Scott Hanselman

Recent JavaScript Jabber Podcast - Microsoft, not Microsoft, and the Web

August 20, '13 Comments [41] Posted in Javascript | Podcast
Sponsored By

loraxI was a guest recently on a podcast called JavaScript Jabber. I enjoy checking out other folks' podcasts and how they run things. I actually talked to the guys about sound quality for about 30 min before the actual recording started.

Their show is about JavaScript exclusively so we spent about an hour talking shop.

Here's a few quotes...yes, I'm quoting myself. On my blog.  We talked about Open Source:

I don’t care if it’s not Entity Framework. If you want to use NHibernate or RavenDB or CouchDB, dude, knock yourself out. But ultimately, the dirty little secret about Microsoft is they want you to run on Windows. Okay, well you don’t run Windows. You guys run Macs. Okay. But maybe you’ll discover that Azure is actually a pretty kickass cloud service and you’ll run your stuff on Azure, which is Windows.

We talked about using the client machine more effectively:

I hear a lot of people say, "Hey, we run a web farm and we’ve got about ten machines in the farm and it just can’t handle the load. We’re going to need to buy an 11th machine." Then you talk to them and they’ll say something like, "Well we’ve got 10,000 people hitting the site," and I’ll think to myself, "Okay, you’ve got 10 machines in the farm and you have 10,000 people hitting the sites. All those people have quad processors, even if they have a phone. Are those processors really working hard? You’ve got 40,000 unused processors just sitting there and they’re waiting for your 10 processors to give them angle brackets. What if you gave them curly braces and let them do the work?”

I think the podcast turned out fairly well, although there was a little tension as I felt I was being asked to make declarative statements and defend historical stuff I didn't work on. I think I made it very clear that my opinions about the industry are just that, opinions, and mine alone. That said, we talked about node, JavaScript in general, the way the industry is moving with respect to where work happens (client vs. server) and a bunch of other things.

They called this episode "JavaScript Strategies at Microsoft with Scott Hanselman." Other than the "with Scott Hanselman" part, this title is problematic.

The hosts are fine folks and I had a pleasant time. I think because of the title of the episode this particular episode has been getting a LOT of Tweets and appeared on Hacker News and Reddit for a short while. I wouldn't have chosen this title, myself.

  • It implies I have anything to do with JavaScript at Microsoft.
    • I don't. I do work in Azure and Web Tools and I often give my opinions on the JavaScript Editor, on what we do with Node, and how frameworks like Ember and Angular will be presented in VS, but I am not in charge of anything. I give feedback just like dozens (hundreds?) of other random folks inside the Big House.
  • It implies I'm some how strategic, strategically involved or know strategery within JavaScript at Microsoft.
    • Again, JavaScript on the client is the Chakra engine and the IE team. I don't work for them, no do I claim (and never have) to speak for them.
  • It implies I'm a spokesman for Microsoft.
    • I'm an enthusiast and a teacher, but not a marketer or spokesman. I speak, and yes, I do have this blog, but it's mine and its writings and opinions are mine. I often write about Microsoft stuff because I work there, but I worked elsewhere for 15 years and blogged that also. I blogged and podcast before I got to Microsoft and I will continue to blog and podcast after I leave. I am not my job.

I would encourage you to check out the podcast episode yourself and see what you think. It also includes a complete transcription, which is a nice touch and very important.


Sponsor: A big thanks, and a welcome to Aspose for sponsoring the feed this week! Check out their Aspose.Total for .NET has all the APIs you need to create, manipulate and convert Microsoft Office documents and a host of other file formats in your applications. Curious? Start a free trial today.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Leap Motion: Amazing, Revolutionary, Useless

August 14, '13 Comments [72] Posted in Reviews
Sponsored By
Tom Cruise looks so cool in Minority Report

I desperately want it to work, don't you? Just like Minority Report. You wave your hands and your computer interface moves effortlessly.

Frankly, let's forget all that. I'll lower my expectations WAY WAY WAY down. I'd just like to wave my hand left and right and the system move a window between one of my three monitors? Seems reasonable.

This is what I want to feel like with the Leap Motion.

Amazing Minority Report Interface 

Here's how I really feel using Leap Motion.

Fantasia Fighting the Air

Venture Beat says:

The $80 device is 200 times more accurate than Microsoft’s Kinect, sensing even 1/100th of a millimeter motions of all 10 fingers at 290 frames per second.

Really? I find them both equally bad. 1/100th of a millimeter? That's lovely but it makes for an extremely hyperbolic and twitchy experience. I have no doubt it's super accurate. I have no doubt that it can see the baby hairs on my pinky finger - I get it, it's sensitive. However, it's apparently so sensitive that the software and applications that have been written for it don't know how to tell what's a gesture and what's a normal twitch.

Hey, it's my fingers!

My gut says that this is a software and SDK maturity thing and that the Leap Motion folks know this. In the two weeks I've had this device it's updated the software AND device firmware at LEAST three times. This is a good thing.

Perhaps we need to wear gloves with dots on them like Tom Cruise here. When you hold your fingers together and thumb in, Leap Motion sees one giant finger. Digits appear and disappear so you are told to keep your fingers spread out if you can. This becomes a problem if your palm is turned perpendicular to the device. Since Leap Motion only sees up from its position on your desk, it can't exactly tell the difference between a palm down with fingers in and a hand on its side. It tries, but it's about 80% by my reckoning. That may sound great, except when it's 20% completely insane.

I also found that wearing my watch confused the device into thinking I had a third hand. I'm not sure if it's glints off the metal of the watch, but I had to take it off.

To be really clear, I totally respect the engineering here and I have no doubt these folks are smarter than all of us. Sure, it's super cool to wave your hand above a Leap Motion and go "whoa, that's my hand." But that's the most fun you'll have with a Leap Motion, today.

OK, you can see my hand.

There is an excellent diagnostics system that will even warn you of fingerprints. You'll be impressed too, the first time you get a "smudge detected" warning.

Smudge detected?

The software is impressive and organized, but on the down side, the Leap Motion Service takes up as much as 6-7% of my CPU when it seems something near it. That's a lot of overhead, in my opinion.

6% CPU?

The software that I WANT to work is called "Touchless for Windows." It's launched from the AirSpace store. This Leap Motion specific store collects all the apps that use the Leap Motion.

Having a store was a particularly inspired move on their part. Rather than having to hunt around the web for Leap Motion compatible apps, they are just all in the their "store."

The TouchLess app bisects the space above the Leap Motion such that if you're in front of the device you've moving the mouse and if you've moved through the invisible plane then you're touching the "screen." Pointing and clicking is a challenge to say the least.

Touchless for LeapMotion

Scrolling on the other hand is pretty cool and it's amazing when it works. You move your hand in a kind of forward to backward circle, paging up through web sites.

Scrolling is cool

It's not foolproof by any means. Sometimes the Leap Motion will go into what it calls "robust mode." I am not sure why the device wouldn't want to be "robust" all the time. It seems that this really means is "degraded mode." There are threads on the Leap Motion forums about Robust Mode. Lighting seems to play a large factor.

Here's me attempting to use the Leap Motion with Touchless to do anything to this folder. Open it, move it, select it, anything.

Touchless is REALLY hard to use.

Today, I look at the Leap Motion as an amazing $80 box of potential. Just like the Kinect, the initial outcropping of apps are mostly just technology demos. It remains to be seen if the Leap Motion will mature in the coming months. I still think it's an amazing gadget and if you have $80 to blow, go for it. Set your expectations low and you won't be disappointed.


Sponsor: Big thanks to Red Gate for sponsoring the feed this week. Be sure to pick up their Free eBook: 25 Secrets for Faster ASP.NET Applications - Red Gate has gathered some great tips from the ASP.NET community to help you get maximum performance from your applications. Download them free.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Over 400 Virtual Machine Images of open source software stacks in the VM Depot Azure Gallery

August 12, '13 Comments [16] Posted in Azure | Open Source
Sponsored By
Open Source VM Images in Azure

When you want to make a new Virtual Machine from the Azure Portal, from the menu you "Create New | Virtual Machine" and you'll see the default images alongside images you have uploaded or created yourself.

A list of a bunch of Windows images

There's a pile of Windows stuff, and if you scroll down, some good Linux images like openSUSE, CentOS and Ubuntu.

Note: There's also a Visual Studio Ultimate 2013 Preview, so remember, you can sign up for a free Azure trial and remote into Visual Studio in the cloud and mess around if you like. If you have MSDN you have credits already, so associate your MSDN with Azure.

It's nice to have Linux on Azure, but this isn't the richest selection of images.

A list of a bunch of Linux images

There SHOULD be a new section here, in my opinion.

There should be a community section. There isn't. Yet.

Or here:

There should be an Open Source section. There isn't. Yet.

Ah, but if you go to the Virtual Machines area, then click Images, there is a link to Browse VM Depot. One of the great secrets of Azure. I'm working with them to get this more obvious, because it really is epic.

You can click Browse VM Depot at the bottom of the Images Pivot

And then…bam. Now we're talking.

Wow, a pile of existing images. More than 400, in fact.

There’s actually over 400 open source VM images in there, made by the community and companies like BitNami, and hosted by MS Open Tech. You can create VMs from this interface within the Azure Portal, but I think it's even easier to make VMs from the command line.

Get the Azure Command Line

This assumes you have the Azure Command Line Tools. You can get them one of two ways. If you have node and npm, just install azure-cli like this:

npm install azure-cli --g

Then get your account certificates and import it.

azure account download
azure account import "foo.publishsettings"

Then, select a subscription. This is all a one-time thing.

azure account set "some other account name"

At this point I can "azure vm create" this and that. I can manage most of the Azure Cloud from the command line. This tool works on Linux, Windows and Mac, is open source and written in JavaScript.

Creating a VM from an VM Depot Image

Let's say I want a Redis image. I can visit http://vmdepot.msopentech.com and find a Redis one. Here's a customized Ubuntu 12.04 image with Redis configured and hardened security.

If I select Deployment Script at the top, I will get a command line like this:

azure vm create YOUR_DNS_PREFIX -o vmdepot-147-6-1 -l "West US" YOUR_USER_NAME [PASSWORD] --ssh 

That vmdepot number there is the image identifier that tells Azure to copy that VM image over from the VM depot and make a new instance. Make sure you add --ssh or you won't be able to get in at all!

C:\>azure vm create hanselredis -o vmdepot-147-6-1 -l "West US" scott mypassword --ssh
info: Executing command vm create
+ Looking up community image
+ Retrieving storage accounts
+ Copying blob
+ Looking up image
+ Looking up cloud service
+ Creating cloud service
+ Creating VM
info: Deleting image
info: VM image deleted: vmdepot-147-6-1-8d169700
info: Blob deleted: http://hanselstorage.blob.core.windows.net/vm-images/comm
unity-520-3ed9b6e9-97c6-42f4-b2bd-349fca785b64-6.vhd
info: vm create command OK

At this point Azure has made the VM from this image. You can than open up endpoints and port forward to the outside world so you can access your service, or create virtual internal networks to keep this VM private.

VM Highlights

A lot of these images come from a startup called Bitnami that configures images with popular packages. Some highlights of this depot, IMHO, are Discourse, the new forum software from Jeff Atwood and friends:

Discourse

There's a recent Ruby Stack image:

The Ruby Stack

And a good Drupal one:

Drupal

As well as a nice Debian Wheezy image:

image

Remember, these are community driven so YOU can publish images of your open source stack if you want.

As with all galleries of community-grown stuff there will be some gems and some duds. I like the Bitnami stuff, for example, as they appear to know what they are doing. Regardless, use good sense and explore and evaluate before you bet your startup on an image. Still, these are a great way to get a VM running in minutes, not hours or days.

If you think that these images are useful, feel free to sound off in the comments and guilt inform the Powers That Be that you think this is useful. Or not. (I will make sure they see these)

Related Links:


Sponsor: Big thanks to Red Gate for sponsoring the feed this week. Be sure to pick up their Free eBook: 25 Secrets for Faster ASP.NET Applications - Red Gate has gathered some great tips from the ASP.NET community to help you get maximum performance from your applications. Download them free.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Saving and Retrieving Browser (and other) Passwords

August 9, '13 Comments [21] Posted in Tools
Sponsored By

The security balance is always user convenience vs. absolute security. You want security? Disconnect your computer from the internet. Don't save your passwords. Use multi-factor authentication. But that's not reasonable.

  • Browsers let you save the contents of Forms that you fill out, including passwords.
  • Some browsers sync those settings/histories/passwords to other computers with that browser running, if you are signed into a service with a master password.
  • Those passwords need to be stored somewhere locally, and they need to be retrieved by the browser (who is not running as administrator) so that the browser can fill out your form for you.
  • Someone writes code to retrieve those passwords.
  • If you, running as you, the user, can access those passwords, than other code running as you, the user, can also access them.

If you don't like this, don't save your passwords.

I think the concern (I know I was concerned) about the recent hubbub about browser security is the feeling of casual disclosure. It is uncomfortable when it seems easy to get your passwords. But they are still there.

Remember the 10 Immutable Laws of Security, specifically #3.

Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.

Every password vault has this behavior. If your passwords are stored locally, they may be encrypted but they are stored with reversal encryption.

Is this a security problem/bug/flaw? No. You saved your passwords as the user and they can be retrieved by code running as the user.

Here's some just a few lines of code to retrieve and dump your Windows Password Vault on Windows 8.

using System;

namespace DumpCredentials {
class Program {
static void DumpCredentials(Windows.Security.Credentials.PasswordCredential cred) {
Console.WriteLine("Resource: {0}", cred.Resource);
Console.WriteLine("UserName: {0}", cred.UserName);
Console.WriteLine("Password: {0}", cred.Password);
}
static void Main(string[] args) {
Windows.Security.Credentials.PasswordVault vault = new Windows.Security.Credentials.PasswordVault();
Console.WriteLine("{0}", vault.GetType());
foreach (var cred in vault.RetrieveAll()) {
cred.RetrievePassword();
DumpCredentials(cred);
}

}
}
}

Feel free to change your browser settings if you like to not save your passwords, or consider other password vaults like LastPass, KeePass, or 1Password.

Chrome

image

...and also...

image

Internet Explorer

image

FireFox

image

The code to dump Windows 8 Paswords is here. It will compile with VS2012 on Win 8. If you just want the EXE to run, download it here.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Penny Pinching in the Cloud: When do Azure Websites make sense?

August 8, '13 Comments [72] Posted in Azure
Sponsored By

imageI had a great conversation on Twitter with Frans Bouma about pricing where he asked a number of questions that weren't easily answered in 140 characters. The pricing for these things isn't clear or easy. It's not clear or easy because it's complicated.

Frans is thinking about moving his product’s website over to Azure but he’s thinking it’s too expensive for his one website. Good question.

Here's my own Q&A about Azure Websites and Pricing. Folks are always emailing me with confusion so I'm writing it up. If you email me questions from now on (since I have only so many keysleft.com) I'm going to point you here.

Disclaimer: This is written by me, not Marketing. I'm sure they'll be on the phone in a minute when they see this post. It doesn’t make it less true, though.

I wasn't an Azure fan until June of last year. I run all my sites on Azure except for this blog (which is at OrcsWeb where it's been for years).

Today, I have 13 websites and two VMs (one Linux and one Windows) running in Azure. 11 sites run in one VM instances with Azure Websites in the West US, and the other two are in different datacenters.

Q: I have a small website on a custom domain that I'm paying US$5 a month for at FooHost. Should I move to Azure?

A: Probably not. While you can get 10 free websites per data center (meaning, more than 10, technically) to play in Azure, if you want to point a custom domain at it you'll need at least one "shared" (multi-tenant, meaning you get a slice of a CPU) website. That's US$9.68 a month, running full time. If $9.68 is too rich for you, stick with your $5 host. However, you do get to use the same management tools and deployment subsystems even with just one shared site so it depends on what you find valuable. Free sites are great for development and test scenarios where you can experiment with new concepts before you start spending money.

If you’re trying to get by with the minimum for a few bucks a month, I don’t think it’s fair to compare Azure to a random $4.99 PHP host. You get command line management tools, lots of deployment choices, elastic scale in minutes whenever you want, etc.

Q: What if I am OK with $10 a month? What do I get with one shared site?

A: Whether it's 1 site or 500, all websites get Git deployment (and redeployment, also known as the "oh shit button") as well as deployment from Visual Studio and TFS. Everyone gets the same infrastructure and control panel.  You can also scale out to up to 6 shared instances if you need.

Each instance is a copy of your code running on a different shared server with its own quota of CPU and memory. We chose to limit the number of instances to 6 since having more than 6 instances ends up being more expensive than having one Standard server. You can have up to a 100 sites in Shared mode per data center, each site can have up to 6 instances.

Q: What about running my own VM and not using managed Websites?

A: If you know what you're doing, you can run your Website in a VM, but you need to setup IIS and manage it yourself. You need to keep the VM updated, and configure it however you want. But, you can get an extra small VM for $15 a month with 768MB RAM, which is nice. I run an instance of MySQL in one of these as well as PHP on Apache.

image

Q: When would I run a VM over a Website?

A. It comes down to what you want to manage. If you're cool with managing a VM and you want the flexibility, do that. If you want the OS and updates handled for you, as well as the deployment choices and scale out, use web sites.

image

Q: There's Free, Shared and Standard Websites. What's the difference?

A. Free means it's free, there's no uptime guarantee and you're low priority. I put demos and tests and dev on free stuff. I also run some services where it doesn't matter what the URL is because no one can see it. You can't use custom domains or SSL with free.

Shared means you're getting a slice of a computer and you're packed in with a lot of other folks on the shared plans. Most small websites (<20,000 PV) work just fine with shared.

Standard used to be called Reserved. You get your own VM and you can run ASP.NET, nodejs, PHP, etc (the same things you can run on Free and Standard). You can go from 1 core and 1.75G of RAM all the way up to 4 cores and 7G of RAM. I run all my sites in 1 standard small instance. Even with small I've got almost 2 gigs of ram and even though some of my sites (like Hanselminutes) do caching and may use 100-300 megs of RAM on a busy day, I've never had any issues.

If you need more than one server to run your sites you can scale out to 10 instances of your Standard server, if you need more than 10 server instances you can contact support services and they’ll work something out.

Here's the thing about clouds generally and Azure specifically. If you're not packing things densely you're not going to save money.

You can put up to 500 websites into a single instance using Azure Websites. That's not a typo. The more you put in the more value you get from your VM/standard instance.

Tip: Pack sites in tight. To be clear, if you are going to run more than 8 websites in Azure, you're a tool to not move into Standard/Reserved. It's just cheaper. Plus, if you have a bunch of sites in one Data Center (like, I had 10+ in West US) you want to put them all in the same VM. If you can keep serving traffic then effectively all sites you can put comfortably in your existing instance are "free." You're paying for the instance, use it.
image

Q. You're insane, what kind of sites could provide value and also be packed that tight?

A. There's lots of little sites, like my podcasts for example, that get a few tens of thousands or even hundreds of thousands hits a month. If you're working for a digital agency and putting together simple sites, you can start saving big money after about 6 to 8 sites.

Here's the Azure Pricing Calculator. In my opinion it's silly that it goes past 8 in Shared mode. Anything more than 8 shared sites is a waste of money.

image

You might look at this and thing, 8 for $77? That's real money and too rich for me. I'm going to stick with my $5 host. And you probably should if you can pack 8 sites onto that $5 machine.

However, things get cheap when you move to Standard mode. Once you have 1 standard website VM you can put lots of stuff on that one machine.

image

Again, each web site is all alone, isolated and separately deployable and manageable, but they share your 1 VM. But the value is that you never think about the management of the VM. It's always up to date, they're looking for malware, patching the OS, handling stuff. Web Sites sits above the VM and you use FTP, Git Deploy or MS Deploy to get your site there. You can run ASP.NET, PHP, node.js, Python, hell, Classic ASP if you want to.

You're paying for the compute time, 0.10/hr and you're being billed as it's running. If it runs all month long it's $74.40. I run all my sites inside this VM. It's actually a little large, and I could probably get away with an "Extra Small VM" if they would make one for Web Sites (the team is telling me that this is coming soon). Note that I am charged 0.10/hr even if my sites get no traffic, I am essentially paying for “renting” the CPU from Azure.

Q. When do I scale, and how?

A. I talk to customers a lot and most of the ones doing public sites always overstate their traffic. What they want is the ability to scale IF it becomes popular. You can scale UP (bigger instance) or scale OUT (more instances).

You can set you sites to auto-scale if you get on Hacker News or your startup becomes popular. Azure will add (and remove!) instances to make sure traffic gets handled. It will never go above or below the settings you choose.

image

This is a way to control costs. In this screenshot, I will never go above 3 instances, so my site can fall over if it gets slammed, but I decide how hard it tries to scale. I want to balance costs with availability. I could change this however I want from just 1 small VM to 10 large ones, so that's 1 core to 40, as I like.

Q: Are Azure Websites running all the time, 24/7?

A: If you have a standard VM with a bunch of websites in them, the VM is running all the time and you're paying for that VM. If one of the web sites isn't used for some large number of hours, it will be put to sleep, freeing up resources for other sites on the same VM. If you're worried about the web site not warming up quickly, you can use the build in Monitoring feature to not only ensure they are always up but that they are always warm.

image

Q: I’ve got an MSDN Subscription, what does that get me?

Link your MSDN and Azure accounts and you can get up to $150 a month in Azure credits, so up to two free VMs running all day for a month.

I've done a few posts on "Penny Pinching in the Cloud" that you may enjoy.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.