A Rant about Openness

May 2nd, 2008 by Daniele Muscetta

It is interesting to see that a bunch of open source projects written on and for the Microsoft platform grows and grows, and also nice to see that a lot of Microsoft employees are very active and aware of the open source ecosystem, rather than being stuck with only what the company makes. Phil Haack, in a post about an interview to Brad Wilson,  wisely writes:

"[…] What I particularly liked about this post was the insight Brad provides on the diverse views of open source outside and inside of Microsoft as well as his own personal experience contributing to many OSS projects. It's hard for some to believe, but there are developers internal to Microsoft who like and contribute to various open source projects. […]"

In fact, being made by Microsoft people or not, the list of open source software on CodePlex keeps growing too. Mentioning CodePlex and interviews, another interesting one is that of Sara Ford, Program Manager for CodePlex posted on Microspotting. But Microspotting is awesome in general. My favorite quote by her:

"[…] Hey. My name is Ariel and I'm the person you thought would never work at MSFT […]".

In fact, just as I do, she is running that blog on WordPress, posting her photos on Flickr, using a RSS feed on Feedburner and in general using a bunch of things that are out there that might be seen as "competing" with what Microsoft makes. In fact, this attitude towards other products and vendors on the market is what I am mainly interested in. Should we only use flagship products? Sure, when they help us, but not necessarily. Who cares? People's blogs are not, as someone would like them to be, a coordinated marketing effort. This is about real people, real geeks, who just want to share and communicate personal ideas and thoughts. I had a blog before being at Microsoft, after all. Obviously I had exposure to competing products. My server was running LAMP on Novell Netware in 2002 – after which I moved it to Linux. It is not a big deal. And if I try to put things in perspective, in fact, this is turning out to be an advantage. I am saying this, as the latest news about interoperability comes from MMS (Microsoft Management Summit): and that is the announcement that System Center Operations Manager will monitor Linux natively. I find this to be extremely exciting, and a step in the right direction… to say it all I am LOVING this!!! But at the same time I see some other colleagues in technical support that are worrying and being scared by this – "if we do monitor Linux and Unix, we are supposed to have at least some knowledge on those systems", they are asking. Right. We probably do. At the moment there are probably only a limited number of people that actually can do that, at least in my division. But this is because in the past they must have sacrificed their own curiosity to become "experts" in some very narrow and "specialized" thing. Here we go. On the opposite, I kept using Linux – even when other "old school" employees would call me names. All of a sudden, someone else realizes my advantage.  …but a lot of geeks already understood the power of exploration, and won't stop defining people by easy labels. Another cool quote I read the other day is what Jimmy Schementi has written in his Flickr profile:

"[…] I try to do everything, and sometimes I get lucky and get good at something […]".

Reading on his blog it looks like he also gave up on trying to write a Twitter plugin for MSNLive Messenger (or maybe he never tried, but at least I wanted to do that, instead) and wrote it for Pidgin instead.  Why did he do that ? I don't know, I suppose because it was quicker/easier – and there were API's and code samples to start from.

The bottom line, for me, is that geeks are interested in figuring out cool things (no matter what language or technology they use) and eventually communicating them. They tend to be pioneers of technologies. They try out new stuff. Open Source development is a lot about agility and "trying out" new things. Another passage of Brad's interview says:

"[…] That's true–the open source projects I contribute to tend to be the "by developer, for developer" kind, although I also consume things that are less about development […] Like one tool that I've used forever is the GIMP graphics editor, which I love a lot".

That holds true, when you consider that a lot of these things are not really mainstream. Tools made "by developer, for developer" are usually a sort of experimental ground. Like Twitter. Every geek is talking about Twitter these days, but you can't really say that it is mainstream. Twitter has quite a bunch of interesting aspects, though, and that's why geeks are on it. Twitter lets me keep up-to-date quicker and better (and with a personal, conversational touch) even better than RSS feeds and blogs do. Also, there are a lot of Microsofties on Twitter. And the cool thing is that yo can really talk to everybody, at any level. Not just everybody "gets" blogs, social networks, and microblogging. Of course you cannot expect everybody to be on top of the tech news, or use experimental technologies. So in a way stuff like Twitter is "by geeks, for geeks" (not really just for developers – there's a lot of "media" people on Twitter). Pretty much in the same way, a lot of people I work with (at direct contact, everyday) only found out about LinkedIN during this year (2008!). I joined Orkut and LinkedIN in 2004. Orkut was in private beta, back then. A lot of this stuff never becomes mainstream, some does. But it is cool to discover it when it gets born. How long did it take for Social Networking to become mainstream? So long that when it is mainstream for others, I have seen it for so long that I am even getting tired of it.

For some reason, geeks love to be pioneers. This is well expressed in a digression by Chris Pratley:

"[…] some of them we will be putting out on officelabs.com for the general public (you folks!) to try so we can understand how "normal" people would use these tools. Now of course, as we bloggers and blog-readers know, we're not actually normal – you could even debate whether the blogosphere is more warped than the set of Microsoft employees, who comprise an interesting cross-section of job types, experiences, and cultures. But I digress. […]"

But I have been digressing, too, all along. As usual.

reportr – Show your Flickrness!

April 27th, 2008 by Daniele Muscetta

reportr - Show your Flickrness!

How many times you have gone somewhere (public demonstration, event, concert, etc) where yo saw other people shooting photos and you though "some of them MUST be flickr'ers"…. but you never had the guts to go and introduce yourself?

Now it's time to show off that you are a Flickr'er, and let other people figure it out.

Polo:

www.cafepress.com/cp/customize/product.aspx?clear=true&am…

Cap:

www.cafepress.com/cp/customize/product.aspx?clear=true&am…
NOTE:

This is just an idea and it is NOT endorsed by Flickr itself.

Also, I do not get any money for it – those are just the prices imposed by the online shop used to create them. I just thought it was a funny idea and I wanted to share it.

Ca(p)tching Cats and Dogs

March 9th, 2008 by Daniele Muscetta

I read on Jeff Atwood's blog about most strong Captcha having been defeated. Also, on top of visitors getting annoyed by it, the Captcha plugin I am using has gone unmantained lately. And, one way or another, I am getting comment spam again. Which is something I really hate as you know what I would love to do to spammers

I am seriously considering giving Asirra a try. It is an interesting project from Microsoft Research for an HIP (Human Interaction Proof) that uses info from petfinder.com to let users set apart pictures of dogs from those of cats. There is also a WordPress plugin, in the best and newest "we want to interoperate" fashion that we are finally getting at Microsoft (this has always been the way to go, IMHO, and BTW).

Anyway, what do you think ?

Merry XMas

December 22nd, 2007 by Daniele Muscetta

This post is to write down some thoughts before Christmas, along the lines of what I have written yesterday in an email to a lot of colleagues (and I definitely forgotten some of them because there are too many great people I've worked with… so if you are one of the forgotten ones and you are reading this: I'm sorry!).

The last few months have been very busy with work. As much as I enjoyed them anyway, and learned a lot in the process and from the people I worked with, I now really want to enjoy these few coming days of Christmas holidays and RELAX and spend some quality time with my family and friends.

So I wish the same for all of you: that you may spend a Merry, relaxing Christmas, and have a great start for a grand, brilliant new year!

 

As a side note, having been very busy I have blogged a lot less. Blogging implies that I already have a sort-of-well-formed thought, that should span a few lines or paragraphs, otherwise I don't find it worth it. That does not mean I don't have small ideas or other things I like to share when I come up with them. That is why I am using microblogging and Social Networking a lot lately, so I remind you that even if this blog's builtin feed only includes the REAL FEW blog posts, then I also have another (very "chatty") feed that you can use to "follow me" and that one includes all of the following combined feeds: my status messages from Facebook, my Twitter messages, my pictures on Flickr, the stuff I read somewhere else and then share on Facebook, the places I visit and mark on 43Places and the goals I achieve, want to achieve, or I simply talk about on 43Things, as well as the REAL posts on this blog. It is my implementation of what has been called a "lifestream" by other bloggers.

Doha, Qatar

December 2nd, 2007 by Daniele Muscetta

Doha, Qatar | Commercial Road

Doha, Qatar | Commercial Road, uploaded by Daniele Muscetta on Flickr.

Last week I have been to Doha, Qatar, visiting a customer site and learning from a colleague how to deliver my first "official" MOM Health Check. I have spent most of my time working on Microsoft Operations Manager, of course, but I also did manage to walk around a bit on my late afternoons and evenings and see some stuff. So, as I usually do in these cases, I took a ton of pictures.

I found an interesting place, filled with contrasts between old and new, tradition and competition, ancient and modern.
It's a living place that is certainly working hard to get over the oil business model and attract richness in different ways.

John Lockerbie spotted my photos on Flickrs and asked me permission to use some of the, so they have been now republished on his very interesting page about Islamic Urban design and architeture and the one about islamic society.
They both are an interesting read, and most of his site is.

Using Live ID to authenticate to WordPress

November 2nd, 2007 by Daniele Muscetta

Yesterday I've been hacking a bit with the Windows Live ID SDK and I wrote a very small and simple plugin for WordPress that enables you to login in to WordPress with your passport Live ID.
I had read in various places that such a plugin would be welcome… I looked around and found none yet (if anyone has instead already written something like this and I missed it I will happily waste the simple stuff I did for something more advanced/well written… just let me know :-)).
I took a look at a similar experiment, and eventually even found that there is some conceptually similar plugin written to work with OpenID. The wordpress openid plugin is much more complex and much more advanced than what I did, tough. It will let you log in with just ANY OpenID user, it will automatically create a user for you on that wordpress installation and associate it with your ID, even just for the purpose of commenting, etc.

But in my blog I don't require or need people to actually log in to do anything. I actually like anonymous/free comment. A CAPTCHA takes care of spammers and I am fine with it so far. Probably for a big site with a lot of users it might make sense, but for my blog so far it doesn't. But there's one thing for which this is instead useful: I have always been worried, when logging in through HTTP (thus, without SSL) to my blog from networks I don't manage or completely trust, that my password could be sniffed over the wire and stolen. Live ID solves my problem by letting Microsoft validate my identity: I have associated my Live ID to the blog's main user account(=myself), the one writing this post. So the plugin in its current form is used as a replacement of the login form (the standard wp-login.php wordpress form CAN still be used if you like, of course, you just don't HAVE to. Also the use of xmlrpc will still require local user/pwd combination.). Anyway, this new form will authenticate you thorugh Live ID and then check if your Live ID is associated to any local user. If it is, it will log you on to wordpress with that account. Otherwise it will inform you that you are successfully logged on to passport Live, but unfortunately there is no corresponding local account for you, and that it would need to be set up. Setting it up is as difficult as adding a line to the database… probably adding a form or a property page would be nice, but in my case I just did it with a query:

INSERT INTO `wordpress`.`wp-usermeta` (
`umeta_id` ,
`user_id` ,
`meta_key` ,
`meta_value`
)
VALUES (
NULL , '1', 'LiveID', 'f11fa1d3e82c68776f94a3a5c459b70b'
);

which adds an extra "property" for the first user (admin) called 'LiveID' which contains your Live ID (the one above is not my real one, in case you were wondering). When you are authenticated by LiveID and you get back this value, the plugin checks in this table which WordPress userid in the database has been associated with this Live ID and – if it finds one – it authenticates you as that user. Of course you should not have duplicates.

My code is mostly based on the SDK PHP Sample, with some modification to integrate it in WordPress as a plugin. Of course I removed the file that is used as "user database" and used wordpress DB instead.

There's a ton of things that could be improved. I just did not put any more effort and time in it. As you might know if you read this blog, I am not a full time developer. Actually I shouldn't write code at all for work and I am mainly considered an "infrastructure" guy. Anyway, I would like to code more and even if I am not supposed to, I always try to find stimulating situations that require a bit of integration, thinking out of the box, some scripting, etc…

[updated: november 3rd 2007] You can download the sample plugin "AS-IS" here: liveauth.zip . This has only been tested and only works with WordPress 2.3.x serie (but should also work with earlier versions – not tested)

[updated: march 30th 2008] WordPress 2.5 has changed the way the authentication cookie is generated, therefore here is an updated version of the plugin that works with the new secure cookies: liveauth02.zip
I should really invest some more time in this and clear up the code. I should also make an interface to make the configuration easier, and maybe make a version that works on both 2.3 and 2.5 branches. I am not sure when I will have time for that, though…

[updated: april 20th 2008] I have released version 0.3c of the plugin which now finally includes a simple configuration page, and should work on both WordPress 2.3 (and older) and on the 2.5 brach. Please visit the new Windows Live ID Authentication WordPress Plugin Page.

Disclaimer:
The information in this weblog is provided "AS IS" with no warranties, and confers no rights. This weblog does not represent the thoughts, intentions, plans or strategies of my employer. It is solely my own personal opinion. All code samples are provided "AS IS" without warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.
THIS WORK IS NOT ENDORSED AND NOT EVEN CHECKED, AUTHORIZED, SCRUTINIZED NOR APPROVED BY MY EMPLOYER, AND IT ONLY REPRESENT SOMETHING WHICH I'VE DONE IN MY FREE TIME. NO GUARANTEE WHATSOEVER IS GIVEN ON THIS. THE AUTHOR SHALL NOT BE MADE RESPONSIBLE FOR ANY DAMAGE YOU MIGHT INCUR WHEN USING THIS PROGRAM.

Test from WordPress 2.3

September 26th, 2007 by Daniele Muscetta

Blog works, all the plugin work too. I will *only* have to re-write a whole bunch on SQL queries for my .Net frontend that is now broken. I'll do that at one stage, now I can't be asked.

It's nice to see things called by their real name

September 3rd, 2007 by Daniele Muscetta

Facebook Terms of Service state that it is forbidden to "[…] use automated scripts to collect information from or otherwise interact with the Service or the Site […]"

For this reason, I had to pull down the code of the small application I had previously released, which was "logging" into the mobile web application "pretending" to be a mobile browser and change your status. Big deal!!!

I am quite sure there are a lot of people writing "official" applications (that is using the "platform API" and so on) that are collecting A LOT of information about users who install their applications. They are being sent the info about the visitors by facebook, they are storing them, they might do whatever they please with (study it, sell it to spammers, to marketers, to making-money-assholes) and nobody will ever notice because it is on their servers and nobody can check that.

But a script that changes your status from remote – since this is not a functionality they CHOSE to expose in their API – then THAT is a big issue. Doh!
It's just plain ridiculous, but that's it.

Sure, the terms of service for app developers say a bit more in this regard:

[…]
4) Except as provided in Section 2.A.6 below, you may not continue to use, and must immediately remove from any Facebook Platform Application and any Data Repository in your possession or under your control, any Facebook Properties not explicitly identified as being storable indefinitely in the Facebook Platform Documentation within 24 hours after the time at which you obtained the data, or such other time as Facebook may specify to you from time to time;

5) You may store and use indefinitely any Facebook Properties that are explicitly identified as being storable indefinitely in the Facebook Platform Documentation; provided, however, that except as provided in Section 2.A.6 below, you may not continue to use, and must immediately remove from any Facebook Platform Application and any Data Repository in your possession or under your control, any such Facebook Properties: (a) if Facebook ceases to explicitly identify the same as being storable indefinitely in the Facebook Platform Documentation; (b) upon notice from Facebook (including if we notify you that a particular Facebook User has requested that their information be made inaccessible to that Facebook Platform Application); or (c) upon any termination of this Agreement or of your use of or participation in Facebook Platform;
[…]
You will not directly or indirectly sell, export, re-export, transfer, divert, or otherwise dispose of any Facebook Properties to any country (or national thereof) without obtaining any required prior authorizations from the appropriate government authorities;
[…]

Are we sure everybody is playing by these rules, when every facebook "application" really runs on the developer'server ? How do you know that they are really storing only what you want them to store, and deleting what you want them to delete ? Everybody knows how difficult it is to really "delete" digital content once it has come into existance… who knows how many copies of this database/social graph are floating around ?

Of course that is not an issue because people don't talk about it enough. But a script that changes your status – now, THAT is a very terrible thing.

I just don't get this "politically correctness". It must be me.

Oh, no… look! It's not only me!
I had read this post of Dare, but I problably had overlooked the last bit of it…. because he did point out this Hypocrisy going on:

[…]
Or (5) the information returned by FQL about a user contains no contact information (no email address, no IM screen names, no telephone numbers, no street address) so it is pretty useless as a way to utilize one’s friends list with applications besides Facebook since there is no way to cross-reference your friends using any personally identifiable association that would exist in another service.

When it comes to contact lists (i.e. the social graph), Facebook is a roach motel. Lots of information about user relationships goes in but there’s no way for users or applications to get it out easily. Whenever an application like FacebookSync comes along which helps users do this, it is quickly shut down for violating their Terms of Use. Hypocrisy? Indeed.
[…]

He then insists in a more recent post in calling things by their name:

[…]
I will point out that 9 times out of 10 when you hear geeks talking about social network portability or similar buzzwords they are really talking about sending people spam because someone they know joined some social networking site. I also wonder how many people realize that these fly-by-night social networking sites that they happily hand over their log-in credentials to so they can spam their friends also share the list of email addresses thus obtained with services that resell to spammers?
[…]
how do you prevent badly behaved applications like Quechup from taking control away from your users? At the end of the day your users might end up thinking you sold their email addresses to spammers when in truth it was the insecure practices of the people who they’d shared their email addresses with that got them in that mess. This is one of the few reasons I can understand why Facebook takes such a hypocritical approach. :)
[…]

Thanks, Dare, for mentioning Hypocrisy. Thanks for calling things by their name. I do understand their approach, I just don't agree with it.

I did pull my small application off the Internet because I have a family to mantain and I don't want to have legal troubles with Facebook. Sorry to all those that found it handy. No, I cannot even give that to you per email. It's gone. I am sorry. For the freedom of speech, especially, I am sorry.

I will change my status more often on Twitter.

New Photo Category Visualization

August 26th, 2007 by Daniele Muscetta

New Photo Category Page

Copying the advice by Small Potato, I made a different page for the 'Photos' category/tag on this blog. It has been a bit trickier than I first thought, because he keeps his picture uploaded into wordpress itself, while I had to write a small plugin using a regular expression to extract the "IMG SRC" portion of the post content. This way I also experimented with WordPress templates, plugins and structure a bit more than I had done before… and I am even more convinced than before that it can easily be used as a CMS rather than *just* a bloging software.

Updated RSS Feed for this blog

August 16th, 2007 by Daniele Muscetta

I got tired of using FeedBurner, really. So I made a much more flexible and "Complete" integrated feed that includes posts on this blog, my photos on Flickr, my Status Changes on Facebook and Twitter. Please update your aggregator if you were using the old feed (which still works btw, but will keep having less information in it).