twitter

Reactivating @ds106radio on Twitter

Tim Owens

Aug 20, 2020 • 4 min read

Jim has a great post talking about the migration of ds106radio to a new home in the cloud with a software upgrade to Azuracast. The previous software, Airtime, was no longer being developed so the writing was on the wall. But another reason for switching to Azuracast was a whole host of new options we would have. Not only could we keep the same broadcasting ability we had before and not require any configuration changes (the royal we, Jim did all that work), but we'd now have an API, webhooks, multiple DJ accounts, metadata, etc etc.

The one thing I had on my bucketlist to look at once the move was done was to reignite the @ds106radio Twitter bot so that we'd get realtime notifications when someone was live, a feature that had gone silent a little over 7 years ago. Azuracast has built in webhooks for Twitter that let you craft your message with variables for any data you can pull from the Now Playing API. Problem 1 was that no one knew what the login was. As it turns out while digging through my emails, even though I didn't have the login I did have a copy of the original code that was used for the Twitter bot and that had the developer API keys, and they were still active. Those were plugged into Azuracast and we were off to the races.

Next I wanted to look into some deeper filtering. The standard webhook fires on every song change and when a DJ goes live. But that meant even the autoDJ stuff was getting tweeted and it made for a quite noisy account. To do that meant writing my own script that the webhook would hit.

The code uses this library to interact with the Twitter API which was the same library the original bot used. So it was just a matter of taking the data that gets sent as a POST request to the URL and crafting out our message. We decided if someone used their own DJ account it would be nice to add the name of the broadcaster at the beginning of the tweet. Otherwise it's a more generic "Live" message with song info. And most importantly it only fires if someone is actually live, skipping tweets for autoDJ.

So problem solved without even needing a username and password thanks to APIs. But the hunt was still nagging me. Surely there was a way to find out how to get logged into the Twitter account? I kept digging and came up with a pretty interesting solution with some important consequences when it comes to digital literacy.

Going back to my emails as well as an older blog post by Jim I was able to determine a student in his class built the original Twitter bot and likely registered the account at that time. At first the password reset option was requiring you to know the email address you had used which was a non-starter. But at some point I think I was trying to login via a different method and got a very different and telling message after plugging the username in for a password reset.

That may seem super obscure, but it was enough for me to realize the student used their own domain as an email address, and as luck would have it the domain was available to register. So I re-registered it under my name.

cPanel has a feature with email called "Default Address" and it's basically a setting for any email that comes in that is addressed to an address that does not exist (a "catch-all address"). So if you own timowens.io like I do you can get any email from *@timowens.io and choose what to do with it. The default is for it to bounce because this can lead to a lot of spam problems as you can imagine. But in this case not knowing what the email address on file was, I turned it on with a redirect to my own personal email and issued another password reset.

And just like that I was in. Now, there's a pretty interesting lesson in this. I'm sure running email off your own domain is something a lot of students and faculty would see as a great idea, a great way to build your professional identity. I think it's equally important to be aware of the long term cost of that, the ability to retrieve your old social media accounts, the ability for someone else to catfish under your own identity, it's all just one domain lapse away. Hell, there would be nothing stopping someone with that domain to grab data from archive.org and put up a version of the old site and seriously impersonate someone. None of this is reason enough to throw out the idea of owning your own space on the web, but you should understand the trails you leave behind and the power you give them. In this case we were able to use that power for good and bring a little magical metadata light to the darkness that is Twitter.