This Package Saved My SaaS
Рет қаралды 125,441
Күн бұрын
@jugalgadhavi 5 ай бұрын
That one jira ticket will speed run itself from backlog to in-progress
@jasondads9509 5 ай бұрын
Dont let musk see it Xd
@WebDevCody 5 ай бұрын
The Twitter backend engineers while implementing that token param: “nobody’s gonna know. How would they know?”
@OMODINGDANIEL-v9s 5 ай бұрын
So crazy🤣🤣🤣🤣
@yassine-sa 5 ай бұрын
Also Twitter engineers: there is only one way for that to happen, someone with us made the library 😏
@ogs102 5 ай бұрын
😂😂😂😂
@jellyfish1772 5 ай бұрын
😂😂😂😂😂😂😂😂
@shamunkhatri6754 5 ай бұрын
that guy is ex twitter employee 😅
@requestfx5585 5 ай бұрын
"it can break at any time" I think that that time was set when you uploaded this video for thousands of people to see
@LennyMiller739 5 ай бұрын
Pfffffft. As if tech giants can afford internet
@bitw1se 4 ай бұрын
yeah ngl, that was really stupid.
@FlorinPop 5 ай бұрын
I just read it as: "This packages saved my ass"
@davlatberdinazarov179 5 ай бұрын
😂😂😂
@sora-senpai 5 ай бұрын
Same
@yassine-sa 5 ай бұрын
That's actually also correct 😂😂😂
@dytra_io 5 ай бұрын
should be the actual title
@goodsamaritan208 5 ай бұрын
You read it right.
@Parajulibkrm 5 ай бұрын
yes Josh, you don't look like that guy, that guy looks like you instead.
@Khari99 5 ай бұрын
Only Sid would post about a security vulnerability that is needed to make his application work lol
@justanaveragebalkan 5 ай бұрын
it's a CDN, if you want to put something behind it you can't actually protect it otherwise it wont function, so technically if they want to keep the same functionality for the same cost, the best they can do is to obscure it a bit more, but eventually people would break it. So technically this is not a security vulnerability, but a really cheap way to cut costs, so they might as well just make the posts free to fetch as people would abuse this regardless. Facebook, Instagram and many others have this as well, or least something similar that can be exploited to get the content off their platforms.
@flybackrs 5 ай бұрын
This is by no means a security vulnerability, this is the intended function of the API and this API has to be public because of how it's used. To prevent ""abuse"" like this you'd need to monitor who's hitting it and how often.
@nickolaki 5 ай бұрын
Speedrun before twitter patch the underlying solution 😂
@megamind452 5 ай бұрын
Thanks for reporting this bug, it will be fixed in this current sprint - X engineer after watching this
@siya.abc123 5 ай бұрын
How would they fix it without breaking millions of embeddings?
@cryptomaniac1866 5 ай бұрын
They just need to change the function that creates the token and make it server side only @@siya.abc123
@michaelmontero2902 5 ай бұрын
😂😂😂😂
@petergg9096 5 ай бұрын
Lmao the current sprint
@Oussama-uo1gf 5 ай бұрын
@@siya.abc123 they can just make it so that the function that is used to generate the token based on the tweet id no longer works.
@yogeshdevaggarwal 4 ай бұрын
Why is there 45 open job positions at X after this video 💀
@davisphem 5 ай бұрын
The creator of react-tweet must be an undercover spy at X 😅
@karthikeyajidagam8068 5 ай бұрын
Vercel made it broh 😂
@Iliannnn 5 ай бұрын
@@karthikeyajidagam8068 no, vercel is just what they used to host the documentation. they didn't pay for a domains so they got a free vercel one
@talhaibnemahmud 5 ай бұрын
I was more amazed that the package is from Vercel 😮
@algobuddy 5 ай бұрын
Dude, this is like a game-changer for small developers and startups!
@rym8349 5 ай бұрын
it will get patch i will not count on it
@katto1937 5 ай бұрын
@@rym8349 Yup especially after a youtube video that so graciously points it out
@dabbopabblo 5 ай бұрын
I theorize that how they generate the token probably changes regularly to combat this, but nothing stops you from scraping the code that generates it and extracting the new method on a whim.
@0xPanda1 5 ай бұрын
Its interesting but the down side is Twitter may change something in thier thus the code would stop working
@CorentinNoirot 5 ай бұрын
Not with the 3 remaining engineers :d
@romankoncek150 5 ай бұрын
If the code stops working, all embeds will stop working. They can only fix it for new embeds, so this crappy code is destined to stay in their codebase forever, lol :)
@0xDEAD_Inside 5 ай бұрын
@@romankoncek150 Elon is unhinged enough to do just that!
@fusseldieb 4 ай бұрын
@@romankoncek150 Not necessarily. It just doesn't contain any rate limiting ... yet.
@enclocreations4427 5 ай бұрын
Bro remove this
@reold 5 ай бұрын
For real. We don’t want them to patch the token system
@katto1937 5 ай бұрын
Nah he prefers his 100k views which might get him $100 over a package that people might actually need in the future. He's not entitled to care about other people but there was really no need for this video, this package is well known if you need to fetch tweets. Whatever ig
@sippingthe 5 ай бұрын
@@katto1937he’s spreading knowledge to other people, gatekeeping is for clowns🤡🤡
@oniondesu9633 5 ай бұрын
twitter devs likely already knew about the package, it wasnt super obscure or unknown. they probably will break it, but it wont be because of this video
@kushpenguin 4 ай бұрын
@@oniondesu9633 most room temp iq comment of all time. if you think this video won't break the repo then you might have underlying mental disabilities
@Nin_Cada 5 ай бұрын
This video was so informative that we got to see his twin brotha.
@hipdev_ 5 ай бұрын
The creator of react-tweet is my brother, I'm so proud of him 🤗!
@UmairSadaqat 5 ай бұрын
❤
@yassine-sa 5 ай бұрын
So your brother works at Twitter?
@hipdev_ 5 ай бұрын
@@yassine-sa Take a closer look 2:40
@0xDEAD_Inside 5 ай бұрын
@@yassine-sa No, at vercel!
@guibrandalisee 5 ай бұрын
How did he came up with the formula to generate the token param? Because I was tinkering around and found out that that param does nothing, you just have to put any value into it, as far as it not being blank it will work just fine
@Lars16 5 ай бұрын
Thanks for sharing, quick and to the point as always Josh. Awesome package and everything, but who in their right mind would consider shilling out $5000 per month for the Pro tier subscription when you haven't even found product market fit and are at 0 users. I get the point that you need to find a feasible solution to what you are building before starting out, but you could launch your SaaS with the free or basic version and upgrade as you start to monetize your SaaS.
@maks-yaremenko 5 ай бұрын
that is so coool) I think spending resources to verify auth for these semi-public routes isn't comparable to possible losses that can produce indy developers, another assumption - developers left back door)) for their 0 users per month saas))
@cidhighwind8590 4 ай бұрын
It's great to see you finally getting the recognition you deserved from your amazing performance in Toy Story.
@zorzysty 5 ай бұрын
You TOTALLY look like Sid :D
@weeb3277 5 ай бұрын
reported for hate speech
@user-lj4lo7cx7m 4 ай бұрын
@@weeb3277 womp womp n...
@4twi352 5 ай бұрын
I'm interested how they reverse-engineered the token part, holy
@RealTkco 5 ай бұрын
As the video mentions this is for embeding a tweet into a site, copying the code it gives you for multiple tweets and comparing, volia.
@impyrobot 4 ай бұрын
probably an ex twitter employee if I had to guess
@_gekyumeman4127 5 ай бұрын
I had this same problem earlier last year. So i spent some time reverse engineering the twitter embed API myself and worked like a charm.
@softmerit25 5 ай бұрын
Honestly, it's really cool. The simplicity of the react tweet is amazing. A happy ending indeed.
@edenassos 5 ай бұрын
It's cheaper to do text tracking on the page with a cloud sandbox and have it screenshot tweets for you.
@Raul-pg1pf Ай бұрын
Sure bro totally
@LongBoy.0 5 ай бұрын
I'm still not clear on what's actually happening. why is a syndicate URL? did they just scrape and reverse engineer the database? or did they just figure out how to reverse engineer real twitter api keys that actually work?
@BambeH 5 ай бұрын
Back in my school days, we used to use the Twitter API as an exercise in web fetching. Guess teachers will need to find a new site to do this exercise with.
@AdityaKumar-op5zc 4 ай бұрын
You can always use KZbin api it's free
@BooksWeCanRead 5 ай бұрын
Yaaayyy ✨ and you are nothing like that sid guy you rock! 💜✨👏👏
@this_is_samridh 5 ай бұрын
bro , you should delete this video
@JakobRossner-qj1wo 5 ай бұрын
Awesome way of showing it with making the HTTP request yourself
@scalor 5 ай бұрын
This video was recommended. 1st time seeing anything from your channel. Let's see how fast this hole gets patched.
@appelnonsurtaxe 5 ай бұрын
it can't, that'd break every single tweet embed on every website
@CAG2 5 ай бұрын
That function for calculating the token... it seems completely arbitrary, as if they just threw together of the most stuff together in hopes nobody would reverse-engineer it. Kudos to the guy for somehow figuring it out, even if this will probably will be patched very soon.
@imkir4n 5 ай бұрын
Don't let Elon see this.
@FeinsterSchmaus 5 ай бұрын
Layoffs coming oh boy…
@weeb3277 5 ай бұрын
too late i already reported the video stitches for leeches
@GoonCity777 5 ай бұрын
@@FeinsterSchmauslaid off if the software enginners don’t do something as directed by manager
@quamzgraphix9826 5 ай бұрын
Very cool library, thanks for sharing
@ShubhamVsCode 5 ай бұрын
how did they manage to reverse engineer the getToken 🤯🤯
@esyx6476 5 ай бұрын
my guess is that there is some (ex)employee from twitter who knows how it works
@RealTkco 5 ай бұрын
As the video mentions this is for embeding a tweet into a site, copying the code it gives you for multiple tweets and comparing, volia.
@semyaza555 5 ай бұрын
0:44 Sorry Josh but I can't unsee this now...
@rickdg 5 ай бұрын
It's a good starting point before actually paying for the API. Perhaps it's still available because you still need the ID of every tweet you want to "embed"?
@kaustubhxdd 5 ай бұрын
Elon fanboy rushing to tweet and beg him to patch this : 🏃💨 That one dev at Twitter who'll bring this up next meeting: 🤓📝 Josh: 🙍🏻♂
@elormtsx 5 ай бұрын
this is gold 😁 thanks for sharing this 😅
@EnglishRain 5 ай бұрын
Great video, thanks for sharing!
@FlorinPop 5 ай бұрын
"You do not look like that guy" **wink, wink** 😉
@VincentFulco 5 ай бұрын
Great vid, thanks!
@jakehartigandesign 5 ай бұрын
I’d now like to know how to gather all of my past tweet id’s, then pull the rest of the data as shown. Seems like it’s still limited in that regard.
@vickonsscope6477 5 ай бұрын
OH NO Josh!!!😂... You have exposed these innocent dudes..Now Twitter backend engineers would have to find a way to block that access😂😂
@PartneredAdmin 3 ай бұрын
Love you bro!
@poldekwastaken 4 ай бұрын
0:54 nah bro is sid 100%
@Nurof3n_ 5 ай бұрын
this video is such Sid energy
@harshil1735 5 ай бұрын
There is one more problem with X. The android app does not have sign in with apple and therefore if you are shifting from apple to android then there is no way the user can login. I think X should start hiring more engineers.
@enijar 5 ай бұрын
Na that Sid comparison caught me off guard 😂
@JEM_GG 5 ай бұрын
I did this exact work around last year for get-ratioed a ratio viewer app xD
@cnikolov 5 ай бұрын
whats more interesting is how they parse it back to the original id.
@eVashioNN 5 ай бұрын
Unexpected shut down or a change in API can be quite surprising :D
@RiteshNEVERUNIFORM 5 ай бұрын
Must been an Laid of employee traking revenge on Elon
@KellenProctor 5 ай бұрын
Josh is the alternate universe version of Sid that grew up in a structured household and is going on to have a monster successful career.
@maxi-g 5 ай бұрын
the mix of english with the austrian accent is so funny 🇦🇹❤️
@Sandwich4321 5 ай бұрын
good to know thst this exists, i usually just use the twitter scraper i wrote in python for this sort of thing
@thebocksters2756 4 ай бұрын
guys, this API is not "ilegal" or something that X needs to patch it. Its Vercel package, so it's verified
@damilolaadeyemi8383 5 ай бұрын
Elon Musk must not find out, else they stop everything in the sprint and change that token generation method
@sciencetoday3629 5 ай бұрын
Elon Musk , let's break it . I want 5 grand
@sapienwins 5 ай бұрын
I'll be very surprised if it's not patched within days of this video. Appreciated nonetheless
@IftekharHossen-rv7ht 5 ай бұрын
This is the reason why math in important in CS.
@daphenomenalz4100 5 ай бұрын
?? Yeah it is, but this is a horrible example, cuz literally reverse engineer the math twitter used 🤣and exploit it
@bar6732 5 ай бұрын
Nice! I wanna steal that UI too, care to share the repo?
@xv179 5 ай бұрын
next day at Twitter headquarters: "Aight boys, time to change the API key generator"
@sammed8337 4 ай бұрын
now they will encrypt the token with the secret key, and you can put your Saas idea in the trash can
@8colly8 5 ай бұрын
who else thought the video title was THIS PACKAGE SAVED MY ASS
@mathesonstep 4 ай бұрын
This is insanely useful
@jjamesmartiin 5 ай бұрын
background giving @thiojoe vibes
@belkocik 5 ай бұрын
Who came up with this idea to generate a token like this? Is it production ready?
@amsraux 5 ай бұрын
now they will fix it...
@ChezSwiiz 5 ай бұрын
This Package Saved My AsS
@_mosesb 5 ай бұрын
0:27 Him: There's a library that does this for free to save the day. Me: What there's a library that throws a useless SaaS in the trash FOR FREE, this should be interesting. Also Me there might be no useless SaaS trashing library but this is really really COOL.
@sabujghosh8474 5 ай бұрын
Was looking for something like this for so long
@ellamurii 5 ай бұрын
thats so funny hhahahaha. i also just tried and it accepts any string as token, no need to use generate function of vercel. i wonder whats really the purpose of token as it really does not seem for validation purpose lmao. so no reverse engineering really occurred lol
@phoneywheeze 5 ай бұрын
can you get long form tweets/articles from this?
@SXsoft99 5 ай бұрын
"don't ask me what this does" .... modern day developers, copy paste code without understanding what it does
@yassine-sa 5 ай бұрын
It's doomed because they'll see this and they'll change the way they generate the token or even better change the whole api
@pshycocoder 5 ай бұрын
I read "This package save my sASS"
@necro3311 5 ай бұрын
I hope no one base their system on this, as a anecdote its cool, but sooner than later they will patch this the second this come widespread.
@joshuasingh854 5 ай бұрын
Man the getToken function is breaking my brain. Does anyone know what's going on there?
@phoneywheeze 5 ай бұрын
probably one of the ex twitter employees he fired
@solomonakinbiyi 4 ай бұрын
😂 "I do not look anything like that guy"
@NOELOLBAID 5 ай бұрын
jajaja dude am understand your happy face when you find the repo :D its the same when I found the Whatsapp Api repo
@mt000mp 5 ай бұрын
whatsapp has an API repo?
@IndigoVFX 5 ай бұрын
Details please? 🙏🏼
@II__II 5 ай бұрын
what's the name of the graphics editor he draws in?
@sierragutenberg 5 ай бұрын
look to the left: exaclidraw
@aps08 2 ай бұрын
Is there any way to get users latest tweet using username from the syndication APIs ?
@unicodefox 5 ай бұрын
i assume the $5000/mo will be cheap to the cost of a lawsuit in the case of you growing big enough for Elon to notice
@impyrobot 5 ай бұрын
If you make more than 10k a month you can consider the API until then whatever
@Channel-cy4lh 5 ай бұрын
Great video Josh. This is really good to know about. My only concern, as you mentioned, would be the question of how long it will be before this method is broken or blocked by them. I suppose it's just a matter of ensuring this code is isolated enough that you can swap it out within your functionality in the future. And, you know what, you kinda do look like Sid....
@eineatombombe 5 ай бұрын
im pretty sure a get request to the tweet url is all that is required. it's like you post the tweet on discord and it embeds data, but you get the data for your service.
@oaklyfoundation 5 ай бұрын
Where did u get that UI its sick.
@TimeAiTales 5 ай бұрын
DELETE IT BEFORE I COUNT TO THREE.
@sahebbeshra7659 5 ай бұрын
Now twitter knows it.
@sanchaythalnerkar9577 5 ай бұрын
lmao crazy good ! is there a similar package for first getting the tweets of the user?
@theSuitCat 5 ай бұрын
It want last long before Twitter Devs change that token param
@angelsancheese 5 ай бұрын
You look exactly like that Toy Story character. You should embrace it
@samislam2746 5 ай бұрын
When I first saw the video title I thought it says "This Package Saved My ass" 😂😂😂😂
@wagyumedia 5 ай бұрын
api gets protected in 3 2 1…
@ricko13 5 ай бұрын
ok but how do you retrieve like new tweets from users? without manually copying-pasting tweet URL ?
@theawesomegamer123 5 ай бұрын
Genuinely curious as a newbie, how is this allowed? Wouldn't this be a huge concern for X as a profit loss?
@Mohith7548 5 ай бұрын
The issue here is: how do you get the tweet ids?
@TeodorArg 24 күн бұрын
Perfecto ! 💥
@Oussama-uo1gf 5 ай бұрын
5000$/month for the twitter api is actually crazy
@AdityaKumar-op5zc 4 ай бұрын
Simple reason elon doesn't want you to use it
@whizzie3367 5 ай бұрын
I was hoping they could have something API that checks If an account follows me... I need it to complete my saas... Do you have any idea on how I can achieve this??
@Aboods1337 5 ай бұрын
Hi, I see you have an option to import from discord too, how does that work? Thanks in advance!
Slime Cat
Рет қаралды 34 МЛН
BalcevMMA_BOXING
Рет қаралды 13 МЛН
LearnToon - Learn & Play
Рет қаралды 117 МЛН
Your Average Tech Bro
Рет қаралды 289 М.
Slime Cat
Рет қаралды 34 МЛН