Alcides Fonseca

Não sei se fique contente ou triste. Hoje estava a tentar resolver um problema com o meu PDA que não lia cartões SIM e acabei por bloquear o cartão do meu pai e ficou a pedir o código PUK. Ora ele tem esse código na empresa, e precisava do telemóvel a funcionar amanhã.

Eu fui procurar online no site e não havia nenhuma pista. Decidi telefonar para o 16912 e pedir ajuda. Ora eles pediram-me o número e depois ou o pin original (que estava no mesmo papel que o puk, logo inacessível) ou o número de contribuinte, que eu sei de cor porque é o da empresa e por acaso é público.

confirmamos a recepção do seu pedido, pelo que para desbloquear o equipamento deve contactar-nos através do Atendimento Apoio ao Cliente Vodafone ligando 16912 ou enviando um e-mail para apoiocliente@vodafone.com a solicitar o mesmo, confirmando dados, por exemplo, o pin original ou contribuinte associado ao numero de telefone em questão.

Cartão salvo, e está tudo a funcionar. Mas basta quem vos gamar o telemóvel souber o vosso número, pode encontrar o vosso contribuinte na internet (se for uma empresa é super fácil) e desbloqueia-vos o telemóvel. E chamam a isto mecanismos de segurança….

It saved my ass today tough…

Lately I’ve been discussing the differences between Rails and Django with brecke, since he’s been learning Django now that he already knows Rails. After this post by Jared I decided to write my view about the main differences. Please note that I have not done serious development with Rails, only Django, so if I’m mistaken somewhere, do correct me.

MVC vs MTV

Django call their separation of domains MTV (model-template-view) instead of the traditional MVC. Using template instead of Rail’s view seems more obvious to me. And their reason for using another TLA is fair: the MVC pattern does not fit exactly in the rapid web development. Please see the Snakes and Rubies talk for more detail on this one. To me, the template word makes it clear I can’t have presentation logic there and it has to be in Django’s views, while the traditional View can have presentation logic. But in the end, code is not supposed to be in views/templates and you end up using helpers/templatetags to do that. So despite my preference for MTV, Rails does it right, and uses the name everyone else uses.

Convention over Configuration vs Configuration over Convention.

Specially if you have a J2EE background, you love the fact that Rails apps almost don’t have configurations. You just start coding, and if you follow some conventions, lots of magic is done in the background that makes your stuff just work. I believe this is what gave Rails the popularity is has today. With this stuff it is super easy to make 5, 15 or 30 minute screencast and get a full app working.

Django is different. While Rails feels just like Ruby with all that magic, Django reflects the pythonic explicitness. Just like in Python you have to declare the self and the first argument in a function, in django you have to say where your view (or model) lives. This is not a bad thing. It allows you to have reusable apps and other stuff, and makes Django loosely coupled.

In Rails brings a full stack to your development: activerecord, erb, prototype&script.aculo.us and you can do your full app almost just using Ruby. You write your databases in a ruby DSL, you write your Javascript in rjs and you can even replace erb with haml and write HTML in another ruby DSL. This makes learning web-development much faster (and maybe that’s why most rails users are students¹). When developing in Django, you really must know your way around HTML, Javascript, CSS (and Ajax). Of course in Rails you can do it the raw way too, I tried it once, but it was not the 37signals way of doing it.

But being loosely coupled is the point where Django gets advantage. There’s no preference in your js toolkit. Some use Prototype, others jQuery and others even Dojo and mootools. And although you have Django ORM as the default setting, you can easily (and pythonicly) start using SQLalchemy just like you can dump Django Templates for Jinja2. And this is easy because Django is explicit. This is why I believe hardcore rubyists aren’t using Rails but Merb, that gives them the freedom of using whatever they want (Thinking about DataMapper instead of ActiveRecord) depending on their needs, and not using a cannon to kill a fly. Luckily Rails is merging with Merb and this will change in Rails3.

Migrations

Rails provide a default migration mechanism while Django doesn’t. There are a few options, but none of them was chosen yet. There are a few alternatives, because there is a need for a system like that. I believe it is handy sometimes, but I don’t really get. I believe it’s something version control (together with backups, so you don’t have issues) should do. I don’t like the fact that you have a database schema that is not consistent with your code. I admit however that this is useful to ease database administration in servers when upgrading the production environment. One point to Rails, just because there isn’t a default choice in Django yet.

Environments

This is a feature that comes out of the box in Rails and doesn’t in Django. Like I’ve said before Django is explicit, and you can make your environment system. Sometimes I don’t even use it. Sometimes I choose my environment depending on the machine name, and others depending on environment variables. It’s just an if and an import, no big deal.

Reusable Apps

This is where Django really steps up from Rails. In rails you can reuse code by using plugins, while in Django you can have reusable apps. For instance, I am developing a website, and it needs to have a forum. I just download django-forum and route /forum to forum.urls and I’m done. Same for any other thing, just like registration, profiles and other common stuff. And each app has it’s own views, templates and models. And you can write your own website splitting it into apps. Makes sense in not-so-small websites. Rails has plugins, that will extend your app, and not work independently. You can do the same as you would in a Django app, but not as clean and independent.

Admin

Django features a sweet admin system, that making development of simple CMSs really easy. This is not something you can’t achieve with Rails (and there are cool plugins to do it), but doesn’t really comes out of the box and integrate with different apps in your project. And you can even make your own website just by using django admin interface and authentication system. Is not a big plus, but counts a little towards Django.

Community

Rails is more popular than Django, and while it’s not actually older, it is only in 1.0 while Rails is 2.2. I don’t see this a downside because Django guys are perfectionists and Django 1.0 is way more solid than Rails 1.0 was. However in the time it took to reach 1.0, startups and other companies were adopting Rails and this has led to an enormous Ruby community. In my point of view, this doesn’t matter to me a lot because people using Django are hardcore programmers and know their stuff. You don’t get as many rookie posts in blogs as you’d get if you were looking for rails. But in the end, adoption rate matters in business and Rails wins there.

Outcome

While Rails seems more simple is magically, while Django requires you to explicitly declare some stuff, the latter is my choice because of reusable apps. Everything else (that I mentioned here or not) doesn’t really matter. Things are possible in both frameworks, sometimes easier in one, sometimes in the other.

Other resources

• Rails vs Django Comparison on demo app

¹ Scroll down the Terry Chay rant until “Why I wish summer never ended”

And this one goes directly to my wishlist. Ok, maybe not to that wishlist of useful things but surely it would be cool to have one.

Ora aqui está uma questão interessante:

Os professores têm direito à greve. Não tenho nada contra isso. Ora o representante nacional dos pais e encarregados de educação diz que mesmo sem professores, deve-se garantir o funcionamento das escolas, nomeadamente a guarda das crianças. Concordo plenamente.

Agora e caso seja greve da função pública e não só os professores, mas também os auxiliares faltarem ao serviço? As escolas fecham, nem que seja da parte da tarde, porque as cantinas não servem almoço, e as crianças (com a idade e com as maluqueiras que têm) andam a solta por onde bem quiserem, e os pais a pensarem que estão na escola. E sim, eu mesmo já passei por isto umas poucas de vezes.

Que eu saiba nos hospitais não há disto. Há sempre um serviço mínimo que tem de ser assegurado. A educação é menos importante que a saúde? Eu diria que não. E não acho que nenhum pai gostaria de ter o seu filho de 10-11 anos por aí no meio de uma cidade sem saber disso.

After those discussions about 2 hour lunches at Le Web with Arrington, here’s a nice lecture on the european point of view that Le Meur gave in Stanford.

E porque também de Coimbra sai boa música, espreitem aqui esta compilação.

Acrescentaria ainda os Fitacola à lista.

Earlier today¹ I was thinking about having a tv channel that worked only by podcast. Instead of a around the clock emission, it would only produce like 6 hours per day (which I find enough, even for those boring days). One could see anything whenever they like.

This upset me a lot when I was a kid and couldn’t watch the shows I wanted because I had school or other appointments². But since broadband, I almost never watch TV. Just download the shows I want from my favorite bay and make my own schedule.

The problem is that I only find popular movies and shows. I wanted a short version of national news, something different to watch. And I want it in podcasts, so I can set a simple system for my parents, without the need for searching the torrent (although it could use bit torrent by RSS underneath).

I believe this is a really great idea, and someone could invest until it has a large audience, and then just add small ads to monetize it. I don’t mind having small ads for watching TV whenever I want, and I bet a lot of people wouldn’t too.

Today I found out about ValleyPeaks via Brea Grant. It’s a homebrew show that resembles The O.C.. and Desperate Housewives with a bit of satire. It is hosted in Vimeo for high definition and features really hot girls. I’m sold :)

¹ Yeah, I woke up very earlier today. I heard we were moving places this weekend. But without internet in the new house, I doubt I will be motivated to pack stuff and move heavy furniture around.

² Turns out that I was pretty busy when I was a kid. Seriously! That why kids like me woke up at 6.pm in the weekends, even before TV emission started.

The context

Early this month, the Twply sale made the news in tech-related blogs. Jeremy warns users about the password anti-pattern. Fred writes about it and Messina replies to Al3x.

Of course I rather have OAuth so users could revoke access to my app, without affecting all their 101 twitter apps and mashups that also need their user and password.

This matter was forgotten until I received an email from someone interested in buying TwitterNotes.

TwitterNotes was Sérgio’s idea which he implemented in Rails, and I helped with the design and marketing. It was a fun project that was mentioned in some big blogs like LifeHacker and we got over 3000 accounts. It’s not such a large number, but 3000 people thrust us with their password¹.

Although we decided I am entitled to some part (to cover for hosting expenses) as well as our sponsor, it was Sérgio’s call, and he made a price without the database.

Well, what if I was the one to make the decisition?

I’m not sure if I would have made that decision so easily. And this is not about money at all. Right now we don’t have any idea about who our buyer is, nor we know their intentions. This could be about the domain and traffic, about the app itself, or just about the database for evil marketing purposes. Let’s suppose they just want to keep the service running and monetize with ads, since it’s legit.

By selling the system without the database, all accounts along with the data stored (TwitterNotes allow users to store and manage notes from our website) would be deleted. Although it’s possible to recover some part, it is not possible to recover all of it. Since we were tied to this anti-pattern, we didn’t had any register step, but if we need, all the users would have to re-register.

And in general terms, applications populated with data worths much more those yet to launch. And I’m not counting on passwords here. The transition would make the website lose some users, and this would reflect in the buyer’s revenue from ads.

I believe selling a service without the database may be prejudicial to both users, buyer and seller. As a user, my wish is that any service that is sold keeps the same for me (or eventually be improved, like Flickr, Feedburner, etc…). This was the case, since TN development stopped a few weeks after launching.

And if Microsoft bought Yahoo? (or any of the examples above) Will the buyer get the service without the database? Will you have to register to flickr again, and lose all your photos there? It makes no sense!

But we store their passwords to third-party services, you’d say. Well, it’s not our fault! Twitter doesn’t provide any other option for accessing their APIs! We even encrypted the passwords, but since we need them in the clear, the code includes the decryption code. And if you think twice, when Yahoo bought Flickr, it also bought all of your private photos. You trusted flickr, but they sold your photos to yahoo. Isn’t the same thing? Selling private data?

Final thoughts

I’m not saying Sérgio made the wrong move. It was in fact the safest solution for our users, since we don’t have any idea who the buyer is or how the passwords would be used. I’m just not sure it’s always the best solution.

Extra: If by any chance you are also interested in buying TwitterNotes, just mail me

¹ I bet 99% of them didn’t even thought of that.

Sim, devem pensar três vezes antes de casar com um católico. Os gajos são esquisitos e tal, só aceitam a verdade deles. E quem já leu a Bíblia toda?

Então se for como este aqui tenham cuidado a valer!

Ah, e estou a pensar em ler isto, é capaz de ser engraçado :)

Já tinha explorado esta área há algum tempo, mas hoje encontrei um post do pelf sobre Dinâmicas de Jogos aplicadas a Redes Sociais na sequência do mestrado.

Recomendo a leitura, sobretudo para todos os que estiverem interessados em redes sociais e gerir comunidades online.

Criar um algoritmo de escalonamento para os meus pensamentos, preemptivo de preferência, com prioridades de modo a que aquela coisa a que chamam Licenciatura em Engenharia Informática não faça todo o resto da minha vida acabar em starvation.

O ideias3 orgulha-se (ou não) de alojar o Batido de Banana.

General stuff

• Spend less time in front of the computer
• Exercise more
• Learn to cook, to work with the washing machine and other house-keeping tasks¹

Computer geek stuff

• Learn emacs (or vim, but I want to learn Lisp) so I can go use Textmate without any regrets.
• Try OpenBSD with xmonad, awesome or other tiling window manager.
• Start my own programming language (just for the sake of it)
• Forget IE6

Geek stuff

• Get into photography OR
• Learn how to draw (yeah, I failed at drawing, painting and all those arts while I was a kid).

¹ I am planning on studying abroad for one year. If all goes well, Poland it is.

Police set to step up hacking of home PCs

THE Home Office has quietly adopted a new plan to allow police across Britain routinely to hack into people’s personal computers without a warrant.

1. Wow, it was not only Sherlock Holmes, they now have big bad h4×0rs that can hack into any computer :O

2. Without a warrant? Are these guys nuts? What about the concept of privacy? Isn’t that a human right? At least tell the people when you are looking at their computer, just like with a regular warrant approved by court.

The hacking is known as “remote searching”. It allows police or MI5 officers who may be hundreds of miles away to examine covertly the hard drive of someone’s PC at his home, office or hotel room. Material gathered in this way includes the content of all e-mails, web-browsing habits and instant messaging.

3. Okay Google, you are forgiven.

A remote search can be granted if a senior officer says he “believes” that it is “proportionate” and necessary to prevent or detect serious crime — defined as any offence attracting a jail sentence of more than three years.

However, opposition MPs and civil liberties groups say that the broadening of such intrusive surveillance powers should be regulated by a new act of parliament and court warrants.

4. Maybe that senior office has a daughter, and want’s to check out her boyfriend for “uncommon” data in his computer (since, you know, today’s teens record all their lives in their computer).

He said the authorities could break into a suspect’s home or office and insert a “key-logging” device into an individual’s computer. This would collect and, if necessary, transmit details of all the suspect’s keystrokes. “It’s just like putting a secret camera in someone’s living room,” he said.

5. Okay, forget 1. The PoliceHackers are no more than script kiddies. Well, and if that person has their computer password-protected? [1] And what it their using some OS that’s not Windows? And what if they are not that stupid and detect the intrusion? What if the Antivirus stops you key-logger from being installed?

Police might also send an e-mail to a suspect’s computer. The message would include an attachment that contained a virus or “malware”. If the attachment was opened, the remote search facility would be covertly activated. Alternatively, police could park outside a suspect’s home and hack into his or her hard drive using the wireless network.

6. Good luck by-passing the Gmail antivirus and spam filter. But if your “suspect/victim” is using Hotmail, you may have a shot.

7. Now we are screwed, instead of teaching people how to fight spam and keep their computer secure from hackers, we also have to protect them from the police… Geez.

8. If you are living in the UK and use Windows and do not agree with this policy, try switching to Ubuntu

¹ Unless it’s windows XP in which they can Boot in Secure Mode (F8) and login as Administrator.

Today’s xkcd really made me smile. This is something I usually do, but in a different version. When I’m walking – my thinking time, even if it’s walking in circles in my basement – I usually think louder “i know you are listening” and one-way conversations to myself, since it is possible that in the future our memories will be stored in The Archives and anyone could browse them, and see whatever is inside your head.

Yeah, I lack faith in those privacy laws…

Espresso is the new Code Editor from MacRabbit, the guys behind CSSEdit.

The public beta was announced as a “textmate’s competition”. I have tried the beta since 0.2 and I don’t really agree with that statement.

Espresso is a really beautiful editor. But that doesn’t matter to programmers, that nowadays seem to be migrating to old school editors. It matters for those designer/programmer hybrid stereotype. Guys that do Web-Development, but don’t have a CS background.

But even for those, I don’t believe Espresso would be the best choice. This kind of editor is as good as the languages/frameworks/etc supported. Textmate has a lot of Bundles, and that’s where I see the power of TM, not in the editor itself.

Today I spent a while installing Sugars, the Espresso-branded bundles. There are a few right now, but still very poor compared to tmbundles. And I believe even with time, they are not getting any near textmate’s when it comes down to productivity.

If you take a look at the SDK wiki, you’ll see that all the components of a script are very editor oriented. Although I like the tab-triggers, code folding and so, it really doesn’t compare with the integration I get in Textmate with tools. When writing Ruby or Python scripts, I’m always using the cmd+R shorcut and so on. This kind of actions is lacking right now from the SDK.

Also, if you want to make something fancy like text or file actions, you need to write something in Objective-C. This is a huge limitation. Textmate really doesn’t care in what language your commands are written on, as long as they’re runnable. You can use Ruby (I believe it’s the default), Python, Perl, AppleScript or even just plain Bash Scripting.

This is something that will kill Espresso for the majority of coders.

What I believe it’s going to be a great movie!

Make yourself a favour and watch the trailer.

Manga brought to the TV screens.

The very best:

• Neon Genesis Evangelion
• Death Note
• Rurouni Kenshin (specially the OVAs)

Top Anime:

• MONSTER (If you like Death Note, You’ll like this one)
• Giant Robo
• FLCL aka Furi Kuri (Great OST!)
• Samurai 7 [1]
• Lost Universe
• Kiddy Grade (Panty shots!)
• AppleSeed
• Eureka Seven
• Serial Experiments Lain (a must for every guy into computers)
• Elfen Lied

Only if you have a lot of free time:

• Naruto
• Bleach
• One Piece
• Air Gear
• Saint Seiya
• Shaman King

To see

• Fullmetal Alchemist
• Ergo Proxy

¹ I tried to watch the original movie, but I gave up half way.

Resources:

• Anidb
• Anime-p2pt (Portuguese)

I’ve always been fan of online advertising and in both points of view. As a online publisher, advertising is indeed important as a income for online business. Or wouldn’t Goggle CEO being flying jets right now. As a customer I also find it useful, specially when it’s site-targeted, since I usually find interesting products. It’s as important to me, as receiving FNAC’s catalogue.

Although Google Adsense doesn’t have any problem and I even use it in some of my websites, I find small niche publishers a more interesting business. Take the example of The Deck: they have their market, they select where they want to place ad, and they get advertising clients that know where they money is being invested, and are willing to pay more than the usual Adsense. I somehow wish more of these indie advertising agencies existed. But they will, in time.

This is why I’m sad about having installed Adblock (the Safari Version) but I had no other choice. For some weeks now, I’ve been getting a lot of “MSN sounds” and “Horrifying Death Laughing” ads, with mouseover sounds. Today when using Slideshare I accidently activated one and it got me nuts.

Mr. Webmaster, if you own a website, and there is a sonorous ad, please remove it. I’m willing to see your advertising, but please respect me.

For some months now, I spent all afternoons (weekends and holidays included) in school with the guys working in school assignments. And when I’m not there, I’m home working in my basement like every decent geek

Well, haven’t been off home/school for a couple of weeks, I decided to get out a bit and went with my parents to the local shopping. Halfway my dad asked me to come back and lock the door with his key (since I forgot mine). I did it and even got there before they did.

Suprisingly, it was almost empty, weird for this time of the year. Any explanation, or people just flocked to the “most-recent” shopping? I did what I had to do there² and went home.

I decided to stop by the bookshop on my way home. I’m somewhat demanding towards bookshops. I usually buy books in any of two Bertrand shops near me, where I find instantly everything I want, and sometimes in FNAC where shelves are not exactly how I like, but I manage to find what I want after a bit. But in this one, Almedina, I couldn’t find the book I was looking for. (Yeah, I know where to look, and how to search for the book, but I didn’t had luck.) And I wanted to take a look at Visão mag³ but they had any. I’m really exquisite in this matter, and I have to stick to my current preference, or try the new online shop. Any review after the first week?

Well, all of this was the first 15-20 minutes of the 45. Where did I spent the rest? Ouside my house, since I didn’t have my keys with me, and forgot to ask my dad’s which I used minutes ago to lock it. Dumbass! Luckily I had a fantastic PDA with wireless, but it only lasted for 5 minutes since I forgot to charge it last night. At least I played solitaire till my sister arrived.

Outcomes of this journey to the outside world:

• Don’t forget your keys, ever!
• Don’t forget to charge the handy gadgets like phones, music players
• Get out more! Really!

¹ Well, for those without a basement, an attic is also ok. Since that’s what I’m getting in my new house.

² Actually I went there to activate the internet/tv/phone service to the new home. After a one week delay from Clix, I went for MEO

³ I heard there’s a twitter article coming up ;)