Maarten Balliauw {blog}

ASP.NET MVC, Microsoft Azure, PHP, web development ...

NAVIGATION - SEARCH

Protecting Windows Azure Web and Worker roles from malware

Most IT administrators will install some sort of virus scanner on your precious servers. Since the cloud, from a technical perspective, is just a server, why not follow that security best practice on Windows Azure too? It has gone by almost unnoticed, but last week Microsoft released the Microsoft Endpoint Protection for Windows Azure Customer Technology Preview. For the sake of bandwidth, I’ll be referring to it as EP.

EP offers real-time protection, scheduled scanning, malware remediation (a fancy word for quarantining), active protection and automatic signature updates. Sounds a lot like Microsoft Endpoint Protection or Windows Security Essentials? That’s no coincidence: EP is a Windows Azurified version of it.

Enabling anti-malware on Windows Azure

After installing the Microsoft Endpoint Protection for Windows Azure Customer Technology Preview, sorry, EP, a new Windows Azure import will be available. As with remote desktop or diagnostics, EP can be enabled by a simple XML one liner:

1 <Import moduleName="Antimalware" />

Here’s a sample web role ServiceDefinition.csdef file containing this new import:

1 <?xml version="1.0" encoding="utf-8"?> 2 <ServiceDefinition name="ChuckProject" 3 xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition"> 4 <WebRole name="ChuckNorris" vmsize="Small"> 5 <Sites> 6 <Site name="Web"> 7 <Bindings> 8 <Binding name="Endpoint1" endpointName="Endpoint1" /> 9 </Bindings> 10 </Site> 11 </Sites> 12 <Endpoints> 13 <InputEndpoint name="Endpoint1" protocol="http" port="80" /> 14 </Endpoints> 15 <Imports> 16 <Import moduleName="Antimalware" /> 17 <Import moduleName="Diagnostics" /> 18 </Imports> 19 </WebRole> 20 </ServiceDefinition>

That’s it! When you now deploy your Windows Azure solution, Microsoft Endpoint Protection will be installed, enabled and configured on your Windows Azure virtual machines.

Now since I started this blog post with “IT administrators”, chances are you want to fine-tune this plugin a little. No problem! The ServiceConfiguration.cscfg file has some options waiting to be eh, touched. And since these are in the service configuration, you can also modify them through the management portal, the management API, or sysadmin-style using PowerShell. Anyway, the following options are available:

  • Microsoft.WindowsAzure.Plugins.Antimalware.ServiceLocation – Specify the datacenter region where your application is deployed, for example “West Europe” or “East Asia”. This will speed up deployment time.
  • Microsoft.WindowsAzure.Plugins.Antimalware.EnableAntimalware – Should EP be enabled or not?
  • Microsoft.WindowsAzure.Plugins.Antimalware.EnableRealtimeProtection – Should real-time protection be enabled?
  • Microsoft.WindowsAzure.Plugins.Antimalware.EnableWeeklyScheduledScans – Weekly scheduled scans enabled?
  • Microsoft.WindowsAzure.Plugins.Antimalware.DayForWeeklyScheduledScans – Which day of the week (0 – 7 where 0 means daily)
  • Microsoft.WindowsAzure.Plugins.Antimalware.TimeForWeeklyScheduledScans – What time should the scheduled scan run?
  • Microsoft.WindowsAzure.Plugins.Antimalware.ExcludedExtensions – Specify file extensions to exclude from scanning (pip-delimited)
  • Microsoft.WindowsAzure.Plugins.Antimalware.ExcludedPaths – Specify paths to exclude from scanning (pip-delimited)
  • Microsoft.WindowsAzure.Plugins.Antimalware.ExcludedProcesses – Specify processes to exclude from scanning (pip-delimited)

Monitoring anti-malware on Windows Azure

How will you know if a threat has been detected? Well, luckily for us, Windows Endpoint Protection writes its logs to the System event log. Which means that you can simply add a specific data source in your diagnostics monitor and you’re done:

1 var configuration = DiagnosticMonitor.GetDefaultInitialConfiguration(); 2 3 // Note: if you need informational / verbose, also subscribe to levels 4 and 5 4 configuration.WindowsEventLog.DataSources.Add( 5 "System!*[System[Provider[@Name='Microsoft Antimalware'] and (Level=1 or Level=2 or Level=3)]]"); 6 7 configuration.WindowsEventLog.ScheduledTransferPeriod 8 = System.TimeSpan.FromMinutes(1); 9 10 DiagnosticMonitor.Start( 11 "Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString", 12 configuration);

In addition, EP also logs its inner workings to its installation folders. You can also include these in your diagnostics configuration:

1 var configuration = DiagnosticMonitor.GetDefaultInitialConfiguration(); 2 3 // ...add the event logs like in the previous code sample... 4 5 var mep1 = new DirectoryConfiguration(); 6 mep1.Container = "wad-endpointprotection-container"; 7 mep1.DirectoryQuotaInMB = 5; 8 mep1.Path = "%programdata%\Microsoft Endpoint Protection"; 9 10 var mep2 = new DirectoryConfiguration(); 11 mep2.Container = "wad-endpointprotection-container"; 12 mep2.DirectoryQuotaInMB = 5; 13 mep2.Path = "%programdata%\Microsoft\Microsoft Security Client"; 14 15 configuration.Directories.ScheduledTransferPeriod = TimeSpan.FromMinutes(1.0); 16 configuration.Directories.DataSources.Add(mep1); 17 configuration.Directories.DataSources.Add(mep2); 18 19 DiagnosticMonitor.Start( 20 "Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString", 21 configuration);

From this moment one, you can use a tool like Cerebrata’s Diagnostics Monitor to check the event logs of all your Windows Azure instances that have anti-malware enabled.

Pro NuGet is finally there!

Short version: Install-Package ProNuget or http://amzn.to/pronuget

Pro NuGet - Continuous integration Package RestoreIt’s been a while since I wrote my first book. After I’ve been telling that writing a book is horrendous (try writing a chapter per week after your office hours…) and that I would never write on again, my partner-in-crime Xavier Decoster and I had the same idea at the same time: what about a book on NuGet? So here it is: Pro NuGet is fresh off the presses (or on Kindle).

Special thanks go out to Scott Hanselman and Phil Haack for writing our foreword. Also big kudos to all who’ve helped us out now and then and did some small reviews. Yes Rob, Paul, David, Phil, Hadi: that’s you guys.

Why a book on NuGet?

Why not? At the time we decided we would start writing a book (september 2011), NuGet was out there for a while already. Yet, most users then (and still today) were using NuGet only as a means of installing packages, some creating packages. But NuGet is much more! And that’s what we wanted to write about. We did not want to create a reference guide on what NuGet command were available. We wanted to focus on best practices we’ve learned over the past few months using NuGet.

Some scenarios covered in our book:

  • What’s the big picture on package management?
  • Flashback last week: NuGet.org was down. How do you keep your team working if you depend on that external resource?
  • Is it a good idea to auto-update NuGet packages in a continous integration process?
  • Use the PowerShell console in VS2010/11. How do I write my own NuGet PowerShell Cmdlets? What can I do in there?
  • Why would you host your own NuGet repository?
  • Using NuGet for continuous delivery
  • More!

I feel we’ve managed to cover a lot of concepts that go beyond “how to use NuGet vX” and instead have given as much guidance as possible. Questions, suggestions, remarks, … are all welcome. And a click on “Add to cart” is also a good idea ;-)

I’m an ASP Insider

imageCool! I’ve just learned that I’m invited to join the ASPInsiders. I’m really excited and honored to be part of this group of great ASP.NET experts. Very much looking forward to learning the secret handshake and being able to provide feedback that helps the ASP.NET team forward.

If don’t know who the ASP Insiders are, here’s their elevator pitch:

“The ASPInsiders is a select group of international professionals who have demonstrated expertise in ASP.NET technologies and who provide valuable, early feedback on related developing technologies and publications to their peers, the Microsoft ASP.NET team and others.”

Some more info is available in the Who are the ASPInsiders? post by one of the insiders.

TechDays Finland - Architectural Patterns for the Cloud - NuGet

As promised, here are the slide decks for the two sessions delivered at TechDays Finland last week.

Architectural Patterns for the Cloud

The promise of all cloud vendors out there is they can run your applications without changes. While that claim is true, it’s better to optimize existing software or design specifically for the cloud when moving or building an application. Architectural optimization will speed up your application, make it more scalable and even will make it cheaper to run on Windows Azure. This session will take you along some common patterns that are easy to implement and will make your cloud more sunny.

Organize your Chickens - NuGet for the Enterprise

Managing software dependencies, whether those created in-house or from third parties can be a pain in the behind. Whether dependencies feel like wild chickens or people run around like chickens dealing with dependencies, the NuGet package manager can be a cure. Let us guide you to creating enterprise (chicken) NuGets and dealing with them in a structured, easy-to-maintain manner. From developer workstation to build server, NuGet tastes great! We'll provide you the dip sauce.

Enjoy! And if there’s any feedback or questions, I would love to hear it.

Introducing MyGet package source proxy (beta)

My blog already has quite the number of blog posts around MyGet, our NuGet-as-a-Service solution which my colleague Xavier and I are running. There are a lot of reasons to host your own personal NuGet feed (such as protecting your intellectual property or only adding approved packages to the feed, but there’s many more as you can <plug>read in our book</plug>). We’ve added support for another scenario: MyGet now supports proxying remote feeds.

Up until now, MyGet required you to upload your own NuGet packages and to include packages from the NuGet feed. The problem with this is that you either required your team to register multiple NuGet feeds in Visual Studio (which still is a good option) or to register just your MyGet feed and add all packages your team is using to it. Which, again, is also a good option.

With our package source proxy in place, we now provide a third option: MyGet can proxy upstream NuGet feeds. Let’s start with a quick diagram and afterwards walk you through a scenario elaborating on this:

MyGet Feed Proxy Aggregate Feed Connector

You are seeing this correctly: you can now register just your MyGet feed in Visual Studio and we’ll add upstream packages to your feed automatically, optionally filtered as well.

Enabling MyGet package source proxy

Enabling the MyGet package source proxy is very straightforward. Navigate to your feed of choice (or create a new one) and click the Package Sources item. This will present you with a screen similar to this:

MyGet hosted package source

From there, you can add external (or MyGet) feeds to your personal feed and add packages directly from them using the Add package dialog. More on that in Xavier’s blog post. What’s more: with the tick of a checkbox, these external feeds can also be aggregated with your feed in Visual Studio’s search results. Here’s the magical add dialog and the proxy checkbox:

Add package source proxy

As you may see, we also offer the option to filter upstream packages. For example, the filter string substringof('wp7', Tags) eq true that we used will filter all upstream packages where the tags contain “wp7”.

What will Visual Studio display us? Well, just the Windows Phone 7 packages from NuGet, served through our single-endpoint MyGet feed.

Conclusion

Instead of working with a number of NuGet feeds, your development team will just work with one feed that is aggregating packages from both MyGet and other package sources out there (NuGet, Orchard Gallery, Chocolatey, …). This centralizes managing external packages and makes it easier for your team members to find the packages they can use in your projects.

Do let us know what you think of this feature! Our UserVoice is there for you, and in fact, that’s where we got the idea for this feature from in the first place. Your voice is heard!

Slides for TechDays Belgium 2012: SignalR

It was the last session on the last day of TechDays 2012 so I was expecting almost nobody to show up. Still, a packed room came to have a look at how to make the web realtime using SignalR. Thanks for joining and for being very cooperative during the demos!

As promised, here are the slides. You can also find the demo code here: SignalR. Code, not toothpaste - TechDays Belgium 2012.zip (2.74 mb)

A recording on Channel9 is available as well.

PS: The book on NuGet (Pro NuGet) which I mentioned can be (pre)ordered on Amazon.

Tracking API usage with Google Analytics

So you have an API. Congratulations! You should have one. But how do you track who uses it, what client software they use and so on? You may be logging API calls yourself. You may be relying on services like Apigee.com who make you pay (for a great service, though!). Being cheap, we thought about another approach for MyGet. We’re already using Google Analytics to track pageviews and so on, why not use Google Analytics for tracking API calls as well?

Meet GoogleAnalyticsTracker. It is a three-classes assembly which allows you to track requests from within C# to Google Analytics.

Go and  fork this thing and add out-of-the-box support for WCF Web API, Nancy or even “plain old” WCF or ASMX!

Using GoogleAnalyticsTracker

Using GoogleAnalyticsTracker in your projects is simple. Simply Install-Package GoogleAnalyticsTracker and be an API tracking bad-ass! There are two things required: a Google Analytics tracking ID (something in the form of UA-XXXXXXX-X) and the domain you wish to track, preferably the same domain as the one registered with Google Analytics.

After installing GoogleAnalyticsTracker into your project, you currently have two options to track your API calls: use the Tracker class or use the included ASP.NET MVC Action Filter.

Here’s a quick demo of using the Tracker class:

1 Tracker tracker = new Tracker("UA-XXXXXX-XX", "www.example.org"); 2 tracker.TrackPageView("My API - Create", "api/create");

Unfortunately, this class has no notion of a web request. This means that if you want to track user agents and user languages, you’ll have to add some more code:

1 Tracker tracker = new Tracker("UA-XXXXXX-XX", "www.example.org"); 2 3 var request = HttpContext.Request; 4 tracker.Hostname = request.UserHostName; 5 tracker.UserAgent = request.UserAgent; 6 tracker.Language = request.UserLanguages != null ? string.Join(";", request.UserLanguages) : ""; 7 8 tracker.TrackPageView("My API - Create", "api/create");

Whaah! No worries though: there’s an extension method which does just that:

1 Tracker tracker = new Tracker("UA-XXXXXX-XX", "www.example.org"); 2 tracker.TrackPageView(HttpContext, "My API - Create", "api/create");

The sad part is: this code quickly clutters all your action methods. No worries! There’s an ActionFilter for that!

1 [ActionTracking("UA-XXXXXX-XX", "www.example.org")] 2 public class ApiController 3 : Controller 4 { 5 public JsonResult Create() 6 { 7 return Json(true); 8 } 9 }

And what’s better: you can register it globally and optionally filter it to only track specific controllers and actions!

1 public class MvcApplication : System.Web.HttpApplication 2 { 3 public static void RegisterGlobalFilters(GlobalFilterCollection filters) 4 { 5 filters.Add(new HandleErrorAttribute()); 6 filters.Add(new ActionTrackingAttribute( 7 "UA-XXXXXX-XX", "www.example.org", 8 action => action.ControllerDescriptor.ControllerName == "Api") 9 ); 10 } 11 }

And here’s what it could look like (we’re only tracking for the second day now…):

WCF Web API analytics google

We even have stats about the versions of the NuGet Command Line used to access our API!

NuGet API tracking Google

Enjoy! And fork this thing and add out-of-the-box support for WCF Web API, Nancy or even “plain old” WCF or ASMX!

Don’t brag about your Visual Studio achievements! (yet?)

imageThe Channel 9 folks seem to have released the first beta of their Visual Studio Achievements project. The idea of Visual Studio Achievements is pretty awesome:

Bring Some Game To Your Code!

A software engineer’s glory so often goes unnoticed. Attention seems to come either when there are bugs or when the final project ships. But rarely is a developer appreciated for all the nuances and subtleties of a piece of code–and all the heroics it took to write it. With Visual Studio Achievements Beta, your talents are recognized as you perform various coding feats, unlock achievements and earn badges.

Find the announcement here and the beta from the Visual Studio Gallery here.

The bad

The idea behind Visual Studio Achievements is awesome! Unfortunately, the current achievements series is pure crap and will get you into trouble. A simple example:

Regional Manager (7 points)

Add 10 regions to a class. Your code is so readable, if I only didn't have to keep collapsing and expanding!

Are they serious? 10 regions in a class means bad code design. It should crash your Visual Studio and only allow you to restart it if you swear you’ll read a book on modern OO design.

Another example:

Job Security (0 points)

Write 20 single letter class level variables in one file. Kudos to you for being cryptic! Uses FxCop

While I’m sure this one is meant to be sarcastic (hence the 0 points), it makes people write unreadable code.

There’s a number of bad coding habits in the list of achievements. And I really hope no-one on my team ever “achieves” some items on that list. If they do, I’m pretty sure that project is doomed.

The good

The good thing is: there are some positive achievements. For example, stimulating people to organize usings. Or to try out some extensions. Unfortunately, there are almost no “good” achievements. What I would like to see is a bunch more extensions that make it fun to discover new features in Visual Studio or learn about good coding habits.

Don’t get me wrong: I do like the idea of achievements very much. In fact, I feel an urge to have the Go To Hell achievement (and delete the code afterwards, promise!), but why not use them to teach people to be better at coding or be more productive? How about achievements that stimulate people to use CTRL + , which a lot of people don’t know about. Or teach people to write a unit test. Heck, you can even become Disposable by correctly implementing IDisposable!

So in conclusion: your resume will look very bad if you are a Regional Manager or gained the Turtles All The Way Down achievement. Don’t brag about those. Come up with some good habits that can be rewarded with achievements and please, ask the Channel 9 guys to include those.

[edit]This one does have positive achievements: https://github.com/jonasswiatek/strokes [/edit]
[edit]http://channel9.msdn.com/niners/maartenba/achievements/visualstudio/GotoAchievement [/edit]

How do you synchronize a million to-do lists?

Not this question, but a similar one, has been asked by one of our customers. An interesting question, isn’t it? Wait. It gets more interesting. I’ll sketch a fake scenario that’s similar to our customer’s question. Imagine you are building mobile applications to manage a simple to-do list. This software is available on Android, iPhone, iPad, Windows Phone 7 and via a web browser. One day, the decision to share to-do lists has been made. Me and my wife should be able to share one to-do list between us, having an up-to-date version of the list on every device we grant access to this to-do list. Now imagine there are a million of those groups, where every partner in the sync relationship has the latest version of the list on his device. In often a disconnected world.

How would you solve this?

My take: Windows Azure Service Bus Topics & Subscriptions

According to the Windows Azure Service Bus product description, it “implements a publish/subscribe pattern that delivers a highly scalable, flexible, and cost-effective way to publish messages from an application and deliver them to multiple subscribers.“ Interesting. I’m not going into the specifics of it (maybe in a next post), but the Windows Azure Service Bus gave me an idea: why not put all actions (add an item, complete a to-do) on a queue, tagged with the appropriate “group” metadata? Here’s the producer side:

Windows Azure Service Bus Topics

On the consumer side, our devices are listening as well. Every device creates its subscription on the service bus topic. These subscriptions are named per device and filtered on the SyncGroup metadata. The Windows Azure Service Bus will take care of duplicating messages to every subscription as well as keeping track of messages that have not been processed: if I’m offline, messages are queued. If I’m online, I receive messages targeted at my device:

Windows Azure Service Bus Subscritpions

The only limitation to this is keeping the number of topics & subscriptions below the limits of Windows Azure Service Bus. But even then: if I just make sure every sync group is on the same bus, I can scale out over multiple service buses.

How would you solve the problem sketched? Comments are very welcomed!

Predictions for the future

It’s almost the end of 2011. Typically a time where bloggers start to write about their past year and what they’ll do in the next. A time where the Forrester, Gartner and McKinsey-alikes make predictions about next year. I know, normally I blog about technology in its technological sense, but today I feel like blogging about my vision on the future. Not 2012, but the future. And the present. Here’s my story in which I try to capture todays world and how this will influence technology.

The world in which we work

Let’s start with some context. I live in the wonderful country of Belgium. A small country, known for its fine chocolates and more importantly: its massive amount of fine brews like Trappists (nothing beats Rochefort 10!). Unfortunately, we are now also known and will probably end up in the Guinness Book of World Records as the country having the longest negotiations to form a government. Around 540 days between voting and formation. (and these guys now have Christmas holidays, of course). But I digress. This country is also a small part in the European crisis which involves monetary issues, banking crisis and so on. The reason? People who don’t want to take responsibilities for their actions. People who don’t want to see change, as they are in a good position. Or people who do want changes but enforce changes that are based on short-term vision. Or tunnel vision: some data required to make decisions does never ever bubble up to higher management (or isn’t cared about).

I know, this post starts to feel like a governmental rant but it isn’t. There’s more to this story: it involves all of us. It involves every single corporation with management levels and focused on making money. The problem is: the larger these companies (or countries, too) get, the more overhead is involved. This is a required step though: you don’t want your CEO to micro-manage everything, the poor guy would have no sleep, ever. What is wrong though, is most of these processes (or laws) come in place and are never optimized. Where processes should support the business in its goals, a lot of processes evolve from supporting to “business prevention”. In fact, I believe in every single country and/or enterprise, a lot of business prevention units and processes exist. And I wouldn’t be surprised that this number is a lot higher than the number of rules that support the business. I’m not saying all of this is happening intentionally, but it is happening.

I’ll give you a fine example of something I witnessed earlier and triggered me into finally writing this post. Someone at some company in a role that involves experimenting with “unapproved” tools, required a simple, clean virtual machine. A process was in place: the request for a VM should be motivated (why do you want this?). Not a problem: the why is easy. Future earnings by investing in some research. Unfortunately, the guys executing this process (your typical IT department) had several other questions. Why isn’t this approved tooling and applications? What resources do you need -oh- that’ll be difficult. Demotivation from the people executing this process. Why? Because they, too, don’t want to follow the food chain up through the organization to ask for an internal budget of, say, 250 EUR per month. A budget that already was spent informally by e-mailing and calling back-and-forth instead of just getting the damn VM in place. In fact, those external hosters with a VM for 25 EUR / month seemed attractive. 25 EUR, or even 250 EUR, for a potential future business idea? An idea that costs almost nothing but may (or may not, it depends) offer return in the future. A budget that has already been spent by just preventing this idea from happening.

Meet the next generation of workers. Many people entering these large enterprises (or becoming residents of countries, again, the same ideas apply for any organization involving more than a few people) are disappointed. Disappointed with the fact that their ideals (making the entire group of ants move forward) is tempered by that same group of ants working in the opposite direction. And the thing is: this group of ants will keep doing this as long as other groups of ants throw some meat into the ant pile. Money.

Earlier this year we’ve seen protests around the world. The Middle East protests, Occupy movements, … All sorts of people fighting against their pile of ants. In some cases this will work, in some probably not. The same happens in enterprises: people fight these business prevention processes but are fighting a fight that will never work. That’s why management layers and business prevention processes are in place.

This story may sound depressing but it isn’t. There are new ants growing to the top and more fresh ants are entering the higher regions of these management layers and business prevention units. They too are frustrated with things not happening, just because. They are trying to change all this. But unfortunately, the pace in which this happens is slow? Utterly slow.

The flipside

We are on the flipside. Companies in technology, very much focused on small layers of overhead and business prevention, are introducing new products and technologies. Tablets, “apps”. The Internet. Telecommuting as a solution to those traffic jam that only cost money and create stress and health problems. But not everyone is in that world. Yet.

People will become more vocal, that’s what we’ve seen with all the protesting. People will want to bring their own hardware to work (because it’s faster than that crappy Windows XP machine they are forced to use). People will bring tablets. People will want to work distributed, when they want and where they want. People will start placing their own goal at the same level of the goal the group of ants has: they’ll strive for personal happiness and at the same time meat for the group of ants. But in order to achieve those two goals, they’ll force change. They’ll want to get rid of business prevention processes because they cost time. And losing time means losing moments to enjoy family and friends. And the group of ants loses at the same time, too.

Now how will this change happen? Well, through consumerization and technology. Over the last years, we’ve seen people adopting the Internet. Desktops are being replaced by laptops, smartphones and tablets. People want their favorite tools, in which they can work most efficient. Just like people wearing orange socks instead of black socks. People will want to be more efficient, and their tools at hand make them feel efficient. And this continues at a higher pace than before: I see a lot of people running around with tablets. I see smartphones being used. I see social media being used as a focused and immediate communication channel to get things organized. Much like the consumerization of the governments in the Middle East, consumerization in enterprises will happen. Be prepared and focus on these things:

  • People will bring their own devices. They’ll bring in the right tool for the job. A tablet? Sure. A web browser on any device? Why not. As a company, better start preparing to become an ISP for your employees instead of an IT department doing nothing but blacklisting. People are used to this at home, so why not in the world they work in? Prediction 1: Bring your own device.
     
  • In my example earlier: people want to keep their pace. Why fight when all you need is a credit card to open up a cloud somewhere? Employees will do this. Managers as well: they too feel the fight and see easier, more efficient ways out. Why remove “your inbox is almost full” e-mails daily when there’s 25 GB of inbox space waiting to be unlocked for 5 EUR / month? Prediction 2: Cloud momentum will rise.
     
  • Silverlight is dead? The Web is dead? Apps are dead? If you’ve followed Twitter these days, those predictions were made. I say: nonsense. I see things converge. Smaller, less bloated but more agile ways of working, whether if it’s trough a small app or through a small, focused website. The actual technology will not matter, the way people work with it will. Prediction 3: UX and how we use apps will matter, technology will be supportive.
     
  • People want to work together. Move forward, together. One way of doing that is to open up your silos. Create API’s which focus on exposing information. Don’t focus on the software consuming those. Maybe it’s better to create an API instead of creating an extranet application. Let the consumers decide how they’ll work with that data. Prediction 4: API’s.
     
  • Some business models are dead. Large enterprises still exist because money keeps flowing in. But what if the consumerization stops that? Look at the music industry. People wanted fast and easy access to their music. Nothing happened in the industry. Consumers did their thing and invented things like Napster. Until one company with a fruit logo was smart enough to see a business model in this. Be prepared. Consumers, be it in their personal or work life, may no longer be happy with your business model. They’ll request change or change it themselves. If you don’t, you’ll end up like the music industry, fighting a fight that you can never win. The book industry got it right: they changed the way books are being distributed to e-book readers. Sure, there are alternative and illegal ways to read a book, but they are winning their fight. Small change but supporting the consumer. Prediction 5: Business and revenue models will (have to) change.
     
  • Smaller projects. You probably know those two-year projects were a lot of stuff gets analyzed and implemented. Project fails. 2 years of money and effort wasted. But since we don’t want to see this failure bubble up or down means that we do put this thing in production. Which forces users to start consumerizing faster. The return of the MS Access database! Prediction 6: Projects will become smaller and more focused.

Those are my predictions. And all are the result of consumerization and technology enabling people. I don’t know if 2012 will bring all of these. I do think some of them will start emerging. Be prepared for change.

PS: I promise, my next blog post will be about angle brackets again.

PS 2: I am not targeting any specific government or specific enterprise.