.NET Developments


March 31, 2009  9:18 PM

Developing Windows 7 apps in managed code

Yuval Shavit Profile: YuvalShavit

Windows 7 has some great new UI improvements. I use it as my main (in fact, only) OS at home, and I downright miss it when I come to the office and muddle through on my XP laptop. I haven’t felt like this about a windowing system since I discovered virtual desktops on Linux and started yearning for them on Windows. (Ahem, Windows 8, I’m looking at you.)

There’s just one problem: many of the new features need application-level support to really shine, and the code samples in Microsoft’s beta Win7 SDK are mostly for unmanaged code. Microsoft has a “Windows Vista Bridge Project” that provides managed wrappers for unmanaged APIs, but it doesn’t include the Windows 7 APIs yet.

In short, learning how to use Windows 7’s newest features isn’t easy if you’re writing managed apps.

Come Microsoft to the rescue: the company has been putting out .NET interop libraries that provide just that wrapping. The libraries are unsupported, but developers itching to get a jump start on Windows 7 development should find them helpful. Microsoft’s Windows 7 technical evangelist Yochay Kiriaty highlighted some of these Windows 7 code samples on MSDN, along with copious links.

March 30, 2009  5:10 PM

Worst Microsoft product name

Yuval Shavit Profile: YuvalShavit

On a lighter note…

PC World published a fun little piece yesterday in which they listed the 10 worst product names ever to come from Redmond. There were some interesting picks, but they missed the first thing that came to my mind. This one’s not really Microsoft’s fault — they’re just using a popular acronym that happens to have been poorly thought out.  But still, I humbly submit as the 11th worst Microsoft product name ever: Microsoft Dynamics POS.

As in: “Hey Bob, did you get a chance to install that new POS from Microsoft yet?”


March 25, 2009  6:28 PM

How complex the cloud databases?

Yuval Shavit Profile: YuvalShavit

When Microsoft announced Azure at PDC last October, it was a bit late to the party. Pre-packaged cloud applications like Salesforce.com and Web-based email had been out for a while, but there were also more discrete, developer-centric tools and platforms.

One of the most well known cloud computing vendors is Amazon, which offers not just VMs but cloud-based storage and database services. Amazon’s SimpleDB uses XML to accept queries and spit back the result. There are also more integrated approaches. For instance, Salesforce.com lets developers write applications in its custom programming language Apex Code, which includes language constructs that hook into Salesforce.com’s database.

InfoWorld reviewed a few of these cloud-based databases in its examination of a new breed of simple, non-relational databases. Although the article didn’t look at Azure SQL Data Services (SDS) — they’re relational, and Azure isn’t even out yet — it did raise some questions that Microsoft shouldn’t ignore.
As InfoWorld sees it, the new breed of databases forego much of SQL’s data integrity patterns in favor of simpler query-response transactions. That may not be suitable for banks and other critical applications, but it’s just fine for many situations.

Since many of those non-critical applications are just the kind that companies might consider to try out Azure, Microsoft may be missing out on an opportunity by only providing full a full SQL database service in Azure. On the other hand, providing this sort of powerful service without a simpler database-ish offering could help drive home the message that Azure is intended for real, heavy, enterprise-level applications.

And of course, if programmers really want a simple, name-value, XML-based service, it won’t be hard to write one in Azure that uses SQL Data Services on the backend.


March 23, 2009  5:19 PM

MIX09 recap: plenty for developers, designers

Yuval Shavit Profile: YuvalShavit

It’s sometimes hard at a conference to see the forest for the trees. With two-hour keynotes and session after session, it’s not easy to keep perspective on what’s big and what’s ancillary. And so, now that I’m back in Boston and recovered from the redeye, here’s my take on last week.

Most of the action was concentrated on the first day of MIX09: the biggest highlights were two new features in Blend Expression 3, SuperPreview and SketchFlow — but Silverlight 3 and Web App Installer also raised some eyebrows. On the other hand, the official launch of Internet Explorer 8 on Thursday was a bit anticlimactic.

SuperPreview is Microsoft’s answer to a problem that has dogged Web developers for about as long as they’ve been around: browser incompatibilities. SuperPreview lets designers see how two browsers render a given page by viewing the comparisons side by side or overlaid. The tool can also send HTML to a server and get the rendered image back, letting designers compare browsers that aren’t installed on their computers. That’s useful for comparing different versions of Internet Explorer, for instance, or even seeing how IE on Windows compares to Safari on a Mac.

Selecting a component in one browser preview highlights that component in the other browser’s rendering, letting developers quickly hone in one problem areas. But for now, SuperPreview only shows developers where the inconsistencies are; it doesn’t tell them how to fix the problems.

You can download SuperPreview as a standalone from Microsoft.

SketchFlow, the other new feature in Expression Blend 3, lets designers quickly prototype UIs by defining a flowchart that describes an application’s screens. You can also assign behaviors to buttons that can change a screen’s state or transition to another screen, giving clients a good sense of an application’s flow without you having to write any code.

One nice touch in SketchFlow is that Microsoft has included a new “wiggly” theme for controls that makes them look hand-drawn. That should help cut down on clients that don’t understand the difference between a prototype and a finished product: SketchFlow prototypes look more like drawings on digital napkins than software applications. On the other hand, SketchFlow projects are full-fledged Expression Blend applications, so you can use them as a starting point when you’re ready to write the real program.

So far, SketchFlow is see-don’t-touch: Microsoft had plenty of demonstrations throughout the week, but the bits aren’t shipping yet.

I’ve already talked about Silverlight 3 and the Web App Installer in my coverage of the MIX09 keynote, but they’re worth a quick mention here. Silverlight 3 includes lots of eye candy as well some important tools for developers. For instance, you’ll be able to write one data validation method that will run on both the client and the server. Microsoft also complemented the new Silverlight preview with improvements to the IIS Media Pack, including DVR-type pausing and playback of live streams.

The Web App Installer is a quick and easy way to deploy Web applications to your server, including applications not built on ASP.NET. The installer takes care of dependencies, so installing WordPress will automatically download and install PHP on your Windows server, too.

If there was one disappointment last week, it was the unveiling of Internet Explorer 8 on Thursday. It’s not so much that IE 8 is a bad browser — although it still lacks the extensibility that FireFox’s extensions provide — but the browser has already been in beta for months. The most exciting feature for designers is IE 8’s Developer Tools, which we’ve already seen. The buzz seems to be giving IE 8 the Vista treatment: blogs are calling its launch a failure and arguing that it hasn’t brought enough to the table to quell Firefox’s steady gain on the market.


March 19, 2009  7:57 PM

Microsoft releases IE8; fixes and breaks standards compliance

Yuval Shavit Profile: YuvalShavit

LAS VEGAS — The final version of Internet Explorer 8 is out, and Microsoft spent today’s keynote showing off its full CSS 2.1 compliance, faster speeds and developer tools. But just as he finished talking about standards compliance, Microsoft IE general manager Dean Hachamovitch introduced a few new features that show just how hard real standards compliance are in the browser market.

First, the good news: IE8 is a major improvement over its predecessor. It’s faster, has plenty of handy features and comes with built-in developer tools. We covered IE8’s developer tools a few months ago, when it was still in beta; some of its new security features include recognizing malware sites and graying out all but the top level domain (TLD) in the URL bars, which will make it easier to notice phishing attacks. Chrome enthusiasts will be interested to learn that IE8 borrowed one of Chrome’s most compelling features: each tab is now a self-contained process, so a crash on one page won’t take down the whole browser.

The browser is also more compliant: Microsoft says it passes all of the 7201 tests it came up with and submitted to W3C, the body that sets Web standards.

But IE8 also has three new features called Slices, Accelerators and Visual Search. These enable sites to repackage themselves in interesting ways. For instances, IE8 sports a toolbar similar to the menu bar for Slices, which act as minature Web sites; clicking on one of these buttons shows its content, which can contain anything from news updates to an in-depth search field. It’s all very cool, and only IE8 supports it.

And that’s the kicker: Slices, Accelerators and Visual Search aren’t standards compliant, because IE8 is the only browser that supports them. Yes, they’re all based on standard XML; but that only takes you so far. That takes us to the real question: are the W3C’s standards the ones that count, or the de facto standards set by browsers?

The point of standards is to simplify development. HTML, CSS, JavaScript and the rest should be “write once, run anywhere,” to borrow Java’s infamous mantra. The best way to do that is to agree on the standards and then write software to match them: Microsoft has done that for CSS, but its unilateral introduction of Slices, Accelerators and Visual Search show that realpolitik is still very much alive in the browser wars.

My guess is that browsers will never be fully compliant, and that’s a good thing. If each browser were really compliant — if it rendered the standards perfectly and nothing else — there’d be very little room for experimentation and progress. Any competition between browsers would be solely on speed, security and stability. Those are all great goals, of course, but it’s also nice that browsers are looking for ways to push the envelope.

What’s important is that we go back every once in a while, see what’s worked, and standardize it before moving forward again. And that’s what Microsoft has done with IE8.


March 16, 2009  7:12 PM

Azure experiences first big loss of service, just in time for MIX09

Yuval Shavit Profile: YuvalShavit

When MIX09 starts on Wednesday, I expect we’ll be hearing a lot about Azure, the cloud computing OS and platform Microsoft announced at PDC late last year. But when the lunchtime chats turn to questions about reliability — and they always seem to — the naysayers will have another arrow in the quiver: Azure experienced its first big loss of service this weekend, according to The Register.

Of course, the question of trusting an outside party with your applications and data isn’t a problem unique to Microsoft: Salesforce.com and Google Apps face the same hurdles in enterprises. But I’m not sure how much of a consolation it is for any company to know that its whole industry, and not just it alone, is having a hard time.

Meanwhile, the recession may be taking its toll on Microsoft’s standard server market. A study from IDC found that companies are increasingly turning to Linux in an effort to save money. Many of those Linux servers will come at the expense of Unix rather than Windows, but the trend should still be a worrisome reminder that glitzy new Web 2.0 platforms are only going to go so far in this economy.

When Microsoft showed off VSTS 2010 at PDC, one of the first questions from the audience was about pricing. The developer said that while VSTS’s features looked great, the tools were just too expensive for his team. I wonder how many companies will come to the same conclusion when Microsoft urges them to rewrite their applications to work on Azure. Service blackouts won’t help Microsoft’s case.


March 4, 2009  3:29 PM

Oslo may not be vaporware, but is it significant?

Yuval Shavit Profile: YuvalShavit

This is the week of Oslo over at SearchWinDevelopment.com. On Monday, Microsoft released a new CTP of its Oslo data modeling project just as we were rolling out a tip on how Oslo fits in with .NET. Oslo development seems to be coming along, with demos and CTPs aplenty — but I still can’t help feeling there’s a lot of commotion about something that feels very much like a sideshow.

I had the chance to sit in on an Oslo session at a DevCon recently, and I must say, I was not incredibly impressed. At the core, it looks like the M programming language lets developers define their own, simple input grammar and compile it into a series of SQL calls. The end result is that you can take an arbitrarily-defined input file, feed it through your M program, and end up with a filled database.

So far, sounds like something a simple script could do, right?  And as far as I’ve seen, that’s all that Oslo really has to offer in terms of concrete functionality.

And while M is just one component of Oslo, it’s probably the most significant one, if the demos we’ve seen are any indication. Quadrant, Oslo’s GUI modeling tool, isn’t in CTP yet, and we’ve heard precious little about how the whole package will eventually form the foundation of SOA applications.

Granted, there’s some benefit to being able to define input grammars at a high level. But tools like lex/yacc have given programmers this ability for decades. M is less generalized and simpler than lex/yacc, but if Oslo is — as it appears to be so far — essentially a set of user-friendly tools that combine high-level grammar definitions with SQL output functionality and a nice GUI front end, is that enough to justify the hype? From what we’ve seen so far, Oslo could well be useful in its own right. But I don’t consider that groundbreaking enough to call it a brand new modeling platform, let alone the backbone to a 10-year SOA strategy.

Microsoft is very careful to point out that Oslo is in pre-alpha; they’re just giving us a glimpse whlie they work out the tools.  But with the various books, conference sessions and interviews they’ve been giving, we should expect a bit more than something to replace simple parsing scripts.


February 20, 2009  8:21 PM

MonoDevelop beta ups the ante for .NET development on Linux

Yuval Shavit Profile: YuvalShavit

It’s been a busy couple of weeks for Mono, the Novell-backed project that’s developing a port of .NET for Linux/Unix OSs. Last week saw the release of Moonlight 1.0, a Linux port of Silverlight 1.0 that has passed all of Microsoft’s regression tests. This week, the group released the first beta of MonoDevelop 2.0, its C# IDE for Linux.

For all its recent talk about interoperability, Microsoft has focused fairly exclusively on Windows as it’s built out its development platforms. Visual Studio is a Windows-only product, despite rumors to the contrary, as is Silverlight. (We should note that Microsoft has helped the Mono group, both with the development of Moonlight and with Mono, the open source implementation of the .NET runtime.)

Of course, interoperability isn’t easy or clean. As I noted on the blog for our sister site SearchSOA, even the communications protocols can raise challenges as you start talking between Linux and Windows computers.

But a truly interoperable world, where Linux and Windows servers work side by side harmoniously and cohesively, won’t be possible until programmers can unify their development efforts across platforms. That’s where MonoDevelop fits in.

The new beta introduces some much-needed basics, like a built-in debugger, but it’s also improving its ASP.NET support. The IDE is also more compatible with Visual Studio; for instance, it now uses msbuild-style project files.

Projects like MonoDevelop will be crucial if companies want to really mix and match Linux with Windows, but that’s a big “if.” For now, as far as I know, the vast majority of .NET development isn’t on Linux, and the vast majority of Linux development doesn’t use .NET. As laudable as Mono’s goals are in trying to tear down that wall, I have to wonder how much demand there is for that level of interop in the mainstream.


February 6, 2009  9:59 PM

Microsoft addresses Windows 7 security hole — partially

Yuval Shavit Profile: YuvalShavit

Microsoft has announced that it will be fixing a UAC security flaw in Windows 7, but the new system still leaves open one of the biggest security holes: people.

A few days ago, I mentioned that Microsoft was getting some flak for a security flaw in Windows 7’s implementation of UAC. In an effort to cut down on superfluous prompts, the default in Windows 7 is to not warn users about changes to system settings. The problem is that UAC’s settings are system settings, so a crafty hacker could silently silence UAC. The hacker’s code can now elevate to Administrator privileges without warning, thus defeating the whole point of UAC.

Microsoft’s initial attitude was that this is how things should work, much to the consternation of many developers. Yesterday, the company relented; UAC settings will now be a special case that always requires user approval in the form of that dreaded UAC prompt.

That’s all fine and good, but it doesn’t address social engineering, which is still one of the biggest problems facing desktop applications. The MSDN blog entry addresses this without quite emphasizing it:

We have also heard of security concerns that involve multiple steps to demonstrate a potential exploit. It is important to look at the first step—if the first step is “first get code running on the machine” then nothing after that is material, whether it is changing settings or anything else.  We will treat very seriously the ability to get code on a machine and run without consent.

The problem is that users tend to consent to everything. It’s a well-known phenomenon, and even most power users tend to power through confirmation prompts with just a cursory glance. Having used Vista and Windows 7 as my primary OSs, I can say that the UAC prompts are not all that helpful —they tell you that something needs Administrator privs, but that’s a very broad statement. Click “yes” for enough installers, and you may not notice when UAC actually catches something.

Perhaps what’s needed is a two-tier UAC prompt that distinguishes between commonly-used privileges and rarer or more critical ones. Most actions will get the basic prompt, which would look much the same as today’s UAC, but the higher-importance prompts would warn users that unless they really know what they’re doing, “no” is probably the safer bet.

In other words, don’t just give the dry facts: help people interpret them. The Achilles heel of most prompts is that users don’t know what to do with them. A two-tier system would solve this by telling users, “it’s probably safe to confirm if you trust this vendor” or, “if you don’t really know what this means, we suggest denying the request.”


February 6, 2009  7:05 PM

.NET Developments has moved!

Yuval Shavit Profile: YuvalShavit

We interrupt our regularly schedule blog for this public service announcement: the blog has moved to this new location on IT Knowledge Exchange. If you’re coming from our old site at SearchWinDevelopment.com, welcome! Here are some nifty new features:

  • Tag Cloud: If you’re an avid blog reader, you probably already know how this works. MSDN blogs have it, for instance. All of the tags used in this blog are now listed alphabetically (instead of in a hierarchy), with the text of each tag sized to reflect how many posts are under it. The bigger the text, the more blog posts have been tagged with it. This should help you get a better sense of the blog’s gist.
  • Editorial Content: We’re integrating our editorial content into the layout. If you’re reading a post and want to learn more, check out the links in the right sidebar.
  • Sharing is Caring: And we want you to care. We now have 43 bookmarking tools (up from ((int)4.3)). Wondering if our servers can survive the slashdot effect? There’s just one way to find out.
  • Blogging Community: Near the top of the page, you’ll see a row of tabs. One of them, IT Blogs, will take you to dozens of tech blogs written by TechTarget staff as well as users like you. You can even start your own!
  • Tech Forums: Another one of those tabs leads to our IT Answers forum, where you can ask or answer IT questions. There’s lots of development topics, and the forum itself has a nice discussion-plus-wiki format.

I hope you like the new digs!


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: