This Package Saved My SaaS
Рет қаралды 125,784
Күн бұрын
@jugalgadhavi 7 ай бұрын
That one jira ticket will speed run itself from backlog to in-progress
@jasondads9509 7 ай бұрын
Dont let musk see it Xd
@WebDevCody 7 ай бұрын
The Twitter backend engineers while implementing that token param: “nobody’s gonna know. How would they know?”
@OMODINGDANIEL-v9s 7 ай бұрын
So crazy🤣🤣🤣🤣
@yassine-sa 7 ай бұрын
Also Twitter engineers: there is only one way for that to happen, someone with us made the library 😏
@ogs102 7 ай бұрын
😂😂😂😂
@jellyfish1772 7 ай бұрын
😂😂😂😂😂😂😂😂
@shamunkhatri6754 7 ай бұрын
that guy is ex twitter employee 😅
@requestfx5585 7 ай бұрын
"it can break at any time" I think that that time was set when you uploaded this video for thousands of people to see
@LennyMiller739 7 ай бұрын
Pfffffft. As if tech giants can afford internet
@bitw1se 6 ай бұрын
yeah ngl, that was really stupid.
@FlorinPop 7 ай бұрын
I just read it as: "This packages saved my ass"
@davlatberdinazarov179 7 ай бұрын
😂😂😂
@sora-senpai 7 ай бұрын
Same
@yassine-sa 7 ай бұрын
That's actually also correct 😂😂😂
@dytra_io 7 ай бұрын
should be the actual title
@goodsamaritan208 7 ай бұрын
You read it right.
@Parajulibkrm 7 ай бұрын
yes Josh, you don't look like that guy, that guy looks like you instead.
@Khari99 7 ай бұрын
Only Sid would post about a security vulnerability that is needed to make his application work lol
@justanaveragebalkan 7 ай бұрын
it's a CDN, if you want to put something behind it you can't actually protect it otherwise it wont function, so technically if they want to keep the same functionality for the same cost, the best they can do is to obscure it a bit more, but eventually people would break it. So technically this is not a security vulnerability, but a really cheap way to cut costs, so they might as well just make the posts free to fetch as people would abuse this regardless. Facebook, Instagram and many others have this as well, or least something similar that can be exploited to get the content off their platforms.
@flybackrs 7 ай бұрын
This is by no means a security vulnerability, this is the intended function of the API and this API has to be public because of how it's used. To prevent ""abuse"" like this you'd need to monitor who's hitting it and how often.
@megamind452 7 ай бұрын
Thanks for reporting this bug, it will be fixed in this current sprint - X engineer after watching this
@siya.abc123 7 ай бұрын
How would they fix it without breaking millions of embeddings?
@cryptomaniac1866 7 ай бұрын
They just need to change the function that creates the token and make it server side only @@siya.abc123
@michaelmontero2902 7 ай бұрын
😂😂😂😂
@petergg9096 7 ай бұрын
Lmao the current sprint
@Oussama-uo1gf 7 ай бұрын
@@siya.abc123 they can just make it so that the function that is used to generate the token based on the tweet id no longer works.
@nickolaki 7 ай бұрын
Speedrun before twitter patch the underlying solution 😂
@davisphem 7 ай бұрын
The creator of react-tweet must be an undercover spy at X 😅
@karthikeyajidagam8068 7 ай бұрын
Vercel made it broh 😂
@Iliannnn 7 ай бұрын
@@karthikeyajidagam8068 no, vercel is just what they used to host the documentation. they didn't pay for a domains so they got a free vercel one
@algobuddy 7 ай бұрын
Dude, this is like a game-changer for small developers and startups!
@rym8349 7 ай бұрын
it will get patch i will not count on it
@katto1937 7 ай бұрын
@@rym8349 Yup especially after a youtube video that so graciously points it out
@yogeshdevaggarwal 6 ай бұрын
Why is there 45 open job positions at X after this video 💀
@talhaibnemahmud 7 ай бұрын
I was more amazed that the package is from Vercel 😮
@dabbopabblo 7 ай бұрын
I theorize that how they generate the token probably changes regularly to combat this, but nothing stops you from scraping the code that generates it and extracting the new method on a whim.
@0xPanda1 7 ай бұрын
Its interesting but the down side is Twitter may change something in thier thus the code would stop working
@CorentinNoirot 7 ай бұрын
Not with the 3 remaining engineers :d
@romankoncek150 7 ай бұрын
If the code stops working, all embeds will stop working. They can only fix it for new embeds, so this crappy code is destined to stay in their codebase forever, lol :)
@0xDEAD_Inside 7 ай бұрын
@@romankoncek150 Elon is unhinged enough to do just that!
@fusseldieb 6 ай бұрын
@@romankoncek150 Not necessarily. It just doesn't contain any rate limiting ... yet.
@Nin_Cada 7 ай бұрын
This video was so informative that we got to see his twin brotha.
@maks-yaremenko 7 ай бұрын
that is so coool) I think spending resources to verify auth for these semi-public routes isn't comparable to possible losses that can produce indy developers, another assumption - developers left back door)) for their 0 users per month saas))
@enclocreations4427 7 ай бұрын
Bro remove this
@reold 7 ай бұрын
For real. We don’t want them to patch the token system
@katto1937 7 ай бұрын
Nah he prefers his 100k views which might get him $100 over a package that people might actually need in the future. He's not entitled to care about other people but there was really no need for this video, this package is well known if you need to fetch tweets. Whatever ig
@sippingthe 7 ай бұрын
@@katto1937he’s spreading knowledge to other people, gatekeeping is for clowns🤡🤡
@oniondesu9633 7 ай бұрын
twitter devs likely already knew about the package, it wasnt super obscure or unknown. they probably will break it, but it wont be because of this video
@kushpenguin 6 ай бұрын
@@oniondesu9633 most room temp iq comment of all time. if you think this video won't break the repo then you might have underlying mental disabilities
@BambeH 7 ай бұрын
Back in my school days, we used to use the Twitter API as an exercise in web fetching. Guess teachers will need to find a new site to do this exercise with.
@AdityaKumar-op5zc 6 ай бұрын
You can always use KZbin api it's free
@hipdev_ 7 ай бұрын
The creator of react-tweet is my brother, I'm so proud of him 🤗!
@UmairSadaqat 7 ай бұрын
❤
@yassine-sa 7 ай бұрын
So your brother works at Twitter?
@hipdev_ 7 ай бұрын
@@yassine-sa Take a closer look 2:40
@0xDEAD_Inside 7 ай бұрын
@@yassine-sa No, at vercel!
@guibrandalisee 7 ай бұрын
How did he came up with the formula to generate the token param? Because I was tinkering around and found out that that param does nothing, you just have to put any value into it, as far as it not being blank it will work just fine
@softmerit25 7 ай бұрын
Honestly, it's really cool. The simplicity of the react tweet is amazing. A happy ending indeed.
@Lars16 7 ай бұрын
Thanks for sharing, quick and to the point as always Josh. Awesome package and everything, but who in their right mind would consider shilling out $5000 per month for the Pro tier subscription when you haven't even found product market fit and are at 0 users. I get the point that you need to find a feasible solution to what you are building before starting out, but you could launch your SaaS with the free or basic version and upgrade as you start to monetize your SaaS.
@wontonjigsaw 7 ай бұрын
I had this same problem earlier last year. So i spent some time reverse engineering the twitter embed API myself and worked like a charm.
@cidhighwind8590 6 ай бұрын
It's great to see you finally getting the recognition you deserved from your amazing performance in Toy Story.
@LongBoy.0 7 ай бұрын
I'm still not clear on what's actually happening. why is a syndicate URL? did they just scrape and reverse engineer the database? or did they just figure out how to reverse engineer real twitter api keys that actually work?
@edenassos 7 ай бұрын
It's cheaper to do text tracking on the page with a cloud sandbox and have it screenshot tweets for you.
@Raul-pg1pf 3 ай бұрын
Sure bro totally
@this_is_samridh 7 ай бұрын
bro , you should delete this video
@zorzysty 7 ай бұрын
You TOTALLY look like Sid :D
@weeb3277 7 ай бұрын
reported for hate speech
@user-lj4lo7cx7m 6 ай бұрын
@@weeb3277 womp womp n...
@jake-hartigan 7 ай бұрын
I’d now like to know how to gather all of my past tweet id’s, then pull the rest of the data as shown. Seems like it’s still limited in that regard.
@JakobRossner-qj1wo 7 ай бұрын
Awesome way of showing it with making the HTTP request yourself
@4twi352 7 ай бұрын
I'm interested how they reverse-engineered the token part, holy
@RealTkco 7 ай бұрын
As the video mentions this is for embeding a tweet into a site, copying the code it gives you for multiple tweets and comparing, volia.
@impyrobot 6 ай бұрын
probably an ex twitter employee if I had to guess
@CAG2 7 ай бұрын
That function for calculating the token... it seems completely arbitrary, as if they just threw together of the most stuff together in hopes nobody would reverse-engineer it. Kudos to the guy for somehow figuring it out, even if this will probably will be patched very soon.
@xv179 7 ай бұрын
next day at Twitter headquarters: "Aight boys, time to change the API key generator"
@semyaza555 7 ай бұрын
0:44 Sorry Josh but I can't unsee this now...
@scalor 7 ай бұрын
This video was recommended. 1st time seeing anything from your channel. Let's see how fast this hole gets patched.
@appelnonsurtaxe 7 ай бұрын
it can't, that'd break every single tweet embed on every website
@KellenProctor 7 ай бұрын
Josh is the alternate universe version of Sid that grew up in a structured household and is going on to have a monster successful career.
@quamzgraphix9826 7 ай бұрын
Very cool library, thanks for sharing
@rickdg 7 ай бұрын
It's a good starting point before actually paying for the API. Perhaps it's still available because you still need the ID of every tweet you want to "embed"?
@sammed8337 6 ай бұрын
now they will encrypt the token with the secret key, and you can put your Saas idea in the trash can
@eVashioNN 7 ай бұрын
Unexpected shut down or a change in API can be quite surprising :D
@FlorinPop 7 ай бұрын
"You do not look like that guy" **wink, wink** 😉
@harshil1735 7 ай бұрын
There is one more problem with X. The android app does not have sign in with apple and therefore if you are shifting from apple to android then there is no way the user can login. I think X should start hiring more engineers.
@cnikolov 7 ай бұрын
whats more interesting is how they parse it back to the original id.
@JEM_GG 7 ай бұрын
I did this exact work around last year for get-ratioed a ratio viewer app xD
@BooksWeCanRead 7 ай бұрын
Yaaayyy ✨ and you are nothing like that sid guy you rock! 💜✨👏👏
@poldekwastaken 6 ай бұрын
0:54 nah bro is sid 100%
@Sandwich4321 7 ай бұрын
good to know thst this exists, i usually just use the twitter scraper i wrote in python for this sort of thing
@belkocik 7 ай бұрын
Who came up with this idea to generate a token like this? Is it production ready?
@IftekharHossen-rv7ht 7 ай бұрын
This is the reason why math in important in CS.
@daphenomenalz4100 7 ай бұрын
?? Yeah it is, but this is a horrible example, cuz literally reverse engineer the math twitter used 🤣and exploit it
@nerfRitesh 7 ай бұрын
Must been an Laid of employee traking revenge on Elon
@8colly8 7 ай бұрын
who else thought the video title was THIS PACKAGE SAVED MY ASS
@elormtsx 7 ай бұрын
this is gold 😁 thanks for sharing this 😅
@thebocksters2756 5 ай бұрын
guys, this API is not "ilegal" or something that X needs to patch it. Its Vercel package, so it's verified
@jjamesmartiin 7 ай бұрын
background giving @thiojoe vibes
@PartneredBrandsUnlimited 5 ай бұрын
Love you bro!
@EnglishRain 7 ай бұрын
Great video, thanks for sharing!
@samislam2746 7 ай бұрын
When I first saw the video title I thought it says "This Package Saved My ass" 😂😂😂😂
@damilolaadeyemi8383 7 ай бұрын
Elon Musk must not find out, else they stop everything in the sprint and change that token generation method
@pshycocoder 7 ай бұрын
I read "This package save my sASS"
@VincentFulco 7 ай бұрын
Great vid, thanks!
@enijar 7 ай бұрын
Na that Sid comparison caught me off guard 😂
@kaustubhxdd 7 ай бұрын
Elon fanboy rushing to tweet and beg him to patch this : 🏃💨 That one dev at Twitter who'll bring this up next meeting: 🤓📝 Josh: 🙍🏻♂
@_mosesb 7 ай бұрын
0:27 Him: There's a library that does this for free to save the day. Me: What there's a library that throws a useless SaaS in the trash FOR FREE, this should be interesting. Also Me there might be no useless SaaS trashing library but this is really really COOL.
@Nurof3n_ 7 ай бұрын
this video is such Sid energy
@ellamurii 7 ай бұрын
thats so funny hhahahaha. i also just tried and it accepts any string as token, no need to use generate function of vercel. i wonder whats really the purpose of token as it really does not seem for validation purpose lmao. so no reverse engineering really occurred lol
@phoneywheeze 7 ай бұрын
can you get long form tweets/articles from this?
@imkir4n 7 ай бұрын
Don't let Elon see this.
@FeinsterSchmaus 7 ай бұрын
Layoffs coming oh boy…
@weeb3277 7 ай бұрын
too late i already reported the video stitches for leeches
@GoonCity777 7 ай бұрын
@@FeinsterSchmauslaid off if the software enginners don’t do something as directed by manager
@solomonakinbiyi 6 ай бұрын
😂 "I do not look anything like that guy"
@joshuasingh854 7 ай бұрын
Man the getToken function is breaking my brain. Does anyone know what's going on there?
@phoneywheeze 7 ай бұрын
probably one of the ex twitter employees he fired
@bar6732 7 ай бұрын
Nice! I wanna steal that UI too, care to share the repo?
@eineatombombe 7 ай бұрын
im pretty sure a get request to the tweet url is all that is required. it's like you post the tweet on discord and it embeds data, but you get the data for your service.
@ShubhamVsCode 7 ай бұрын
how did they manage to reverse engineer the getToken 🤯🤯
@esyx6476 7 ай бұрын
my guess is that there is some (ex)employee from twitter who knows how it works
@RealTkco 7 ай бұрын
As the video mentions this is for embeding a tweet into a site, copying the code it gives you for multiple tweets and comparing, volia.
@sahebbeshra7659 7 ай бұрын
Now twitter knows it.
@sciencetoday3629 7 ай бұрын
Elon Musk , let's break it . I want 5 grand
@sapienwins 7 ай бұрын
I'll be very surprised if it's not patched within days of this video. Appreciated nonetheless
@ChezSwiiz 7 ай бұрын
This Package Saved My AsS
@necro3311 7 ай бұрын
I hope no one base their system on this, as a anecdote its cool, but sooner than later they will patch this the second this come widespread.
@theawesomegamer123 7 ай бұрын
Genuinely curious as a newbie, how is this allowed? Wouldn't this be a huge concern for X as a profit loss?
@SXsoft99 7 ай бұрын
"don't ask me what this does" .... modern day developers, copy paste code without understanding what it does
@RJRobinsonX 7 ай бұрын
How long now before this package no longer works because of this.
@maxi-g 7 ай бұрын
the mix of english with the austrian accent is so funny 🇦🇹❤️
@aps08 4 ай бұрын
Is there any way to get users latest tweet using username from the syndication APIs ?
@Oryssounet 7 ай бұрын
Who would use a SaaS to avoid taking a few seconds to copy/paste a testimonial from Twitter?
@yassine-sa 7 ай бұрын
It's doomed because they'll see this and they'll change the way they generate the token or even better change the whole api
@vickonsscope6477 7 ай бұрын
OH NO Josh!!!😂... You have exposed these innocent dudes..Now Twitter backend engineers would have to find a way to block that access😂😂
@u1f98a 7 ай бұрын
i assume the $5000/mo will be cheap to the cost of a lawsuit in the case of you growing big enough for Elon to notice
@impyrobot 7 ай бұрын
If you make more than 10k a month you can consider the API until then whatever
@deepshaswat 7 ай бұрын
I am also building something which requires to do the user lookup, please let me know if you find anything similar
@Mohith7548 7 ай бұрын
The issue here is: how do you get the tweet ids?
@enra8557 7 ай бұрын
Yep I already use it around 3 weeks rn. Guess what? This package comes from vercel. And one of the contributors is lee rob himself
@amsraux 7 ай бұрын
now they will fix it...
@theSuitCat 7 ай бұрын
It want last long before Twitter Devs change that token param
@sabujghosh8474 7 ай бұрын
Was looking for something like this for so long
@angelsancheese 7 ай бұрын
You look exactly like that Toy Story character. You should embrace it
@II__II 7 ай бұрын
what's the name of the graphics editor he draws in?
@sierragutenberg 7 ай бұрын
look to the left: exaclidraw
@mathesonstep 6 ай бұрын
This is insanely useful
@uneebbhatti123 7 ай бұрын
Bro why do I need to store a tweet in database, what is the main purpose of your SAAS?
@iresharma 7 ай бұрын
I might be wrong but you shouldn't have share this, very soon someone from twitter see's this and patches it
@highpofly 7 ай бұрын
inb4 this package stops working
@BarakaAndrew 7 ай бұрын
They can turn this off in one day, enjoy it while still available. They'd probably make way more money if the $100 API was decent
@Channel-cy4lh 7 ай бұрын
Great video Josh. This is really good to know about. My only concern, as you mentioned, would be the question of how long it will be before this method is broken or blocked by them. I suppose it's just a matter of ensuring this code is isolated enough that you can swap it out within your functionality in the future. And, you know what, you kinda do look like Sid....
@NOELOLBAID 7 ай бұрын
jajaja dude am understand your happy face when you find the repo :D its the same when I found the Whatsapp Api repo
@mt000mp 7 ай бұрын
whatsapp has an API repo?
@IndigoVFX 6 ай бұрын
Details please? 🙏🏼
@JemEklery 7 ай бұрын
Meh, I tried it. It works when you pass any token, even `foobar`. So this math is just for show
Fabiosa Best Lifehacks
Рет қаралды 16 МЛН