 API free tier 的事情延期了,延到 2/13:
We have been busy with some updates to the Twitter API so you can continue to build and innovate with us.
We’re excited to announce an extension of the current free Twitter API access through February 13. Here’s what we’re shipping then 🧵
— Twitter Dev (@TwitterDev) February 8, 2023
據說跟老闆很在意 Super Bowl,然後丟了內部信件出來有關:
SCOOP: Elon has emailed staff following the Twitter outage.
“Please pause for now on new feature development in favor of maximizing system stability and robustness, especially with the Super Bowl coming up.”
— Kylie Robison (@kyliebytes) February 8, 2023
本來想說今天會爛掉,剛好可以來弄弄,看起來可以拖延到週末了...
在「phpBB 3.3.10 Release」這邊看到這個修正,研究了一下發現原來有些故事在後面跑:
Update the emoji CDN: PHPBB3-17071
Twitter Emoji (Twemoji) 這個計畫是 Twitter 弄出來的 open source project,最主要是讓不支援新版 Unicode 的系統上可以改用圖片顯示出來 (畢竟 Unicode 一直在加字)。
其中提供的 url 是 https://twemoji.maxcdn.com/v/latest/twemoji.min.js,可以看到裡面帶有 MaxCDN 的資訊,算是一種廣告,但後來 StackPath 在 2016 併購 MaxCDN,接下來是在去年打算要淘汰掉 MaxCDN 這個產品線:「MaxCDN and SecureCDN are Retiring; Here’s What It Means for You」。
這件事情被帶到「Clarify MaxCDN URLs now that MaxCDN is retiring #556」這邊討論,但看起來沒有太多動作,後來在「Maxcdn has shut down, cdn not working anymore. #580」這邊又被帶起來討論,其中 Twitter 前員工大概提了一下情況,主要是當年他們跟 MaxCDN 有談過讓 MaxCDN 負責頻寬的部份:
@simplexx among all the things, twemoji has always been a Twitter service for the community.
At my times in there, we had a great agreement / deal with MaxCDN so that it's hard to blame the boss this time, as MaxCDN is a completely different company/story.
What I see is some poor attention to this project, as companies don't close from a day to another (usually?) but as we all know what's going on @ twitter, I can't really blame any of my former colleagues, or new arrivals there.
Please let's not make it a wall of shame for all the people that worked on this, thanks for your understanding (I've left 7 years ago or more, as example, I've got pinged by some follower and I'm just trying to help you out anyway).
另外也有人提到目前 Twitter 的溝通管道的狀況:
For what it's worth, while I was still there we were in talks with MaxCDN to have the same deal when they migrated to be Stackpath. Everyone who had worked on the deal with MaxCDN had left and left no record of that deal, so it was taking them a bit longer to work out than expected – MaxCDN used to offer free hosting to OSS projects, but Stackpath wouldn't be doing that. They were working on an exception for us, but any emails they send to our Twitter emails now get bounced, so I guess they could've gotten this sorted out before shutting down MaxCDN... but it's not like we're there on the other end to make it happen, so it appears we'll never know.
Anyway,現在是至少讓 twemoji.maxcdn.com 恢復到「會動」了,但情況變得很特殊,twemoji.maxcdn.com 這個網址目前是指到競業的 BunnyCDN 上:
;; ANSWER SECTION: twemoji.maxcdn.com. 229 IN CNAME twemoji.b-cdn.net. twemoji.b-cdn.net. 35 IN A 23.248.177.58
但如果你真的打過去要檔案,會是 301 到 jsDelivr 上:
$ http https://twemoji.maxcdn.com/2/svg/1f525.svg [...] Location: https://cdn.jsdelivr.net/npm/twemoji@11.3.0/2/svg/1f525.svg [...]
而 jsDelivr 目前是放在 Fastly 上:
;; ANSWER SECTION: cdn.jsdelivr.net. 180 IN CNAME jsdelivr.map.fastly.net. jsdelivr.map.fastly.net. 30 IN A 199.232.45.229
但在 GitHub 的說明上面則是建議用 UNPKG:
<script src="https://unpkg.com/twemoji@latest/dist/twemoji.min.js" crossorigin="anonymous"></script>
而 UNPKG 目前的 CDN 的部份則是 Cloudflare:
;; ANSWER SECTION: unpkg.com. 86400 IN NS anirban.ns.cloudflare.com. unpkg.com. 86400 IN NS aron.ns.cloudflare.com.
;; ANSWER SECTION: unpkg.com. 300 IN A 104.16.126.175 unpkg.com. 300 IN A 104.16.123.175 unpkg.com. 300 IN A 104.16.122.175 unpkg.com. 300 IN A 104.16.124.175 unpkg.com. 300 IN A 104.16.125.175
指到 BunnyCDN 但是 BunnyCDN 只負責 redirect,然後也不是導到 UNPKG 上...
昨天下午的時候看到這則官方在 Twitter 上提到的消息,要廢掉 free tier 的 API access:
Starting February 9, we will no longer support free access to the Twitter API, both v2 and v1.1. A paid basic tier will be available instead 🧵
— Twitter Dev (@TwitterDev) February 2, 2023
但這邊提到的 paid basic tier 的價錢還沒看到公告。以「API Pricing - It’s very dark out here」這邊看到的價格,目前的 premium plan 超級貴:
這下看起來是真的得搬了,目前有好幾隻程式在上面跑 :o
看到 Paul Graham 這個宣告:
This is the last straw. I give up. You can find a link to my new Mastodon profile on my site.https://t.co/bbmZ4yvAJH
— Paul Graham (@paulg) December 18, 2022
裡面提到的新政策在「Promotion of alternative social platforms policy」這邊,直接禁止其他社交平台:
At both the Tweet level and the account level, we will remove any free promotion of prohibited 3rd-party social media platforms, such as linking out (i.e. using URLs) to any of the below platforms on Twitter, or providing your handle without a URL:
- Prohibited platforms:
- Facebook, Instagram, Mastodon, Truth Social, Tribel, Post and Nostr
- 3rd-party social media link aggregators such as linktr.ee, lnk.bio
在 Hacker News 的討論上面,Paul Graham 有回應 (帳號是 pg),他又提出了一些猜測與見解,包含了他覺得這個新政策會被收回:「Paul Graham is leaving Twitter for now (twitter.com/paulg)」。
I'm not leaving Twitter. It seems more likely than not that Elon will reverse the ban on links to other social media sites. I just don't want to hang out there in the meantime. Plus given the way things are going, it seemed like a good time to learn about alternatives.
I still think Elon is a smart guy. His work on cars and rockets speaks for itself. Nor do I think he's the villain a lot of people try to make him out to be. He's eccentric, definitely, but that should be news to no one. Plus I don't think he realizes that the techniques that work for cars and rockets don't work in social media. Those two facts are sufficient to explain most of his behavior.
He could still salvage the situation. He's the sort of person it would be a big mistake to write off. And I hope he does. I would be delighted to go back to using Twitter regularly.
不過的確如他說的,這是個好機會嘗試其他的 social network...
jQuery 的發明人 John Resig 已經超久沒更新 blog 了,雖然有訂起來但沒想到會看到他更新:「Twitter vs. Mastodon」。上次的更新是 2016 年初,快七年了。
基本上裡面就是解釋 Twitter 與 Mastodon 的差異,然後順便介紹他自己的 Mastodon 帳號。
不過目前看了一輪,ActivityPub 的各種實做還是離理想差了一截,可能會先繼續龜著...
Elon Musk 自己貼了以後,有人把白板圖整理成數位圖後好讀一些:
Twitter Architecture 2022 vs. 2012. What’s changed over the past 10 years?
Thank you, @elonmusk for the transparency.
{1/2} pic.twitter.com/Fvbn7EDoOS
— Alex Xu (@alexxubyte) November 19, 2022
不過心裡可以先有底,這是解釋給大老闆聽的架構圖,底層可能還會有不少東西是沒有在這上面的,尤其是其他重要的子系統,像是圖片與影音怎麼處理之類的。
先把圖拉出來看原圖大小 (可以自己點),比較清楚一點:
從最前端往後看,可以看到 TLS-API 被標成淘汰中,照圖上寫的剩下 Android 版本在用,後續應該是往 GraphQL 靠;另外內部有使用到 Thrift,但沒有標 gRPC,我猜是這邊的主線上沒有 gRPC 而已,其他系統可能還是會有。
另外是有些東西有標 next-gen system,應該就是正在做而還沒上線的東西。
