¡Por fin! Ya tengo apartamento en Mountain View (bueno, en realidad tengo el recibo de la fianza, pero todo se andará). Hasta ahora estuve en un hotel y, bueno, mola lo de que te limpien la habitación otras personas todos los días, pero al final del mes le duele a uno bastante el bolsillo...

Ayer, cuando venía de que me tomaran por idiota en otro complejo de apartamentos, tomé varias fotos de carteles y señales que me encontré por la calle.

¿Quién adivina en qué calle estoy?

Todavía andan obsesionados con la gripe A.

Siempre que pillo el autobús de la empresa veo este cartel que parece anunciar “limpiadores mediums” por 1 dólar y 95 centavos. ¿Por limpiarte la casa de espíritus?

... pero fue ayer cuando descubrí que en realidad es un cartel para dos tiendas distintas: un vidente y una tintorería. Menuda decepción :(

¡Esta tienda lo tiene todo! ¡Vinos, licores y cigarros!

Bueno, no todo, pero la tienda de armas de fuego está sólo dos bloques más adelante.

Por último, esto no es un cartel, sino la prueba de que en Mountain View también hay gente de Bilbao :)

My Twitter client for Android, CheepCheep, is now available on the Android Market. Click the previous link to see the program's webpage with information about its features, screenshots, and how to get it.

Its source code will be published soon under a liberal licence.

Esquecera comentar que aínda teño 5 invitacións de Google Wave. En principio, son para xente que eu coñeza persoalmente, así que se eu te coñezo e queres unha, mándame un email co teu enderezo de GMail, e eu doulle ao botón. (A invitación pode tardar varios días en chegar).

Non valen comentarios nesta páxina; ten que ser un email. Vamos, se me coñeces, sabes como me mandar un :)

Acabaronse!

I just wanted to post a note saying that I abandoned the Windows Twitter client a month ago, when I discovered that embedding IE in an application using the raw Win32 API is hard, but not as hard as making it do something more than just browsing web pages (it is very easy with .NET and other frameworks, but, then again, the point was not using them).

But fear not; for the past two weekends I wrote a Twitter client for Android; and, in this case, I will actually use it every day, because I was really fed up with the one I had been using before. I even recycled the name "CheepCheep" for the new client.

Ah, and I programmed it entirely from Windows, of course :)

I will post some more about it one of those days.

CheepCheep is a Twitter client for Android.

It is not a client for power-users who want to be able to do everything from their phones. The idea is to allow you to read and write tweets and do some simple user management (follow and unfollow users) while you are away from your computer where you can do the rest of the tasks.

Features

• Supports one Twitter account.
• Displays 40 tweets in the main screen.
• Does not display avatar images in tweet lists.
• Post tweets, reply and ReTweet. Delete your own tweets.
• Follow links to web page, to Twitter users, and to the original messages in replies.
• Follow and unfollow Twitter users.
• Uses OAuth for authentication, so CheepCheep never gets access to your password.
• No “Settings” screen.

If you think that some of these are limitations, not features, this means that this program was not made for you :)

Download

CheepCheep is in the Android Market; you can get it by searching for CheepCheep in the Market, pressing this link if you are using an Android phone, or simply scanning this QR code:

To download the source code, see below.

Screenshots

Move the mouse pointer over the images to see their descriptions.

Source Code

You can download the following versions of the source code:

• Version 0.92 (86.14 kB)
• Version 0.91 (85.22 kB)
• Version 0.9 (84.41 kB)

To compile CheepCheep, extract the appropriate zip file into a suitable location, open Eclipse, then select “File” > “Import...”, then “Existing Projects into Workspace”, and select the location where you extracted the source code.

If you are compiling CheepCheep for the first time, you'll need to register an application on Twitter and alter the source code so it will use your application's OAuth credentials. Read the README.txt file for more information.

You can download and use CheepCheep under the terms of the Expat licence.

Change Log

2010-01-25 Version 0.92

• Get link to original message in retweeted responses.
• Fixed invalid OAuth signatures when posting updates with non-ASCII chars.

2009-12-15 Version 0.91

• Parse server-side retweets.
• Now works in non-English locales (specify US locale when parsing dates).

2009-12-12 Version 0.9

• Initial release.

This is what my Twitter client looks like today.

It is displaying my "home timeline"; that is, the list of tweets I see when I log in to Twitter. The timeline is rendered in an embedded Internet Explorer control (and I need to apply some more CSS styles). I have also implemented the preferences dialog, and it works, but I cannot save the preferences yet (I have to enter the credentials every time I restart the application).

Not implemented yet: automatic updates, entering new tweets, deleting your tweets, viewing single tweets/conversations, viewing a single user.

Yes, I'm learning quite a bit writing this program. One of the things I have learnt is that Windows programming is not as horrible as I remember it — but then, it was about 15 years ago :)

I'm still learning how to program for Windows in C++ using the Win32 API, and I'm writing more of my impressions — remember that I've worked with Linux for the past 12 years, and this all is practically new for me.

• Visual Studio is not a bad IDE, but it is not excellent either (at least for C++). That, or I have been spoilt by Eclipse and IntelliJ IDEA and their excellent support for refactoring (at least for Java). IDEA has such a powerful autocompletion, I have written complete modules without writing a method or variable name in full. In Visual Studio, OTOH, IntelliSense stops working all the time. Are you initializing a variable in the definition? It stops working. Have you got a syntax error 50 lines up? It stops working. Are you using C++ templates? It stops working. I don't know why it stops working so much, when it doesn't even try to figure out whether you want to input a type or a method or a variable name.
• It is hard work embedding Internet Explorer in an application when you aren't using MFC or Visual Basic or C# or one of those frameworks that give you a "WebBrowser" class in which all the work is already done. Not knowing anything about OLE/COM/ActiveX didn't help, of course. I have to thank Jeff Glatt for his article, “Embed an HTML control in your own window using plain C” (and his “COM in plain C” series), and the authors of wxCode's IEHtmlWin component (once again, Free Software comes to the rescue!). Reading them helped me to understand how it works. Now when I go read the documentation on MSDN, it makes sense!.
• Talking about MSDN, the quality of the documentation varies. At some points it is very comprehensive and includes tutorials and guides and everything, and can be read as an introductory book. However, at other points it already assumes you know how to do what you want to learn, and only includes a very broad overview and reference information. Not that the documentation in most Linux or free/open source projects is much better in general, mind you...
• Update: I also want to correct my previous assertion that there was few documentation and my assumption that they kept it scarce on purpose for book publishers' sakes. It turns out there is plenty of documentation (see the point above), only that I didn't know how to find it, as it wasn't in the Express Edition help files. I think. Anyway, it's all online on MSDN.

Last week I was on vacation, and I took the time to relearn C++, as it had been very long since I had last worked seriously with it.

In the process I thought that C++'s template system can also serve as a type inference mechanism.

Because what's the difference between having OCaml guess the types as in this snippet...

# let cat a b = a @ b;;
val cat : 'a list -> 'a list -> 'a list = <fun>

... and having C++ instantiate the template for the appropriate types in this other snippet?

template <typename List>
List cat(const List & a, const List & b) {
  List c = a;
  c.insert(c.end(), b.begin(), b.end());
  return c;
}

(Modulo syntax errors, of course.)

Muchas aplicaciones web están mal hechas. Cualquier página web maliciosa podría realizar acciones en esas aplicaciones web empleando las credenciales de los usuarios que accedan a la susodicha web maliciosa.

Lo comento aquí porque me he dado cuenta de que la protección que Drupal incluye contra esa vulnerabilidad impidió que haya tenido todavía más spam, aunque esa no fuera su finalidad primaria.

Esa vulnerabilidad se llama CSRF (aunque le han dado muchos más nombres), que son las siglas de “Cross-Site Request Forgery”, o, en castellano, “falsificación de consultas entre sitios”. Básicamente consiste en incluir código HTML y/o Javascript en una página web para realizar una consulta HTTP a una URL de otro sitio, y que esa consulta HTTP conlleve una acción (publicar un comentario, votar una historia en Menéame, etc.). Esto puede ser tan simple como incluir una etiqueta “IMG” que apunta a un URL, o tan complicado como crear un formulario, rellenarlo y enviarlo mediante Javascript.

Hay varias maneras de solucionarlo, pero las más efectivas parecen consistir en crear un “token” (un código de un solo uso) y añadirlo al formulario cuando el usuario accede a la página que lo muestra; cuando el usuario envíe el formulario el “token” irá incluido, y sólo se realiza la acción si el “token” correcto está en el formulario.

Como el atacante no tiene acceso al formulario (sólo puede enviar consultas, pero no ver el resultado), tampoco puede obtener un “token” válido, así que la consulta que envíe tampoco será válida, y la acción no se realizará.

Pues bien, revisando mis “logs” he visto muchos intentos de enviar spam desde hace mucho tiempo; sin embargo, éstos no tuvieron éxito hasta hace poco. ¿Por qué? Simple: antes, los spammers sabían qué campos había en el formulario, así que intentaban enviarlo directamente. Sin embargo, no tenían un “token” válido, y esos intentos fracasaban.

Ahora han cambiado el “modus operandi”: ahora descargan el formulario antes de enviarlo, con lo que consiguen el “token” y los comentarios se publican. O, más bien, se publicaban hasta que añadí Hashcash. Como el software de los spammers no soporta hashcash, esos comentarios vuelven a no ser publicados.

Por lo tanto, estaremos libres de spam, básicamente, hasta que los spammers implementen hashcash en su software. Pero bueno, ya cruzaremos ese río cuando lleguemos a él...

Estos días se habla en la blogobola de una empresa de subastas en web que trabaja de una forma un poco extraña. Básicamente, encontraron la manera de conseguir unos beneficios impresionantes haciendo que mucha gente pierda dinero, y que al mismo tiempo parezca que el ganador de la subasta se llevó una ganga impresionante. En esta historia explico cómo funciona la cosa, y por qué no te conviene participar en esas subastas (y, si lo haces, cómo minimizar tu coste).