I’ve modified the way ads are scored. You’ll no longer be penalized for ads placed in the wrong category, etc. This is consistent with the way such ratings are normally used. Most people are more interested in knowing if the seller is a decent risk for purchases, rather than whether they can put their ads in the right category. The over all effect should be slightly higher, but more meaningful scores.
Having (free) ads removed for being in the wrong category will still trigger an automatic lockout on posting new ads. As always paid ads are not subject to the automated controls, and are removed only after review by a human (typically myself).
Normally I post notices of new updates to the PWC here, but I thought it might interest a few people to see a bit of the higher level thinking that goes into it. Twitter has recently changed their login / authentication mechanism. They formally did something called basic authentication, which means just a username+password like so many sites use, as well as something called OAuth, which essentially allows someone to log into one website (Twitter) and have other sites and programs know of the login via exchanging “secret keys” which are essentially short term login passwords that only the computers know.
The advantage of the OAuth method is that only Twitter handles your password, and someone writing a Twitter program (for the iPhone or a PC for example) doesn’t need to ask for your Twitter password in order to post your tweets to Twitter.
Unfortunately in this case there is a bug in the implementation. The secret keys need to be short lived for this to work, as they get handed back and forth by the computers, and can be captured by crafty hackers. This is why you don’t want to hand the password back and forth, but you need to change those secret keys frequently and silently so that if a hacker does capture them, they quickly become useless to the hacker. Twitter doesn’t do this.
Instead Twitter takes the approach that they will disable any given secret key when they discover it has been leaked, and let the author of the software using it worry about getting a new one from them. This works our rather badly in the case of iPhone applications, as it can take weeks or longer to get the iTunes store to approve even small changes in your software. Essentally this gives hackers the ability to break an iPhone Twitter app relatively easily. Desktop clients are less susceptible, because they can be updated much more frequently.
More information can be read here: ars technica.
Even small changes can have significant security implications which need to be considered carefully, and a big part of my job is to be watchful, and do everything possible to provide a secure site.