Web Development » Rob Sanders: Sanders Technology

Windows Azure Media Services

Cloud Computing, Infrastructure, Technology, Web Development, Windows Azure No Responses »

May 052013

File this one away for further analysis. Live or delayed (on demand) content delivered via Windows Azure Media Services.

Takes advantage of local CDNs and provides a platform for targeted advertising as well as taking advantage of the Azure cloud capabilities (e.g. caching, high availability, etc.).

There’s also a high resolution copy available from the Microsoft downloads site if you’d like to “zoom in” on the salient details.

What I found to be eye catching?

Codecs (H.264, MPEG)
Device support (HTML5, Flash, Set Top/Smart TV)
Platform support (Windows, iOS, Android)

Sounds interesting? There are ways to find out more.

Check back here soon as I’ll likely to a more comprehensive write-up in a few weeks.

The Wisdom of Sir Tim Berners-Lee

News and politics, Programming, Technology, Web Development No Responses »

Feb 022013

Yesterday morning I and a colleague made our way to Llewellyn Hall at the Australian National University to hear from the father of the World Wide Web, none other than Sir Tim Berners-Lee.

Amongst his many accolades and roles, Sir Tim is the director of the World Wide Web Consortium (W3C) and a director of the World Wide Web foundation. You can read more about him here.

Originally, Sir Tim’s (free) public presentation was scheduled on a different date, but due to scheduling changes, invitees to the public event were merged with the Linux Conference keynote on February 1st. Upon arrival at the hall, we made our way upstairs to the mezzanine level, where we awaited the introductions.

Introduction

The introduction was made by Simon Hackett, co-founder of Internode. Simon surprises the audience by removing the covering from over his ancient NeXT cube, a machine Sir Tim would have been using at CERN when designing the World Wide Web. The introduction is succinct but not overly long, there were probably very few in the audience not already familiar with Sir Tim’s background.

Sir Tim is welcomed to the stage with a long applause, he is dressed in a Hawaiian style shirt and appears quite casual, even at ease. Before long, we’ve begun.

Sir Tim has an interesting way of articulating his ideas, his thoughts appear to be processed in short streams of information which means that he often leaves a sentence half complete.

Agenda

His familiarity with a technical audience is evident, punctuating very profound viewpoints interspersed with what I could best describe as geek or programmer humour. This doesn’t take anything away from the points he is making he outlines – his three main topics don’t in any way stray from importance:

Web Standards
JavaScript
Aaron Swartz

Before I get into the specifics of Sir Tim’s presentation it might be worth a quick read-up of the story of Aaron Swartz.

I didn’t realise that Sir Tim had been scheduled to testify on his behalf, nor did I expect Sir Tim to cover the sad and tragic events of Aaron’s fate at this forum.

Afterwards, I reflected on the significance of Sir Tim’s words, and more specifically on the repercussions what had happened to Aaron Swartz.

Disclaimer

Apologies in advance to Sir Tim if my interpretation of his lecture misses the point. He is clearly gifted when it comes to technology, but can be a little tricky to follow at times. What follows is a summary based on the notes I took down during the lecture.

I’ve tried to format the text into a logical grouping, some of the points may be out of sequence from what was said chronologically during the lecture.

Web Standards and the Internet as an Open Platform

The web divide.. as the web expands and advances the adoption gap widens. What are the human right impacts of access to the Internet?

Programmers vs. no programmers: non-programmers see computers as white goods. The contents (apps) as consumables; they aren’t aware they can write their own.

Programmable web pages vs. static pages

HTML 5 provides many opportunities to craft application logic around content, but there is a battle waging between native platform applications and websites – native apps use the Internet but hide the URL, creating (essentially) walled gardens.

Multi-platform apps; native applications = ‘off the web’. Native apps hide URL, can’t be bookmarked or shared. Good example, use of HTML 5: Financial Times site – bookmark the mobile page, page = mobile app. Offline mode is implicit, accessing the page stores (caches locally) linked pages for offline reading.

Languages & HTML

Early on the major advances came in the form of type-checked vs. non-type checked languages. The next paradigm in languages will leap forward. Progress has increased, less time between changes/improvements.

JavaScript is ascending, APIs more prevalent. Interface tools are becoming standard. HD video/video (data) has increased in terms of traffic share (compared to static text, e.g. HTML). Not a drama; HTML is still growing, the web is not dying.

HTML5 video tag is one-way communication. How about p2p, or chat based video (conferencing)? APIs .. Refining patterns and practices.. Standards.. Display/output of apps/content needs to account for varied resolution (billboards to handheld mobile devices) – display needs to scale. Sir Tim processes information at a great rate, it would be amazing to have him chat with Jason Silva.

Rights and Legalities

Your own machine/PC – rights to install your own software.. decline in the usage of PGP verses the joke that bank security is..yikes. It’s important that users understand security for their own safety (e.g. to prevent phishing).

Brings up another point – your browser works for you (user agent), but does it? We have to be cognisant that not all software has the user’s best interests at heart – nor does all software act on behalf of the user.

Aaron Swartz

To be honest, I only had a peripheral knowledge of what happened to this gifted individual, who managed so much success at an early age. To be honest, I also had no idea that he was a bit of a crusader for open data, which appears in hindsight to be a factor in the sad events leading up to the taking of his own life.

In brief, Aaron pulled down paid content (during a promotional period, content was free for a limited time) and distributed it freely. These were academic texts normally blocked/locked pay per use. Instead of being charged with copyright infringement, prosecutors instead laid charges of ‘Breaking into computer system’ which is a felony charge.

This damaging charge can be widely interpreted by prosecution and the law, and also spans breaking terms of service agreements. Breaking into JStore would have been different – he had just downloaded information from a public space to a machine he owned (and no other malicious or damaging actions).

Prosecution threw the book at him, making the case that ‘having tools = intent to use’, therefore worst intentions were assumed instead of proven. Aaron’s family tried to get charges reduced to misdemeanour, however the prosecution wouldn’t budge; jail time was sought.

After Aaron took his own life, the charges were summarily dropped. One obvious outcome from his tragic event – the law must be changed! JStore evidentially held no grudge, law enforcement forced the charges.

There is a tribute to Aaron Swartz online at the moment, authors are providing copies of papers in PDF format and using the hashtag #pdftribute.

Legislation

Cybercrime is misunderstood in legal circles, so the applicable laws are very vague. Prosecution has wide latitude to interpret and prosecute.

Current laws for physical property are being applied to digital media. Laws need overhaul. Government data (tax payer funded) should be open, public data which is something Aaron Swartz crusaded for. Extensions to copyright needs review.

Q & A

There was limited time, so a few questions were posed from both online and the audience. I did my best to capture the essence of both the questions and the answers, but sadly these are my notes – so they are not verbatim.

Q: How to describe to a teenager the present and future of the Internet
A: Web is an open platform. Web is what you make it.

Q: How to overcome issues in TCP?
A: not my layer (loud applause)

Q: How important is net neutrality
A: How important? (extremely). It could be as simple as a (QoS) quality of service issue – commercial interests shouldn’t block or take priority access.

Q: HTML5 standard allowing proprietary plugins?
A: DRM? Sort of defeats the open platform ideal, especially if it breaks pages/sites/content when the locked down component isn’t used or installed. Can understand why people would want this capability, e.g. musicians/content producers need to make a living. How do we build systems which reward the consumer and the content creator (and not the middle man so much)? If it requires new protocols, let’s do it.

Q: Why didn’t MIT ask prosecutors to drop the case against Aaron Swarz?
A: Unclear (note: I didn’t note any extra comments on this answer)

Q: What issues are there with mandatory data retention?
A: Many. Can’t distinguish between users on a specific connection, 2 year record of a full history.. potential cache of sensitive or damning information (dynamite)

· Information security risk
· Impossible to be 100% secure
· It’s dynamite.. handle it like nuclear waste
· Massive amount of data

Q: After 20 years, how do you feel about the HTML Blink Tag?
A: Blink tag sucked then, sucks now will always suck. <I wonder how he feels about the marquee tag?>

That’s a wrap. Sir Tim is unquestionably a wealth of knowledge, he covered so many different, but important topics, I’m glad people of hiss calibre are still around and helping to influence things for the better.

Building a Claims Aware Environment using ADFS 2.0 and WCF

Build and Config, Design Concepts and Code, Infrastructure, Programming, Security, Technology, Web Development, Web Services and Interop No Responses »

Dec 062012

Introduction

This is going to be a multi-part series of articles with the end goal of producing a solution which handles security/identity claims across domain boundaries using WCF services and Active Directory Federation Services 2.0 (with a federation trust) and Active Directory. In order to demonstrate an approach to handling claims, we need an environment which is capable of supporting the infrastructure configuration we require.

Network Design

I strongly recommend that you put the time and effort into understanding the network topography. When designing a key foundation of your approach to security, it’s critical that you have a working knowledge of the kind of trust you are placing in your trusted sub-systems. For the next few articles, I’m going to rely on the following network design, which you can (not without some effort) establish for yourself using virtual machines:

Basic Network Design

Host Configuration

To keep resource usage to a minimum, I’ve designed my test environment to reuse hosts for key roles. In practice, you might not normally mix roles in a production environment – refer to the appropriate ‘best practices’ to properly plan your infrastructure and deployment of critical roles! Here’s a view of what is on each host:

Host Configuration

Installation and Configuration

You’ll need a minimum of two server installs to make this happen, although I’m using four to separate ADFS 2.0 and to configure an Enterprise Certificate Authority rather than a standalone CA. You’ll also need the Windows Identity Foundation (WIF) SDK installed with your copy of Visual Studio (Visual Studio can be installed elsewhere – not on your test servers).

I’ll be using Visual Studio 2010 for this, but I’m sure there’s a solution for Visual Studio 2012. To streamline your configuration, I’ve provided links two some excellent walkthroughs on the MSDN blog site – the one you need to pay attention to is the ADFS 2.0 installation and configuration.

My Mobile Configuration

Since this is a fairly intensive number of operating systems, I’ve put together a fairly decent local configuration which I can take with me. I’m using a 480 GB SanDisk SSD in an eSATA external enclosure (my laptop does not support USB 3 at the moment). I’m running VM images off the SSD and getting very respectable performance. No problems running four VMs in parallel.

How to Get Up and Running

My best advise is to follow the links below. You’ll need a fair amount of stuff downloaded, so better jump on that. Once you have some clean OSes and the installation packages, my best advise is to follow the walkthroughs. Be careful not to accidentally skip anything, the configuration is a bit tricky at times, but if you follow the walkthrough closely you should have a working environment in about half a day or less. My configuration varies to the walkthrough (as I have two domains), but if you duplicate the configuration for two different directories you should have something which can work.

Links Galore

If you’re going to build a test environment (frankly, just do it – it’s the best way) budget at least a day to get everything configured properly. Don’t cut corners, it’ll only hurt you later.
Check back soon for the next article, where we’ll start to get familiar with the environment, and build a claims-aware application.

Important Downloads

.NET Framework 4.0 Runtime
http://www.microsoft.com/en-au/download/details.aspx?id=17718

.NET Framework 4.0.3 Update
http://www.microsoft.com/en-au/download/details.aspx?id=29053
Update 4.0.3 for Microsoft .NET Framework 4 – Design-time Update for Visual Studio 2010 SP1
http://www.microsoft.com/en-au/download/details.aspx?id=29054

Active Directory Federation Services 2.0 (RTW)
http://www.microsoft.com/en-us/download/details.aspx?id=10909&hash=Hx4OGpwvFzmf7%2bC7rR1nq18CYhcY%2bSE4ok1ifL%2fvSkYIpezfAxg6ePR2zpfAplmm6g%2fUyL1VU7RtmnuR6T4NWg%3d%3d

Windows Identity Foundation (Runtime)
http://www.microsoft.com/en-us/download/details.aspx?id=17331

Windows Identity Federation SDK
http://www.microsoft.com/en-us/download/details.aspx?id=4451

Installation and Configuration Walkthroughs

ADFS 2.0 Installation Walkthrough
http://blogs.msdn.com/b/alextch/archive/2011/06/27/installing-a-stand-along-adfs-service.aspx
Establishing a Federation Trust Walkthrough
http://blogs.msdn.com/b/alextch/archive/2011/06/27/establish-federation-trust.aspx

Building a Claims-aware Web Application Walkthrough
http://blogs.msdn.com/b/alextch/archive/2011/06/27/building-a-test-claims-aware-asp-net-application-and-integrating-it-with-adfs-2-0-security-token-service-sts.aspx

These walkthroughs really helped!

Finally.. If you hit problems with your STS certificate – check the HTTPS bindings of your local IIS:

http://www.shutuplaura.com/journal/2010/1/5/adfsv2-rc-iis-certificates.html

Older Entries

Featured Articles

A quick and dirty Rules Engine using Windows Workflow (Part 2)
Hi there and happy new year. 2011 promises to be quite an interesting year, and I hope that I can continue to contribute here at Sanders Technology. To kick off the new year, I decided to revisit the Windows Workflow article I started late last year. A little while ago I wrote a post at entitled “A quick and dirty Rules Engine using Windows Workflow (Part 1)” which has evidently been fairly popular. Unfortunately, it seems that I forgot to follow it up with a part 2! Now, welcoming in the new year, I’m putting together the second part. Honestly though, folks, this could easily be a multi part mini project, because the uses of this Windows Workflow Foundation (WF) [...]
A quick and dirty Rules Engine using Windows Workflow (Part 1)
Recently I put my mind towards developing a fairly light rules based utility for applying various logical patterns on top of some linear business data. Honestly, my initial thoughts were “oh no, not another boring rules based implementation” because we (ought to) know how boring that can be – and convoluted – but this time I decided to try something a little different. Through no fault of my own, I’ve actually had very little to do with Windows Workflow Foundation – WF, not WWF which stands for World Wildlife Foundation, and not to be confused with the World Wrestling Federation, just to avoid confusion! Most of the project I’ve worked on previously have used some other workflow product, usually something [...]
The ADO.Net Entity Framework, POCO Objects and You
Introduction Now if you are like me, you’ve probably had some interest in POCO (plain old CLR objects) objects for at least some time. They are an invaluable tool in the distributed systems and service oriented architecture areas, but up until now they’ve been inaccessible for those designs. In a nutshell, both LINQ to SQL and Entity Framework (v1) class entities did not support serialization for the purpose of stateless transport(such as web service communication). This stems from the embedded context tracking attributes, and the design which stipulates a fairly poor experience for those daring enough to detach entities and “pass them around”. Enter the ADO.net Entity Framework v2.. ahem, version 4 which shipped in the early part of this [...]
A Dynamic Data Website with SQL Azure and the Entity Framework
This is part of a series of entries written about Microsoft’s new SQL Azure database service and the Entity Framework v4. Following on from my previous posts (check them out before continuing) – this article assumes you have followed steps outlined in the previous posts to create various models and accounts etc. Part 1 – Working with Entity Framework v4 and SQL Azure Part 2 – Next Steps with SQL Azure Part 3 – Putting it all together – SQL Azure Part 4 – A Dynamic Data Website with SQL Azure and the Entity Framework (this post) Addendum – Getting a SQL Azure Database Continuing along.. Our next step is to create a Dynamic Data website. If you haven’t come [...]
Putting it all together – SQL Azure
Happy Australia Day to you! Following on from my previous posts (check them out before continuing) – this article assumes you have followed steps outlined in the previous posts to create various models and accounts etc. Part 1 – Working with Entity Framework v4 and SQL Azure Part 2 – Next Steps with SQL Azure Part 3 – Putting it all together – SQL Azure (this post) Part 4 – A Dynamic Data Website with SQL Azure and the Entity Framework Addendum – Getting a SQL Azure Database Now we should have a working data model which has been created in your SQL Azure (Cloud) database. Taking lessons learned from Part 2, we’re going to create an Entity Framework (v4) [...]
Working with Entity Framework v4 and SQL Azure
This post is the first in a series of posts on this topic. The following is a summary of the various parts. Part 1 – Working with Entity Framework v4 and SQL Azure (this post) Part 2 – Next Steps with SQL Azure Part 3 – Putting it all together – SQL Azure Part 4 – A Dynamic Data Website with SQL Azure and the Entity Framework Addendum – Getting a SQL Azure Database Introduction Well, it’s been “out there” for a while, and now it is time I gave you a taste of how to combine some of the “Next Generation” data access technologies, today. SQL Azure is Microsoft’s “Database in the Cloud” and represents a complete makeover (replacement) [...]
Functional Transparency: Part 2
This is a little late – but I feel it is worth going into and you can catch up be reading (or re-reading) Part 1 located here. Just in case you are wondering “what on Earth is he babbling on about?” which is a fair and often under asked question, here’s a brief summary to refresh your memory. The objective is to implement additional (background) functionality which is not seen by calling/consuming code – hence, transparent. In fact, it’s even possible to enforce execution of certain functionality no matter how a DataContext is manipulated – neat, huh? So let us look at a simple database table and let us further assume you have generated a LINQ to SQL Model: SQL [...]
Functional Transparency with LINQ to SQL (Part 1)
I’m going to coin the phrase ‘Functional Transparency’ because it fits the definition. I’ve been working with functional transparency in LINQ to SQL for a few weeks now, and it seems to be working well enough to write about. The objective is to implement additional (background) functionality which is not seen by calling/consuming code – hence, transparent. In fact, it’s even possible to enforce execution of certain functionality no matter how a DataContext is manipulated – neat, huh? In other words, we implement additional functionality between the DataContext, its entities and the Database itself. Our objective may be to modify the data returned from a query (or data saved to a database), might be to audit operations or even check [...]
Intelligent Paging using LINQ to SQL and the LinqDataSource control
Undoubtedly, anyone who has evaluated LINQ to SQL has fond it a fairly powerful yet lightweight ORM technology which is less complex than the ADO Entity Framework yet utilizes the strength and power of Language Integrated Queries. One problem with LINQ to SQL is the auto paging feature of the LinqDataSource. Below is a rough GridView which displays three columns, UserName, FirstName and LastName. This is just a rough demo, so we’re looking at paging. If you simply drop a GridView and a LinqDataSource control onto a Web Form and configure the LinqDataSource (using Smart Tags) without specifying a Group By field or Order By field (Figure 1) then you will get fairly optimal database querying (Figure 2) although [...]

« Previous Post Pause Next Post »