Microsoft just released OneNote for Mac today. They also made OneNote for PC free, which means there's a free OneNote app on Windows, Windows Phone, iOS, Mac, Android and a really full featured HTML5 web version at http://www.office.com. This is all very cool of course, but I'm interested in the APIs.
Now, to be clear, I have worked for Microsoft for the last few years on ASP.NET and Azure, but I don't know anyone in the Office team. I am not privy to any secret info and I get most of my news from The Verge, just like you.
But from my perspective, the real story here is that Microsoft has woken up to the power of the API. Some may argue that they've always had powerful web APIs, which is true, however the breadth and scope of these APIs and their ubiquity seems to have accelerated in recent years. They are clearer, more open, simpler, and more cross-platform than ever before.
The Azure cloud and the Azure HTML5 Portal where folks manage their apps uses a REST API, and the SDKs to use them - as well as a cross platform nodejs command line application - are on GitHub. If you use the main portal, write your own, or use Visual Studio, it all calls the same open API. Duh.
Today when the Office team launched OneNote for Mac, they also launched http://dev.onenote.com along with integration partners like Feedly, JotNot, IFTTT, Weave News Reader and more all integrating with their REST API.
The moral of the story here is - if you have no API then you have no story.
Using the OneNote API
There's even more evidence of a change in thinking inside the big house. It's clearly of note that the API example in the OneNote API documentation on MSDN used Objective-C. They also link to a OneNote interactive Console at Apigee.
The API appears to be basically RESTful, with a POST of HTML to https://www.onenote.com/api/v1.0/pages creating a new OneNote page in your authenticated notebook.
You authenticate with your Microsoft ID using the SDK, get the token from the SDK object to be used in the authentication header then POST.
What has surprised me is that they have tutorials and samples across all platforms:
It looks like the focus for this initial launch is POST/Create for capture apps, photos, text, clippers, etc, but all the verbs are coming, clearly at the top of their backlog.
I like this direction, and to me, it's representative of a larger shift to recognize that the world doesn't always run Windows. I've said it before, and I'll said it again - The Web will always win.
We had a blast last year at AngleBrackets in Vegas. Next month we're heading to family-friendly Orlando with our friends ScottGu, Denise Jacobs, Douglas Crockford, John Papa, Dan Wahlin, and lots more.
There's some great optional workshops/pre-cons and post-cons that are a fantastic opportunity to get some one-on-one training with experts in the field. It's deep web technologies with a focus on practicality, open source, and creative problem solving. Check this out, get your boss to sign off and bring your laptop!
PRECON12: AngularJS SPA Development - 0 to 60 (Sunday, April 13) Hands-on Bring your own Laptop - John Papa
PRECON08: Architecting Applications for Multiple UIs (Sunday, April 13) - Paul Sheriff
On the Metal: Essential HTML 5, CSS 3 and JavaScript for All Developers (Sunday, April 13) - Todd Anglin
Service Orientation Technologies Designing, Developing and Implementing WCF and the WEB API (Sunday, April 13) - Miguel Castro
PRECON07: The Architecture Clinic - (Sunday, April 13) - Juval Lowy
POSTCON08: Building Data-Centric Single Page Applications with Durandal, Knockout, Breeze and Web API (Thursday, April 17) - Brian Noyes
POSTCON03: Experimental Design for User Interfaces (Thursday, April 17) - Billy Hollis
POSTCON09: Hacking the Creative Brain (Thursday, April 17) - Denise R. Jacobs
AngleBrackets is a conference that's "co-located" with the DevIntersections conference. That means that you can move between the two conferences and attend the sessions you want. You can move between MongoDB, Ruby, and node.js sessions and even (gasp!) SharePoint sessions at the other conference. It's a great way to get your boss to send you to a conference while you learn all aspects of web development.
Here's a few cool session I'm tracking for myself, just to give you a taste of the diversity of topics.
Managing Asynchronicity with RQ - Douglas Crockford
Turn based servers are now joining turn based browsers in providing race-free and deadlock-free interactivity. The event-driven model has long been popular in UI systems, but the nature of work in servers presents some new challenges. Functional programming provides solutions, including monads, arrows, promises, and various flavors of FRP. This is another such solution, intended to enhance ease of use with constructs that support parallel and sequential operations.
The Art of Disciplined Creativity - Denise Jacobs
As tech industry professionals, we rarely experience a shortage of projects that necessitate our creative thinking. While everyone has moments of being on fire with creativity, all too often the time of being in the state of creative flow is too short. Additionally, sometimes we get stuck: we lack inspiration, our creative confidence wanes, and the generation of ideas comes to a standstill. Much like elite athletes, we need to exercise discipline to be able to get into the creative "zone" at at will and produce consistently great results. Let's explore ideas and practices for regularly gathering sources of inspiration, eliminating blocks to more easily access creative states, prolong them, and leverage their power to develop and execute great work.
Grunt-ify Your Front-End Web Development - Elijah Manor
There are a lot of manual processes that front-end developers tend to perform in order to get their job done. Wouldn't it be nice if there was some way to automate all the things? Well, thanks to Grunt you can :) In this session we will introduce Grunt and showcase some common workflows to automate building, live reloading, CSS processing, unit testing, deploying, as well as making your own custom plugins. Along the way, we will discuss some tips and tricks when using Grunt.
There's also other optional PreCons at DevIntersections on SQL, C, ALM, Disaster Recovery, Rosylin and CodeGen and more. Check out the great line-up we have this year at AngleBrackets and I'll see you there!
It took me just 15 minutes to make a simple installer, and it's clear that this tool is deep and broad in its support. However, there's no free lunch when it comes to auto-updating. Inno Setup will upgrade my app from build to build when I run a new setup over the top of an old one. I still need my app to notify the user that it's time to upgrade.
This is our little 10 minute solution, but it's actually working very nicely. Inside the latest.txt files is a simple version string like 0.9.9.4.
var http = new HttpClient(); string versionString = await http.GetStringAsync(new Uri("http://www.hanselman.com/SecretStartup/latest.txt")); Version latestVersion = new Version(versionString);
//get my own version to compare against latest. Assembly assembly = Assembly.GetExecutingAssembly(); FileVersionInfo fvi = FileVersionInfo.GetVersionInfo(assembly.Location); Version myVersion = new Version(fvi.ProductVersion);
if (latestVersion > myVersion) { if (System.Windows.MessageBox.Show(String.Format("You've got version {0} of SecretStartup for Windows. Would you like to update to the latest version {1}?", myVersion, latestVersion), "Update SecretStartup?", MessageBoxButton.YesNo) == MessageBoxResult.Yes) { Process.Start("http://www.hanselman.com/blog"); } }
I'm thinking:
We'll add an SSL certificate and confirm its identity on the HTTP call as a little added security.
Before I went to work for Microsoft a few years back, I was given the "MVP" award for ASP.NET. I didn't go out and seek this award, it just happened. The MVP awards are backward-looking in that they look at the work that you've done in the previous year, not what you're going to do.
The idea behind these awards has been to give some recognition to folks that have volunteered their time to write books, create documentation, run user groups, and generally spread the word as advocates for the development platform.
However, it's long been my opinion that these awards are too narrow in scope. It's great that you're blogging or speaking on a developer topic, but what if you don't speak at all and instead put that energy into a great .NET open source framework? Fortunately others within the big house share my thinking and we're changing the MVP program to actively recognize open source.
Here's a quote directly from an internal email/memo. It's got a little corporate-speak, but it's rather frank and to the point. What you need to know is that this email was sent to all of the Microsoft subsidiaries (the "field") to make sure they are on track and get what we're trying to do here. I've bolded and trimmed it a little but you get the idea:
Currently there is a class of developer influencers whose contributions are not yet fully recognized by the Microsoft MVP Program. These influencers run, manage, or commit to large and highly influential open source projects. However since they do not participate in what is considered as more traditional ways such as speech engagement, books, online forums or user groups, they are not usually considered as potential MVPs. Often these developers have technical community followings but may not necessarily be "on message.". As a result, there is a belief amongst some influencers that Microsoft does not support Open Source software.
As we move forward, we will change the MVP guidelines to recognize open source activities with the same weight as other community activities. We need to send a clear message that a healthy .NET ecosystem, including open source impact, is good for all stakeholders. It is time for the MVP Award to recognize open source activities to promote further growth and support of the technical communities.
When I started pushing this idea, I thought we'd make a new "Open Source MVP." I pushed that for a while but realized quickly that it would create an island of OSS MVPs, and no one group would claim them. Better to push OSS throughout the whole program so everyone shares a home. Instead, we changed the idea and designed that Open Source contributions should be as valuable (or more so) as any other contribution, and you could become an MVP solely based on open source and nothing else.
If you make the next great "Foo Framework for ASP.NET" then you'd be an ASP.NET MVP and get the benefits of any other MVP, including an MSDN subscription that you could use to support your project. There's no expectation to speak or blog or do anything other than be awesome and keep working on your project.
Here it is in corporate speak (from that memo):
Today we already include open source activities in our review process as part of a MVP’s contributions. The shift now is that a candidate can be reviewed and awarded solely on contributions in open source projects, if the contributions are significant, without having other activities such as speeches, online forum supports, books, blogs, etc.
We'll be looking at open source for the next MVP "cycle." We can't bring in every little project, as much as I'd like to, but if you've got a successful and growing project, or if you know someone who is doing amazing stuff in open source, make sure that your local Microsoft community person nominates them!
I've been exploring Automated Browser Testing recently, and also checking out F# for unrelated reasons. However, when you combine the two you end up with "canopy." Canopy is a "f#rictionless web testing" framework that combines the flexibility of Selenium with the clean look of the F# language. F# is much terser (more elegant, even) than C#, and is garnering the interest of a lot of the .NET Open Source community. Folks are creating cool domain specific languages of their own using F# as the base.
F# is open source and cross platform, running on Linux, Mac OS X, Android, iOS, Windows as well as HTML5 and GPUs. F# is free to use and has an OSI-approved open source license.
Anyway, back to Canopy. Make a new Console app and NuGet in the canopy package:
The NuGet package will bring in Selenium as a dependency.
Then, try out their "Hello World" web testing sample, that I've also pasted here.
//these are similar to C# using statements open canopy open runner open System
//start an instance of the firefox browser start firefox
//this is how you define a test "taking canopy for a spin" &&& fun _ -> //this is an F# function body, it's whitespace enforced
//go to url url "http://lefthandedgoat.github.io/canopy/testpages/"
//assert that the element with an id of 'welcome' has //the text 'Welcome' "#welcome" == "Welcome"
//assert that the element with an id of 'firstName' has the value 'John' "#firstName" == "John"
//change the value of element with //an id of 'firstName' to 'Something Else' "#firstName" << "Something Else"
//verify another element's value, click a button, //verify the element is updated "#button_clicked" == "button not clicked" click "#button" "#button_clicked" == "button clicked"
//run all tests run()
System.Console.WriteLine("press [enter] to exit") System.Console.ReadLine() |> ignore
quit()
And boom, it just works. You can run this .NET application just like any other. .NET apps are .NET apps, as they say. It doesn't matter what language it's written in. When (if) you distribute this application you'd just include the contents of your Debug folder. No need to "install" F# or anything on the target machine.
You can do all sorts of Selenium testing with canopy, like:
//start a bunch of browsers and switch around start firefox let mainBrowser = browser start chrome let secondBrowser = browser //switch back to mainBrowser after opening secondBrowser switchTo mainBrowser
//take screenshots let path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\canopy\" let filename = DateTime.Now.ToString("MMM-d_HH-mm-ss-fff") screenshot path filename
//get an element element "#firstName" |> someParent
//press buttons press tab press enter press down press up press left press right
//check and click things check "#yes" click "#login"
//or even drag things! drag ".todo" ".inprogress"
Oh, and by the way, the canopy library builds itself using FAKE, the F# Build System we talked about last week! Go check these projects out and offer to help or support them. There's a lot of interesting open source happening in the .NET space lately that may have been flying under your radar.
I got an email from a reader who noticed some very odd errors happening in her web site's global error handler. Fortunately she's using ELMAH for error handling, which as you may know, is a JOY.
She was seeing:
Access to the path 'C:\Windows\security\database\secedit.sdb' is denied
Well, that's enough to make your heart skip a beat.
She looked around and found a file simply named "list.aspx" that she didn't recognize. The weird part was that this file was in the /uploads folder. That's where users can upload files with her particular CMS.
The list.aspx even has authors listed. Perhaps for their LinkedIn page?
Thanks Snailsor,FuYu,BloodSword,Cnqing, Code by Bin Make in China
I won't list the full list.aspx here, but rather call out some highlights of this clear malware.
It had a LOT of spaces in the opening of the file.
Meaning, they were assuming you wouldn't scroll down. Seriously. Oddly, though, it was spaces, not carriage returns. Note Line 23 never ends. It's SUPER long.
It pointed to a lot of (comparatively) unusual domains
It had links inside to things like
www.rootkit.net.cn
r57c99.com
Note that the second one actually serves malware and bad JavaScript, so avoid it.
It's a whole admin console for a bad guy to attack your computer
This file actually has a dropdown with "Please select a database" with values like (this is just a taste):
Use master dbcc addextendedproc('sp_OACreate','odsole70.dll')
select * from openrowset('microsoft.jet.oledb.4.0',';database=c:\windows\system32\ias\ias.mdb
c:\bin.asp' backup database @b to disk=@t WITH DIFFERENTIAL,FORMAT;drop table [bin_cmd];
Exec master.dbo.xp_cmdshell 'net user'
EXEC sp_configure 'xp_cmdshell'
They're going for complete control of the system, and this file is just the start.
It serves JavaScript from elsewhere
This bad aspx file also tries to bring in some bad JS from the second domain above.
That JavaScript tries to bring in even worse JavaScript from another location via an indirection. I won't even list these bits for fear that I'll get blocked for serving it!
The root of all of this is: Don't let users upload and execute code.
A fix for arbitrary code execution in user upload folders
What was the fix? Well, certainly not allowing someone to upload a file with a .aspx or .php extension for one, but also to mark the entire uploads folder as not executable! Here is the updated web.config:
Note Scott Hanselman (me): I had been meaning to write up my productivity tips for years. Isn't that ironic? However, after giving a presentation at SXSW on Productivity this year, Danny Schreiber from Zapier took it upon himself to do just that. I had no idea that Danny did this until I saw he shared his very excellent write up on the Zapier Blog. It is also reproduced here with Danny's permission. So this is my talk, filtered through Danny's brain, out his fingers, and now back on my blog. Which is something. Thanks Danny and Zapier, for not only attending, writing it up, and giving it back to me, but also for making a great product. Zapier is a web workflow system for everyone that lets you automate hundreds of web apps with rules like "As I post Instagram photos, post them to DropBox" or "SMS me when my Azure Website gets Deployed." They are great example of an app that empowers you to avoid tedious work and avoid duplication of effort. Check Zapier out.
What follows is Danny Schreiber's summary of my Productivity Talk. If you'd like me to give a version of this talk at your company or event, contact me.
"Don't worry, just drop the ball."
This counterintuitive advice is one of a dozen-plus productivity practices preached by Scott Hanselman, a program manager at Microsoft, author and avid blogger and speaker.
"Dropping the ball is sometimes the right answer," Hanselman says. "Let a ball drop. Tell people, 'I'm just not going to do that.'"
Hanselman's not the person you'd to expect to hear encourage dropping the ball and discourage burning the midnight oil. On top of his day job, he balances a full load: he blogs, records a podcast, engages on Twitter and attends and speaks at conferences regularly. In the past six years, he's co-authored more than a half-dozen books, and at home, he has a wife and two childen. In short, he's one productive individual.
How does he do it? Why does he do it? If you're asking yourself those questions, you're not alone.
"A lot of people say, 'Well, Scott, you're doing all this stuff. Why do you do it? Are you not sleeping?" Hanselman says. "It's because, I must dance. I can't stop. Whenever I think about stopping, I think about this little boy and how excited he is about doing what he's doing."
"It turns out," he continues, "the less that you do, the more of it that you can do. This is the standard law of scale."
Scale Yourself
In a 40-minute talk Hanselman originally delivered in 2012, and has since presented several times—most recently at South by Southwest Interactive earlier this month—he shares his productivity practices. From his "one email rule" to follow to his reasoning for reading Robert Scoble's blog, all his tips are immediately actionable.
The following is a recap of his popular talk, featuring quotes from his October 2012 presentation at GOTO Conference and his original talk at Webstock earlier that year.
Look for Danger Signs
Staying focused hasn't always been a challenge—there hasn't always been hundreds of pages of new content to consume daily or a constant stream of new information interrupting you. Instead, Hanselman says, when he wanted to learn programming, he needed to know everything in just two books.
"Then the Internet happened and suddenly there's Exabytes of information being created, and half of it is garbage and a third of my day is wasted by interruptions," he says.
"I'm completely overwhelmed, and we tell ourselves that we're going to be able to pull it off if 'we just work late tonight.'" Stop. This is a danger sign.
"If you find yourself saying, 'I need to work late to catch up,' then that's a problem, that's a big problem," he says, admitting he's guilty of using this phrase himself. The remedy isn't as easy as "hoping" you'll catch up with your to-do list.
"Hope is not a plan," Hanselman says. "Hope is nothing but waiting and letting life happen to you."
So what do you do when you see danger signs? Hanselman has an antidote, but before he unveils it, he sets the record straight on what it means to be effective versus what is means to be efficient.
Understand Effectiveness Versus Efficiency
"Effectiveness is goal orientation. This is picking something to do. This is doing right things—picking a goal and doing that goal," Hanselman says. "Efficiency is doing things in an economical way, process-oriented.
"So phrased differently: Effectiveness is doing the right things, but efficiency is doing things right. That means effectiveness is picking a direction and efficiency is running really fast in that direction," he says.
Effectiveness is doing the right things.
Efficiency is doing things right.
"When you realize those two things are different, it becomes an extremely powerful tool that you can use."
Define "Work"
With effectiveness in mind, Hanselman stresses the importance of understanding David Allen's threefold nature of work, which is:
Pre-Defined Work - Work you've set up ahead of time
Work As It Appears - Work that interrupts you
Defining Work - You sit down and think about what work you need to be doing
More time needs to be spent on the last bullet point, Hanselman says.
"How often have you actually put on your calendar one-hour of time to say, 'I'm going to sit down and think about what work I need to be doing.'" he says. "No, we panic and we look at our (to-do list) and we sort it. Then we just kind of freak out for a while and then the (to-do list) gets larger."
Instead of this haphazard approach, take time to define your work. Allen says it'll take an average of one hour per day for the typical professional.
Do It, Drop It, Delegate It and Defer It
Hanselman points to another David Allen's practices from his popular Getting Things Done manual, that of the "Four Ds":
Do It
Drop it
Delegate it
Defer it
Applying this to your inbox, Hanselman says, is a useful tool.
"Only do it if it's going to take a minute and it's been scheduled. Otherwise, it's really just drop it, delegate it and defer it, that means I'm not going to do it, someone else is going to do it (or I'll do it later )," he says.
Drop the Ball
Allen's "drop it" point leads Hanselman to encourage the practice of "dropping the ball." Though this sounds irresponsible, this will lead you to feel better about yourself as you'll be better able to focus in on your work rather that juggle responsibilities.
"Saying 'no' is difficult, but the guilt associated with saying 'yes' is often worse than the guilt associated with saying 'no'," Hanselman says. He points out that all systems that work, including the Internet, have flow control, which includes dropped packets of data.
"Communication by its nature is fault tolerant," he says. "If you've ever had communication with someone over a cell phone and a couple words drop out, you could still understand what they were saying."
To decide what to drop, Hanselman recommends using Stephen Covey's four quadrants:
"When something is both urgent and important, like a pregnant wife or an appendix being burst, you should probably do that now," Hanselman says. "If it is neither urgent nor important you should dump it. But unfortunately what happens is that we spend our time on things that feel urgent but are not important at all, but the urgency is an addiction."
Resolve Inbox Issues
One of the most common areas to add effectiveness to your work is your email inbox. Hanselman, who receives hundreds of emails daily, shares five tips for inbox management.
Follow This One Email Rule
Changing how emails are displayed in your inbox, Hanselman says, will "fundamentally change how you think about email." The change: set up a folder for emails that you're Cc'd on and a folder for emails that come directly to you. The emails automatically filtered to the "CC" folder, Hanselman says, are not important.
"Next time your boss sends you a to-do and Cc's you on it, don't do it," he says. "Then when he says, 'Why didn't you do it?' (Say,) 'Oh well, you Cc'd me, I thought you were just informing me.' He'll never do that again."
In his community management role at Microsoft, Hanselman uses one more folder in his inbox. "Notice how the inbox 'External'—my community, people who don't work for my company, they're important to me—I've answered all of their emails," he says.
Don't Check Email in the Morning (or at Night)
It's simple: if you reply to email in the morning, the sender will reply right back. What you thought was going to be less than an hour chore, quickly consumes half your day.
What happens is if you check email in the morning, you time travel. You wake at 9, you check email. Boom, it's lunch, and then you go to lunch. Boom, it's 2:30. Then it's like, 'OK, it's 2:30, I'm going to start working now.' That all happened because you checked email in the morning.
"Don't put more energy into things you don't want to," Hanselman says, paraphrasing David Allen.
Moreover, replying to email in the morning teaches people that they should expect future replies from you at that time. The same goes for answering email late at night.
"Remember, if you're the person who answers email at 2 in the morning, you just taught you're boss that you're the person who answers email at 2 in the morning," Hanselman says. You've also taught them that you're addicted to urgency.
Instead, check email at noon, and put it on your calendar. "You'll be surprised at how much work you get done," he says.
Find Your Robert Scoble
You shouldn't be constantly checking your email for fear of keeping up, Hanselman says. "I've got probably 500 emails—I usually have zero but I'm on vacation (in Sweden)," he says.
At the conference he was giving this talk, he observed other speakers give their talk and then rush back to their laptop to check their email, or as he puts it, delete their email.
"Has my job really come to this?" Hanselman says. "Is this my job: deleting email?"
To fend that habit off, Hanselman uses what he calls "trusted aggregators," colleagues who can be asked, "What's going on?" Or, they're people like Robert Scoble.
I used to have 1,000 blogs that I would read. And then who's the greatest blog reader in the world? It's Robert Scoble, he's always talking about how many blogs that he reads. So I finally decided, 'I'm not Robert Scoble.' He's a freak, and it's not healthy to keep up on that many blogs. So you know what I do? I read his blog. So I took the thousand blogs that I read and I pick five link blogs. I found my Scobles. And I read those five blogs and they give me an aggregated news. It's like why we listen to the BBC news on the hour, because it tells us what's going on so I don't have to watch all the other news. Find your aggregator inside of the company.
Ask yourself: Who is the person who can tell me what's going on and keep me up to date? That person is your aggregator.
Remain in Your Flow
"Remember that anything important that happens in the world, in the news, in you life, in your work , will come your (way) many times," Hanselman says. "If there's another 9-11, somebody will tell you. You probably didn't learn it by hitting refresh on your favorite news site."
His advice: remain in your flow. "Be wrapped up like a child in the thing that captures your attention," he says, quoting Stowe Boyd. "Get that excitement back, and that excitement does not involve Alt-Tabbing over to Gmail."
Conserve Your Keystrokes
Pulling a page from author and software developer Jon Udell, Hanselman encourages you to "conserve your keystrokes." What does this mean? He explains by example:
If Brian emails me a really interesting question about ASP.net … and I send him back an exciting and long, five-paragraph with a code sample email that solves his problem, I just gave him the gift of 10,000 of my keystrokes. But there is a finite number of keystrokes left in my hands before I die, and I am never going to get those keystrokes back and I've just gifted them to Brian. And I don't even know if he reads that email. So what should I do to multiply these keystrokes given that there is a finite number of those keystrokes left in my hands? I write a blog post and I mail him the link. Then after I'm dead, my keystrokes multiple—every time I get a page view that's 5,000 keystrokes that I did not have to type.
Keep your emails to 3-4 sentences, Hanselman says. Anything longer should be on a blog or wiki or on your product's documentation, FAQ or knowledge base. "Anywhere in the world except email because email is where you keystrokes go to die," he says.
Triage the Inbox of Your Life
On top of email, you have a constant stream new information coming into the "inbox of your life," which includes everything form your social media activity, to new episodes to watch on Netflix to snail mail. The items in this inbox of your life, Hanselman says, need to be triaged.
Triage - from the French verb trier, meaning to separate, sort, sift or select.
He offers a gruesome analogy: if you're in a parking lot full of injured people, you must act. It's your job to put a toe tag on each individual—are they dead or alive, how should they be treated?
"We don't ruthlessly (go through the) inboxes of our lives and do that," Hanselman says. "We get wrapped up in the little details and then we're putting bandaids on cancer while someone else is loosing an arm."
He instructs you to identify the data streams in your life—Twitter, Facebook, email, SMS and chat, for example—and sort them by signal versus noise. What provides you value and what doesn't? Which ones can be dropped? Drop them.
Here's how Hanselman defines his data streams:
Get Rid of Psychic Weight
You've just signed up for Netflix, giving you access to all episodes of House of Cards. Finally, you think, now you can watch the full second season whenever you want. But this isn't as freeing as it seems.
"I realized that this was psychic weight that was pressing me down," Hanselman says, recounting the time when he gained access to all episodes of Law & Order on TiVo.
"'OK, we got like seven Law & Orders on the thing," he says as if he were talking to his wife. "We'll put the kids to bed early tonight, and we're going to bang through Law & Order and then we're going to get this thing under control and we're going to handle it. And then we'll be back on track."
TiVo, it turned out, wasn't a "gift from God" as Hanselman originally thought. This "glorious productivity thing," he says, became the primary source of psychic weight in his life.
"(When) I think about the things that I want to get done, I want to think about: what are the three things I can get done today? What are the three things I want to get done this week, this year?" Hanselman says.
This practice, called the "Rule of 3", comes from fellow Microsoft program manager J.D. Meier.
Write down three outcomes for the day.
… for the week.
… for the year.
"When you're going through your week, you need to have a vision on Monday of what your week looks like, and on Friday you need to stop and look back on your week and think about the reflection," Hanselman says.
Ask yourself: Was that a successful week? What could I have done differently? What could I change?
"The point is to end the day without guilt, to end the day without psychic weight," he says. "Maybe I'm just talking to myself here, but I truly believe that we have had that feeling at the end of the day where, 'I didn't do a damn thing today.'"
Try the Pomodoro Technique
The Pomodoro Technique, invented by Francesco Cirillo in the late 1980s, has you focus on one task for 25 minutes. Between each of these task sprints, you get a break.
Try this approach, Hanselman encourages, and when you do track the interruptions that impede the 25 minutes. Put a tick on a piece of paper each time an internal—one triggered yourself—or external—one by a co-worker, for example—interruption occurs.
First, you'll record six interruptions in that 25-minute sprint. Then one. Then none at all.
"Then you'll start thinking about productivity in your life as how many Pomodoros that you got done in a day," Hanselman says. "You'll say, 'Man, that was a four Pomodoro day, I got a lot of work done.'"
Realize that Being Busy is a form of Laziness
Being busy is a form of laziness—lazy thinking and indiscriminate action. - Timothy Ferriss
"Being busy is not thinking about what you should be doing so that you're not so busy," Hanselman says. "We find ourselves just being busy. It turns out, that 'being creative and making something is the opposite of hanging out.'
Hanselman takes notice when someone he sees tweet a lot suddenly stops tweeting and then a month later comes back with a new creation.
"Wow, that person just made a list of the things they needed to get done and Twitter wasn't one of them," he says. "They went off and they created and they came back and they shared it with us.
Face the Fact: Multitasking is a Myth
"Multitasking does not work," says Hanselman. "The optimal number of threads in any system is one thread. That is a computer science fact and if you think you can multitask, you're wrong."
When you do multitask you're really doing what Hanselman refers to as "task-switching," which requires context switching. To explain, he offers this example:
You ever been working on something and working on something and then the phone rings and you're mean, to like, your dad? Why was I so mean to my dad? Well, he called you at work at 3 in the afternoon and you were totally focused on something. Then afterwards (you were) like, 'I'm sorry, I was really working on something.'… Then I'm sad for like 10 or 15 minute. That's the context switch, as I get back from that phone call that I screwed up, back to the work. 'OK what was I thinking about?' Context switching doesn't work.
But Here's What You Can Multitask
There are some things, Hanselman notes, that you can multitask. For example, walking and chewing gum. Or for him, listening to podcasts or watching TV when he's working out.
There's also idle and waiting time to take advantage of in your day. Hanselman unabashedly shares how he makes the most of his visits to the bathroom.
"The iPhone has completely changed the way that I poop," he says. "I have no idea what we were doing in there before. Weren't you thinking, 'This is completely unproductive time.' And then the iPhone came along, and Instapaper, and now poop time is good time."
Clean Out Mental Clutter
Near the end of his talk, Hanselman offers the following quote to boil down a decision process to pinpoint what's important in your life.
If it's not helping me to make money, if it's not improving my life in some way, it's mental clutter and it's out." - Christopher Hawkins
Get rid of the "make money" part, he says. Instead, ask yourself: "If it's not helping me to—what is your goal? Spend time with your kids? Pay off your house? Grow your business?
"In any decision, if you're going to do something, is that helping you with that blank—whatever that blank is for you.
For Hanselman, that blank is his family.
"I stopped caring about my career when I had kids," he says. "Everything that I do, every decision that I make, is how I can get home to my four-year-old and six-year-old faster."
Homework
Hanselman ends his talk with a five-part assignment:
Audit and sort your sources
Schedule work sprint
Turn off distractions
How are you triaging your inbox? Are you effective? Are you efficient?
Consider your personal toolbox
"Notice that I didn't talk about Evernote or any of these fancy systems," he says. "You can spend more time reading productivity books and making productivity systems when maybe all you need is a (to-do list).
"Maybe what you really need is the will to do it and the recognition in your mind that there is a difference between being busy and doing the work that you want to do," he says.
Lately, I've been noticing that the more experience I gain, the longer it takes me to complete projects, or certain tasks in a project. I'm not going senile yet. It's just that I've seen so many different ways in which things can go wrong. And the potential pitfalls and gotchas that I know about and remember are just getting more and more.
Trivial example: it used to be just "okay, write a file here". Now I'm worrying about permissions, locking, concurrency, atomic operations, indirection/frameworks, different file systems, number of files in a directory, predictable temp file names, the quality of randomness in my PRNG, power shortages in the middle of any operation, an understandable API for what I'm doing, proper documentation, etc etc etc.
This really hit me because THIS IS ME. I was wondering recently if it was age-related, but I'm just not that old to be senile. It's too much experience combined with overthinking. I have more experience than many, but clearly not enough to keep me from suffering from Analysis Paralysis.
I have two side projects I'm doing on vacations and in the evenings when the house is asleep. One is a port of popular iOS application to Windows Phone, the other is a iOS app with a cloud service startup with my buddy Greg. Both projects have had awesome beginnings and then stalled when things just got overwhelming.
I kept starting features, the stalling. I felt like I was thrashing to disk, spending more time swapping ideas around in my head rather than just doing them. I'm still getting lots of things done, in general, I'm productive, but when I code I just thrash.
I'm overthinking stuff. "Write settings to a file" turns into a mess of paranoia around concurrency situations, upgrading settings from previous versions of the app (that don't exist, mind you), and it just snowballs from there. It's not exactly scope creep, but it's a kind of architectural paranoia. I see so many issues and possible bugs that I've learned over the years that could derail a feature that I end up derailing the feature.
YAGNI
The answer, they say, is You're Not Gonna Need It. "Perfect is the enemy of the good" reminds user Telastyn. These are easy to intellectualize but hard to internalize. User Mouviciel says:
Looks like you are not experienced enough :). The next lesson is: stick to requirements, not more.
I get that, but me, I often need another brain to complement my own.
How I Solve Overthinking
I learned about Agile from James Shore while I was working at Corillian some years ago, but it's Pairing that resonates with me the most. With a good pair, you'll get 3 times the work, not double.
I worked my way through both these startup issues by bringing in another brain. I'm not the best programmer, but I do OK. But somehow we are both better when we pair. I paired with Greg on the iOS and my new friend Jan Hanneman on the other. They are both clearly better coders than I, which is intimidating, but I'm still sure I provide value. What they gave me was a fresh perspective and a focus to say "YAGNI" and just get features done. The ironic part is, if I'm brought in on a project to pair, that's what I bring also.
My wife thinks this is hilarious. It's the old relationship joke where your partner says something for years and years, then one day you rush home from work to share this amazing new "insight" from a stranger...the same insight your partner has been sharing all this time.
Since I work remotely, all my Pair Programming has to happen over video chat and screen sharing. I use Skype, Lync, Join.me, and whatever else works. We take turns working through features in Trello boards, sharing one person's screen, talking and coding, designing and brainstorming, then commiting to Git, syncing, and switching the share.
This seems to work well for sessions as long as 3 hours, but after that, we get pretty wasted. However the feeling of accomplishment when you work through a problem with a partner is also magnified.
Does your coding life get paralyzed? How do YOU work through it?
I have a personal MSDN account so I download and installed the Windows 8.1 Update as soon as I could. It'll roll out to the rest of the world slowly in the coming weeks.
The verdict? It's a significant improvement. I use an X1 Carbon Touch laptop, and while it has a touchscreen, I spend most of my time on the mouse and keyboard. I'm comfortable with moving between Store (fullscreen) apps and Desktop apps but it's always a little jarring. You're leaping between two universes. I want to live in one universe and this Windows update merges them in a measured way that means I'm moving faster when using my computer.
I've just put up a brand new 5 minute YouTube video to give you a tour of just a few of the new features.
After you get the update, you'll notice immediately that the Windows Store - a full screen app, mind you - is pinned to your Windows Desktop's Taskbar. You can now pin any app, desktop or store, to your Taskbar.
Even better, you can close them with a right click, just like you're used to:
And Windows Store apps like Xbox Music that use the Media Controls can also get taskbar enhancements like the Media Controls within the Taskbar button. Here I'm controlling the music in my Windows Store app while I'm in the desktop. The "universal" music controls also pop up when you press your hardware volume keys as well.
The Start Screen now includes a power button and search button, always.
If you right click a pinned Tile with the mouse (or Shift-F10 with the keyboard) you'll get the familiar context menu. You can change sizes, pin to the taskbar, and more.
You can move the mouse to the top of a Windows Store app and a title bar will appear. Click in the left side of that title bar, and you can now control Window Splitting.
Windows Store apps also get Minimize and Close buttons as well.
Newly installed apps are easier to find and a notification appears on your Start Screen:
Fullscreen IE11 also has an option to always show open tabs, useful if you're an "out of sight, out of mind" individual.
All in all, it works surprisingly well. I'm moving around Windows faster than before and actually using more Store apps like Mail and Music.
ASP.NET Identity 2.0 was released last month and it's got a number of significant updates and new features that are worth checking out. For historical context, read the "Introduction to ASP.NET Identity" article that includes a lot of background and information on why certain decisions were made, as well as an overview of some of the goals of ASP.NET Identity 2.0 like:
One Identity system for ASP.NET Web Forms, MVC, Web API, and Web Pages
Total control over user profile schema.
Pluggable storage mechanisms from Windows Azure Storage Table Service to NoSQL databases
Unit Testable
Claims-based Auth adds more choice over simple role membership
Social Logins (MSFT, FB, Google, Twitter, etc)
Based on OWIN middleware, ASP.NET Identity has no System.Web dependency
ASP.NET Identity is on CodePlex today (and soon to be open sourced...paperwork) at https://aspnetidentity.codeplex.com/ or access the NuGet feed for nightly builds.
Adding Two-Factor authentication to an ASP.NET application
You'll have a class that is a UserManager that handles access to users and how they are stored. Inside this manager there's an IIdentityMessageService that you can implement to validate a user with whatever you want, like email, SMS, or a time-based token.
Here's an example SmsService where I'm using Twilio to send text messages. Again, you can do whatever you want in your implementation.
public class SmsService : IIdentityMessageService { public Task SendAsync(IdentityMessage message) { // Plug in your sms service here to send a text message. message.Destination = Keys.ToPhone; //your number here var twilio = new TwilioRestClient(Keys.TwilioSid, Keys.TwilioToken); var result = twilio.SendMessage(Keys.FromPhone, message.Destination, message.Body);
return Task.FromResult(0); } }
If I were sending an EmailMessage, I'd do something like this. Note it's just another implementation of the same simple interface:
public class EmailService : IIdentityMessageService { public Task SendAsync(IdentityMessage message) { string text = message.Body; string html = message.Body; //do whatever you want to the message MailMessage msg = new MailMessage(); msg.From = new MailAddress("scott@hanselman.com"); msg.To.Add(new MailAddress(message.Destination)); msg.Subject = message.Subject; msg.AlternateViews.Add(AlternateView.CreateAlternateViewFromString(text, null, MediaTypeNames.Text.Plain)); msg.AlternateViews.Add(AlternateView.CreateAlternateViewFromString(html, null, MediaTypeNames.Text.Html));
SmtpClient smtpClient = new SmtpClient("smtp.whatever.net", Convert.ToInt32(587)); System.Net.NetworkCredential credentials = new System.Net.NetworkCredential(Keys.EmailUser, Keys.EMailKey); smtpClient.Credentials = credentials; smtpClient.Send(msg);
return Task.FromResult(0); } }
In your IdentityConfig.cs you can register as many TwoFactorProviders as you'd like. I'm adding both Email and Sms here. They include token providers but again, everything is pluggable.
manager.RegisterTwoFactorProvider("PhoneCode", new PhoneNumberTokenProvider<ApplicationUser> { MessageFormat = "Your security code is: {0}" }); manager.RegisterTwoFactorProvider("EmailCode", new EmailTokenProvider<ApplicationUser> { Subject = "SecurityCode", BodyFormat = "Your security code is {0}" });
manager.EmailService = new EmailService(); manager.SmsService = new SmsService();
If a user tries to login you need to make sure they are a VerifiedUser. If not, get a valid two factor provider and send them a code to validate. In this case, since there are two providers to choice from, I let them pick from a dropdown. Here's the POST to /Account/SendCode:
public async Task<ActionResult> SendCode(SendCodeViewModel model) { // Generate the token and send it if (!ModelState.IsValid) { return View(); }
if (!await SignInHelper.SendTwoFactorCode(model.SelectedProvider)) { return View("Error"); } return RedirectToAction("VerifyCode", new { Provider = model.SelectedProvider, ReturnUrl = model.ReturnUrl }); }
The sender of the two factor code depends on your implementation, of course.
public async Task<bool> SendTwoFactorCode(string provider) { var userId = await GetVerifiedUserIdAsync(); if (userId == null) { return false; }
var token = await UserManager.GenerateTwoFactorTokenAsync(userId, provider); // See IdentityConfig.cs to plug in Email/SMS services to actually send the code await UserManager.NotifyTwoFactorTokenAsync(userId, provider, token); return true; }
When it's time to get the code from them, they need to have logged in with name and password already, and we're now checking the code:
[AllowAnonymous] public async Task<ActionResult> VerifyCode(string provider, string returnUrl) { // Require that the user has already logged in via username/password or external login if (!await SignInHelper.HasBeenVerified()) { return View("Error"); } var user = await UserManager.FindByIdAsync(await SignInHelper.GetVerifiedUserIdAsync()); return View(new VerifyCodeViewModel { Provider = provider, ReturnUrl = returnUrl }); }
We can sign users potentially a number of ways, like with External Sign Ins (Twitter, etc) but here's the TwoFactorSignIn
public async Task<SignInStatus> TwoFactorSignIn(string provider, string code, bool isPersistent, bool rememberBrowser) { var userId = await GetVerifiedUserIdAsync(); if (userId == null) { return SignInStatus.Failure; } var user = await UserManager.FindByIdAsync(userId); if (user == null) { return SignInStatus.Failure; } if (await UserManager.IsLockedOutAsync(user.Id)) { return SignInStatus.LockedOut; } if (await UserManager.VerifyTwoFactorTokenAsync(user.Id, provider, code)) { // When token is verified correctly, clear the access failed count used for lockout await UserManager.ResetAccessFailedCountAsync(user.Id); await SignInAsync(user, isPersistent, rememberBrowser); return SignInStatus.Success; } // If the token is incorrect, record the failure which also may cause the user to be locked out await UserManager.AccessFailedAsync(user.Id); return SignInStatus.Failure; }
If you want this blog post's sample code, make an EMPTY ASP.NET Web Application and run this NuGet command from the Package Manager Console
Sponsor: Big thanks to Novalys for sponsoring the blog feed this week! Check out their security solution that combines authentication and user permissions. Secure access to features and data in most applications & architectures (.NET, Java, C++, SaaS, Web SSO, Cloud...). Try Visual Guard for FREE.
The .NET BCL (Base Class Library) moves too slow, IMHO. That's why NuGet and NuGet packages are so nice. It's a joy to find a "rightly sized" library like NodaTime, for example. It's a better date and time API for .NET. Microsoft should just use it, it's lovely.
Another nicely-sized Open Source library, and the focus for today's blog post, is Humanizer from http://humanizr.net. They say "Humanizer meets all your .NET needs for manipulating and displaying strings, enums, dates, times, timespans, numbers and quantities" and it does just that.
It's a lovely joy of a library and you should check it out. Just make yourself a console app now and install-package Humanizer, and explore.
The word "Humanize" evokes, for me, a feeling of making something simpler, more accessible, more useful, more fluent, more flexible.
Here's some great examples of problems that Humanizer solves.
First, Humanzer has a LOT of extension methods to the string type. If you've got a funky string, it will turn it into as close to a normally-cased sentence as possible. This is even more useful if you're using BDD frameworks like BDDfy.
"PascalCaseInputStringIsTurnedIntoSentence".Humanize() => "Pascal case input string is turned into sentence"
"Underscored_input_string_is_turned_into_sentence".Humanize() => "Underscored input string is turned into sentence"
// acronyms are left intact "HTML".Humanize() => "HTML"
"Can_return_title_Case".Humanize(LetterCasing.Title) => "Can Return Title Case"
There's dozens of great string methods, but it's the DateTime extension methods that really shine. These will feel familiar to Rails developers and Twitter users.
Pluralization libraries are always fun, as I've blogged before and Humanizer doesn't disappoint. You can pluralize and singularlize strings, but the "To Quantity" methods are fantastic, doing exactly what you'd expect, even if you do something odd:
The Number to Words family of methods go even further:
3501.ToWords() => "three thousand five hundred and one" 121.ToOrdinalWords() => "hundred and twenty first" 8.ToRoman() => "VIII"
We've all written a truncate method to take a long string and add "..." at the end.
"Long text to truncate".Truncate(6, Truncator.FixedNumberOfCharacters) => "Long t…" "Long text to truncate".Truncate(6, "---", Truncator.FixedNumberOfCharacters) => "Lon---"
I'm just scratching the surface of Humanizer, going through it's Getting Started. There's also samples where you can plug it into your own frameworks or deep within ASP.NET MVC and humanize enums, type names, and properties as a way to keep your code DRY.
I like open source libraries like this that look like the code we've all written before...except tested and complete. ;) We've all written utilities like this, except as one-of functions. I look forward to NOT writing methods like this in the future, and instead using libraries like Humanizer. I fully plan to use this library in my next project (a startup I'm working on.)
Sponsor: Big thanks to Novalys for sponsoring the blog feed this week! Check out their security solution that combines authentication and user permissions. Secure access to features and data in most applications & architectures (.NET, Java, C++, SaaS, Web SSO, Cloud...). Try Visual Guard for FREE.
I'm a longtime Kindle fan. Love it. It's not a tablet, not a computer, my Paperwhite Kindle represents books for me.
I have a first-generation Kindle Paperwhite and use it almost every day. It's my go-to reading device. I originally gave it a mixed review but the game-changer was the addition of the magnetic cover, specifically the Kindle Paperwhite Leather Cover in Black. The Kindle turns on and off when it opens and closes, which is lovely, but the important point is the thickness it adds to the bezel. For my hands, a Paperwhite is an insubstantial thing that's too small to hold comfortably. This cover adds just a fraction of an inch all around the Kindle and effectively the cover subsumes the Kindle. The cover melds with the Kindle in a firm and crisp way and you'll never take it off. It's perfectly sized, plus protected enough that I throw it in my bag without worry.
I recently came into possession of a second-generation Kindle Paperwhite and didn't know what to make of it. It's "one better" right? It's the new version. It looks the same.
The main improvement they say is a clearer and higher-contrast display. Here are my 1st and 2nd gen Kindles next to each other, which is the Second Generation Paperwhite?
There's a little glare here but the second gen has a whiter background and darker blacks.
The first gen has a fantastic screen...
But the second gen has darker blacks and crisper text.
The second generation is definitely faster, they say 25% faster. Turning pages is quicker and the screen updates faster. The new updated software also includes a fast "skim" ability so you can move WAY faster around a book to find your place.
It also includes "Kindle Freetime," a special mode for kids where you can limit the books they see and tracks their reading time, as well as set goals for the number of minutes they read each day.
Upgrade your Kindle Software
Speed and clarity is nice but the most dramatic difference was the software. This new 2nd gen Kindle had a bunch of new software features that my 1st didn't have. Unacceptable! ;) I checked, and I can get many of these new features by manually upgrading my Kindle's software.
If you have a Kindle, head over to https://www.amazon.com/kindlesoftwareupdatesand get updated. Most Kindles update themselves, but more and more I'm seeing that these updates roll out either slowly, or not at all. My first-gen was many versions behind.
It's not a "must upgrade" but it's a nice generational step. If you don't have a Kindle reader, this is a great Kindle. If you're a fan (as I am) and your partner needs a Kindle, get a new 2nd gen and pass the 1st gen along with updated software. Everyone wins.
Sponsor: Big thanks to Novalys for sponsoring the blog feed this week! Check out their security solution thatcombines authentication and user permissions. Secure access to features and data in most applications & architectures (.NET, Java, C++, SaaS, Web SSO, Cloud...). Try Visual Guard for FREE.
There's been lots of articles about the recent OpenSSL "Heartbleed" bug. You can spend a day reading all the technical analysis, but one headline that stood out to me was "OpenSSL shows big problem with open source; underfunded, understaffed." A fundamental part of the fabric of The Internet Itself is mostly just one person plus a bunch of volunteers.
"The fascinating, mind-boggling fact here is that you have this critical piece of network infrastructure that really runs a large part of the Internet, and there’s basically one guy working on it full time."
Moreover, we don't sing contributor's praises for their hard work and success while their software work, instead we wait until a single line (albeit one of the more important lines) fails to live up to expectations. Darn that free stuff, mostly working, and powering our connected global network.
Open Source is largely a thankless job. Sometimes in the Microsoft .NET community, it feels more futile because it's often hard to find volunteers. Many folks use the default stuff, or whatever ships with Visual Studio. With Rails or Node, while they have corporate backing, there's a sense that the projects are community driven. The reality is in-between, but with open source projects built on the Microsoft stack volunteers may say "we'll just use whatever the ship."
There's anger around past actions by Microsoft, but as I've said publicly before, they've come a LONG way. I will keep pushing open source at Microsoft until I think I'm done pushing and can push no more. There's a seismic shift going on inside. Mistakes get made, but it's moving in the right direction. Everyone is learning.
"Setting aside the very real question of whether or not OSS in .Net is a viable proposition (it's largely not, no matter how hoarse Scott Hanselman makes himself trying to say otherwise), FubuMVC failed because we — and probably mostly me because I had the most visibility by far — did not do enough to market ourselves and build community through blog posts, documentation, and conference speaking."
It's very true that in a large way visibility drives viability for many open source projects. Jeremy's retrospective is excellent and you should read it.
I think it's harder to bootstrap a large framework project that is an are alternatives to existing large frameworks because for many, it's easier to use the default. Frameworks like FubuMVC, OpenRasta, ServiceStack, Nancy and others all "reimagine the default." They are large opinionated (in a the best way) frameworks that challenge the status quo. But it's much more difficult to cultivate support for a large framework than it is a smaller library like Humanizer or JSON.NET.
Still, without these projects, we'd all still be using the defaults and wouldn't be exploring new ideas and pushing limits as a community like the FAKE F# build system, or Chocolatey, or Boxstarter.
Microsoft can better support OSS projects not just with licenses and money, but with visibility. I'd propose dedicate Open Source tracks at all Microsoft conferences with speaking slots for open source community members. DotNetConf is a start, but we can go bigger.
Organizing is hard
OWIN is an example of a small, but extremely important project that affects the .NET world that is struggling with organization. Getting it right is going to be important for the future. There's a small, but influential group of community members that having been trying for months to find middle ground and build consensus around a technical issue.
ASP.NET Web API and SignalR both build on top of an open source project called OWIN (Open Web Interface in .NET) that aims to decouple servers, frameworks, and middleware from each other.
There's an issue open over on GitHub about what may seems like an obscure but important point about OWIN. The OWIN specification doesn't include an interface called IAppBuilder, but IAppBuilder is used by default in most Microsoft examples. Can the underlying OWIN framework remain neutral? The issue is a long one, and goes off on a few tangents. It's a complex problem that perhaps 20 people fully understand.
Scott Koon worked hard on a Governance document for OWIN and hasn't seen any forward motion. He ventedhis frustration on Twitter, rightfully so. Under the often-used "Lazy Consensus" technique, if folks are silent or don't reply in 72 hours, that is effectively consent and can change the direction of a project. Active involvement matters.
The fun part of open source is the pull requests and writing code, but before the code building, there's the consensus building. Ownership is the most contentious part of this process. Ownership means control; control over direction. The key to finding control and working through ownership issues is by thoroughly understanding everyone's differing goals and finding a shared vision that the community can rally around, then move forward.
This sausage making process is tedious, messy, but necessary. These discussions are as much a part of OSS as the code is. It takes equal parts patience and pushing.
Getting involved is hard
I get dozens of emails every week that all ask "how can I get involved in open source?" Everyone assumes my answer will be "write code" or "send a pull request," or sometimes, "help write documentation."
In fact, that's not all you can do. What you can do is read. Absorb. Understand. Be welcoming, inclusive, and kind. Offer thoughtful analysis and ask questions. Avoid hyperbole and inflammatory language. Show code examples when commenting on issues. Be helpful.
Your blog posts are the engine of community, your open source commits, documentation, promotion, samples, talks, gists are important. But getting involved in open source doesn't always mean "fork a project and send a giant pull request with your worldview." Sometimes it's the important but unglamorous work of writing a governance document, organizing a conference call, or thoroughly reading a giant Github issue thread before asking a question.
Why do we do this? It's not for the glamour or the money. It's because we are Builders. I encourage you all to get involved. There's lots to be done.
Sponsor: Big thanks to Novalys for sponsoring the blog feed this week! Check out their security solution thatcombines authentication and user permissions. Secure access to features and data in most applications & architectures (.NET, Java, C++, SaaS, Web SSO, Cloud...). Try Visual Guard for FREE.
ASP.NET "Razor" Web Pages are ASP.NET sites without models, views, controllers, or project files. Some folks say "oh, that's just Classic ASP, or PHP right? Not at all. It's the full power and speed of the .NET CLR, the full syntax of C#, LINQ, along with things like C# dynamics. It's super powerful, and my friend Mads and I are surprised more people don't use them for small things.
This blog runs DasBlog, an older ASP.NET 2.0 blogging engine I worked on with Clemens Vasters and a lot of co-contributors, but I'm actively checking on Mads'MiniBlog, a minimal but VERY competent blog engine using Razor Web Pages. Why wouldn't I use something like Ghost? I've thought about it, but MiniBlog is SO minimal and that makes it very attractive.
Here's some things I like about MiniBlog, as both a blog and a learning tool.
Minimal
It's not called Mini for fun. There's a truly minimal packages.config of dependencies:
Blogs do more than just serve pages, there is also a need for RSS feeds, MetaWeblog Web Services for things like Windows Live Writer, and dynamic minification for JS and CSS.
I like apps that can avoid using databases. Sometimes the file system is a fine database. I thought this when we worked on DasBlog, Mads thought it when he made BlogEngine.NET (his original blog engine) and that "no database needed" design tenet continues with MiniBlog. It stores its files in XML, but MiniBlog could just as easily use JSON.
Clean Content-Editable Design Service
I always (exclusively) use Windows Live Writer for my blog posts. WLW is also the preferred way to write posts with MiniBlog. However, if you insist, MiniBlog also has a really nice content-editable scheme with a great toolbar, all in the browser:
When you are viewing a post while logged in as Admin, you click Edit and turn the page into editable content.
The JavaScript is surprisingly simple, and gets one thinking about adding basic editing and CMS functions to websites. A design mode would be a daunting task 5 years ago, and with today's JavaScript it's almost trivial.
It even automatically optimizes images you drag and drop into the design surface and upload.
var cruncher = new ImageCruncher.Cruncher(); cruncher.CrunchImages(file);
return VirtualPathUtility.ToAbsolute(relative); }
The code is fun to read, and you can go check it out at https://github.com/madskristensen/MiniBlog. It supports HTML5 microdata, sitemaps, both RSS and Atom, simple theming, and gets a 100/100 of Google Page Speed.
Sponsor: Big thanks to RedGate for sponsoring the feed this week. 24% of database devs don’t use source control. Do you? Database source control is now standard. SQL Source Control is an easy way to start - it links your database to any source control system. Try it free!
I've had an iPhone since the 3GS (I have a 5S right now) but I'm always flirting with the Windows Phone. It's just prettier than my iPhone, but my iPhone has a lot of apps...so I stay with it. Folks tease me at work and at conferences for not using a Windows Phone. I always say "when it's an awesome phone platform, I'll use it."
Man, Windows Phone 8.1 is definitely more than "point 1 better." Seriously.
It's the platform Windows Phone should have been from the beginning. From a general functionality perspective, this 8.1 update brings the Windows Phone (finally) on par with my iPhone 5s, and in some cases, takes it beyond. It's REALLY tempting now.
There's a lot of new stuff, but a few things really grabbed my attention that my iPhone doesn't have yet:
Notification Center - Finally. Swipe down from the top and get notifications in one place. Just like an iPhone you get quick access buttons for airplane mode, wireless, etc. Even better, those buttons are configurable. I added Internet Sharing to mine. You can also swipe down then press Settings as a fast way to get to the main settings page.
Transparent Live Tiles - You can use a background image for your whole start screen, and it will show through transparent tiles. It also has a nice parallax effect when scrolling. Check it out in the video below.
"Show more Tiles"on smaller resolution devices - The 1520 on the right has the 1080p screen, while the 920 is a lower resolution screen. Previously only high-res screens got the extra column of tiles. Now smaller screen devices can choose their start screen size and add LOTS more info to a single screen.
Pinnable Website Tiles - This one surprised me. I recently added support to my blog for IE11 Pinned Tiles, so you can pin this website to your start screen and get an updated Live Tile showing the latest stories. I talked to the front end developer at The Verge and he added the feature for theverge.com as well. His implementation is REALLY impressive. The surprise was that Windows Phone 8.1 now supports that same technique and I didn't need to do anything. See on the 920 on the right, at the bottom, that's a pinned flipped tile showing a story from my blog. Very nice.
Cortana Voice Assistant - You could say this is the Windows' Siri, but it's more like Google Now with a personality. The voice recognition happens as you speak as opposed to after the fact, which is nice. You can ask questions like "How old is Oprah" and she (or he) just knows. You can say "Call my wife" and she'll say "Who is your wife?" then associate a contact with that nomenclature.
Quiet Hours - I use Do Not Disturb on my iPhone. Quiet Hours takes this a little further with the concept of an "Inner Circle" and a more sophisticated series of configurable rules like "Don't bother me at night on weekdays unless it's these three people, and text everyone else back that I'm not answering calls."
Driving Mode - This was added in a Windows Phone 8 update but I love it. It knows you're driving because you associate your cars' Bluetooth with it, then it will text folks "I'm driving, I'll get back to you" if they text you. You can choose to never see the text until you stop. Very cool.
Keyboard Swiping - It's built into the main keyboard now, no separate app. The predictive text has gotten better as well.
Battery Sense - The phone can tell you what apps are eating the battery, and when they are eating it. It'll show if the battery is being used by apps in the background or in the foreground.
Go to Settings, then System Update and update your phone. Depending on how up-to-date your phone is, this might take 2-3 visits. One of my phone needed just one update, another needed 3. It'll take 10-15 min.
If you get the Preview today,your phone will update to the final version automatically, I'm told. Go check it out!
Sponsor: Big thanks to Red Gate for sponsoring the feed this week. 24% of database devs don’t use source control. Do you? Database source control is now standard. SQL Source Control is an easy way to start - it links your database to any source control system. Try it free!
I have FIOs Fiber-optic internet at my house and I'm very happy with it - have been for years. I get 35Mbit/s both up and down and it's rock solid. It's not technically all fiber of course, as the fiber goes into an ONT (Optical Network Terminal) in my garage and is changed into a COAX (Coaxial Cable) using MoCA technology, travels 50 feet, then goes into a very old ActionTec MI412-WR wireless router with 4 LAN ports. This common device is multi-function and not only changes the Coax to RJ-45 (Standard Ethernet), it acts as a LAN and Wi-Fi router, and also has been my home's DHCP server, passing out IP addresses to devices in my house.
NOTE: It may be possible to call your installer and have your ONT changed to use RJ-45, but Coax is the default for almost every installation I've seen. For most folks, it's fine. However, that Coax connection can limit our choices when adding 3rd party routers. Hence, this article.
The ActionTec MI424-WR is an old but competent router, but it has a very small NAT table which can cause issues over Xbox Live or in houses with dozens of devices, like mine. It also is a router with just 10/100Mbit Ethernet connections. If you're like me and push a lot of local traffic through it or use Gigabit Ethernet you'll want to think twice between flowing your entire home's traffic through this little router. I added a gigabit switch to partition things, but this router remains a weak part of the network.
There's a number of ways to optimize your home network when still using a mediocre router. The #1 complaint with wireless networks is wireless range. The second complaint is (perceived or otherwise) performance, both internally and externally.
TIP: Before you switch the ActionTec router to a bridge and possibly void warranties, here's two other options to improve your network. Otherwise, skip past these to the Bridging Instructions.
Option 1: Add a better wireless router and the ActionTec still does DHCP
Option 2: Add a second Wireless Router on the same SSID for double coverage
I've written up this option on my blog. You can have two routers with the same wireless network SSID. Before I had the N600, I added a second wireless router on the same SSID and used it effectively as a repeater.
Or, you can bridge the Coax and Ethernet and disable everything else on the ActionTec, removing all but the most fundamental of its functions.
GIANT DISCLAIMER: Let's just be clear here. I'm a random dude on the Internet and I'm showing you how to mess up your router and home network. If this works for you, awesome, I take full credit. If not, we never spoke and I don't know you. I know only what I wrote here. While some of you will write me with questions, I'll apologize now, everything I know is in this post, and I can't help. If there's errors in this post, they are mine and I'll try to correct them. Mess with your home router at your own risk.
Why did I do this? I want my internet traffic flowing through fewer boxes. I also wanted better wireless coverage in the house. I wanted a new, modern router with a larger NAT table, and better management tools. I didn't want to affect my (currently) very reliable internet connection by swapping out my old but reliable ActionTec. I just wanted to remove it from the equation.
WARNING TO THOSE GEEKS IN RELATIONSHIPS: You'll work on this for a whole weekend, like I did, and when you get it all working it'll be totally awesome and you'll love everything about yourself. Then, you'll go and regale our gender-non-specific-non-geek partner with tales of your dramatic success and they will not care. In fact, ideally, they won't even know that you did anything, but perhaps they'll be able to watch House of Cards in the tub when previously they couldn't. Regardless, be prepared for the deafening silence of your non-technical partner's profound apathy.
New Option: Make the ActionTec a Bridge, effectively hiding it from the network, and use a new Router for everything.
First, some irony. There's two great documents at the ActionTec support website.
The first is called "Can I Bridge the Actiontec MI424WR FiOS Router?" and basically says "The MI424WR does not support Transparent-Bridging, and neither Verizon nor Actiontec support attempting to bridge it."
The second document located at the same exact website is called "Configure MI424WR as a LAN MoCA Bridge." So. Ya. Drink that in. The point is, you're basically on your own and your Internet provider won't support you if you don't use their devices
That said, here's what I did. I picked up a new Router, specifically a Linksys WRT1900AC (between US$250 and US$300) that just came out.
MORE WARNINGS? REALLY? When redoing your home network you'll want to be prepared to lose connectivity, freak out a little, set static IP addresses, and be prepared to reset things if it doesn't work. If you're not comfortable with any of these things, just stop now.
You're going to be changing your router into a Bridge and it won't be passing out IP addresses any more. You best know where you'll be getting your next IP address from.
Set your PC to an unused static IP address within the range that your router passes out. For example. 192.168.1.100 for the PC.
Login to the router's existing IP address, usually 192.168.1.1, and go to My Network, then Network Connections, then Home/Office, then Settings
Note your current router's IP address:
Set a static IP. You want the PC and Router to have static IPs so you don't lose connectivity between them while you're doing all these changes. Once your IP has changed, you will likely need to access your router from that new IP to finish these instructions.
Also, disable the Wireless Access Point, you'll be using your other router soon. You only care about Ethernet and Broadband Connection (Coax).
Note also that my Coax and Ethernet are connected and not bridged. Ethernet and Wireless are bridged. That's the normal configuration for this router.
Go back to my Network, then Settings for Broadband Connection (Coax). Go to Internet Protocol and set your Broadband Connection (Coax) to No IP Address. This step is important. (They are all important, but this one is doubly so.)
Why? That means you don't want your Coax to pick up an IP Address from the ONT. You intent to pass traffic through (bridge) the Coax to the Ethernet. Your NEW router will use the Ethernet port and pick up the external IP Address from your provider.
Go back to Configure Home/Office Network and make sure you've checked the boxes under the Bridge section, so Broadband Connection and Ethernet are both checked, as seen below. Note that Wireless is disabled.
Click Apply and reboot the router.
At this point, the Coax port and the LAN 4 ports will be bridged. If you plug an Ethernet cable from the WAN port of your new router to ONE of the LAN ports of the ActionTec (and wait a while) you should see your new router pick up an external IP address. This did take about 5-10 minutes for me.
NOTE: Don't forget to change your PC's network back to automatically get an IP via DHCP.
Hopefully that's reasonably clear. Here's a visual way to look at it.
Typical Network
Typical Network After Bridging COAX/Ethernet+ New Router
After performing major brain surgery like this you'll need to go over EVERY DEVICE IN THE HOUSE and Release/Renew their IP Address (I recommend this, although there are technically ways around it) as well as connecting them to your new Wireless Network's SSID.
My shiny new router is a Linksys WRT1900AC and it's AMAZING. It's spendy, but works fantastically and is worth the premium. It's nearly doubled my effective range and includes Gigabit Ethernet ports. Everything is faster, both internal traffic, and external.
I hope this guide helps someone improve their home network. Have fun!
Sponsor: Big thanks to Red Gate for sponsoring the feed this week. 24% of database devs don’t use source control. Do you? Database source control is now standard. SQL Source Control is an easy way to start - it links your database to any source control system. Try it free!
I've been a Linksys WRT54G fan for almost a decade. I ran HyperWRT for a while and then ended up with DD-WRT. Having a reliable, hackable router was a joy back in the day.
The Hardware
The new Linksys WRT1900AC has a design that is clearly meant to evoke the WRT54G, but it's a whole new beast. My first WRT54G was a Broadcom BCM4702 running @ 125Mhz, although later models went to 240Mhz. It had 16 megs of RAM and 4 megs of Flash. I was thrilled that theh WRT54G had "fast ethernet."
Compare that to the WRT1900AC with its dual-core 1.2Ghz ARM processor with 256 megs of DDR3. It's a PC, frankly, and I appreciate the power and flexibility.
This router is clearly a little spendy, and I was initially wondering it US$249 is worth the money. However, after using it for a week I can say yes. Let's say that it only lasts a year, that's less than $1 a day. If it lasts 5 years like previous routers, it's pennies. Considering that I work from home and need consistent and reliable connectivity, I'm willing to pay a premium for a premium device.
First, this is a 802.11a/b/g/n router and supports all devices, including the newer 80.11ac spec. It cover the full spectrum, pun intended, and has both 2.4GHz and 5.0Ghz support. It's got 4 large adjustable antennas, and the whole device is the size of a medium pizza. They even warn you not to put stuff on top of it so you don't block the heat sink.
I was also pleasantly surprised that the WRT1900AC has a USB 3.0 port and an eSATA port where you can plug in external storage, then access it as a file share. I was just talking to a neighbor who was considering a $600 NAS (Network Attached Storage) device, and I see now that the WRT1900AC could be that basic NAS for him. It supports FAT, NTFS, and HFS+ filesystems.
It's also super fast. Here's a large file copy for example. It's fast and rock solid at 100+ megabytes a second. I'm getting between 40-60 megabytes a second over wireless. I've also been able to get 20-40 megs a second off an attached hard drive. It's a competent simple NAS.
It's been consistently faster than my previous router in basically everything that I do. I haven't done formal tests, but it's looking like 20-30% just on the wireless side.
The Software
The WRT1900AC also will support OpenWRT later this year, and Linksys is encouraging folks like the DD-WRT, Open WRT, and Tomato projects to target this device. It's nice when a company creates hardware and doesn't freak out when the community wants to hack on it.
The installation was a breeze and I was impressed that they included a non-standard default password for out of the box security.
Their initial release of the built-in software is a little lacking, IMHO, in a few areas, most notably QoS (Quality of Service) and is a little bit of a step back from my previous routers. I'd like more absolute control over my traffic, but that's me. To compensate, I marked my Xbox and my Work PC as needing preferred packets, so rather than prioritizing specific traffic, the router will prioritize these machines by MAC address.
While it does lack in some places, it makes up in others. The interface is fast, and easy to use.
You can access lots of logs, diagnostics, and stats for everything. However, I have spent most of my time in the Network Map.
Not to harp on this feature, but I really like this real-time filterable network map. From here I can see who's on which wireless channels, reserve DHCP leases, filter devices by type. It's a gimmick, but it's a gimmick that works and works well.
I also registered my router with the LinksysSmartWifi.com site. This allows me to remotely manage the router from anywhere (without a dyndns.org account or opening the firewall) as well as from my iPhone. This also potentially means I could debug those network issues that only pop up when I'm travelling and my wife is trying to get on the internet. ;)
All in all, I'm very satisfied with this new router.
I've got greater wireless coverage than ever before.
I've got good management tools, inside, outside, and while mobile.
The speed is as good as anything I've ever used.
It has 90% of the features I need, and I'm confident I'll get more advanced features with updates or via open source projects.
* Disclaimer: I use affiliate links to buy gadgets and tacos. Click them and you support me, my lunch, and my blog.
Sponsor: Big thanks to Red Gate for sponsoring the feed this week. 24% of database devs don’t use source control. Do you? Database source control is now standard. SQL Source Control is an easy way to start - it links your database to any source control system. Try it free!
There was an engineer I used to work with who always said "That's just a software issue." No matter how complex the issue, no matter how daunting, they were confident it could be solved with software.
.NET and C# and NuGet and the community have been making some amazing stuff in the last few years like ScriptCS, Chocolately, Boxstarter. Azure Websites now supports ASP.NET, sure, but also PHP, Python, Java (Tomcat or Jetty or your own container), and node.js. Getting these things to work together has been an interesting software issue. Apps can run side-by-side, but they can't really talk to each other in-process. (Mostly one just moves data between universes over JSON and HTTP when need-be.)
However, Tomasz Janczuk has been working on Edge.js (on Github) for a while now. I showed his work at jQuery Portland last year, but this week he's taking it to the next level. He is creating a wormhole between software universes.
Edge.js now lets you run node.js and .NET code in-process on Windows, Mac, and Linux.
The name is great. An edge connects two nodes, and Edge.js is that edge.
Here's a node app hello world node app calling .NET. Don't sweat that the .NET code is tunneled inside a comment, this is the Hello World proof of concept.
helloWorld('JavaScript', function (error, result) { if (error) throw error; console.log(result); });
Perhaps you have a bunch of CPU intensive work or algorithms in C#, but you've also got a node.js app that needs the result of that work. Edge can help with that.
You can bring in a CS or CSX file into node like this:
var myCSharpCode = edge.func(require('path').join(__dirname, 'myCSharpCode.csx'));
You can bring code from a .NET DLL into a node.js compiled as well.
It's not a hack, it's a clear way to marshal between CLR threads and the V8 (the node Javascript engine) thread. It's also interesting from a comp-sci perspective as the CLR can have many threads and V8 has the one.
Here's Tomasz's own words:
Edge.js provides an asynchronous, in-process mechanism for interoperability between Node.js and .NET.
The "cloud" is one of those things that I totally get and totally intellectualize, but it still consistently blows me away. And I work on a cloud, too, which is a little ironic that I should be impressed.
I guess part of it is historical context. Today's engineers get mad if a deployment takes 10 minutes or if a scale-out operation has them waiting five. I used to have multi-hour builds and a scale out operation involved a drive over to PC Micro Center. Worse yet, having a Cisco engineer fly in to configure a load balancer. Certainly engineers in the generation before mine could lose hours with a single punch card mistake.
It's the power that impresses me.
And I don't mean CPU power, I mean the power to build, to create, to achieve, in minutes, globally. My that's a lot of comma faults.
Someone told me once that the average middle class person is more powerful than a 15th century king. You eat on a regular basis, can fly across the country in a few hours, you have antibiotics and probably won't die from a scratch.
Cloud power is that. Here's what I did last weekend that blew me away.
I just took a website, bought a wildcard SSL cert, deployed to Asia, Europe, and US, and geo-load-balanced the secure traffic in 45 min. O_O
Scaling an Azure Website globally in minutes, plus adding SSL
I'm working on a little startup with my friend Greg, and I recently deploy our backend service to a small Azure website in "North Central US." I bought a domain name for $8 and setup a CNAME to point to this new Azure website. Setting up custom DNS takes just minutes of course.
Then I upload mysslcert.pfx to Azure. If you have intermediaries then you might need to include those as well.
This gets me a secure connection to my single webserver, but I need multiple ones as my beta testers in Asia and Europe have complained that my service is slow for them.
Adding multiple global Azure Website locations
It's easy to add more websites, so I made two more, spreading them out a bit.
At this point, I've got three web sites in three locations but they aren't associated together in any way.
I also added a "Location" configuration name/value pair for each website so I could put the location at the bottom of the site to confirm when global load balancing is working just by pulling it out like this:
I could also potentially glean my location by exploring the Environment variables like WEBSITE_SITE_NAME for my application name, which I made match my site's location.
Now I bring these all together by setting up a Traffic Manager in Azure.
I change my DNS CNAME to point to the Traffic Manager, NOT the original website. Then I make sure the traffic manager knows about each of the Azure Website endpoints.
Then I make sure that my main CNAME is setup in my Azure Website, along with the Traffic Manager domain. Here's my DNSimple record:
And here's my Azure website configuration:
Important Note: You may be thinking, hang on, I though there was already load balancing built in to Azure Websites? It's important to remember that there's the load balancing that selects which data center, and there's the load balancing that selects an actual web server within a data center. Also, you can choose between straight round-robin, failover (two sites within a single datacenter), or Performance, when you have sites in geographic locations and you want the "closest" one to the user. That's what I chose. It's all automatic, which is nice.
Since the Traffic Manager is just going to resolve to a specific endpoint and all my endpoints already have a wildcard SSL, it all literally just works.
When I run NSLOOKUP myHub I get something like this:
As I'm in Oregon, I get the closest data center. I asked friends via Skype in Australia, Germany, and Ireland to test and they each got one of the other data centers.
I can test for myself by using https://www.whatsmydns.net and seeing the different IPs from different locations.
This whole operation took about 45 minutes, and about 15 minutes of that was waiting for DNS to propagate.
In less than an hour went from a small prototype in a data center in Chicago and then scaled it out to datacenters globally and added SSL.
Sponsor: Big thanks to Aspose for sponsoring the blog feed this week. Aspose.Total for .NET has all the APIs you need to create, manipulate and convert Microsoft Office documents and a host of other file formats in your applications. Curious? Start a free trial today.
We really poured our hearts into this production and we really hope you enjoy it.
In this feature-length production, Scott Hanselman and Rob Conery offer suggestions and advice on how you can get out there, and get involved. Blogging, Twitter, Github, StackOverflow, User Groups and Conferences: all of this can make you a happier, more productive developer and inspire you to take your career to the next level.
You certainly don't have to be social to be better at writing code - but sharpening your skills this way helps you when it comes time for a job interview, a yearly review where a promotion is on the line, or when you want to start running an Open Source project.
If you're a fan of This Developer's Life you know how tightly Rob and I like to produce things - this video is no exception.
Filmed on the streets of Portland and at a Portland user group, we talk about Blogging, Twitter, Github, StackOverflow, Open Source, Speaking, User Groups and Conferences - all of this hoping to make you a happier, more productive, more connected developer. We want to inspire you and perhaps to take your career to the next level.
Additionally, we stretched far beyond Portland to seek out the other people who active in the social technology space!
Jon Skeet joins us to talk about what a Good Question is on StackOverflow - and also how you can gain reputation by providing Good Answers - and edits to Good Questions!
We venture out to the Portland Area DotNet Users Group (PADNUG) and meet a few developers who have just started going - as well as people who have been there for years.
While we were there, I gave a 10-minute lightning talk on Azure - a great way to get started speaking if you're not a fan of public speaking. Rob filmed the whole thing.
By the way, if you do have a Pluralsight Subscription, you've got access to thousands of hours of technical video training, like my other video on technical presenting!
Have you thought about speaking on technology publically? Maybe you want start talking a local user groups and then work your way up to larger regional code camps? "The Art of Speaking" is an 80 min Pluralsight course that Rob and I created to help you do just that!
Many, many, thanks to Pluralsight for giving this video to the community for free! If you're on Twitter, go thank them now @pluralsight.
Sponsor: Big thanks to Aspose for sponsoring the blog feed this week. Aspose.Total for .NET has all the APIs you need to create, manipulate and convert Microsoft Office documents and a host of other file formats in your applications. Curious? Start a free trial today.