

Don’t Click The WTF Link On Twitter Unless You Do Like Sex With Goats - julien
http://techcrunch.com/2010/09/26/dont-click-the-wtf-link-on-twitter-unless-you-do-like-sex-with-goats/

======
mrduncan
More discussion here: <http://news.ycombinator.com/item?id=1729601>

------
rythie
They are using GET requests for status updates - possibly only on new twitter.

~~~
kolektiv
Which is quite astounding. These aren't novice programmers fresh from a comp-
sci course and in to the big bad world. Making this kind of mistake (which is
a mistake on not one, but many grounds) is extraordinary. It's as if the ideas
of idempotence, REST, basic security, treating external input as hostile, etc.
have never even been mentioned between them.

I'm not foolish enough to imagine that this is anything other than a blip for
them - their first mover momentum and market dominance is invincible for the
time being, but they don't deserve it if they keep putting users at risk as
casually as they seem to be. So far, we've seen nothing too nasty (though this
could be embarrassing I suppose), but it's a bad sign looking ahead.

~~~
rythie
I agree, I can't quite believe they put something so poor security wise out.
I'm not convinced when they say it's fixed that's it's really fixed yet either
- in that someone could just create another page with the problem.

------
sprout
They could really start improving their security model by not forcing me to
whitelist them in noscript just to read a user page.

Though I haven't seen that error consistently.

------
skbohra123
seems like it's fixed now : <http://twitter.com/twitter/status/25615345589>

------
cinimod
What's wrong with sex with goats?

