Showing posts with label Web X.X. Show all posts
Showing posts with label Web X.X. Show all posts

Tuesday, October 07, 2014

Microsoft Azure Web Site Cheat Sheet

Microsoft Azure Web Site Cheat Sheet

Howdy, Cloud Adventurer!

You’ve stumbled across the Microsoft Azure Web Sites Cheat Sheet – The quickest reference for getting to know Microsoft Azure Web Sites on the web. If you’re looking for some tutorials on how to develop solutions on Microsoft Azure Web Sites check out the Microsoft Azure product site or the Microsoft Azure Training Kit.

Browse around this one page reference for information on command-line tools for managing your Microsoft Azure Web Sites. Take a quick look at the features that are offered on Microsoft Azure Web Sites then start exploring the wonderful world of Microsoft Azure!


Hate to say this, but you know I've not created a Azure Web Site yet? Nope. I feel so... un-web like. Sounds like marching orders doesn't it? When/If I DO finally get off my fat butt (we'll fat'ish... I am losing weight ;) this site will come in really handy.

Tuesday, September 23, 2014 (Email Groups 2.0)=, Mailing lists for the 10's, i.e. not your dad's mailing list service)

Mark Fletcher's Blog - Introducing


But that doesn’t mean that mailing lists can’t improve. And this is where we get back to the unfinished business. Because email groups (the modern version of mailing lists) have stagnated over the past decade. Yahoo Groups and Google Groups both exude the dank air of benign neglect. Google Groups hasn’t been updated in years, and some of Yahoo’s recent changes have actually made Yahoo Groups worse! And yet, millions of people put up with this uncertainty and neglect, because email groups are still one of the best ways to communicate with groups of people. And I have a plan to make them even better.

So today I’m launching in beta, to bring email groups into the 21st Century. At launch, we have many features that those other services don’t have, including:

  • Integration with other services, including: Github, Google Hangouts, Dropbox, Instagram, Facebook Pages, and the ability to import Feeds into your groups.
  • Businesses and organizations can have their own private groups on their own subdomain.
  • Better archive organization, using hashtags.
  • Many more email delivery options.
  • The ability to mute threads or hashtags.
  • Fully searchable archives, including searching within attachments.

One other feature that has that Yahoo and Google don’t, is a business model that’s not based on showing ads to you. Public groups are completely free on Private groups and organizations are very reasonably priced.

We’re just starting out; following the tradition of new startups everywhere, we’re in Beta. So, as we squash the inevitable bugs and work to make the system even better (based on your feedback!), all features will be free.


Why You'll Love GROUPS.IO

Powerful features that make email groups more useful.

Great For Organizations is great for your internal discussion lists. Easily create and manage an organization, which is a collection of private groups, through a dedicated Org home page.

Do More With Integrations

Easily integrate Dropbox, Google Hangouts, Feeds, Facebook, Instagram, Github, Email and soon even more services into your group.

Better Archive Organization With Hashtags

Discussions can have assigned hashtags. Archives can be searched by hashtags, and hashtagged conversations can automatically expire.

Only The Messages You Want

Mute threads and keywords, ensuring you only see the messages you're interested in. Take advantage of better email delivery options, including receiving the first message only in each thread or receiving replies only



While, like most, I have a love-hate relationship with mailing lists, I do think it's pretty cool seeing this new look at them, updated to today's tech.

Thursday, September 04, 2014

Driving IE with the Web Driver Tool and Code Sample too

Microsoft Downloads - IE Web Driver Tool for Internet Explorer 11

The IE Web Driver Tool enables developers to create automated tests that simulate users interacting with webpages and report back results in Internet Explorer 11. It can also manage testing across multiple windows, tabs, and webpages in a single session.

Version: 1.000

File Name:



Date Published: 9/3/2014

KB Articles: KB2990999

The IE Web Driver Tool implements many of the high priority features from the W3C spec to allow developers to open a session, automate basic functionality against the pages, and return the results of the tests. The IE Web Driver Tool differs from JavaScript unit tests because it has additional access to functionality and information in the browser, and it can more accurately simulate user events or OS-level events.


MSDN Code Gallery - WebDriver Sample - Cumulative Security Update for Internet Explorer (KB2976627)

WebDriver is like a remote control for Internet Explorer and allows developers to create automated tests that go beyond simple JavaScript unit tests. In Cumulative Security Update for Internet Explorer 11 (KB2976627), the WebDriver API demonstrated in Internet Explorer Developer Channel comes to general release.

Building the Sample

Because WebDriver gives any app that knows how to use it the ability to control your browser, it is not completely installed with Cumulative Security Update for Internet Explorer (KB2976627). To install and enable the remaining components, please follow the instructions in the Developer Guide.

Following that, you will be able to use the Visual Studio solution in this sample as a jumping-off point to build your own apps using the WebDriver API. However those apps will only run on systems specifically enabled to use the WebDriver API.


The WebDriver sample provides a small example application that opens Internet Explorer, navigates to Bing, locates the Bing Search Box, types "WebDriver" into it, and executes the search. With dozens of commands available, this provides an excellent starting point for exploring the WebDriver API in Internet Explorer 11.

Source Code Files



Remember the days/weeks wasted and many tools we've used to "automate" UI testing of our web sites? Maybe, finally, those days are behind us? We can only hope...

Wednesday, September 03, 2014

Security/hacking got you a little freaked? Moving to Two Factor Auth? Looking for a WP8.x "Google Authenticator App"? Microsoft has got your back...

7Tutorials - Are You Looking for a Google Authenticator App on Windows Phone?

We all know the strong competition between Microsoft and Google and how ruthless it is at times. Because of it, Google has chosen not to develop Windows Phone apps for most of its services. Therefore, the Google Authenticator app that's requested by many services for two-step verification is missing from Windows Phone. Since two-step verification is a very common method for securing all kinds of accounts, being able to use a Google Authenticator clone on Windows Phone is very important. Fortunately for us Windows Phone users, Microsoft has our backs and they have developed their own Authenticator app and published it for free. Here's how it works:

Why So Many Websites & Services Ask You to Install the Google Authenticator App?

Because Google was one of the first big tech companies to implement two-step verification for their customer's accounts. They also developed a Google Authenticator app that's available on almost all mobile platforms except those developed by Microsoft. Since Android is so huge in terms of market share, the Google Authenticator app has become a standard in people's minds and everyone recommends that you use it.

Technically speaking, there's nothing special about this app because it uses a documented standard for two-step authentication: the Time-based One-time Password Algorithm (TOTP). Therefore anyone can make an app using the same algorithm.

According to this standard, the Authenticator app provides a random six digits one-time password that you enter in addition to your username and password, to log in to all kinds of services, including Google's and Microsoft's services. This six digits password is valid for 30 seconds. If an attacker steals it then, within 30 seconds, it will be useless. This is great from a security perspective.

When a website mentions using a Google Authenticator app, don't despair. You don't really need Google's app, only an app that uses the same algorithm to generate passwords.

Where to Find Microsoft's Authenticator App

On the Windows Phone Store, if you search for Google Authenticator, you will find lots of apps made by different developers and companies. Some of them are not even free. Most probably they work just as well, because they use the same standard as Google does but why use them if you have a free app, developed and actively maintained by Microsoft?

In the Windows Phone Store, search for Authenticator and tap the app made by Microsoft Corporation. You will find it here: Authenticator.




With all the hacking/etc. news I decided it was time to finally make the move to Two Factor Auth. Yeah, I know I'm a little behind (little?) but, hey every journey begins with the first step, etc.

Today I was looking for a Windows Phone app to help with a site that uses Google Auth. Well there isn't one, at least from Google. But, as you've seen above, we don't need no stink'n Google Auth App! The Microsoft Auth app works just fine. And I've confirmed that, it does indeed work just fine and is really easy to setup and use.

In short, if you've not made the move to Two Factor, it's really not that scary at all. Do it... DO it... DO IT!

Tuesday, September 02, 2014

Alas YUI, I knew you... Yahoo! User Interface Library (YUI) is officially dead in the water.

 Yahoo! Engineering - Important Announcement Regarding YUI

The Yahoo User Interface library (YUI) has been in use at Yahoo since 2005, and was first announced to the public on February 13, 2006. Although it has evolved tremendously since that time, YUI has always served the same overarching purpose of providing a comprehensive toolkit to make it easier for developers to create rich web applications. As such, YUI is an important part of Yahoo’s history: millions of lines of code relying on YUI have been written and are still in use at Yahoo today. However, it has become clear to us that the industry is now headed in a new direction...


Therefore, we have made the difficult decision to immediately stop all new development on YUI in order to focus our efforts on this new technology landscape. This means that, going forward, new YUI releases will likely be few and far between, and will only contain targeted fixes that are absolutely critical to Yahoo properties.


I've been following YUI since it went public in Feb 2006 (I blogged about it the day after it wen OSS, Yahoo! UI Library Released as OSS). I always thought it cool that Yahoo had released and improved it over time. But time matches on, and all that, and if you look at the web between now and then, it's a whole new world (Yeah, I've got my Capt. Obvious hat on again). Eight years? In web-time that's like 97 years or something... :/


Related Past Post XRef:
Free Yahoo UI JavaScript Hosting
Yahoo! UI Library Released as OSS

Building/Documenting a site? Want to see one example of a "site software guidebook?" example software guidebook is free and open...

Coding the Architecture - Free and open source example software guidebook 

A software guidebook for the website

It needs a little updating (isn't that always the case!), but I've moved the example software guidebook (previously an appendix in my Software Architecture for Developers book) into a separate free and open source book on Leanpub. is a side-project of mine to create a content aggregator for the tech, IT and digital sector in Jersey, Channel Islands. The code behind the website is open source and available on GitHub. The source for the software guidebook is also open source and available on GitHub.

The software guidebook is based upon the concept of a software guidebook as described in my Software Architecture for Developers book; the software guidebook is a lightweight, pragmatic way to document the "big picture" of a software system. In essence, it's my simplified version of many "software architecture document" templates you'll find out there on the web. - Software Guidebook is available to download for free from Leanpub. I hope you find it useful. - Software Guidebook

About the Book

This is the software guidebook for the website; a content aggregator for the tech, IT and digital sector in Jersey, Channel Islands. The code behind the website is open source and available on GitHub. The source for this book is also open source and available on GitHub.

This book is based upon the concept of a software guidebook as described in my Software Architecture for Developers book, which is also available on Leanpub. The software guidebook is a lightweight, pragmatic way to document the "big picture" of a software system.


How often do you re-invent the specification/documentation/guidebook wheel? Yeah, me too. The problem is that there doesn't seem to be many "real" ones that are open and available for free. Sure every corp has one, but those are often IP...

Here's one that's "real" and might give you some good ideas for your next project.


Tuesday, May 20, 2014

Prefect for your next marketing-ware page - The New Age BS Generator

New Age Bullshit Generator

Namaste. Do you want to sell a New Age product and/or service? Tired of coming up with meaningless copy for your starry-eyed customers? Want to join the ranks of bestselling self-help authors? We can help.

Just click and the truth will manifest

Click the Reionize electrons button at the top of the page to generate a full page of New Age poppycock.

The inspiration for this idea came from watching philosophy debates involving Deepak Chopra. I wrote a blog post about it if you're interested.

After sitting through hours of New Age rhetoric, I decided to have a crack at writing code to generate it automatically and speed things up a bit. I cobbled together a list of New Age buzzwords and cliché sentence patterns and this is the result.

...You’ll get some profound-sounding nonsense here, too.

So, what is this for? Put it on your website as placeholder text. Print it out as a speech for your yoga class and see if anyone can guess a computer wrote it. Use it to write the hottest new bestseller in the self-help section, or give false hope to depressed friends and family members.


Seb Pearce - On the New Age Bullshit Generator and parodying woo

Link to the Generator:
(Yes, it’s open source: GitHub link)

A while back, I was on a philosophy debate binge. Watching Sam Harris and the late Christopher Hitchens annihilate their opponents with precision and wit is my idea of a good night in, and YouTube’s “related videos” are a deep, dark rabbithole.



Finally an awesome example of NLP. Some of these items are pretty cool sounding too. Best of all it's open source... :)

(via Beyond Search - Natural Language Processing Used to Serve Up Cynicism)

Monday, May 19, 2014

400 billion... The Wayback Machine now has more pages than there are stars in our galaxy (and here's how they manage that)

High Scalability - A Short On How the Wayback Machine Stores More Pages than Stars in the Milky Way

How does the Wayback Machine work? Now with over 400 billion webpages indexed, allowing the Internet to be browsed all the way back to 1996, it's an even more compelling question. I've looked several times but I've never found a really good answer.

Here's some information from a thread on Hacker News. It starts with mmagin, a former Archive employee:




How awesome is that? If you're interested in the story behind the storage/indexing/etc used by the Wayback Machine, read this...

Wednesday, April 30, 2014

Web Camps Training Kit, March 2014 Edition

Microsoft Downloads - Web Camps Training Kit - March 2014

Version: March 2014

Date Published: 4/29/2014

WebCampsTK-Package-WebCampsTrainingKit.exe, 114 KB

The kit includes all the content presented around the world at the recent Web Camps events; presentations, demos, labs and more. Inside the new kit you’ll find content that covers the following technologies:

  • ASP.NET 4.5
  • jQuery
  • SignalR
  • Entity Framework
  • Visual Studio 2013
  • Internet Explorer 11 and HTML5
  • Building apps for Office with HTML5
  • Cloud application services




Internal or external, if you're doing any kind of Microsoft Web Stack Training, presenting or attending, this is a great resource...


Related Past Post XRef:
Web Camps Training Kit Updated
“Web Camps Training Kit” Don’t re-invent, re-use…

Tuesday, April 08, 2014

Heartbleed in eight minutes, what it is, it's impact and more, Khan Academy style

TechCrunch - What Is Heartbleed? The Video

You’ve probably heard about Heartbleed. You’ve probably been told that, as far as security vulnerabilities go on the Internet, it’s pretty damned scary.

But what is Heartbleed? How does it work? Why is it something that you should care about? This Khan Academy-style* video tries to break it all down.

Made by Zulfikar Ramzan, MIT Ph.D. and CTO of cloud security firm Elastica, this video does a great job of explaining the bug at a pretty high level. Its still got a whole lot of acronyms and jargon thrown into the mix (so don’t expect an Explain-Like-I’m-Five explanation here), but it does a good job of explaining the bug’s ins and outs in a way that more people should be able to grasp. [GD: Post leached in full]


Don't know if you've been following this, that the OpenSSL/Heartbeat/Heartbleed apocalypse is upon us, or not, but if you're like me and want a short brief about what the heck is going on, what it is and why it actually is pretty darn scary, this video is a must watch.

Monday, April 07, 2014

Succinctly eBook of the Day: "Twitter Bootstrap Succinctly" [Reg-ware]

SyncFusion Succinctly eBook Shelf - Twitter Bootstrap Succinctly


Twitter Bootstrap (TWB) is a free front-end framework built by Twitter developers to ensure visual and functional consistency across websites and applications. In Twitter Bootstrap Succinctly, Peter Shaw explains what makes up a consistent, attractive UI, and why having one is important. He then walks you through the basics of adding beautiful, user-friendly components to your projects with only a few lines of HTML and CSS. You'll learn how to add TWB to an existing project, and use it to customize attractive buttons, tabs, breadcrumbs, dropdowns, and more. There are even chapters dedicated to optional JavaScript and TWB extensions for when you're ready to take your UI's appearance a step further.

Table of Contents

  1. What is Twitter Bootstrap?
  2. Adding Bootstrap to Your Project
  3. Twitter Bootstrap Scaffolding
  4. Twitter Bootstrap Base CSS Classes
  5. Forms
  6. Buttons
  7. Components
  8. Twitter Bootstrap JavaScript
  9. Extending Bootstrap

If you've been hearing about Bootstrap but weren't sure what it was or how to get started with it [insert usual "this ebook is for you" statement here]

(via expression{} - Twitter Bootstrap Succinctly)

Tuesday, March 25, 2014

OneNote Dev isn't dead by a long shot! The OneNote team opens up about their near-term API roadmap

OneNote Dev Blog - OneNote API Near-Term Roadmap

Hey folks, this is James Lau - I am the Lead Program Manager on the OneNote API team. In this blog post, I’d like to share with your our near-term roadmap and get your feedback.

Last week, we launched the initial version of our API. The first set of features are focused on scenarios for creating pages in OneNote: mobile app scanners, hardware scanners, save-it-for-later for newsreaders, etc. Of course, we are far from done, and we have already started are busy working on the next set of features. Instead of "going dark" and then shipping features that we think you want, we would rather have a dialog with you on what we are building.

One of the core principles we have on our team is customer transparency. We understand that you are trusting us and taking a bet on our platform when you use our API. As such, not only do you deserve to know what we are planning, but you also deserve to have a say in what we do! We have set up a OneNote API feedback site so you can participate in our planning, vote on features and submit your ideas.

Here is a list of the capabilities and features that we are planning to deliver over the next 3 to 6 months. That is a very rough timeframe, and priorities can change at any time, so please don't base your plan on this timeframe. The features below are also not listed in strict priority order. We have multiple teams tackling this list simultaneously, so some of these will be built in parallel. Nonetheless, we would love to get your feedback on their relative importance to you.


Please let us know of anything you want that's missing and vote on the ones that you really want *right now*! Your feedback will really help us prioritize and influence what we work on next.

Other than transparency, our team also believes in delivering customer value early. That means we are going to be delivering new features as they are completed and not take a "big bang" approach. We do daily deployments to our service too, so there are tons of opportunities to get these features out on a regular basis.


Looking forward to these features. The current API is a good starting point, but just that, a starting point. I hope they can keep the momentum and cadence up.

Wednesday, March 05, 2014

IE 11 Reading View - Did Microsoft just paint a big target on its back for every web producer?

IEBlog - Introducing Reading View in IE 11

Reading view is a new feature in Internet Explorer 11 for Windows 8.1 that helps you focus on the main content of the Web page you want to read. Reading view is a way to experience just the article or blog post you want to read, without the distractions of related (or unrelated) content surrounding the story. Find an article you want to read, switch to reading view, and settle into a great reading experience. When you’re done, just exit reading view to continue browsing on the site.


Reading view is a native feature of “immersive” IE – you don’t have to install anything extra – and it’s available for pages with a significant amount of text, in any language IE supports.

How to Use Reading View in IE 11

Using reading view is easy. Just click the reading view button in the address bar. If you’re a keyboard person, you can also use CTRL+SHIFT+R to put a page into reading view.

The reading view button will appear in the address bar for pages that have “article-like” content. If you don’t see it, it means that the page doesn’t work well in reading view.

To exit reading view, tap or click the button in the address bar again), or hit Esc. To go to the previous page, tap or click the back button, or back-swipe if you’re using a touch-enabled device.


No more “Next, Next, Next…” links

There are many articles on the Web that contain multiple and separate pages content. That means you have to click a “Next Page” link to continue reading, sometimes again and again, if the article spans many pages – and then you have to wait for each successive page to load, thus interrupting your reading experience.

Reading view in IE 11 combines the primary content from all pages of an article into a single continuously scrolling page that works great on any device. No need to click those “next page” links. Instead you can just use your finger or your mouse to scroll as you read. You get to have full control the position of the text on the screen.

If you are using a wide-screened device, like a tablet or a large monitor, articles in reading view can display in a multi-column, horizontally scrolling page.

If you like to read on a tablet while holding it in portrait mode, or if IE is displayed side-by-side with another app window, articles in reading view will display in a single-column, vertically scrolling page. As a general rule, if the IE window isn’t wide enough to show two columns of text, then reading view will use a single-column, vertically scrolling layout.

How reading view works

Once a Web site is determined to be reading view eligible, reading view uses a number of heuristics to identify and then extract relevant content from the page, to create a new page (in memory). The Web is a big and dynamic space, and from an engineering perspective, our algorithm aims to retrieve the most relevant content for the largest number of reading view eligible sites. These heuristics look at HTML tags, node depth, image size, and word count to determine what content on the page is the “main” content.

We have put together an interactive Reading View Test Drive demo to provide more details on key rules used in the Reading View extraction algorithm. We hope these tips will help content managers and developers ensure their site looks great on reading view.


Reading View Guidelines

Reading view is a new feature in IE11 that provides a focused reading experience for text-heavy pages, such as news articles and blog posts.

The logic that reading view uses to detect the main content on a page follows popular markup patterns for news and blog articles on the web. This Test Drive doesn’t cover all scenarios, however, the following guidelines will get you started in making sure your site works well with reading view. See the Reading View in IE11 blog post for more details on how Reading View works.

To see tips on how to ensure particular elements on a page display correctly in reading view, click any of the 3 tab “views”, then click element names in the left nav bar or click the elements themselves on the embedded page.



Um... wow. Is this what I think it is? While this looks like it might  a cool feature for some users, producers aren't going to be too happy, are they? They are forced to opt out, not in. Even as a blogger that kind of irks me. If my site and content was my business, I think I'd be pissed. This feels like old Microsoft, the we know better Microsoft.

Or am I over thinking this?

Tuesday, February 18, 2014

OWIN your own Helios - ASP.NET "Helios" project (Think "ASP.NET kind of rethought" or "ASP.NET Unbound")

.NET Web Development and Tools Blog - Introducing ASP.NET Project “Helios”

In late 2013 we made available a prerelease NuGet package which allows running a managed web application directly on top of IIS without going through the normal ASP.NET (System.Web) request processing pipeline. This was a relatively quiet event without too much fanfare. At last month’s MVA Windows Azure Deep Dive, we spoke about this for the first time publicly to a global audience.

Today, I’d like to give a formal introduction to ASP.NET Project “Helios”. This post will talk about why we’re introducing this project, what we hope to accomplish with it, and how this might fit in to our ecosystem moving forward.

I assume that the reader has a basic understanding of OWIN and ASP.NET Project Katana. If you are not familiar with these, a brief overview can be found at


Why Helios?

When we look at our ecosystem, we’re pleased by the success of MVC, WebAPI, SignalR, and our other recent high-level frameworks. These are valuable tools, they have a low barrier to entry for most developers, and they’re deployed completely out-of-band. This allows us to innovate quickly. MVC and WebAPI have published new major releases annually; SignalR has approximately quarterly releases. It allows our customers to deploy immediately, even to shared hosters.

Yet because System.Web is part of the .NET Framework proper, the ASP.NET runtime itself cannot iterate as quickly as we would like it to. We are bound by the release schedules of the .NET Framework as a whole. If a developer asks us to add a feature to ASP.NET, he must wait for the entire framework to rev. And then he must wait for his hoster or IT administrator to update the .NET Framework version on the web server. And if there’s a bug he must again wait for us to provide a fix.

Our core runtime iterates on the scale of years. The state of web technologies is much more agile – much more nimble. A web technology can live its entire lifetime – conception to sunset – in the time that elapses between major releases of the .NET Framework. Our developer audience deserves a base on which they can build a new breed of modern web applications.

And it’s not just wanting more agile development. Recall the list of ASP.NET pain points from earlier: unwanted redirects, too-helpful security handholding resulting in requests being denied, and so on. We’ll never be able to make more than minor tweaks to these behaviors, as we can’t risk breaking customers who have deployed sites and are depending on the existing behaviors.

Finally, we’ll never be able to make the ASP.NET core runtime a “pay-for-play” model. We have experimented several times with moving Web Forms out of System.Web.dll and into its own out-of-band package. This would finally allow us finally fix bugs that have been plaguing us for years. But Web Forms defined ASP.NET for years. The ASP.NET core pipeline and Web Forms processing are inextricably linked.


Goals and non-goals

As with all things, we need to define our goals before we can determine whether we have been successful in this endeavor. It is not our intent to make a new framework that is everything to all developers. In particular:

  • It is not our goal to have screaming high throughput for “Hello World” scenarios. While Helios does in fact perform significantly better than the full ASP.NET pipeline for such scenarios, these metrics aren’t terribly useful for real-world applications.
  • It is not our goal to provide 100% compatibility with existing applications. In particular, Helios projects do not support .aspx or .ashx endpoints or other ASP.NET-isms.
  • It is not our goal to compete with self-host for developer mindshare. Each OWIN host has its own benefits and drawbacks, and developers should choose the host that meets their needs. We’ll discuss choosing a host later in this post.

On the flip side:

  • It is our goal to enable higher density on web servers. For a machine running a single application, this might be measured by allowing a greater number of concurrent requests on the machine. For a shared hoster, this might be measured by allowing more active sites on a single machine.
  • It is our goal to provide behavior that mimics self-host more than it mimics web-host. We’re trying to eliminate as much magic as possible from the new host.
  • It is our goal to make the Helios framework fully out-of-band. The framework should be able to run without requiring installation as long as the target machine meets the minimum system requirements called out below. Developers should be able to acquire bug fixes / feature additions by acquiring updated packages through NuGet and bin-deploying to their servers / hosters.
  • It is our goal to reduce the friction of deploying a web application built on the Helios host. It should be just as easy to deploy a Helios-hosted application as it is any typical ASP.NET application.

Getting started





We’re excited about what this could mean for the future of our platform, especially as more frameworks and components break their strict dependency on System.Web.dll. This new design promises to allow us to ship new functionality fully out-of-band and to avoid surprising developers with unwanted behaviors.

I also want to stress that this is strictly an option. The target audience for this package is a minority of our overall developer audience. The team has no plans to force our general developer audience on to this system.

Finally, there is a supplemental post available with further information available for more advanced developers.  That post discusses performance and resource utilization in more detail. It also discusses using the Helios APIs directly without going through OWIN.

Sounds interesting and seems to mesh with hour the BCL team is also iterating faster. Will be keeping an eye on this...

Thursday, February 06, 2014

Application Insights Visual Studio Add-in - Adding App Insights with just a couple clicks...

Brian Harry's blog - Application Insights Visual Studio Add-in preview

In the fall, we introduced a preview of a new VS Online service called “Application Insights” that enables you to instrument your app to ensure that it is available, performing and successful.  It combines APM capabilities with usage analysis, aimed at developers to help them create the best possible apps.

Yesterday, we released a preview of a new Visual Studio add-in that makes getting started with Application Insights so easy that everyone should do it without even thinking about it.  Install the add-in below and get started right away.  The add-in will automatically by-pass the invitation code process necessary to get started with App Insights the first time you connect an app

Download Application Insights Tools for Visual Studio
Preview Release, VSIX for Visual Studio 2013
Express for Web, Express for Windows, Professional, Premium and Ultimate


To get started with a new project, simply create a Web project. In the New Project dialog, make sure that Add Application Insights to Project is checked.

To get started with an existing project, right-click on a Web project in Solution Explorer and choose Add Application Insights Telemetry to Project.
That's it! Then...


I wonder if we're going to get a non-web version of this? Say for our mobile apps? Something to keep an eye open for at Build 2014...

Wednesday, January 08, 2014

Unplugging the Web - The case of the disappearing Browser Plug-ins (and why that's a good thing)

How-to Geek - Why Browser Plug-Ins Are Going Away and What’s Replacing Them


Browser plug-ins are on their way out. Apple’s iOS has never supported plug-ins, Flash is long-discontinued for Android, and the new version of IE for Windows 8 doesn’t support most plug-ins. Chrome will soon be blocking traditional NPAPI browser plug-ins.

The web isn’t going in reverse and losing features. There’s a good reason browser plug-ins are going away, and the web will be better once they’re gone. Browser developers are integrating plug-in features into browsers themselves.

Note that this doesn’t apply to extensions or add-ons, only plug-ins that run on websites like Flash, Silverlight, and the terribly insecure Java plug-in.

Why Browser Plug-ins Were Created


Why Browser Plug-ins Are Bad

Browser plug-ins have proven to be a problem for the web. Here are some of the biggest problems with them:


What’s Replacing Browser Plug-ins


The Chromium Blog - Saying Goodbye to Our Old Friend NPAPI

...Chrome will be phasing out NPAPI support over the coming year.

We feel the web is ready for this transition. NPAPI isn’t supported on mobile devices, and Mozilla plans to make all plug-ins except the current version of Flash click-to-play by default. Based on anonymous Chrome usage data, we estimate that only six NPAPI plug-ins were used by more than 5% of users in the last month. Still, we appreciate that it will take time to transition away from NPAPI, so we will be rolling out this change in stages.

Starting in January 2014, Chrome will block webpage-instantiated NPAPI plug-ins by default on the Stable channel. To avoid disruption to users, we will temporarily whitelist the most popular NPAPI plug-ins that are not already blocked for security reasons. These are:

  1. Silverlight (launched by 15% of Chrome users last month [GD:This was posted in September, so this doesn't mean last month last month] )
  2. Unity (9.1%)
  3. Google Earth (9.1%)
  4. Java (8.9%) *
  5. Google Talk (8.7%)
  6. Facebook Video (6.0%)

* Already blocked by default for security reasons.

In the short term, end users and enterprise administrators will be able to whitelist specific plug-ins. Eventually, however, NPAPI support will be completely removed from Chrome. We expect this to happen before the end of 2014, but the exact timing will depend on usage and user feedback. Note that the built-in Flash plug-in and PDF viewer will be unaffected because they don’t use NPAPI.


Plug-ins have always been a pain, a security hole and a development nightmare. Good riddens!

But I had to laugh that one of Google's own products is still using it. Also the Silverlight numbers were very interesting too.

Thursday, December 19, 2013

Shush, it's SHS... The Scalable Hyperlink Store

Microsoft Research - Scalable Hyperlink Store

The Scalable Hyperlink Store is a specialized "database" for the web graph. SHS maintains the web graph in main memory, distributed over many machines. The system is available as C# source code as well as precompiled binaries.




Scalable Hyperlink Store (Download)

The Scalable Hyperlink Store is a specialized "database" for the web graph. SHS maintains the web graph in main memory, distributed over many machines.

Download details

File Name:

Version: 1.0

Date Published: 18 December 2013

Download Size: 4.44 MB

Hum... how to use this... There's got to be a way I can do something with this...

Here's a snip from the zip;


NOTE: This is a MSR-LA licensed project (so no commercial usage)

Tuesday, December 17, 2013

Researching creating looping videos that don't look like they are looping videos (Think "Speed" loop without the glitch)

Microsoft Research - Hugues Hoppe's publications  - Automated video looping with progressive dynamism

Abstract: Given a short video we create a representation that captures a spectrum of looping videos with varying levels of dynamism, ranging from a static image to a highly animated loop. In such a progressively dynamic video, scene liveliness can be adjusted interactively using a slider control. Applications include background images and slideshows, where the desired level of activity may depend on personal taste or mood. The representation also provides a segmentation of the scene into independently looping regions, enabling interactive local adjustment over dynamism. For a landscape scene, this control might correspond to selective animation and deanimation of grass motion, water ripples, and swaying trees. Converting arbitrary video to looping content is a challenging research problem. Unlike prior work, we explore an optimization in which each pixel automatically determines its own looping period. The resulting nested segmentation of static and dynamic scene regions forms an extremely compact representation.


Not really sure what to tag this as, but I thought it was really kind of cool, I mean who doesn't love a little "..selective animation and deanimation of grass motion, water ripples, and swaying trees..?" :)

(via Kurt Shintaku's Blog - DOWNLOAD: “Video Loops” – A unique Animated GIF generator from Microsoft Research)

Tuesday, December 10, 2013

Family Archival Solutions - Your Internet Dead Man Switch (oh, that wasn't very PC, but you get the idea... hopefully) - Family Archival Solutions Launches To Solve Legal Issues After Loss

One of the biggest issues that families have after the loss of a loved one, is the sticky mess of unraveling piles of bills, bank accounts, wills, and whatnot. Los Angeles-based Family Archival Solutions is hoping that its new, online service will help address those issues, by letting users manage both their digital--and physical--documents. The startup said its service lets users store passwords for email services, photo sites, Facebook, Twitter and more; helps users track their physical assets and documents; and even lets people store videos and emails to loved ones for the future. ...

Family Archival Solutions

We Save Your Life®

We provide peace of mind in protecting & preserving life’s most precious memories, important documents & family assets.

Safely Helping to Assist With:
  • Special Wishes
  • Digital Documents
  • Digital Assets
  • Physical Documents
  • Physical Assets
  • Photos and Videos
  • Personal Legacy


Interesting service. I'd personally want to see this be around for a little bit before I trust it. NOT that this is, but I can see who something like this could be a good, um, err, um, scam... I mean, it only really kicks in when your dead, and it's really hard to complain and file a complaint then....

That said, I think this is still a great idea and something I'll be watching...

Monday, December 09, 2013

Have I/you been pwned? There's now an API for that... - Have I been pwned? You can now ask the API!

I got a lot of requests after launching HIBP for an API and I saw some great ideas come up in terms of how it might be used for very constructive purposes. Truth be told, there was an API from day one insofar as this was precisely what the web UI was hitting every time you searched for an email address anyway, I just hadn’t published any docs on it or promoted its existence.

That said, I did give it a bit of tweaking to make it more “RESTful” (this, apparently, is what all APIs must be these days) and it works like this:



There’s also CORS support so you can happily hit the API directly from within another web app on a different domain. It’s all documented on the HIBP site.

That is all.

There is no authentication.

There is no rate limiting.

There is no cost.

Those decisions may turn out to be insightful in that it means it’s exceptionally easy to use and doesn’t place any unnecessary barriers in front of people, or it may be naive and it’ll be abused no end in ways I haven’t even begun to consider. Or both. On the abuse side though, seriously, if you want a big pile of email addresses then go and download Adobe and the others, they’re dead easy to find and it’s a heap easier than enumerating through addresses one by one over HTTP in the hope of getting a hit.

I’ve made the API available because it was easy to do and I’ve made it freely available as it shouldn’t have any cost impact. The compute resources required are tiny and the egress data is measures in bytes – it’s a very efficient process even though it’s searching through 154M records.

Finally, on the structure of the API, I did toss up whether to implement in what is theoretically the more RESTful approach you above (the email address in the path implies a resource) as opposed to a more query-centric approach by passing a value such as email={email}. I asked the question on Twitter and saw vigorous debate arguing the merits of each approach. I’ve published the one described above, but it’s still accessible via query string as well (I haven’t changed the way the search feature on the website uses this). Do feel free to add your thoughts about this or other aspects in the comments below, I’m sure this is but the first phase of many enhancements to come.

I’ll ask one favour from those of you make good use of it – tell me[Tony] about it.If you can share it publicly then leave a comment here, if you want to share it privately then send me an email. ...

Introducing “Have I been pwned?” – aggregating accounts across website breaches

I often write up analyses of the passwords disclosed in website breaches. For example, there was A brief Sony password analysis back in mid-2011 and then our local Aussie ABC earlier this year where I talked about Lousy ABC cryptography cracked in seconds as Aussie passwords are exposed. I wrote a number of other pieces looking specifically at the nature of the data exposed in individual sites, but what I really found interesting was when I started comparing breaches.

In the middle of last year I wrote What do Sony and Yahoo! have in common? Passwords! and found that 59% of people with accounts in both sources used the same password. Then just last month when I wrote about “the mother of all breaches” in Adobe credentials and the serious insecurity of password hints, I found that many of the accounts from the Sony breach were also in Adobe’s. In that case I explained how this put personal information at serious risk as the unencrypted password hints in Adobe’s breach often had the answers in the unencrypted Sony passwords!

As I analysed various breaches I kept finding user accounts that were also disclosed in other attacks – people were having their accounts pwned over and over again. So I built this:


The site is now up and public at so let me share what it’s all about.

About HIBP...

Working with 154 million records on Azure Table Storage – the story of “Have I been pwned?”

I’m one of these people that must learn by doing. Yes, I’m sure all those demos look very flashy and the code appears awesome, but unless I can do it myself then I have trouble really buying into it. And I really want to buy into Azure because frankly, it’s freakin’ awesome.

This is not a “yeah but you’re an MVP so you’ve gotta say that / you’re predispositioned to say that / you’re getting kickbacks from Ballmer”. I don’t, I’m not and I wish!

As many of you will know by now, yesterday I launched Have I been pwned? (HIBP) which as I briefly mentioned in that blog post, runs on Windows Azure. Now I’ve run stuff on Azure before, but it’s usually been the classic website and database model translated to the Azure paradigm rather than using the innovative cloud services that Azure does well.

When I came to build HIBP, I had a challenge: How do I make querying 154 million email addresses as fast as possible? Doing just about anything with the data in SQL Server was painfully slow to the extent that I ended up creating a 56GB of RAM Windows Azure SQL Server VM just to analyse it in order to prepare the info for the post I wrote on the insecurity of password hints. Plus, of course, the data will grow – more pwning of sites will happen and sooner or later there’ll be another “Adobe” and we’ll be looking at 300M records that need to be queried.

The answer was Azure Table Storage and as it turns out, it totally rocks.

Azure table storage – the good, the bad and the awesome ...

Please make sure you click though and read the full articles. Tony goes into much more details and provides some great info, in an easy to grok format and style.