Monthly Archives: October 2013

Introducing the Microsoft Cloud Show podcast

Leave a reply

Microsoft Cloud ShowThe only place to stay up to date on everything going on in the Microsoft cloud world including Azure and Office 365.

Quite some time ago I bugged pestered asked my good friend Andrew Connell (AC) if he would be interested in starting a SharePoint podcast.  Given he is a busy guy with a lot on his plate he wasn’t so sure it was a good idea to begin with.  After all, we both said that if we were going to embark on something like this that we wanted to do it right.

We ultimately decided to broaden the shows scope to include not only SharePoint … but rather take on talking about the whole Microsoft cloud story.  After all, Microsoft are one of the largest Enterprise players in the market and there is A LOT going on in their cloud offerings.

The Microsoft Cloud Show was born.

Our aim with the show is to bring you news, information and commentary about all things going on in the Microsoft cloud world. We want to invite the listener into the show via way of audio and email questions sent in. We want to keep a consistent delivery of shows that you can count on.  Most of all we want it to be easily digestible and will try to stick to 30mins per show.

We are not pretending to be professional podcasters here and we will likely learn a lot along the way.  But we hope you will join us for the journey.

We are launching the podcast in iTunes (MS marketplace coming soon) with 3 episodes. These are just introductory shows and talk about our motivations for the show & then a background show on each host. We will be getting into the meat and potatoes in Episode 4 which is coming soon.  Ideally we would love to settle into a fortnightly show.

We would love to hear your feedback! We would love to hear about topics that interest you and that you would like to hear us address on the show.

In the meantime … please enjoy this screenshot from us recording our first show.

image

-CJ

Content by Search webpart in Office 365

3 Replies

It looks like the much awaited Content by Search Web Part might start showing up in Office 365 tenants!  I’m not sure when this started, and it might not be on all tenancies just yet.

Here it is in all its search laden glory …

image

It seems to depend on what version your Office 365 tenant is.  If you have 16.0.0.2120 or above then you should be in luck.

To find out what version your tenancy is on log in and navigate to the following URL:

https://FooCorp.sharepoint.com/_vti_pvt/service.cnf

You should see something like this:

vti_encoding:SR|utf8-nl
vti_extenderversion:SR|16.0.0.2120

Update: MS has announced this now:  http://blogs.office.com/b/office365tech/archive/2013/10/29/search-innovations-for-site-and-portal-design-in-sharepoint-online.aspx

-CJ

SharePoint Online protects against BREACH

1 Reply

Back in August a co-worker who is doing a lot of work with Office 365 noticed something changed in Office 365.  One of those sneaky, unannounced changes that break things inadvertently and take a while to track down.

It turns out Office 365, SharePoint Online in particular, had stopped Zipping returned  payloads to JavaScript Object Model (JS OM or JSOM), even if you explicitly asked for them.  You can read about his initial discovery in a blog post.

TL;DR – Send a request for information from SharePoint, include the “Accept-Encoding: gzip, deflate, sdch” header, response comes back without compression applied.

Here is it in action.  To try this at home you will need:

  • One SharePoint Online site
  • A tool like Fiddler or PostMan (handy Chrome app) for easily handcrafting and initiating HTTP requests and seeing what comes back.  I’m using it below.
  • A list set up in your SharePoint site with some data in it

Create a HTTP GET request to return the items from your list. Something like this:

http://MySharePointOnlineSite.SharePoint.com/sites/Developer/_api/Lists/MoviesList/Items?$select=Title

Add your Accept-Encoding header and Accept headers like so to ask for JSON back and gzip compression:

image

Send your request and you should see some JSON come back.  Something like this:

image

Notice a distinct lack of zippage? Also if you flip to the Headers tab on the response you don’t see a Content-Encoding: gzip like this:

image

Now this isn’t really a big problem in the grand scheme of things.  Unless you are calling this from a mobile app where bandwidth is important or you need low latency replies. Another example would be if you are building a SharePoint App and calling the REST services to get back list data to drive some UI … you want it to be snappy.

After a bit of hunting my co-worker pointed me at a post about an SSL + HTTP Compression hack called BREACH.  Basically this hack lets hackers break SSL by fiddling with the input on a request and watching changes in the compressed response. After a few (say 1000) requests they can crack your SSL.  Note this is only an issue if you are serving content than can change based on manipulation of request data AND the return payload can be compressed.

The fix?  Turn off HTTP compression on responses.

Yes, really. That seems to be the only practical option for mitigating against this attack right now. No, this isn’t a bug in IIS or SharePoint or any other product.

Hence, this seems to be why SharePoint online no longer compresses responses.  I was told that static files might be compressed since they wont fall victim to this hack, however my testing didn’t surface any resources that I could make come back compressed. (Let me know if you find one)

E plan tenants  are the most effected I think as the SharePoint Online sites are all behind SSL.

I found this really interesting so I thought I would share.

-CJ

PS: thanks to my Microsoft buddies who helped confirm this for me.

Speaking at SharePoint Intersection: Where Business, Technology, and Solutions Intersect, Oct 27th – 31st, Vegas!

Leave a reply

I’m heading to Vegas at the end of this month to speak at the SharePoint Intersection event.  You should come!!

I’m speaking about:

  • Pre Day workshop: Getting Your Arms Around the SharePoint 2013 App Model (with Andrew Connell)
  • SESSION: Apps for SharePoint Primer
  • SESSION: Working with SharePoint’s REST, CSOM and APIs Remotely
  • SESSION: Soup to Nuts: How to Build a Metadata and Search Driven Intranet
  • INTERSECTION: Extending SharePoint with Apps and Enterprise Solutions (with Andrew Connell and Jeremy Thake)

Register with the code JOHNSON and get $50 off. And get a free Surface or XBox One!*

WHERE: October 27-31, 2013, MGM Grand, Las Vegas, Nevada

SHAREPOINT INTERSECTION 2013 is an entirely new type of event, and it’s the one event you won’t want to miss. Join the world’s top SharePoint experts, Microsoft’s own product team, and hundreds of peers representing IT, business, developer, and design communities as we intersect to solve business problems and to maximize the value of SharePoint for our organizations.  

TRAINING: SharePoint Intersection features more than 50 sessions presented by the best-known names in the industry.  As if that’s not enough, five full-day workshops dive deep into key challenges and workloads.

FOR ALL YOU’RE DOING: Training at SharePoint Intersection is not just “50 random sessions”. Instead, the event’s sessions have been carefully laid out to deliver end-to-end guidance and solutions across 11 scenarios or “workloads”

  • Developing Apps and Enterprise Solutions
  • Administering and Managing SharePoint
  • Upgrading and Migrating to SharePoint 2013
  • Strategy, Governance, Adoption, and the Business of SharePoint
  • SharePoint in Office 365, the Cloud and Hybrid Environments
  • Collaboration and Content Management: ECM, IM, RM and DM
  • Search with SharePoint
  • Workflow, Business Process Management and Automation
  • Insight, Business Intelligence and Data Visualization with SharePoint and SQL Server
  • Branding, Design, and User Experience
  • SharePoint Social and Yammer

FOR YOUR ENTIRE TEAM: Unlike other events, SharePoint Intersection’s content chairs—SharePoint MVPs Andrew Connell and Dan Holme—have assembled an event that addresses the needs of everyone who is involved with, touched by, and impacted by SharePoint. You’ll find best-of-class content, whether you are a

  • Developer
  • IT Pro
  • Business manager or platform owner
  • Business user
  • Designer

SUCCEED TOGETHER: When it comes to maximizing the business value of SharePoint, and delivering real business needs, it takes the entire team.  We must come together, as business, IT and developers, to solve our problems.  At SharePoint Intersection, each scenario or workload features a unique Intersection Session, in we bring together IT, business, developers and our SharePoint Experts to answer questions, tackle the most pressing issues, get on the same page, and to build a path to success. We’re confident that the open forum Q&A style of these Intersection sessions will be among the most valuable experiences you take away from SharePoint Intersection.

BEYOND SHAREPOINT: SharePoint Intersection is just one of the events that is part of DEV INTERSECTION.  And as a SharePoint Intersection attendee, you have full access to dozens of sessions across other Intersection events, covering SQL, ASP.NET, Visual Studio, Azure, and Open Source.

FREE SURFACE OR XBOX ONE*

*When you make the most of SharePoint Intersection by registering with a Show Package that includes one or more full-day workshops, you’ll receive your choice of an XBOX ONE or SURFACE RT! See the website for details.

Keeping up with cloud releases, Yammer vs. 365

Leave a reply

A colleague Brendon Ford , and Office 365 MVP I would add, pointed me at a great resource today for keeping up with what Yammer are up to in terms of new stuff coming down the line.

http://success.yammer.com/product/releases/

This gives a reasonable amount of detail on the things they are working on and at what stage they are at.  I say reasonable because they don’t give hard dates on when things will release, but they do give some detail on what is coming.

Here are some examples that specifically relate to Office 365.

Better search integration…

image

Could this be the single sign on we are all waiting for?  Maybe not, but it seems to be getting better…

image

Office web app integration in Yammer for viewing documents etc…

image

This is pretty cool insight into what’s coming.

The question I have is:

When are we going to get this level of visibility into the core Office 365 products? Exchange, Lync and SharePoint?

One of the big issues we face with customers in Office 365 is having zero visibility into when things change.  We are not alone, Jeremy has a good write up about some issues they have faced with APIs changed unexpectedly.

If I were at Microsoft still here is a sampling of things I would be pushing hard for:

  • Release and Update schedule.  Notes on exactly what is coming and when (per tenant).
  • Dev sandbox.  Ability to ask for a temporary test tenancy on a particular “version” of the service/product so that customers and partners can test their other systems that integrate with Office 365.
  • Postponement.  The ability to ask for a postponement of an update for up to 30 days. This would give customers/partners time to test and fix up any issues.
  • Open dialog with trusted advisors.  Microsoft was built on the back of strong partnerships.  Having a group of trusted advisors with a Bat Phone to someone who cares in engineering would go a long way. This group wouldn’t need to be big, but would be of good people who get it. People who want to help MS get better, not moan about it publically.

Some might say:

“Chris that is all great, but surely they should just get their cloud model to work and not break stuff randomly!”

Yeah that is great if you think you can reach Nirvana.  However, that is an impossible goal. Especially with something as complicated as Office 365 and all of its constituent parts.  Don’t let some chump from the valley with bubble gum SaaS product tell you otherwise 🙂

I think with some of the above changes proposed that things would get A LOT better really quickly.

-CJ

Subscriptions for Office and SharePoint apps arrive

Leave a reply

One of the biggest issues for developers they face today with various app eco-systems is how to build an on going revenue stream.  This is the problem mobile developers face and why many mobile marketplaces have introduced in app purchases.

In the business world this is even more of a problem. Typically the apps are a lot more complex and require big investment to build, maintain and improve over time. It is simply not possible to build a business model on a single one time payment when someone buys an app.

What app builders need is an on going revenue stream via a subscription model.  It has been by far and away the most asked for revenue feature in the Office/SharePoint store.

Starting today that is possible. Here is the announcement.

The long and short of it is app developers can submit or update their apps to use the subscription model.  As of writing the store doesn’t seem to be offering subscriptions, but i suspect its going live shortly.

Update:  It looks like the only subscription option will be per user per month. Not yearly or something like per tenant per month/year etc…

The implications of this are HUGE.  I have heard from many people who are just not interested in building apps unless they have subscriptions. To date only ISVs with decent size and resources have been able to work around this store limitation by building their own commerce model and do their commerce and licensing outside of the store (which is allowed).  Nintex recently launched Nintex Workflow for Office 365 which does this. Licensing is managed outside of the store and they manage the subscriptions etc… This is also handy because they can deal with much more complex subscription types such as pricing tiers etc…  Managing your own subscriptions is nice because you have full control, but with it comes the complexity of doing all the commerce etc… Also by doing the commerce outside of the store you are not giving MS the 30% cut from your app sales.

I am really interested to see what other ISVs now pull the trigger and start offering apps in the store now we have this capability.  I suspect the big ISVs wont be using the store commerce model anyway … but i would expect to see some smaller ISVs coming to the party soon. 

-CJ