Ad Free

This is just a quick post. There was news today about malicious ads in reputable1 ad networks that can "surreptitiously hijack" computers. Though the Google ad network, the network used by this site, was not one of the networks reported to have been exploited, I decided to pull all syndicated advertising from my blog. Google may never be affected by this issue, but I don't want to wait to find out.

As a result of the changes I have made, I have also updated my cookie and privacy policies to reflect the changes, so please review those.

I did not want to take this action2, but I feel it is warranted given the seriousness of the possible outcomes. The nature of advertising online needs to change; consumers need confidence that the sites they visit are safe, advertising networks need to vet the ads they syndicate, and browsers need to empower their users. For more information on the malicious ads, I recommend reading the article on Ars Technica; for more information about online advertising and what needs to change, I recommend reading "The ethics of modern web ad-blocking" on

Finally, if anyone out there is interested in sponsoring my humble blog, please let me know. All the best and safe browsing.

  1. to be taken lightly, I suppose 

  2. I was almost $10 off finally getting my cheque from Google and all I really wanted was to cover the cost of hosting 

Debugging IIS Express website from a HyperV Virtual Machine

Recently, I had to investigate a performance bug on a website when using Internet Explorer 8. Although we are fortunate to have access to BrowserStack for testing, I have not found it particularly efficient for performance investigations, so instead I used an HyperV virtual machine (VM) from modern.IE.

I had started the site under test from Visual Studio 2013 using IIS Express. Unfortunately, HyperV VMs are not able to see such a site out-of-the-box. Three things must be reconfigured first: the VM network adapter, the Windows Firewall of the host machine, and IIS Express.

HyperV VM Network Adapter

HyperV Virtual Switch Manager
HyperV Virtual Switch Manager

In HyperV, select Virtual Switch Manager… from the Actions list on the right-hand side. In the dialog that appears, select New virtual network switch on the left, then Internal on the right, then click Create Virtual Switch. This creates a virtual network switch that allows your VM to see your local machine and vice versa. You can then name the switch anything you want; I called mine LocalDebugNet.

New virtual network switch
New virtual network switch

To ensure the VM uses the newly created virtual switch, select the VM and choose Settings… (either from the context menu or the lower-right pane). Choose Add Hardware in the left-hand pane and add a new Network Adapter, then drop down the virtual switch list on the right, choose the switch you created earlier, and click OK to accept the changes and close the dialog.

Add network adapter
Add network adapter
Set virtual switch on network adapter
Set virtual switch on network adapter

Now the VM is setup and should be able to see its host machine on its network. Unfortunately, it still cannot see the website under test. Next, we have to configure IIS Express.

IIS Express

Open up a command prompt on your machine (the host machine, not the VM) and run ipconfig /all . Look in the output for the virtual switch that you created earlier and write down the corresponding IP address1.

Command prompt showing ipconfig
Command prompt showing ipconfig

Open the IIS Express applicationhost.config file in your favourite text editor. This file is usually found under your user profile.

Find the website that you are testing and add a binding for the IP address you wrote down earlier and the port that the site is running on. You can usually just copy the localhost binding and change localhost to the IP address or your machine name.

You will also need to run this command as an administrator to add an http access rule, where <ipaddress>  should be replaced with the IP you wrote down or your machine name, and <port>  should be replaced with the port on which IIS Express hosts your website.

At this point, you might be in luck. Try restarting IIS Express and navigating to your site from inside the HyperV VM. If it works, you are all set; if not, you will need to add a rule to the Windows Firewall (or whatever firewall software you have running).

Windows Firewall

The VM can see your machine and IIS Express is binding to the appropriate IP address and port, but the firewall is preventing traffic on that port. To fix this, we can add an inbound firewall rule. To do this, open up Windows Firewall from Control Panel and click Advanced Settings or search Windows for Windows Firewall with Advanced Security and launch that.

Inbound rules in Windows Firewall
Inbound rules in Windows Firewall

Select Inbound Rules on the left, then New Rule… on the right and set up a new rule to allow connections the port where your site is hosted by IIS Express. I have shown an example here in the following screen grabs, but use your own discretion and make sure not to give too much access to your machine.

New inbound port rule
New inbound port rule
Specifying rule port
Specifying rule port
Setting rule to allow the connection
Setting rule to allow the connection
Inbound rule application
Inbound rule application
Naming the rule
Naming the rule

Once you have set up a rule to allow access via the appropriate port, you should be able to see your IIS Express hosted site from inside your VM of choice.

As always, if you have any feedback, please leave a comment.

  1. You can also try using the name of your machine for the following steps instead of the IP 

Corporate Dogma: Good Intentions, Bad Policies

Recently, a colleague wanted to update our corporate profile on a well-known website for sharing interview experiences; we will call them Brickwindow. When signing up for a free corporate account, he filled out the fields honestly, stating his name, his job title, and checking the box that stated he represented HR, which he does as part of his various duties. 24 hours later (or thereabouts), the response came back saying that Brickwindow were not permitting him to open the account as his job title wasn't HR-related. They would need a C-level employee or member of the HR department to verify his authority (or to open the account themselves).

Here's the issue. Our organization does not have an HR department or traditional C-level employees like CEO, CFO or CTO. Just as we are trusted to make good software engineering decisions, we are trusted to make good decisions in other aspects of the business, including who we hire. There are no managers, no Chief Gubbins Officers, and no HR departments. So, my colleague wrote back to Brickwindow outlining how our company structure just does not fit their rules. He assured them that he is authorized to make HR decisions. Shortly thereafter, they responded reiterating that he could not have the account and asserting that they are committed to the security of their users.

So, I signed up.

I have the same job title as my colleague, but since we can choose our own job titles, I temporarily promoted myself to Assistant to the Director of HR. After submitting my application, I pondered on how they might verify this and quickly updated my LinkedIn profile to state the same title1. About thirty minutes later I had an account. It was that easy. My colleague had just been too honest. As for the commitment to user security, Brickwindow sent me my new user name and password in plain text. Brilliant2. I quickly changed it and then forwarded the account details to my colleague so he could continue with the task he had attempted to do the day before.

I think this tale serves as a great example of how we can get bogged down in process and miss the purpose of an activity altogether. In trying to make sure that no one could just create an account for any old company, Brickwindow made assumptions about its corporate user base that meant they could not adapt when faced with something that did not conform. Not only that, but they were so busy trying to enforce those assumptions, they missed the glaring loopholes. All they managed to achieve was a huge waste of time; theirs and ours. This had been an opportunity for Brickwindow to demonstrate they are forward thinking and adaptable, but instead they made it clear they are stuck in the past with the monolithic corporate structures of C-level employees and middle management. In the end, they failed on three major points: identity, roles, and security. We only persevered because we appreciate the primary service provided by Brickwindow.

So, next time you are faced with a situation that does not fit the script, consider whether the script needs to change before trying to change the situation. These conflicts are an opportunity to impress, not stick to rigid rules that don't even achieve the goals they intend to.

If you have any similar tales of well-intentioned processes gone wrong, or corporate dogma that gets in the way, please post them in the comments.

As for me, I have since demoted myself back to a Senior UX Engineer (a title I had chosen when I found out I would be speaking at CodeMash It turns out HR was just not a good fit for me.

  1. Apologies to anyone who was confused 

  2. sarcasm 

The Connected Vehicle

At the end of last month I attended the Automotive Megatrends 2012 held at The Henry in Dearborn, MI. Though this was a three-day event, I attended the second day only: Connectivity. It was an opportunity for major and minor players in the automotive world to present and discuss their particular visions of the future for passenger cars in a world that is increasingly connected. Particular attention was paid to the Cloud and the continuing trend for infotainment1 to be provided via handheld devices rather than proprietary in-vehicle systems. Safety was a hot topic; in particular driver distraction, where legislation tends to hold vehicle manufacturers liable in the event of an accident even though they may have little or no control over the devices that do the distracting (such as smartphones).

The day was split into four main sessions divided by networking opportunities. Each main session took the form of a panel where four or five panelists would present their views on a particular topic with a moderator overseeing the discussion. Each panel would face a round of questions once all had presented. The topic of the first two sessions was "Connected vehicle outlook — the next 10 years" with the following sessions being "Mobile device integration" and "Software and apps" respectively. Repeatedly during the day, speakers would return to the concept of the Connected Vehicle and what that means for consumers and manufacturers alike, but what do they mean by "The Connected Vehicle"?

A Day in the Life

You wake up on a cold, wintry morning to your smartphone alarm obnoxiously wailing. Via the magic of the Internet, the home management app has checked the local weather and adjusted your home heating to give you an extra bit of toasty warmth. It has also instructed your coffee machine to brew up some Joe.

You flip to the appropriate smartphone screen and start your car. A quick swipe and the in-car temperature is set just right. An alert tells you a service is due and shows you local service locations along with their cost. You select your favourite location and choose an appointment time, then you swap over to your home management app and start the shower. By the time you're out of bed, showered, dressed and have your coffee in hand, the car is thawed out and toasty warm.

As you drive to work by way of your children's daycare, information is delivered to you via your smartphone to your in-car video and audio systems, telling you the weather, headlines, social media updates and to-do list for the day. Your favourite music plays in the background as you choose. Perhaps you even queued up some things from the night before. Voice commands and a simple, radio-like interface give you simple, non-distracting control of your information streams. Everything coordinates and cooperates to ensure that you can concentrate on driving.

As you're finishing off a quick check of your e-mail subject lines an alert flashes up warning you of road construction and traffic delays. The satellite navigation app on your smartphone kicks in, offering alternative routes and travel times to get you on your way. As you begin your detour, the directional microphones and image processing systems in the back seat detect that your kid just woke up and has started punching his sibling. In an attempt to keep the peace, the latest, greatest animated movie immediately starts streaming from Netflix, Hulu or Zune in the headrest display. Meanwhile, your satellite navigation is suggesting spots to safely pull over (as well as one or two doughnut shops you might need for the purchase of "behave yourself" bribes).

Having dropped the kids off at daycare, you pull up at work and apply the parking brake. The in-car systems take the opportunity to remind you of your service appointment. You get out of the car and walk to your office – the car automatically turns off and locks itself as you go. When you get to your desk, you computer has already synced with the Cloud, showing your service appointment on your calendar along with a snapshot of your car diagnostics, should you need to discuss the appointment over the phone.

Reality Check

Though embellished with a few ideas of my own, this scenario is similar to many involving the connected vehicle envisaged by those presenting at the conference. It is all so seductively plausible that it's easy to ignore the reality.  Behind all the enthusiastic rhetoric there are so many unresolved problems and challenges that we're just not ready yet to deliver the dream of the connected vehicle. To get an idea of where we are right now, consider the current vehicle to be akin to video-game consoles just over 10 years ago. Before the current generation of consoles (Playstation 3, XBOX 360, Nintendo Wii), pretty much all you could do with a gaming console was play games, now we can not only play games, but also buy games, rent, buy and stream video, listen to Internet radio stations, watch live television (in HD) and interact with social networks.

The problems for the connected vehicle mostly lie in the gap between the old and the new; passenger cars, with a development cycle of 3-4 years and consumer electronics, with a development cycle of 12-18 months. In a world where a smartphone can be out-of-date within a year but a car is expected to last ten or more, bridging the gap becomes a challenge. Not to mention that the world of the connected car relies on the existence of wireless carriers and services that not only support the demands of consumers but also those of the equipment manufacturers, services like OnStar and its soon to be released API, requiring access to vehicle data and systems in a safe and secure manner.

Controlled Openness

To bridge the development cycle gap, there was a call for the end of proprietary infotainment systems and more controlled, open standards across the passenger car industry. The general view was that proprietary systems have to go in favour of smartphone or other smart device apps, a trend that has already begun. This move would help to reign in the growing concerns surrounding driver distraction by providing an in-vehicle delivery platform that allows apps to interact with the car and its passengers in a safe, secure and reliable manner.

In order to make such a platform appealing to app developers, a set of open standards needs to be adopted by the industry, a set of standards that has not yet been defined but that will provide rules and guidance on how an app interacts with a vehicle and its occupants (as with any new technology discussion of 2012, whispers of HTML5 were everywhere). This idea of controlling app delivery within the vehicle while allowing open standards and app development was dubbed "controlled openness" and clear comparisons were drawn with Apple and the way they govern the app marketplace.

Safe and Secure

Just like the API provided by Apple and any other contemporary development platform, security is extremely important. Security is the basis of trust for consumers and without it the full potential of a technology can never be realised as no one will ever immerse themselves fully. Several presenters gave their thoughts on how security might work but there was a lack of convincing argument that this was a simple problem to solve. In fact most speakers on the matter seemed to be plugging a product while skirting around some of the issues that had been raised by others. Issues that have names like "virus", "hacker" and "theft"; the connected vehicle opens up a cornucopia of problems that must be resolved.

  • How do you stop someone taking control of your vehicle while allowing you to remote start it from your phone?
  • How do you allow an app access to vehicle systems without allowing a bug to cause a vehicle accident?
  • How do you ensure that a person's identification is unpaired from a vehicle when they are no longer in possession of that vehicle due to sale, accident or theft?

Given the need to exchange data to and from the vehicle communications network in order to support telematics and other advanced (perhaps premium) apps, which may include the ability to do things like start, stop or even track the vehicle, I'm sure you can think of many other scenarios that highlight how important it is that the connected vehicle be secure.

The Internet and our increasingly connected world has security all over the place with a plethora of approaches to providing identification, authorization and secure access. However, the effects of a hack or security flaw have so far not had such potentially immediate fatal results as they might in the world of the connected vehicle. A security breach that allows someone to take control of some aspect of your car is entirely unacceptable. This is not a case of making sure it should never happen, but rather a case of could never happen. If nothing else, the experience of driving a car must be safe, both actually and perceptually.

The Road Ahead

So where does that leave us? The automotive industry has rightly identified a need to integrate more closely with the consumer electronics world and move away from the proprietary in-car infotainment systems of old, but the consumer electronics industry is racing along at quite a pace. Although the concept of a smartphone existed prior to its announcement, the launch of the iPhone five years ago accelerated smartphone evolution and it shows no signs of slowing down.  However, until the iPhone of the connected vehicle concept appears and focuses consumer expectations, we will have to accept the Windows Mobile-style missteps along the way2.

While the connected vehicle is still an uncertain concept, it is becoming a reality and it will change the way we interact with our cars. In fact, they may not be our cars at all3. The speakers at the Automotive Megatrends 2012 event had plenty of statistics, ideas and products to illuminate the target that is the connected vehicle. Now all we need to do is find the road that takes us there.

  1. Infotainment is a word used in the automotive industry to refer to the combined provision of information and entertainment services within a vehicle such as radio and satellite navigation 

  2. Not to be confused with Windows Phone 7 (or 7.5), which is awesome. 

  3. Uncertainty exists on how various facets of the connected vehicle will be monetized; from the services and apps to the car itself. Will it be subscription-based, ad-supported or freemium? Will we buy our cars or enter into a service-agreement instead? All of these things and more are yet to be determined.