As I wait in the airport for my flight to board, I figured I would put together a quick Mobile Connections 2011 ’Top 5 take-a-ways’ post from my perspective. Lots more detail in my previous posts for each session, this is just my ‘mind dump’ without looking back at my individual session notes.
My original “big goals” coming into the conference were to get a feel from the experts on where cross platform mobile development is headed, if there are any tools to build for the four major platforms with one code base and if so… what tools are leading the charge now, and expected to lead in that space going forward.
#1 Take Away: Cross platform development via one code base (including HTML5) is tough at best, crazy to try at worst. A number of the experts flat out said, if you want a average at best application, go ahead and try to use a cross platform tool. Average meaning it won’t specifically feel like other apps on each platform… compromises have to be taken because of the lack of support for some features on each platform, as well as the different UI styles. If you want a decent application, the UI needs to be built with native code. Plain and simple. Furthermore, this isn’t changing anytime soon so just get used to it.
#2 Take away: The “cloud” term has different definitions to different people (no surprise there), but the idea of the ‘private cloud’ vs ‘public cloud’ really hit home for me. Our ability to leverage the cloud technologies without actually having to put our data/etc on some ‘public’ server is attractive… especially for a transition in the short term, as the technologies around public cloud based security/etc mature. The ability to do hybrid Cloud offerings, having your web servers hosted by a public cloud provider but the data being hosted on company owned cloud technologies sounds great for SaaS providers that have sensitive data they need to protect the best they can, while still trying to allow for max scalability. Cloud and Mobile really go hand and hand now, if you expect to support a significant number of mobile users anyway.
#3 Take Away: NoSQL solutions are super fast, and scale 1000’s of times better than Disk Based SQL solutions. If you are going to be supporting numbers of mobile clients in the tens of thousands or more, you need to be utilizing this type of technology. Redis seems to be mentioned in every conversation regarding this platform type. (NoSQL at is most basic is a fully in memory key-value data store). Excellent tips were shared in my notes writeup of the Architecting Back End Systems for Mobile session.
#4 Take Away: SaaS companies (and others using web technologies) need to look at the product offerings that BiTKOO has. Their Keystone app is an amazing abstraction of Authentication/Authorization and from a coding perspective, is really Plug and Play. Also, their SecureWithin application gateway brings about many possibilities regarding accessing corporately stored data on the web securely. More info can be found in my notes writeup regarding the session BiTKOO CEO gave.
#5 Take Away: The speakers at these conventions are top notch from a know how perspective. The value they provide to the attendee’s in question answering after the sessions alone, is worth the cost/time invested to attend.
I do feel it’s important to throw in this ‘bonus’ takeaway… I will call it 1a as it’s a continuation of the first takeaway:
#1a Take Away: I did attend a workshop yesterday related to the RhoMobile toolset for cross platform development. Though I wasn’t crazy about how the session was conducted, the products they have do look very promising. Using web developer skills (Ruby), the tool supports all the major Mobile OS’s (WP7 and WinCE support too, in about a month) and generates Native code for each platform. It has a number of excellent features of which the one I liked most was it’s support for specific style sheets per OS. So you build your UI using web programming skills and the product styles the UI to look like the ‘normal’ app presentation for the OS. It comes with stock style sheets for each OS and it really does work well. Has support for camera, BlueTooth, etc, as well as a mapping control that makes the use of the OS’s preferred mapping API very nicely. The toolset also has a local data storage tier that takes advantage of SQLLite. If the platform you deploy to doesn’t have SQLLite embedded into it, the tool will deploy a binary representation of it so you can plan on a single local data source across all platforms. This tool has great promise from what I can tell.
Uses Awesomium control to embed web content into WPF application for kiosks/etc.
Natural User Interface (NUI) = touching the screen (or manipulating the screen without touching it)
- The content should define the experience
- The “Grandma Huckaby Test”: the ability to effectively use the kiosk without training
- No one should have to touch the machine to update content (remote deployment while running)
- Updating content should happen centrally and should have automated delivery
- Cant go to deep screens wise (maybe 2/3 levels deep at most)
If something is moving (even simple animation) a humans attention is caught. You are going to look at it.)
Touch Capable Hardware Implementations:
- Capacitive – Think electric impulse (iPhone and others)
- Infrared – Expensive ones. Think laser pointer(s) (best fidelity of touch… costs 10’s of thousands of $$)
- Resistive – Think push down and drag (old, No ‘cool’ devices use this anymore)
Tip: 98% of time 2 people is all a device like this needs to support, though people think it will need to support more. The use cases just don’t support the need to support more.
Given a typical user experience < 5 min on a kiosk type device, you need to keep the navigation shallow and intuitive.
.NET 4 has decent support for touch. Before .NET 4 was very minimal support.
.NET 4 turned touch into a first class citizen for developers.
WPF does support true distributed computing. (with .NET 4 version)
Convinced we gotta do mobile apps native. The user experience in particular requires it.
“Azure is easy for .NET Dev’s”
Important aspects of storage:
- Space consumption & Transactional cost
- Some storage is designed for unlimited storage but you pay per transaction
- Other storage mechanisms are designed for limited storage but unlimited transactions
Biggest problem with Azure now is: No way to really know how much this thing is going to cost.
Kinect can authenticate (differentiate between faces… and when voice is there, voices too)
Hooking Kinect into the windows OS sure looks to be a step to having a ‘Minority Report’ type User Interface for computers.
This session was an excellent way to end the conference for me. Tim is an excellent speaker and showed some really interesting technologies. Peaked my interest regarding looking into some possible UI design changes we might be able to make.
Speaker: Wei-Meng Lee
Wei’s talk was very good, but unfortunately for me, it covered many points that I had already been introduced to in the two other Location based sessions I had attended within the past two days.
Here are the main takeaways I got from the session that were not already covered in the other sessions:
TIP: (most common problems) Requires INTERNET permission in the android Manifest.XML file to get mapping control to work correctly.
Troubleshooting tip: if you don’t have internet access working in the emulator, or the Map API Key is not entered in your code, you won’t be able to see the map.. (95 % of the issues people have are these two)
Confirmed Native support for GeoCoding and reverse GeoCoding by Google Maps too.
Don’t use both location Manager = “GPS” and “Network” at same time… write the code to turn one off back and forth… otherwise your coords will change often.
Cloud computing is not a server with a longer extension cord (co-location of our hardware).
Cloud computing definition (in his mind): Ability of 3rd party to store, process, search, compute, without being able to look at my data even with a court order. Algorithms should support this mechanism instead of just ‘trust’
Think: “Google for private data” Don’t have to know the background technologies.. Just ask for data and you get it back. This is what cloud computing is to him.
Real world example: why is there e-commerce? What enables e-commerce regarding the entry of credit card info? When you purchase online, you trust the protocol (SSL), don’t have to trust the intermediaries.
XACML helps enable such a situation for application access control.
Keystone is their application access control engine. it “provides fine-grained authorization using the XACML standard”.
Point: Security ‘goop’ of an app on average should take about 30% of the software development effort. That’s alot and it gets done over an over again as new software application get developed. Why role this type of code into every new app, instead use the Keystone product to do it for you. Just have to setup a metadata db for your elements and security roles/etc, then hook up a authentication adapter based on your existing authentication process, and the tool will take care of the access control.
My comment right from notes while watching demo: Wow this tool is amazing. In essence allows for a person to setup a data dictionary via the cloud on application security.
By externalizing authentication and authorization, you are no longer reinventing the world. Just using this as a tool for authentication/authorization.
Tool enables federation without writing code.
Also showed tool: SecureWithin. “As secure as your weakest link”
“Traversing the firewall is a job for a 12 year old. Going to bypass the concrete wall, instead I will go through the window.” (Windows = endpoints… weakest link most of the time)
Endpoints need to be protected (properly from within)… if your trusting the infrastructure to protect them… your in trouble.. It’s not a matter of if, but when.
All functions available in the GUI are available via WCF Calls too.
Wow. This companies offerings are ground breaking. Challenge the norm thinking. Amazing.
Allow for 6 diff ways to get
2) Hardware appliance
3) VM Appliance (VMWare or Hyper-V)
4) Cloud (EC2, Azure)
5) Hybrid (1-3) + 4
Most of the membership enforcement/etc is done via the ISAPI Filter type setup.
Products used by Disney, Time Warner, Department of Defense, many other large companies/organizations.
Overall, this one hour session challenged many concepts I thought I understood prior to this session. Authorization/Authentication via a product like Keystone is amazing, and can become a task for the more junior developer (to setup the metadata in the db in essence) as opposed to some of the most experience/important developers on your team, allowing them to focus on other important tasks.
BiTKOO looks to me to be a company to watch, and one I am wanting to talk to others I work with to start the buy-in process so we can possibly look into using such tools in the near future.
Zynga (maker of FarmVille, CityVille, Mofia Wars, etc) adds as many as 1000 servers a week to keep up with growth.
“We have to accept what we all know to be elemental – that taking a defensive position can, at best, only limit losses. And we need gains. ” Peter Drucker.
Point of quote is to say we need to shape security as an enabler rather than just thinking about it as a way to be on the defensive.
Top mobile activities in US:
- - Sent text msgs 68%
- - Took photo 52.4%
- - Accessed news and info 39.5%
- - Used browser 36.4%
Point: Spectrum of usage is going wider
47 apps downloaded per user for iPhone/ITouch. 22 for Android per user.
Internet has changed from Internet of content/search, to a Internet of people interaction.
Social networking has surpassed email use now. People used to have Internet access to get to their email account(s), now it’s to get to Facebook or other social networking sites.
Most Security challenges of Social networks are not technical.
- Obvious productivity impact
- Information disclosure
- The graying of personal and professional lives
- Corporate disclosure
- Social engineering made easy
- Sharing of passwords/predictable user names
- Social networking malware
- most AV Challenged the web-base malware
- Bandwidth concerns
“AV is dead anyway”… Web Based malware eliminates the effectiveness of the desktop Anti-Virus products.
Top risks of Social Network’s
- Unproven identity of profiles and info
- Malware targeting social network sites and users
- Inadvertent disclosure of private or sensitive info
- Social engineering made easy
- Complete loss of privacy
- Identity theft
- Frameworks for app dev and delivery can lead to malware distribution
Maltego.com… shows you info correlation/connection. Check this out on your name
Touchgraph.com - Google tool that shows social relationships.
Key cloud security problems of today (from CSA Top threats research):
- Trust: lack of provider transparency, impacts governance, risk management, compliance
- Data: Leakage, Loss of storage in unfriendly geography
- Insecure Cloud software
- Malicious use of Cloud services
- Account/Service Hijacking
- Malicious insiders
- Cloud-specific attacks
Only way to drive risk down to a appropriate level is by managing vulnerabilities.
Now more than ever, it’s important to have experts look at your data/apps/etc regularly.
it’s also important to have separation of duties. Don’t want one person or the use of that person’s credentials to have too much access to allow for a lack of check pointing before changes to systems/etc get implemented.
Security as a Service Initiative:
- Info assurance challenged by disruptive trends (cloud, mobile, social networking, etc)
- Cloud proves opportunity to rethink security (economics, arch, service delivery models, etc)
Lots of new innovative business models. Pay as you go, One time upfront + pay as you go, Requested bid price and pay as you go, Standard and Reserved. These work best respectively in the following environments: Spiky workloads, steady state workloads, time insensitive workloads, for regulatory and compliant workloads.
Take-Away #1: Flexibility is the key for cloud options
- Can use any Programming Model, language, or OS/DB
- Can use any service individually or in any combo
- Can use as much (or as little) and only pay for what was consumed.
- Can use any existing System Management tools and extend the data center to the cloud
The cloud as a platform: Platform that provides Foundation to build innovation solutions on top, abstraction to hide underlying layers (hardware and software), is self service.
1 job, 1 machine, 500 hours = $1500 rack and stack on premises
1 job, 500 machines, hour = $290
Netflix is almost 100% on AWS
Take Away #2: Elasticity is the fundamental property of the cloud
“Turn off, and not pay for it, when you don’t need it.” That’s the beauty of the elasticity of the cloud.
“Build a Web application that sleeps at night or shrinks itself when there are no users accessing it”… Follow the sun and leverage the true power of on-demand elasticity and globally dispersed regions. (follows the sun means high usage during the day, much less at night)
The day is not too far away where this is viable for most: Scalability, Security, high availability, Fault-tolerance, Testability and elasticity will be configurable properties of the app arch and will be an automated and intrinsic part of the platform on which they are built.
Cloud is a platform for computation, Research and Development. Time to provision a server is a few minutes with cloud.
Don’t have to hug your servers anymore.. You can get complete control of the environment.
Cloud is a platform for:
- New Gen apps
- Internal Corp IT
- To realize your own ideas
Take Away #3: Redefining cloud security
In the cloud, security is a shared responsibility.
App needs to encrypt data in transit and at rest, protect your AWS Credentials, rotate your keys, security your application.
The cloud is more than its services.. Its an enabler
Future = “Internet as the Operating system of Services”
Session Speaker: Wally McClure (on intro slide said: aka: “.NET Judas”)
Where we are at now:
- Laptops are not quite convenient
- Power management is important
- Wifi is not everywhere
- Multiple smart phone platforms
- iPhone has tremendous mind share/market share
- Android has seen tremendous growth
- RIM is dominant in the corporate market still
- WP7 has shipped
- .NET Framework is popular
Mobile Dev issues:
- Screen size
- Dev tools
- Using existing knowledge
Mono = open source implementation of .NET
Mono for Android is a .NET/C# layer over native APIs which can use Visual Studio – IDE
Big issue currently: No design surface. Use Droid Draw for graphical design surface
My take is Mono for Android is great for existing .NET devs to code up Android apps. If you want your app to be really nice though, you are probably going to need to implement the UI natively, and could use Mono for Android as a tool to generate a component to call into for your main biz logic that might already be built in .NET.
Session Speaker: Nickolas Landry
Main focus is Interacting with location service. Not a very popular session as only five people in this session.
WP7 location services
-Phone positioning via GPS, Assisted-GPS (cell towers) and WiFi
Bing maps Web Services include: (REST & SOAP)
- Geocoding service
- Routing service
- Search service
Geospatial Data storage options
- SQL Server 2008
- SQL Azure
- Bing spatial data services
Pros/Cons of each Phone positioning technology:
-)WiFi: (Uses crowd sourcing)
+/- Urban areas (better in urban areas)
Don’t have to interact the technologies directly.. Just use Location Services API. The service is ‘smart’ and figures out which source to use given the parms you give it for accuracy/etc.
Emulator doesn’t allow for location services. Some mock services can be used. Next release of WP7 dev tools (coming out with Mango) will have new tools for this. Separate window will automatically feed location coords based on Bing Map point and click as well as some route creation. (My guess is similar to how Android does this stuff now)
Namespace to use = Microsoft.Phone.Controls.Maps
To use maps control, you need ot have a Bing’s map account. Using Live ID. This is free. Make sure you pick Mobile as the type of app when signing up for the key. This will allow you to request unlimited GeoCoding/Reverse GeoCoding calls, even in the enterprise. Just needs to be run on a mobile device.
GeoCoordinateCatcher(GeoPositionAccuracy.High ) Will use GPS if can get info from it.
.Default will try to use a combo of wifi/cell tower or a cached location.
Things you need to know for LIS
- Locate the phone position
- Display a map at specific coors (lat,long)
- Pan/Zoom the map
- Add a pushpin to the map
- Geocode an address
- Calculate & draw a route on a map
- Draw a polygon on the map
LocationServices have a property that allows for reverse geocoding. (CivicAddress Class) Don’t have to call the Bing Maps WebService, can just use this on the device and it will abstract the stuff.
A few things coming with the Mango release:
- Camera stream access
- Compass and Gyro API’s (Should lead to augmented reality scenario possiblities)
- Will have new options for live agents and multitasking
I felt Nick did a very good job delivering the content he set out to deliver. Very knowledgeable and one who was willing to share his knowledge after the session too.
Session speaker: Robert Machale
Unfortunatly Robert had trouble accessing his Google Docs account, so he did not have access to his slides. Worst part was that he didn’t let the room know he was waiting to try and get on the network for the first 15 mins of the session. After 15 mins, then finally mentioned to group he was waiting but was going to start without them.
He feels Android will take over 3-5 years, except for iPad. FAA recognizes iPad as a replacement for kneepad for flight deck. Executives like iPad. Those were main reasons he thinks the iPad isn’t going away anytime soon.
Can ask GPS receiver 3 questions: Long/Lat/Altitude You have to use other tools to extend after that.
Get values from GPS Satellites or Network carriers triangulation . Can choose either. Listen to GPS or Network. 90% preferable = GPS
Claims that a Visual studio dev’s first choice should be Android over WP7 even… Likes the dev environment and says it’s easy to learn if you already do C# development. This is a plus.
Side frustration: he polled the room and 9 out of 10 people surveyed said that have created a Android app… yet he went painfully slow through the setup process of creating a project, setting up emulators, etc.
Claims you should use Android 1.6 – Api Level 4 and all Android devices will work. Also noted that every Android device will have an SD Card.
Tip: When your Android app runs, your SQLLite db is in your app folder (not SD card).
Tip: flip from portrait to landscape views via: Control F11 or F12. Numeric 7 key allows you to toggle landscape/port mode.
Tip: You can setup “folder called layout-landscape” if you use the same input id’s… you can have two layouts and it will switch. Says it’s more desirable to do this, instead of having the screen resize/etc using relative placing of elements.
Tip: to get through a firewall… you can set emulator command line options with Firewall Username/Password
Tip: Emulator control window will help you be able to modify the GPS info being sent to the phone. KML = google map centric format of location controls
SQLLite is really a whole lot like MS Access
Session was disjointed, but a few tips were gathered.
Ric Telford, from IBM presented:
A private cloud is not ‘the cloud’. This is not true. Cloud model can be embraced by everybody.
Cloud is a delivery model for IT with these attributes:
- On demand self service
- Ubiquitous network access
- Location independent resource pooling
- Rapid elasticity
A delivery model that allows developers to get to consumers
A delivery model that everyone can do.
“Cloud is about not having to own servers. No capital expense” this is true.
Can get a lot of the value independent of if you own the servers or not.
Private cloud = IT capabilities are provided as a service over an intranet, within the enterprise and behind the firewall
Public cloud = it activities/functions are provided as a service over the internet
Hybrid = Internal and external service delivery methods are integrated
Figured cloud will evolve to Platform as a Service (PaaS). Deploy app to platform and the system takes care of capacity/redundancy/etc.
When going to cloud, encouraged to do a Total Cost of Ownership (TCO) analysis based on a financial institution:
- Divide Could implementation life cycle into 3 phases
- Analyze major cost components
- Identify tasks, skills, and considerations from each phase
- Apply best practices, fill solution gaps, and enable skills.
Realize it’s more than just server costs, look at energy costs (cooling/etc), real estate costs, etc.
Here is where private clouds are going:
Yesterday: Individual Deployment
Today: Shared hardware and Virtualized apps.
Tomorrow: Integrated Middleware platform and Image Management
Benefits of today:
- Increased utilization of infrastructure
- Location independent deployment
Challenges of today:
- Building images
- Image proliferation
- Governance of changes
- Creations of composite apps
- Connectivity to legacy and off premises apps
Benefits of Tomorrow:
- Standardized middleware
- Increased utilization of software
- Improved deployment speed
- Simplified app management
IBM Smart Cloud is IBM’s cloud offering. Focused on enterprise customers mostly.
Hybrid cloud: Share data and process integration across boundaries (public and private cloud services).
IBM Product = Cast Iron to enable data/process integration across boundaries
Where are we going with cloud:
- To fulfill its potential as the next evolution of enterprise IT, cloud comp promises to become much more than an enabler of it efficiencies.
- It promises to become a driver of business transformation, innovation and growth.
- IT without boundaries.
Mobile and cloud… one begets the other. Cloud will enable companies to be more responsive in the mobile space.
IBM sees Analytics as the ‘next big thing’ in the cloud.
55% believe cloud enables them to focus on transforming their business and make their processes leaner, faster and more agile. Innovation=yes
Biggest bottleneck of cloud = network costs. They haven’t come down like other costs.
Figure 20% (like highly regulated) of biz processes should not be migrated to cloud.
Overall, I went to three Cloud based sessions today, one by IBM (this one), one by Amazon Web Services, and one by RackSpace. I would have to say that many of the same concepts/conclusions/points were communicated in general by each company. IBM focused on enterprise push, Amazon on being the place for everyone, and RackSpace on their use of OpenStack.