Painless OAuth @claylo #w2e

Painless OAuth: Adopting OAuth without the night sweats

Clay Loveless – @claylo

There really is no painless way to get OAuth done but is part of security

The clarity of OAuth as a choice
It isn't as clear as it may have been several months ago

The need to support the OAuth standar is a reality today
Is it really a standard? Which version? Twitter and FB are using a modified version

The greater the need for a standard approach to delegating authenticated interactions
Perhaps it isn't such a good idea

API Providers -> OAuth Creators -> Developers (cycle)
Too many players in the spec, providers push off standards to the spec, Devs see OAuth creating more problems than it solves
Small group of people that are happy
Huge group that don't care (FB, Twitter, Amazon, Flickr)

Is one standard the best way to approach the problem?
Perhaps the concept of OAuth as a final destination needs to end

What's the next step?
XAuth is limited access protocol but requires an approval process swaps out the u/p for tokens
It adds a layer of security or at least a review process to help prevent exploits
Think for "ourselves" and review the pros/cons of what is offered
The problem OAuth is trying to solve isn't much of a problem any longer

What are the alternatives to OAuth?
XAuth is interesting because it provides some vetting to the process.
The Netflix example uses an added layer of security. It isn't as easy but works.

Is OAuth a bad design or execution?
There might be some parts of the spec that work but would like to see it switch from a standard to a series of patterns. Best practices would be great for mobile, web apps, etc.

What about OpenID? 
It is too hard and most users don't have a clue what it is. It suffers from the same challenges and companies are walking away from it.

Is Single Sign-on a worthy problem to chase?
It is for the companies that are chasing it. There are workflow challenges to their solutions. There will be changes in those organizations over time too.

The Future of Geolocation Beyond the Social Sphere #w2e

The Future of Geolocation Beyond the Social Sphere

Chris Hulls

The Geolocation industry is fundamentally unbalanced
Social – more competitors, smaller market
Utilities – less competitors, bigger market

Why the imbalance?
Adoption cycle – Rogers theory of a adoption, challenges to adoption in the market and the technology
Faces of the herd – Geek, Hipsters, Business 

Runkeeper – 3million runners
CardStar – grocery store loyalty
Uber – Car on demand
Life360 – Safety device
Grinder – hookup app

3 Big Trends for 2011
better accuracy and longer battery life
reliably background tracking and geofencing
mainstream consumer awareness

In a few years
Transceiver power consumption decrease 90%
Air sensors
Augmented reality and GPS
NFC will be a reality
Implant chips

API's will be in everything – OnStar and open platform(?)

Delivering a better user experience every four weeks @camerondgray #w2e

Delivering a better user experience every four weeks

Cameron Gray – @camerondgray

Presentation (on

Agile Development is a response to Waterfall
Designers are removed from the customer in Waterfall, not psychic, design gets stale, design gets compromised

Agile is a conversation between design, dev and customers
Design can be tweaked throughout

You can't half-ass UX
Building the team around UX keeps it focusd
The complete experience is evaluated
UX involves many players
User lead design isn't viable, must be evaluated
Bad UX is a defect
External transparency are important

You can't half-ass Agile
Scrum which is a team based approach
At MF there are three teams with 20 devs worldwide four week sprint
In general keep the time but set a proper goal for your team
User stories define the work
Definition of done should evolve and review at each sprint
Retrospective after a sprint to evaluate how things went
Demo let's the team show off their work
Size should be small, 6-8
Internal transparency is important to show off new work company wide

Going full ass
Committed to incremental improvement
Constant dialog with customers to evaluate the experience that was promised
Design are able to evaluate
Planning poker helps bring dev/design together
Hallway usability test gets feedback from others as things evolve
Get something infront of customers at the end of each sprint

Agile will not 
make bad design good
make bad people better
improve communication
improve customer relationships
make stakeholders buy in
work for 'monolithic' projects
work well with contractors
improve consensus with the team
does not solve roadmap and design strategy
hangovers where projects are too big for the sprint
reduce polish, it can always be added later

Creating Mobile Apps Based on Behavioral Patterns and Specialized Platforms #w2e

Creating Mobile Apps Based on Behavioral Patterns and Specialized Platforms

Aaron Patzer

Mint was just a web app to begin with.
50% of Mint users are mobile and 20% are only mobile.
Web login 5 times a month, mobile is 2-3x higher

Web-app usage by task
1. Overview
2. Transactions
3. Add/Edit accounts

First app was designed for "on the go" information
Read only view

Version 2
People wanted more security features.
Edit transactions

Version 3
Web was no longer needed (signup, edit, adjust)
Application is separate

Version 4 What can mobile do that web can't?
Spending Trends
Add/Edit budget
Purchase alerts at POS
Sensors = OCR Receipts + Deposit

Tripled team size in the last 6 months. 10-12 now with 5-6 open positions.

High Performance Mobile @souders #w2e

High Performance Mobile

Steve Souders – @souders

Market trends point to super-fast growth, companies are touting speed to consumers and people are tired of slow mobile experiences. 

Why is mobile so slow? Zero visibility. It is very difficult to see what is happening on mobile. 
– Blaze: is a similar to to get a view into iPhone and Android
– Pcapperf: monitors TCP traffic and converts it into a better view
– Jdrop: JSON in the cloud. Bookmarklets allow you to analyze content.

– Speed matters
– WPO 
– Faster Mobile
– Visibility into mobile

HTTP Archive is storing the content of how the web is and was built.
This is pretty cool and will hopefully be a way to help companies get on the WPO train.

Browser Wars #w2e

Browser Wars

Dion Almaer
Ben Galbraith
Rob Mauceri – Microsoft
Douglas Crockford – Yahoo
Brendan Eich – Mozilla
Alex Russell – Google

What is significant about the most recent releases?
RM: HTML 5 is really exciting. Really wanted to unlock the hardware capabilities for the browser. 
AR: Excited to get better access to the hardware too and making the experience the best it can be.
BE: The standards need to be better suited to pull it together.
DC: Would love to remove IE6, 7, 8. Insecurity needs to be removed.

What can FIrefox users expect with quick release cycle? What is the world going to look like?
BE: We are trying to keep the features in the dev cycle and if a feature doesn't make one release it will move to the next release. Security is a never ending issue that must be addressed. Get regularity and continuous updates.
RM: Devs want a reliable, stable and capable platform they can develop on over time. Not sure that continual releases is going to work. Delivered a preview that didn't include a browser. We saw much better feedback moving forward.
AR: How long do you have to live with the old thing? We end up updating high uptake rates. Hell is old version and that is something we can do something about. 

What do you think about the W3C model of talking about HTML 5?
BE: Seems silly to market this version number. We believe in graceful degradation. 
DC: W3C is not equipped to handle the standards and should be abolished.
AR: The web is bigger than closed platforms and there will always be versions.
RM: I think the organization does some really good things. Not just defining a spec but the process and tools to evaluate the spec.
BE: There are some things are hidden. There is a lack of transparency.
AR: There is some contention on how things are integrated into the spec and standard.

How are developers going to cope with the complexity of the web when apps can be built in a sandbox?
AR: Any app platform will have other variables so it isn't necessarily easier, especially as they grow larger. If you want scale/reach you'll have to deal with weirdness. 
BE: There is a cost as well as a benefit. With Apple you can only do what they want you to do. There are tools that can help reduce the cost of development. 
DC: The web will never be as up-to-date as proprietary platforms. The web has some advantage which has been sufficient to hold off the challenges. Can the web keep reach and openness. 
RM: We have a responsibility to implement standards in the same way. 

Can you provide an update with Javascript?
BE: Looking at CoffeeScript. Looking at how you can load in the browser as a module too. These languages are not for everyone so JS needs to improve. 
DC: ES 5 Strict mode is big for us.
AR: Proxies and binary data. 

Can you followup on getting IE6 off the web?
RM: The Windows license update is only required
DC: IE6 is still a problem. More users access Yahoo than Chrome, Opera and Safari combined.
AR: The feature to use Chrome frame is not out yet. Requires admin rights to install. More concerned with IE8. 
BE: Tried a social thing to convert friends. IT is coming around to allow modern browsers to be installed. 
AR: There still isn't a way to convert people that don't know there is a choice.

Can you comment on jQuery libraries?
DC: Libraries help ease the pain.
BE: Still dependent on the core features. 
AR: Libraries are somewhat limited. Browsers should evolve over time. Hopefully a reduction in use of JS.
DC: The DOM API is hard to work with but JS makes it easier.

What the future of web video?
DC: Hopefully free will win. But there are content holders trying to make it difficult. 
AR: Codec and DRM are different. WebM we want to be a free and open codec.
BE: DRM is like fonts were for a long time. Fully on board with open video. We think identities are the right proxy for DRM.
RM: With HTML 5 we want it to work for users. 

What is the role of extensions moving forward?
RM: IE9 will be support pinning which feels like a native application. Can use bookmarklets. 
AR: Don't think they are afterthoughts. Will continue to introduce new features.

What's it going to take to ship with the WebM codec?
RM: The promise and legal implications are for the codec. 

Punctuated Equilibrium, Celestial Navigation and API’s @sramji @daniel_jacobson @michaelhart #w2e

Punctuated Equilibrium, Celestial Navigation and API's

Sam Ramji – @sramji
Dan Jacobson – @daniel_jacobson
Netflix (fmr. NPR)
Michael Hart – @michaelhart

<presentation here>

It is impossible to capture a Sam Ramji presentation in notes. The idea starts with evolution is not slow and gradual but precipitated by sudden change. Driving the change in the web points to Hardt's Theorem: The Internet Power Law. Suggesting 99:1 where 99% of the profits are being eaten by 1% of the companies. The concept of "Open API's" is going to vary by 1st party, Platform and Partner API's.

A 1st party access refers to allowing direct access to core business functions. (internal)

Partner is about enabling directed development of apps that extend your business model towards your business partners. (internal and approved vendors)

Platform is about enabling unknown developers to build brand new apps and business that will surprise and inform you. (external devs)

Navigational Aid
1. Establish Target Segments 
The core business already has KPI's. You have to tie the API's to the KPI's.
What is the market impact we need to create in order to succeed as a business?
What is the target segment need that we can get to today?
App sales
2. Engage Developer Channel
In-app purchases, affiliate loyalty, Ad spend, Market awareness of their offering
3. Set Industry Goal
traceable, end-to-end business processes, platform is different (scale, unexpected change)

Dan Jacobson provides some great details and practical knowledge of the API models used at Netflix.

Michael Hart talked about the cost/benefit of sharing data.
Optimize the delivery strategy, fewer queries.
Liberal retention policies. 
Push incremental updates.
Limited access to richer queries.
Two tools: OData and Freebase
Challenge to construct effective limits.
What data API's should your business be using?
FB, Foursquare, etc what you can consume