When the iPhone was first introduced, there were a number of articles that talked about whether or not they would be supported in Enterprise environments.
Reading Gizmodo this morning, I ran across this video that shows a Unix security consultant hacking the iPhone such the he's not just able to retrieve email, but also install a remote recorder device and effectively 'bug' the iPhone. This effectively lets someone use the iPhone to record conversations and ambient noise in a room, even when it looks like the phone is off.
Any customer conversations. Any strategy discussions. Any board room discussions. Recorded while the phone looks like it's off.
And how long did it take to do this? Less than 5 minutes.
If you don't, you probably won't find this clip all that funny. If you do, watch the video below. It shows what the show '24' would have been like circa 1994 w/ early 90s tech. http://www.collegehumor.com/video:1788161
I'm reading Alan Greenspan's book 'Age of Turbulence' and found this quote interesting -
"You're entitled to your own opinions, you're just not entitled to your own facts." - US Senator Patrick Moynihan
The team wanted to do an update to Tafiti that enabled some skinning functionality and Search Macros and Jamey (who also runs geezergamers.com) suggested 'Halo Search'. With the upcoming Halo3 launch, we thought this was a great idea, and built out the mechanics for skinning, Jamey built the search macro of the top 30 Halo-related sites, and Tim Aidlin did some great design work. All of it came together and for a limited time, you can find it on the http://www.tafiti.com main site.
You'll see that the book search icon was replaced with the Halo symbol. Click on that symbol and you can get results just from Halo and gaming sites. I took a screenshot of the main screen and then also of the search screen and have shown them below. And if you're a fan of the original Tafiti site, you can still get to that skin using the link in the upper right corner.
To learn more about search macros (and why I think trust and constrained universe searches are valuable), check out my earlier blog post
When we released Tafiti, I had a chance to sit down with Beet.TV for an interview/webcast.
This can be found here: http://www.beet.tv/2007/09/tafiti-microsof.html
The link to the standalone video can be found here: http://blip.tv/file/377555
Note: this was before we added the limited edition Halo skin to Tafiti. To get to the UI listed here, use the link in the upper right corner of the UI.
Working on an interesting side project this weekend, so pulled another interesting entry from the archives. This was originally posted in December, 2006.
I've had an interesting day today. Checked into the airport this afternoon, and had a debate with the woman at the counter about my reservation. I received my ticket and was surprised to see I wasn't sitting in business class.
The funny thing is, I had an itinerary and record locator that indicated that I was in business class, but our check in clerk claimed I didn't.
A quick call to her supervisor came back with a confirmation that I did not have a business class seat. The options - take a business class seat for another $200 Euros or take a seat in coach. There was some additional discussion on my part, but I was amazed at how uninterested and unhelpful this particular individual was.
Before leaving the desk, I requested that she use my air miles card from a partner airline. Her response, which struck me as a bit odd, was that there was no need, as I was a gold member.
I begrudgingly took the coach seat and made my way to security. While in line I was thinking about her comment about my being a gold member. While I'm gold on other airlines, this (and the partner) weren't one of them.
I rechecked my ticket, and found it had someone else's name on it. Not sure who Vincent Mercier is, but he sounds a bit more French than this guy who grew up in Tewskbury, MA and knows just enough French to be either polite or offensive. I returned to the desk, pointed out the mistake and had my business class ticket in hand.
When sitting in the airport lounge a bit later, I thought about what had just transpired. Air France had asked initially for my passport, to check claims of identity. Those claims were recieved but were not utilized by the requestor, and a secondary claim - my reservation locator - was provided. Again, this wasn't used. Without success, the workflow required an escalation to another service - the supervisor - and again there was a failure. Here it was based on the information provided by the initial requestor.
It stresses the potential for a breakdown in an identity valdation scenario which involves a human component. The difference between Vincent Mercier and Marc Mercuri is fairly obvious, but the check-in clerk may have done some faulty pattern recognition based on seeing MERC in both.
Had this been a machine driven interaction, this would likely have gone flawlessly. A selection of destination city would have been used to limit the number of potential name matches and from that subset, the name would have been valdated either 1:1 or possibly with something along the lines of a Soundex.
What makes this breakdown of 'the system' incredibly alarming is that there was no validation of claims from that point forward - once ticket was in hand, I had free access to the system, boarded the plane, disembarked in Paris and am now in my hotel.
Sure, I provided the token assigned by the airline (a boarding pass) at security - but there was no requirement/check of my passport. If I had continued through with my initial, erroneously issued token (the ticket in someone elses name), I would surely still be in Paris eating the French interpretation of Cajun Chicken wings.
In this specific context, an identity breakdown has horrific potential. Suppose the mistaken identity had occured with a guy less interested in connecting systems as in disrupting them - a terrorist.
There were no further checks for identity (intra-EU flights do not have passport control), so someone who slipped through the system could now be freely traversing France. Given the political climate here in Paris this week (for those unaware, there have been riots and individuals setting fire to cars in France), it's even more alarming.
With the recent move to self-service kiosks for check in, the mechanisms I mentioned earlier are helping avoid this issue. Introducing some of the technology used there in the human interaction piece (i.e. scanning of passports and system retrieval of information) would help solve the issue, surely.
But that answer begs different questions. We do quality assurance of the software systems, but how do we and how much time do we do testing of the human components in connected systems? And once you've established your test plan, and you go to 'rtm' of the process/workflow, how do your federated users report bugs? In this particular instance we're not talkng about a situation that results in some bizarre behavior in an IDE, we're talking about international security in the heart of Europe. The clerk surely isn't going to tell her manager, as it points out big mis-step on her part. There's no contact information on the boarding pass or airline timetable. Going to the Air France web site, I went to the link to their corporate office, which is entirely in French. I'm on a hotel internet connection at 90 cents per minute, chances are I'm not going to spend an hour navigating their site to let them know about the issue, resulting in an open loophole in a frequently used workflow with potential for failure far, far worse than any blue screen.
In this particular scenario, the issuance of a false token was an 'honest mistake', but suppose that it wasn't. Imagine if a terrorist cell had someone working behind the ticket counter, what checks are in place to prohibit intentional bad issuance or trust violations?
This isn't just with transportation companies, it spans verticals. For example, if John Smith is caught owing $200,000 in taxes, and the workflow for resolving this dispute is handled by Bill Jones who makes $20,000 per year, what can happen is John pays $50,000 to Bill Jones to make this whole matter disappear. This is not fiction, this really happens. Depending on the country, it happens alot.
These example involved a relatively simple workflow, this obviously gets more complex when dealing with interactons that run multiple partners/parties deep.
If you have a business with a high volume of transactions or high value transactions with consumers or areas with complex workflows , how do you / would you handle these situations? What types of SLAs and legal terms do you have in place to handle scenarios where a human taints the system with a manual violation of trust in a federated scenario?Feel free to speak in the third person and without corporate identities, I'm curious how/if this is being addressed.
I'm enjoying the last week of summer, so in lieu of a new post, I'm reposting a 'best of' entry this week. This was originally posted May 13th, 2006.
NOTE: There is a political refernece below, as it is a topical situation that got me thinking about trust communities in search. This blog is a-political, and the scenario is used as it is the one that sparked the idea. I take no stance on whether the claims made by Mr. Snow are valid/invalid.
I was reading some news sites this week, and was reminded that this was the first week of US President George Bush's new press secretary, Tony Snow.
Before he gave his first press conference, he did something interesting. He sent out press releases questioning the validity of comments made by the New York Times, USA Today, and other publications.
So this got me thinking. Playing devils advocate, suppose that he's right. If I trust Tony Snow (based on his historical record of trust worthiness), I may now discount results from these media outlets in favor of others. But for me to discount these sources when searching, I can't. Even if I cease to trust them (or trust them less), they show up in the the rankings per Google or Microsofts opinion of their relevance.
The search engines from Google, MSN, and Yahoo have their own algorithms to consider relevancy. One of the things these search engines do provide is a level of filitering for “safe content“, blocking out material that may be considered objectional (i.e. these block pornography results).
What they don't do is consider in the rankings is the levels of trust of an individual or of community. What I want to see is something that goes to the next level, don't just block what's objectionable, show me the results that are relevant to me based on trust.
Perhaps one of the media outlets Mr. Snow referenced, let's pick a fictional name, say MakeBelieveReporting, Inc., is regularly mis-reporting information or is slanting stories towards a particular political viewpoint. I may cease to trust that organization to provide news to me, and would like to rank them lower in my personal results when searching for news, if not remove them altogether.
When I search for news, perhaps there are certain stations / periodicals I trust - for example the Wall Street Journal, the Financial Times, CNBC, and my friends John Smiths blog. These are entities - regardless of web site traffic or the opinion of the search engine I'm using -that *I* trust to be accurate and provide me information. I do not, however, want results from news outlets that are part of MakeBelieveReporting, Inc. as I have ceased to trust them.
What I'm thinking of isn't based on assumed trustworthiness based on click traffic, this is based on trust relationships. Even if I visit a site twice per year, it could be far more relevant to me than a site that is viewed more regularly by others.
And my community of trustworthy providers could be extended based on the feedback of those people I trust.
There's the concept that if person A trusts person B, and person B trusts third party C, that person A shoud likely trust Corporation C based on the fact that he trusted person B's judgement.
In the previous example, I trust my friend John Smith who writes a blog. If John trusts the Crosby Herald, and I trust John, then I too could trust the Crosby Herald and have it included in my community of trust that is reflected in my search results.
Think about the days before Axciom, TRW, and credit reports. People vouched for other people to get jobs, apartments, loans, etc.
When you sign for a loan and you are not a known entity, you need a co-signer or guarantor. The bank says, I don't know if I can trust this person, but I trust the co-signer. The co-signer also trusts the loan recipient to pay the money back.
If someone co-signs for a loan for me and I decide not to pay it, there are financial responsibilities that are then taken on by the co-signer. The co-signer will trust the recipient less, as a result of mis-placed trust, the bank may stop trusting the co-signer's ability to identify a trustworthy loan recipient.
In another example, suppose you make plans to go out to dinner with your spouse on Friday night, and when you ask her where they'd like to go, she says “you pick - I trust you.“ If you're new to the area, you may ask a colleague - whom you trust - for a recommendation of a local restaurant. If you go to the recommended restuarant and you end up getting food poisoning from the meal, you probably will not look to your colleague for advice on restaurants in the future - and you - who vouched for the restaurant -will likely end up at a restaurant of your spouse's choosing next time around.
Your spouse trusted you, you trusted the colleague and when the information relayed turned out to be bad, two things happen. You cease to trust the advice of the colleague (atleast in the context of cousine), and your spouse trusts you less as the broker of the information.
Once you start adding in trust, you also need to be able to trust in context. That same colleague from work may not be someone I trust on picking restaurants, but may be someone I look to as a source on technology subjects.
What we need is search that includes both consideration of these communities of trust, where we as participants in the web determine who is trusted and who is not, and provide the ability to apply trust in context.
By introducing contextual trust as a first-class citizen in search, it has the opportunity to both provide results more relevant *to me*, and as trust=traffic=revenue, provides a financial incentive for providers to be trustworthy.
That's my two cents - what do you think?
Nayna and Rob have made it official with their post (http://winliveid.spaces.live.com/Blog/cns!AEE1BB0D86E23AAC!931.entry), Windows LiveID has added beta support for Information Cards and Windows CardSpace.
The way this works is identical to the way I described how to add cards to an existing website in my book. Through a management interface, you associate information cards with your core account, and the user is provided the option of signing in with either their information card or a password (as shown below).
All good stuff, and worthy of checking out. 
Getting ready for the tafiti launch, I had the chance to have a discussion with Jon Udell at Channel 9 last week. We talked about incubation, services, mashups and tafiti.
The abstract for the session is -
"Marc works on the platform incubation team. In this podcast we discuss what platform incubuation means, how the Tafiti project exemplifies it, and what the future may hold not only for Tafiti but for a platform that's evolving to encompass both software and services. "
The podcast of that conversation is now on the main page over at Channel 9 (channel9.msdn.com), the permalink for it is here - http://channel9.msdn.com/showpost.aspx?postid=335996
Being on an incubation team, many of the projects I'm attached to are not discussed with the public. Today, however, is a great exception to that rule.
I'd like to introduce you to Tafiti.
Tafiti, which means "do research" in Swahili, is an experimental search front-end from Microsoft, designed to help people use the Web for research projects that span multiple search queries and sessions by helping visualize, store, and share research results. Tafiti uses both Microsoft Silverlight and Live Search to explore the intersection of richer experiences on the Web and the increasing specialization of search.
You can try Tafiti following these steps:
· Go to http://www.tafiti.com
· Enter a search query
· Drag interesting results to the shelf on the right. Each box on the shelf can be used to save a related set of results. Shelf contents can be saved and shared.
· Use the carousel at the bottom left to do different types of searches (image, blog, etc.)
· Visualize your results using the Tafiti Tree View.
I did a video interview with Channel 10 on this that has just been posted here.
http://www.on10.net/Blogs/larry/first-look-microsoft-tafiti/
I also did a standalone walkthrough you can get to here:
http://www.tafiti.com/walkthru.html
More to come as the week progresses....
RSS. Really Simple Syndication. Great for identifying your available content, great for sharing content that can be consumed by aggregators and readers.
What it's not great at is providing a monetization model. Sure you can use ads on your website, but I think there's a better way.
I put together a screen cast that talks about syndication and the opportunity to leverage information cards and CardSpace to monetize RSS and OPML.
Watch it by clicking on the link below.
http://www.marcmercuri.com/downloads/MonetizingRssWithInformationCards.wmv 
If you've just bought my new book and were looking for the completed exercises, I've posted them at the link below:
http://www.marcmercuri.com/downloads/beginningcardspacecode.zip
As some of the code focuses on and/or builds upon code that exists in existing projects (that evolve outside the book), refer to the links in those chapters for links to where the base projects can be found.
This download should be available on the APress website next week as well.
I was reading James McGovern's blog today and ran across the following question -
I am still awaiting a perspective from Marc Mercuri on his thoughts of when someone presents a personal card to a relying party and it requires a workflow (Kim Cameron's blog requires a lightweight email confirmation) should the relying party integrate into BPEL or SPML and what is the best way for folks to think about this?
Before I answer the question, I want to establish two assumptions I've made, based on my interpretation of the question. The first is that 'personal cards' here is synonymous to 'self-issued cards', the second is that when referring to workflows, we're discussing workflows whose focus is to perform some process that will validate that the claims presented are accurate and the individual presenting the claims is indeed the person he/she/it claims to be.
If you've seen any of the videos I've done on information cards, you may have picked up on the fact that I'm a big fan of self-issued cards, as they allow an individual to readily share details about him/herself to recieve a a much more pleasant experience on a website or when accessing a web service. Many sites today ask you to sign up with a username and password and ask you to populate forms. With a self-issued information card, the key claims are already on the card, so it makes signing up for a site fast and painless. Then there's the personalization benefits. You could have a government site that read your postal code and provided a personalized view of "your government" - complete with data ranging from when trash is picked up on your street to legislation that may be impacting your area. You can log onto the website of an electronics store and present your card to easily get to the details for current sales in your area. There are plenty of great scenarios where a site or service can take an information card and use it - without the need for validation - to provide a better experience.
But 'plenty of great scenarios' does not translate to every scenario. There are circumstances where you will want to validate the claims that are on the card. Those scenarios are all tied to risk. And this is typically tied to risk of financial loss or an potential impact to reputation. In these cases, you'll want to take the information provided and evaluate it using a workflow.
Real World Examples
In the real world, I may call a local restaurant to deliver a pizza to my house. They take my order, my address, and my phone number. For orders below a certain dollar threshold, they'll typically just make the order and deliver it. However, if I ordered 12 pizzas, there's now more risk. And because there's financial risk that they'll waste time and resources creating 12 pizzas for what could be a prank, they'll undoubtedly call the phone number I provided to confirm that I placed the order.
If you want to publish a letter to the editor in a newspaper, you typically need to provide some evidence that can be used to prove you are who you say are. The New York Times requires that any such letter "must include the writer's address and phone numbers.". Why? Because there's risk to their reputation - as well as to the reputation of the people letter writers could claim to be - if the identity of the writer can not be determined.
Online Examples
If you've ever used Paypal, then you've taken part in a workflow where information that you've self-asserted has been validated. In this case, when you open an account they place a very small deposit (pennies) in a financial account you claim to hold. To validate your identity, you examine your account and provide the amount of the deposit. This is a very clever workflow, because it leverages an account that you have with an existing financial institution, an account that likely required your identitiy being authenticated in person, using a drivers license, passport, etc.
From a risk of reputation perspective, James pointed out what will become one of the more key scenarios, validating the identity of someone who posts to a blog. To avoid both spam and anonymous comments that could range from libelous to threatening, the owner of the blog will want to make sure you are who you say are. This is really almost identical to the New York Times' Letter to the Editor requirements.
Using Workflow
Once you've assed the nature of the risk is financial or reputation related and the specific valuation of that risk, you'll want to identify the type of workflow that will mitigate that risk for you.
Sometimes, that will be a sequential workflow, and that is typically where you will invoke one or more automated services to validate the claims in real time. For example, given my name, birthdate, home phone number, and website, you might be able to tie into some back end systems to validate the information I provided. In some cases, a workflow may retrieve additional data, which can then be used to challenge the user. This type of interaction happens synchronously and my identity can be validated during my same online session.
In other circumstances, you'll want to use a state machine workflow. This workflow is longer running than it's sequential counterpart. Once information is presented at a site or service, a communication could be made to one of the modes specified in your contact details - this is typically an email, but could just as easily by an automated speech-based service (IVR). When contacted, the workflow will deliver a code to the user. The user will then go back to the website and provide that code. This is typically accepted as a proof of identity for providing blog comments. Other examples of state machines could include a site performing related checks, for example a dating website could validate your information and then perform a check with other systems to validate that you're not married. In these circumstances, the process could be completed quickly - I could get the email right away and respond in minutes, or it could complete in hours, days, weeks, months even. If John Smith signs up for a site before he goes on vacation, and the validation email doesn't arrive until after he's left, that process could remain in the 'waiting for response from user' state for several weeks.
Back to James' question
So now, back to James' question, "should the relying party integrate into BPEL or SPML and what is the best way for folks to think about this"
I couldn't in good faith tell everyone they should implement this in BPEL. If the whole REST vs WS-* debate has taught me anything, it's that while there is tremendous value in having well thought out standards that are implemented by Enterprises, ISVs, and Infrastructure companies, there is a large segment of folks that won't use it for any number of reasons (learning curve, implementation complexity, required tools/infrastructure, time to implement, etc.).
What I'd do first is identify the workflow itself, specifically what business rules need to be validated and what integration points need to be in place to feel comfortable that the risk has been mitigated. Before we talk technology, what is the type of interactions that need to happen. Do you need to send an email and then wait for a response? Do you need to tie into back end systems to validate the information? If the workflow is based on identity validation, identify what should happen when identity validation is successful, when it is not successful (identity could not be validated) or when it fails (system exception).
Then, look at technology and determine what works best for you. For some folks this could be Windows Workflow Foundation, for others this could be BPEL, for others it could be BizTalk, and others still it could be C#, Java, Ruby, or PHP libraries that implemented the workflows directly in code. If you're writing this yourself, I'd typically advise taking whatever code you build and make it available with it's own service(s). This has benefits on a number of fronts.
I will add that there is an opportunity for someone/some group to identify some of the more common patterns (similiar to what was done with the document referenced in my last post) and then to implement and make available those patterns in the form of binaries or services.
I'm just finishing up another project at the moment, once that's out the door, I'll take a look at coding up one or more examples and then throwing the bits over onto CodePlex for people to have at it.
Over the course of writing the book, there were a number of things going on in parallel inside MS, some of which weren't finalized when the book went to press. One of those items was the patterns document that the product group published this month. I had a chance to sit down with one of it's authors, Bill Barnes, while writing the book, and serve as a reviewer on the initial passes of the doc.
It's an excellent doc and a must read. One thing to note, is that if you look at the chapter on modifying the existing ASP.NET membership controls to support information cards, you'll see that I provide a number of stored procedures to handle additional scenarios mentioned in the doc.
You can get the document here
http://www.identityblog.com/wp-content/resources/information_card_patterns.pdf
I was reading the news this morning and saw that Google announced they were now going to sell people cloud storage, targeting folks with large media collections.
Not a bad idea, but why pay Google when you can get storage for free? Last week Microsoft announced the beta of Windows Live SkyDrive. You can get 500 meg, and it's compat with IE and FireFox on both Windows and Mac. But it's better than just storage, because it allows you to place your files in folders and then have the option of sharing those folders with everyone (making them public) or just a select group of friends.
Full details are here.
http://skydrive.live.com/WelcomeMoreInfo.aspx
When looking at personalization, there are a couple of concepts that most people assume -
(1) This is primarily of interest in eCommerce Sites
(2) To perform personalization, a site either needs a transaction history (from which to draw inferences/make recommendations) or requires a user to manually fill out a profile.
The reality is that personalization is valuabe across industry verticals, and now with information cards, you have the ability to easily provide personalization on a persons first visit.
Rather than use the expected eCommerce Site example for personalization, I decided to go a different route. Instead, I dedicated a chapter to building a project I named "Personal Government". Using a self issued information card, the Personal Government web site can take a single claim - postal code- and retrieve data across multiple data stores for a personalized expereince. The chapter has the user build this public sector mashup with free web services from StrikeIron. If you actually wer ea public sector website, you can imagine how you could extend this with real data - everything from municipal schedules (what day is trash pickup?) to legislation (which legislation tha tis underconsideration would affect my neighborhood?)
The video can be found at the link below, or by clicking on the image below.
http://www.marcmercuri.com/book/cardspace/informationcardsandpersonalizationinPublicSector/InformationCardsAndPersonalizationInPublicSector_media/InformationCardsAndPersonalizationInPublicSector.wmv
I recieved my authors copies of the book on Friday, and a quick look on Amazon and Barnes and Noble indicate the books are now 'in stock'. If you pre-ordered, your books should be making their way to you now.
In a recent post that clarified that a Java RP is covered in my book, Roger responded "Could you talk more about the characteristics of Java RP and all the open source out there?"
One of the most pleasant things about writing this book is that everyone realized that identity on the net was a problem, the metasystem was a sound approach, and we could all work together - even if our implementations were done on different platforms and in different languages. People just want to solve the problem, and help educate people on how to solve it.
One of the areas where I see the biggest opportunity is helping everyday web developers easily become relying parties. Another is showing those same web developers how information cards can be used for much more than just logging in, particularly for personalization. There are great Java RP's out there, just as there are great RPs in .NET, PHP, and Ruby. I talk alot about them in the book.
So when a question like this comes up, the question is, do I post the book content online (to answer the question) or do I suggest someone buy the book? One thing that I've been toying with is talking with the publisher about potentially open-sourcing the open source related chapters of the book. The thought was that the open source chapters could be introduced in a wiki-style environment and the community could make sure that new projects were identified, updates in projects, etc. When developing the book, that is the chapter that was re-written the most as there were a number of changes between last March and this year.
Before I talk to my publisher, I'm interested in your feedback on two questions:
(a) Do you think folks in the open source community would still buy the book?
(b) Do you think folks in the open source community would participate?
Mike Jones was kind enough to post a mention for my new book recently, and it was great to see comments and other blog posts triggered by that. One of the blogs that mentioned the book was James McGovern's. In his post he mentioned that it was disappointing that the book didn't cover Java. This is unfortunately not accurate and I wanted to clarify what's covered outside of Microsoft technologies.
Five chapters of the book are implementation agnostic and focus on key topics ranging from authentication and authorization to personalization. One of those chapters examines the majority of the projects in the open source community. Another chapter is focused on implementing relying parties - which is what most people will require - in Java and PHP. For Java, this focuses on code provided by Chuck Mortimore (if unfamiliar, he's created a fair amount of information card-related plugins and artifacts). For the other chapters, the code is written in C#. While this is not Java, the syntax is similiar enough that it can be reviewed for both structure and approach. While Ruby code is not covered in the book, the book does contain links to Ruby resources and open source projects related to information cards.
I've got several screencasts I'll be posting shortly that highlight what's covered in key chapters. Look for these to start popping up online soon.
So I'd been reading alot about Joost - the new internet video company from the folks who brought you Skype - and wanted to check it out. I'm not at a point where I'd recommend it yet, but if you want to see it for yourself, I thought I'd pass along how to get access to it.
If you go to their homepage, you could sign up and you're placed in a first come, first served queue for access. I found a faster way to the beta,via http://www.joost.com/vh1. With that, you can jump to the head of the list and get an account immediately.
In case you missed it, Microsoft just released some great new downloads, specifically new versions of VS 2008, Silverlight, and Expression Blend.
As someone who started writing what are now called AJAX apps since 2000, I *really* appreciate how Silverlight and Blend make RIAs much easier to develop.
Links to all the bits-
After spending most weekends of the past couple of years writing books or papers, I'm finding it novel to have my weekends free again. Now, instead of writing, I've been catching up on my reading.
The week after the book was set at the publisher, I headed off to the UK to spend some time with my in-laws. We spent part of the trip in of one my favorite places, the family summer house on the Irish Sea. They added a conservatory since my last visit (see pic below), and it looks out over the sea, which made for a truly relaxing environment to read. While I hadn't done much 'fun' reading while I was writing, I had been acquiring a number of books.
The name of this blog is 'Living in a World of Connected Systems', and a number of books I read covered 'connectedness', among them were the Tipping Point, Spreading the Idea Virus, and The Black Swan. Different authors, very different styles, and all enjoyable reads. I'd definately recommend them (particularly The Black Swan), so if you're looking for something interesting to read, check them out.
When I wrote my new book, Beginning Information Cards and CardSpace: From Novice to Professional, I wanted the reader to go beyond building just 'Hello World' applications that just focused on learning features. Instead, I wanted to have the readers build practical, usable code.
In an effort to let you see what you'll be getting when you buy the book, I thought I'd do some screencasts to highlight what you'll build out.
I'm going to start with Chapter 13, which focuses on automating the issuance of managed cards with Workflow Foundation.
In that chapter, you'll create a number of Workflow Foundation custom activities that can help you automate the issuance of managed cards, complete with email delivery.
Also included is a sample application will calls the workflow and generates a card based on data provided.
Click on the image below to see the video:
With the blogging starting up again, I had a number of notes for topics. At the top of the list was a response to getting blog tagged by Francis .
For those unfamilair with blog tagging, once you're tagged, you need to reveal 5 things about yourself that people might not know.
(5) I have 3 Xbox 360s.
(4) Some people write or code to music, I write to the TV show 'Law and Order'. Between the CardSpace book and chapters for the WCF book (and thanks to 4 dvrs), I've seen almost every episode of Law and Order, Law and Order:Criminal Intent, and Law and Order:SVU.
(3) I'm one of 400 people in the world who have a real Pong clock.
(2) I have what looks like the 'Fight Club' scar on my left hand. I got it during my first 2 weeks at Microsoft.
(1) My full-time career in software (vs. writer) came about after spending a finals week at Wellesley College. (ask me over a beer, and I'll tell you the details)
After a very long hiatus, I am very happy to report my return to regular blogging. The book is now done, some of my major projects are either completed or winding down, and I'll have time to write, post and add screencasts.
So what have I been doing for the past year? Last summer, I took on a new role as an Architect in DPE Platform Incubation Team. I've spent the last year working on solving difficult problems and working on interesting projects. This has hands down been my most intellectually rewarding year in the company. While you won't hear publicly about alot of my work, there are some things I've contributed to that have been entering the public view recently.
I've been doing alot of work with teams in the company doing mashups and mashup events. Last December I wrote 5 'blocks' for a product we had in development that's now been launched over at http://www.popfly.com. I believe it's still on an invite only basis. If you've been on the site, you know it's pretty cool stuff. If you haven't, I believe it's still in an 'invite only' mode. If it is, let me know, as I've got a couple of invites I can share.
In addition, I ended up modifying the dasBlog engine and starting another site. That site http://www.mashupguy.com, is something you may have seen at various conferences this year. I wrote a number of labs that show how to work with various Live APIs, checked out a number of third party services, found some videos, and brought them altogether on that site. It's been used as a resource for everything from the MVP Summit to Mix07 to the Web2Open at O'Reilly's Web 2.0 Conference earlier this year. I've been pretty quiet about the site outside of those events, and plan to migrate it over to silverlight when I get back from Europe later this summer.
I also had a chance to do some work with the folks over at Windows Live and worked with Koji Kato to get LiveInABox published. Specifically, I wrote some workflow activities that wrapped Live Expo and Live Search and generated an aggregate RSS feed and RSS client for them. In addition to being on CodePlex, we've managed to get VPCs hosted in the cloud for folks to try out.
I did have a chance to work with another one of our online properties as well, and expect to see some impact from one of our projects before the year is out.
In addition to cutting back on blogging, I also cut back my public speaking engagements this year, with just one exception. I had worked with the great folks over at Dollar Thrifty Auto Group last year and one of their architects asked if I'd be interested in coming to deliver a keynote at the Tulsa code camp, so I flew out to Tulsa for the day (an interesting route from Seattle) and had a chance to talk about CardSpace. For private speaking engagements, I was pretty engaged at a number of our internal events, and recently was interviewed for some of our internal videos for Engineering Excellence and Innovation.
My largest project, you won't hear anything about anytime soon, but I was honored to find out recently that I was nominated for 2 awards for it, Microsoft's Circle of Excellence Award and the Customer Partner Experience Award.
And then there's the book... with my change in role last year, I ended up spending much more time outside the office working on the research and writing of the book. The book, initially targeted for March, was pushed to June when content grew from the 300 pages I committed to, to almost twice that. Expect to hear (and see) more about the book over the next week or so.
So blogging will resume starting today, the blog will likely go through a site redesign later in the month, using the new template I created for mashupguy.com, and I'll be expanding the scope beyond framework 3.0, where things have been for the past year and a half or so.
Glad to be back, and happy to have you reading,
Marc
The blog may be down periodically this weekend, as I'm upgrading the blogging software. Downtime should be limited to late evening hours (US Pacific Time)
|