Category Archives: .net

.net, microsoft, professional

ASP.NET Padding Oracle fix released, time to patch for Windows administrators

Scott Guthrie’s blog reports that a fix is now available for the Padding Oracle attack, which enables successful attackers to break the security of ASP.NET applications. There are a few points of interest.

First, there is not one patch but several, and which ones you need depend both on the version of Windows and the version of .NET. Multiple versions of .NET may be installed on a single server.

Second, the exploit is rated “important” in Microsoft security-speak, rather than “critical”. This is apparently because in itself the vulnerability merely discloses information. However, Microsoft is treating it with a high priority because the vulnerability is likely to reveal information that would let the attacker go to to more sever actions such as taking over a server. Confusing, but to my mind it is as critical as they come.

Third, Guthrie’s blog notes:

We’d like to thank Juliano Rizzo and Thai Duong, who discovered that their previous research worked against ASP.NET, for not releasing their POET tool publicly before our update was ready.

The implication is that the POET tool may be publicly available soon – so if you are responsible for an affected machine, get patching! In fact, in the webcast on the subject Microsoft stated that “The potential for exploit is very high during the next 30 days.”

Fourth, the update works by “additionally signing all data that is encrypted by ASP.NET.”

Update: Marc Brooks has investigated and it looks like there is a bit more to it than that.

Finally, the update will be included in Windows Update but not immediately. Your choice is whether to risk a hack in the period before the automatic update appears, or endure the hassle of the manual downloads. Microsoft advises to do it as soon as possible for servers on the public internet.

I am not sure what percentage of systems are likely to be patched soon, but I’d guess that plenty of vulnerable systems will remain online and that we have not heard the last of this bug.

.net, adobe, flash, iphone, java, microsoft, mobile, software development, visual studio, web authoring

Latest job stats on technology adoption – Flash, Silverlight, iPhone, Android, C#, Java

13 Comments

It is all very well expressing opinions on which technologies are hot and which are struggling, but what is happening in the real world? It is hard to get an accurate picture – surveys tend to have sampling biases of one kind or another, and vendors rarely release sales figures. I’ve never been happy with the TIOBE approach, counting mentions on the Internet; it is a measure of what is discussed, not what is used.

Another approach is to look at job vacancies. This is not ideal either; the number of vacancies might not be proportionate to the numbers in work, keyword searches are arbitrary and can include false positives and omit relevant ads that happen not to mention the keywords. Still, it is a real-world metric and worth inspecting along with the others. The following table shows figures as of today at indeed.com (for the US) and itjobswatch (for the UK), both of which make it easy to get stats.

Update – for the UK I’ve added both permanent and contract jobs from itjobswatch. I’ve also added C, C++, Python and F#, (which hardly registers). For C I searched Indeed.com for “C programming”.

  Indeed.com (US) itjobswatch (UK permanent) itjobswatch (UK contract)
Java 97,890 17,844 6,919
Flash 52,616 2,288 723
C++ 48,816 8,440 2470
C# 46,708 18,345 5.674
Visual Basic 35,412 3,332 1,061
C 27,195 7,225 3,137
ASP.NET 25,613 10,353 2,628
Python 17,256 1,970 520
Ruby 9,757 968 157
iPhone 7,067 783 335
Silverlight 5,026 2,162 524
Android 4,755 585 164
WPF 4,441 3,088 857
Adobe Flex 2,920 1,143 579
Azure 892 76 5
F# 36 66 1

A few quick comments. First, don’t take the figures too seriously – it’s a quick snapshot of a couple of job sites and there could be all sorts of reasons why the figures are skewed.

Second, there are some surprising differences between the two sites in some cases, particularly for Flash – this may be because indeed.com covers design jobs but itjobswatch not really. The difference for Ruby surprises me, but it is a common word and may be over-stated at Indeed.com.

Third, I noticed that of 892 Azure jobs at Indeed.com, 442 of the vacancies are in Redmond.

Fourth, I struggled to search for Flex at Indeed.com. A search for Flex on its own pulls in plenty of jobs that have nothing to do with Adobe, while narrowing with a second word understates the figure.

The language stats probably mean more than the technology stats. There are plenty of ads that mention C# but don’t regard it as necessary to state “ASP.NET” or “WPF” – but that C# code must be running somewhere.

Conclusions? Well, Java is not dead. Silverlight is not unseating Flash, though it is on the map. iPhone and Android have come from nowhere to become significant platforms, especially in the USA. Beyond that I’m not sure, though I’ll aim to repeat the exercise in six months and see how it changes.

If you have better stats, let me know or comment below.

.net, adobe, microsoft, professional, silverlight, software development, web authoring

Microsoft’s Scott Guthrie: We have 200+ engineers working on Silverlight and WPF

6 Comments

Microsoft is countering rumours that WPF (Windows Presentation Foundation) or Silverlight, a cross-platform browser plug-in based on the same XAML markup language and .NET programming combination as WPF, are under any sort of threat from HTML 5.0.

We have 200+ engineers right now working on upcoming releases of SL and WPF – which is a heck of a lot.

says Corporate VP .NET Developer Platform Scott Guthrie in a Twitter post. Other comments include this one:

We are investing heavily in Silverlight and WPF

and this one:

We just shipped Silverlight for Windows Phone 7 last week, and WPF Ribbon about 30 days ago: http://bit.ly/aB6e6X

In addition, Microsoft has been showing off IIS Media Services 4.0 at the International Broadcasting Conference, which uses Silverlight as the multimedia client:

Key new features include sub-two-second low-latency streaming, transmuxing between H.264 file formats and integrated transcoding through Microsoft Expression Encoder 4. Microsoft will also show technology demonstrations of Silverlight Enhanced Movies, surround sound in Silverlight and live 3-D 1080p Internet broadcasting using IIS Smooth Streaming and Silverlight technologies.

No problem then? Well, Silverlight is great work from Microsoft, powerful, flexible, and surprisingly small and lightweight for what it can do. Combined with ASP.NET or Windows Azure it forms part of an excellent cloud-to-client .NET platform. Rumours of internal wrangling aside, the biggest issue is that Microsoft seems reluctant to grasp its cross-platform potential, leaving it as a Windows and desktop Mac solution just at the time when iPhone, iPad and Android devices are exploding in popularity. 

I will be interested to see if Microsoft announces Silverlight for Android this autumn, and if it does, how long it will take to deliver. The company could also give more visibility to its work on Silverlight for Symbian – maybe this will come more into the spotlight following the appointment of Stephen Elop, formerly of Microsoft, as Nokia CEO.

Apple is another matter. A neat solution I’ve seen proposed a few times is to create a Silverlight-to-JavaScript compiler along the lines of GWT (Google Web Toolkit) which converts Java to JavaScript. Of course it would also need to convert XAML layout to SVG. Incidentally, this could also be an interesting option for Adobe Flash applications.

As for WPF, I would be surprised if Microsoft is giving it anything like the attention being devoted to Silverlight, unless the Windows team has decided to embrace it within the OS itself. That said, WPF is already a mature framework. WPF will not go away, but I can readily believe that its future progress will be slow.

.net, microsoft, silverlight, software development, visual studio

More on Microsoft’s difficult choices: WPF, Silverlight, HTML 5

8 Comments

Earlier today I posted a story speculating about the future direction of Microsoft’s development platform, which has proved controversial and to some extent has been misunderstood. Although it is speculative, the issues are important since developers want to target platforms with a strong future. Here’s another take on why Microsoft, whichever way it decides to go, faces some difficult choices.

First, let me be clear: I don’t see Microsoft abandoning Windows Presentation Foundation let alone Silverlight. Microsoft has an good track record when it comes to continuing support for its technologies, better than competing platforms. Visual Basic 6 applications mostly still run today on Windows 7, perhaps with a few issues caused by User Account Control for which there are workarounds. Whatever you target, there is an excellent chance Microsoft will continue to support it long into the future. The main exception I can think of is Windows Mobile, which is incompatible with the new Windows Phone 7 series, but given the challenges Microsoft faces in mobile you can understand the decision.

Nor is there any chance of Microsoft reviving old frameworks. There will not be a return to Windows Forms. WPF is a better GUI framework in every way, other than performance on older systems – though note that Windows Forms applications still run fine today, and I imagine will run fine on Windows 8 and probably 9 as well.

The real question is not about support, but future investment. Microsoft has finite resources. It is in overdrive right now on Internet Explorer, on Silverlight, on Windows Phone 7, and on Azure, for example. There will be other products and technologies that receive less attention, because someone has decided they are not strategic.

It also seems to me that Microsoft’s server and cloud story is less conflicted. From the developer’s perspective it is thoroughly .NET based, and you can be confident that technologies like C#, IIS, ASP.NET, SQL Server, Exchange and SharePoint will be around for the foreseeable future.

With that out of the way, a few further comments.

Windows Presentation Foundation

The history of WPF goes back to the early days of Windows Vista, then called Longhorn. WPF was one of the the “three pillars”, Avalon, where the others were Indigo (WCF) and WinFS. Avalon was the future of the Windows GUI API, based on .NET code and XAML layout.

If Longhorn has proceeded as planned, WPF would be the loose equivalent of Cocoa on Apple’s OS X, the standard way to code Windows GUI applications. Unfortunately, in 2004, Microsoft discovered that Longhorn was heading for disaster. The project was reset, delaying release and resulting in Vista being both late and rushed. The reset project included Avalon as a supported framework, but made it incidental to the workings of Windows itself. The Windows team, in other words, lost faith in Avalon and reverted to native code with a dash of DirectX.

Windows 7 is more of the same. WPF is there but it is not at the heart of the OS. Developers are encouraged to use it for their own apps, but the Windows team is focused on native code.

When Visual Studio 2010 was released, with a shell built in WPF, Microsoft made some noise about how it showed its commitment to the framework. It was also noted that the Visual Studio team had worked with the WPF team to fix some issues. However, there is little sign of WPF changing its role as a layer in Windows primarily to support custom applications, rather than being used for the shell of Windows itself.

The question now: how much should Microsoft invest in future WPF development? It is not essential for Windows itself. Nor it is compelling for developers wanting to take advantage of the cloud model and support diverse clients. Frankly it does not look strategic unless it becomes the Windows shell API; and you could understand Microsoft having a “once bitten twice shy” attitude to that possibility.

I find it plausible that Microsoft would throttle back on WPF development.

Silverlight

Silverlight by contrast is strategic. Silverlight is a framework that runs in the browser, out of browser, and on Windows Phone 7. It is lightweight and cloud-oriented, and it runs .NET code, ticking lots of boxes for developers moving on from Windows desktop applications. It is also designer-friendly, with rich graphics and multimedia support. There are still a few gaps – printing is crude, for example – but it makes more sense for Microsoft to invest in Silverlight than WPF. It is significant that the new LightSwitch tool for rapid development of database apps targets Silverlight, not WPF, and not ASP.NET (except on the server). Silverlight is also the application platform for Windows Phone 7.

Then again, Silverlight is WPF. It was originally WPF/Everywhere, and uses the same XAML language for layout.

I will be surprised if Microsoft back-pedals on Silverlight. Nevertheless, I can also understand this being a matter of debate. Despite Microsoft’s efforts to distinguish them, there is considerable overlap between what Silverlight does, and what HTML 5 in IE9 does, especially when in the browser. There is also the Apple problem: HTML applications will run on iPhone and iPad, but Silverlight will not. What if Microsoft focused on the new IE engine instead of Silverlight, supporting it properly in Visual Studio, and providing ways for developers to create out-of-browser apps that run with full trust and have access to local system APIs? This would be along the same lines as the Palm WebOS and Google’s Chrome OS.

Put another way, does it make sense for Microsoft to invest equally in HTML 5 and Silverlight, when possibly IE 9 could be the basis of a unifying technology, a subset of which would work on any modern browser on any client?

It seems to me that Microsoft will have to invest in tooling for HTML 5 clients in some forthcoming edition of Visual Studio, and that this will be a selling point for its cloud platform, while possibly undermining the role of Silverlight.

There is also a continuing case for Silverlight, both because of the inherent advantages of a plug-in – consistency of client platform as well as features that HTML 5 lacks – and because it supports .NET. The .NET languages (Mono aside) tie developers to Visual Studio and to Microsoft’s platform. Visual Studio combined with .NET is a formidable tool for both client and server and a key advantage for the platform.

Watch this space.

.net, microsoft, silverlight, software development

Microsoft wrestles with HTML5 vs Silverlight futures

24 Comments

Former Microsoft Silverlight Product Manager Scott Barnes has posted a series of tweets following a visit to Microsoft:

So.. after a week in Microsoft HQ etc.. i have a lot of inside info that just basically puts into question the future of #Silverlight #wpf

he remarks, and then:

Right now there’s a faction war inside Microsoft over HTML5 vs Silverlight. oh and WPF is dead.. i mean..it kind of was..but now.. funeral.

Barnes positions it as a fight between Windows/IE9 backing HTML5, and the developer division backing Silverlight. He also suggests that Microsoft is contemplating a classic “Embrace and extend” strategy for HTML:

HTML5 is the replacement for WPF.. IE team want to fork the HTML5 spec by bolting on custom windows APi’s via JS/HTML5

He says further that Microsoft has “shut down the designer story” – I am not sure what that implies, though I can imagine that a lot of money has been sunk into the Expression tools without drawing significant market share from Adobe’s Creative Suite.

Barnes is a straight-talking guy but clearly this is all speculation. Nevertheless it is obvious that, on the eve of launching IE9 beta with its fast JavaScript engine, hardware accelerated graphics, and pixel-precise bitmap drawing, Microsoft has a tricky job positioning HTML5 vs Silverlight. For that matter, even positioning Silverlight vs desktop Windows Presentation Foundation is not easy.

Since we are also on the eve of launch for Windows Phone 7, which Microsoft has flagged as a strategic product and which uses Silverlight as its app platform, it seems unlikely that the technology will be sidelined; but rumours of internal divisions on the subject do not surprise me.

.net, professional, silverlight, software development, visual studio, web authoring

Decompiling Silverlight

1 Comment

A Silverlight application is a .NET application. Most developers will be aware of this; but it is worth noting that whereas ASP.NET code executes on the server and is not normally available for download, Silverlight code is downloaded to the client and can easily be decompiled. It is almost as easy to view as JavaScript code in the browser.

If you want to investigate this, the first thing to do is to find the .xap file which contains the Silverlight application. You will likely find this in your browser cache, or you can download it directly from the web site hosting the application. If you have out-of-browser Silverlight apps, they are usually located at:

C:\Users\[username]\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser

Copy the .xap file somewhere convenient, and rename it to have a .zip extension. Then extract the files. The result looks something like this:

image

Next, you need a .NET decompiler such as Redgate .NET Reflector. Run Reflector and open a .dll file containing application code. Select a method, and Reflector does its best to show you the code. It does a good job too:

image

The purpose of this post is not to encourage decompiling other people’s code, but rather to make the point that even though Silverlight code is “compiled”, it is trivial to read it – just in case anyone thought it was a bright idea to store passwords or other authentication secrets there.

The solution is to never to put anything security-critical in client-side code. Second, you can use an obsfuscator such as dotfuscator to make the decompiled code harder to read.

.net, adobe, development, flash, internet, microsoft, professional, silverlight, software development, visual studio, web authoring, windows, windows 7

Silverlight versus HTML, Flash – Microsoft defends its role

2 Comments

Microsoft’s Brad Becker, Director of Product Management for Developer Platforms, has defended the role of Silverlight in the HTML 5 era. Arguing that it is natural for HTML to acquire some of the features previously provided by plug-ins – “because some of these features are so pervasive on the web that they are seen by users as fundamentally expected capabilities” – he goes on to identify three areas where Silverlight remains necessary. These are “premium” multimedia which merges video with application elements such as conferencing, picture in picture, DRM, analytics; consumers apps and games; and finally business/enterprise apps.

It is the last of these which interests me most. Becker’s statements come soon after the preview of Visual Studio LightSwitch, which is solely designed for data-driven business applications. Taking the two together, and bearing in mind that apps may run on the desktop as well as in browser, Silverlight is now encroaching on the territory which used to belong to Windows applications. With LightSwitch in particular, Microsoft is encouraging developers who might previously have built an app in Access or Visual Basic to consider Silverlight instead.

Why? Isn’t Microsoft better off if developers stick to Windows-only applications?

In one sense it is, as it gets the Windows lock-in – and yes, this is effective. I’m aware of businesses who are tied to Windows because of apps that they use, who might otherwise consider Macs for all or some of their business desktops. On the other hand, even Microsoft can see the direction in which we are travelling – cloud, mobile, diverse clients – and that Silverlight fits better with this model than Windows-only desktop clients.

Another consideration is that setup and deployment issues remain a pain-point for Windows apps. One issue is when it goes wrong, and Windows requires skilled surgery to get some app installed and working. Another issue is the constant energy drain of getting new computers and having to provision them with the apps you need. Microsoft has improved this no end for larger organisations, with standard system images and centralised application deployment, but Silverlight is still a welcome simplification; provided that the runtime is installed, it is pretty much the web model – just navigate to the URL and the app is there, right-click if you want to run on the desktop.

If Microsoft can also establish Windows Phone 7, which uses Silverlight as the runtime for custom apps, the platform then extends to mobile as well as desktop and browser.

The downside is that Silverlight apps have fewer capabilities than native Windows apps. Printing is tricky, for example, though Becker refers to “Virtualized printing” and I am not sure what exactly he means. He also highlights COM automation and group policy management, features that only work on Windows and which undermine Silverlight’s cross-platform promise. That said, via COM automation Silverlight has full access to the local machine giving developers a way of overcoming any limitations if they are willing to abandon cross-platform and browser-hosted deployment.

A winning strategy? Well, at least it is one that makes sense in the cloud era. On the other hand, Microsoft faces substantial difficulties in establishing Silverlight as a mainstream development platform. One is that Adobe was there first with Flash, which has a more widely deployed runtime, works on Android and soon other mobile devices, and is supported by the advanced design tools in Creative Suite. Another is the Apple factor, the popular iPhone and iPad devices which are a spear through the heart of cross-platform runtimes like Silverlight and Flash.

Finally, even within the Microsoft development community Silverlight is a hard sell for many developers. Some us recall how hard the company had to work to persuade Visual Basic 6 developers to move to .NET. The reason was not just stubborn individuals who dislike change – though there was certainly some of that – but also existing investment in code that could not easily be migrated. Both factors also apply to Silverlight. Further, it is a constrained platform, which means developers have to live with certain limitations. It is also managed code only, whereas some of the best developers for both desktop and mobile apps work in C/C++.

I suspect there is division even within Microsoft with regard to Silverlight. Clearly it has wide support and is considered a strategic area of development. At the same time, it is not helpful to the Windows team who will want to see apps that take advantage of new features in Windows 7 and beyond.

Yesterday Windows Phone 7 was released to manufacturing, which means the software is done. Another piece of the Silverlight platform is in place; and I guess over the next year or two we will see the extent to which Microsoft can make it a success.

.net, internet, iphone, java, microsoft, oracle, software, Sun, Web, windows

Open season for patent litigation makes case for reform

It seems to be open season for software patent litigation. Oracle is suing Google over its use of Java in Android. Paul Allen’s Interval Licensing is suing AOL, Apple, eBay, Facebook, Google, Netflix, Yahoo and others – the Wall Street Journal has an illustrated discussion of the patents involved here. Let’s not forget that Apple is suing HTC and that Nokia is suing Apple (and being counter-sued).

What’s next? I was reminded of this post by former Sun CEO Jonathan Schwartz. He confirms the supposition that large tech companies refrain from litigation – or at least, litigate less than they might, refrain is too strong a word right now – because they recognize that while they may have valid claims against others, they also most likely infringe on patents held by others.

The gist of Schwartz’s post is that Microsoft approached Sun with the claim that OpenOffice, owned by Sun, infringes on patents held by Microsoft thanks to its work on MIcrosoft Office:

Bill skipped the small talk, and went straight to the point, “Microsoft owns the office productivity market, and our patents read all over OpenOffice.”

Sun’s retort was in relation to Java and .NET:

“We’ve looked at .NET, and you’re trampling all over a huge number of Java patents. So what will you pay us for every copy of Windows?”

following which everything went quiet. The value of .NET to Microsoft is greater than the value of OpenOffice to Sun or Oracle.

Oracle, however, seems more willing to litigate than Sun; and I doubt it cares much about OpenOffice. Might we see this issue reappear?

That said, Microsoft also has a large bank of patents; and who knows, some of them might be brought to bear against Java in the event of legislative war.

The risk though is that if everyone litigates, the industry descends into a kind of nuclear winter which paralyses everyone. Companies like Interval Licensing, which seemingly exist solely to profit from patents, have no incentive to hold back.

Can any good come of this? Well, increasing software patent chaos might bring some benefit, if it forces countries like the USA to legislate in order to fix the broken patent system.

Protecting intellectual property is good; but against that you have to weigh the potential damage to competition and innovation from these energy-sapping lawsuits.

We need patent reform now.

.net, development, microsoft, professional, silverlight, software development, visual studio, web authoring

Visual Studio LightSwitch – model-driven architecture for the mainstream?

2 Comments

I had a chat with Jay Schmelzer and  Doug Seven from the Visual Studio LightSwitch team. I asked about the release date – no news yet.

What else? Well, Schmelzer and Seven had read my earlier blog post so we discussed some of the things I speculated about. Windows Phone 7? Won’t be in the first release, they said, but maybe later.

What about generating other application types from the same model? Doug Seven comments:

The way we’ve architected LightSwitch does not preclude us from making changes .. it’s not currently on the plan to have different output formats, but if demand were high it’s feasible in the future.

I find this interesting, particularly given that the future of the business client is not clear right now. The popularity of Apple’s iPad and iPhone is a real and increasing deployment problem, for example. No Flash, no Silverlight, no Java, only HTML or native apps. The idea of simply selecting a different output format is compelling, especially when you put it together with the fast JIT-compiled JavaScript in modern web browsers. Of course support for multiple targets has long been the goal of model-driven architecture (remember PIM,PSM and PDM?) ; but in practice the concept of a cross-platform runtime has proved more workable.

There’s no sign of this in the product yet though, so it is idle speculation. There is another possible approach though, which is to build a LightSwitch application, and then build an alternative client, say in ASP.NET, that uses the same WCF RIA Services. Since Visual Studio is extensible, it will be fun to see if add-ins appear that exploit these possibilities.

I also asked about Mac support. It was as I expected – the team is firmly Windows-centric, despite Silverlight’s cross-platform capability. Schmelzer was under the impression that Silverlight on a Mac only works within the browser, though he added “I could be wrong”.

In fact, Silverlight out of browser already works on a Mac; the piece that doesn’t work is COM interop, which is not essential to LightSwitch other than for export to Excel. It should not be difficult to run a LightSwitch app out-of-browser on a Mac, just right-click a browser-hosted app and choose Install onto this computer, but Microsoft is marketing it as a tool for Windows desktop apps, or Web apps for any other client where Silverlight runs.

Finally I asked whether the making of LightSwitch had influenced the features of Silverlight or WCF RIA Services themselves. Apparently it did:

There are quite a few aspects of both Silveright 4 and RIA services that are in those products because we were building on them. We uncovered things that we needed to make it easier to build a business application with those technologies. We put quite a few changes into the Silverlight data grid.

said Schmelzer, who also mentioned performance optimizations for WCF RIA Services, especially with larger data sets, some of which will come in a future service pack. I think this is encouraging for those intending to use Silverlight for business applications.

There are many facets to LightSwitch. As a new low-end edition of Visual Studio it is not that interesting. As an effort to establish Silverlight as a business application platform, it may be significant. As an attempt to bring model-driven architecture to the mainstream, it is fascinating.

The caveat (and it is a big one) is that Microsoft’s track-record on modelling in Visual Studio is to embrace in one release and extinguish in the next. The company’s track-record on cross-platform is even worse. On balance it is unlikely that LightSwitch will fulfil its potential; but you never know.

.net, internet, microsoft, professional, silverlight, software development, visual studio, web authoring

Ten things you need to know about Microsoft’s Visual Studio LightSwitch

13 Comments

Microsoft has announced a new edition of Visual Studio called LightSwitch, now available in beta, and it is among the most interesting development tools I’ve seen. That does not mean it will succeed; if anything it is too radical and might fail for that reason, though it deserves better. Here’s some of the things you need to know.

1. LightSwitch builds Silverlight apps. In typical Microsoft style, it does not make the best of Silverlight’s cross-platform potential, at least in the beta. Publish a LightSwitch app, and by default you get a Windows click-once installation file for an out-of-browser Silverlight app. Still, there is also an option for a browser-hosted deployment, and in principle I should think the apps will run on the Mac (this is stated in one of the introductory videos) and maybe on Linux via Moonlight. Microsoft does include an “Export to Excel” button on out-of-browser deployments that only appears on Windows, thanks to the lack of COM support on other platforms.

I still find this interesting, particularly since LightSwitch is presented as a tool for business applications without a hint of bling – in fact, adding bling is challenging. You have to create a custom control in Silverlight and add it to a screen.

Microsoft should highlight the cross-platform capability of LightSwitch and make sure that Mac deployment is easy. What’s the betting it hardly gets a mention? Of course, there is also the iPhone/iPad problem to think about. Maybe ASP.NET and clever JavaScript would have been a better idea after all.

2. There is no visual form designer – at least, not in the traditional Microsoft style we have become used to. Here’s a screen in the designer:

image

Now, on one level this is ugly compared to a nice visual designer that looks roughly like what you will get at runtime. I can imagine some VB or Access developers will find this a difficult adjustment.

On the positive side though, it does relieve the developer of the most tedious part of building this type of forms application – designing the form. LightSwitch does it all for you, including validation, and you can write little snippets of code on top as needed.

I think this is a bold decision – it may harm LightSwitch adoption but it does make sense.

3. LightSwitch has runtime form customization. Actually it is not quite “runtime”, but only works when running in the debugger. When you run a screen, you get a “Customize Screen” button at top right:

image

which opens the current screen in Customization Mode, with the field list, property editor, and a preview of the screen.

image

It is still not a visual form designer, but mitigates its absence a little.

4. LightSwitch is model driven. When you create a LightSwitch application you are writing out XAML, not the XAML you know that defines a WPF layout, but XAML to define an application. The key file seems to be ApplicationDefinition.lsml, which starts like this:

image

Microsoft has invested hugely in modelling over the years with not that much to show for it. The great thing about modelling in LightSwitch is that you do not know you are doing it. It might just catch on.

Let’s say everyone loves LightSwitch, but nobody wants Silverlight apps. Could you add an option to generate HTML and JavaScript instead? I don’t see why not.

5. LightSwitch uses business data types, not just programmer data types. I mean types like EmailAddress, Image, Money and PhoneNumber:

image

I like this. Arguably Microsoft should have gone further. Do we really need Int16, Int32 and Int64? Why not “Whole number” and “Floating point number”? Or hide the techie choices in an “Advanced” list?

6. LightSwitch is another go at an intractable problem: how to get non-professional developers to write properly designed relational database applications. I think Microsoft has done a great job here. Partly there are the data types as mentioned above. Beyond that though, there is a relationship builder that is genuinely easy to use, but which still handles tricky things like many-to-many relationships and cascading deletes. I like the plain English explanations in the too, like “When a Patient is deleted, remove all related Appointment instances” when you select Cascade delete.

image

Now, does this mean that a capable professional in a non-IT field – such as a dentist, shopkeeper, small business owner, departmental worker – can now pick up LightSwitch and and write a well-designed application to handle their customers, or inventory, or appointments? That is an open question. Real-world databases soon get complex and it is easy to mess up. Still, I reckon LightSwitch is the best effort I’ve seen – more disciplined than FileMaker, for example, (though I admit I’ve not looked at FileMaker for a while), and well ahead of Access.

This does raise the question of who is really the target developer for LightSwitch? It is being presented as a low-end tool, but in reality it is a different approach to application building that could be used at almost any level. Some features of LightSwitch will only make sense to IT specialists – in fact, as soon as you step into the code editor, it is a daunting tool.

7. LightSwitch is a database application builder that does not use SQL. The query designer is entirely visual, and behind the scenes Linq (Language Integrated Query) is everywhere. Like the absence of a visual designer, this is a somewhat risky move; SQL is familiar to everyone. Linq has advantages, but it is not so easy to use that a beginner can express a complex query in moments. When using the Query designer I would personally like a “View and edit SQL” or even a “View and edit Linq” option.

8. LightSwitch will be released as the cheapest member of the paid-for Visual Studio range. In other words, it will not be free (like Express), but will be cheaper than Visual Studio Professional.

9. LightSwitch applications are cloud-ready. In the final release (but not the beta) you will be able to publish to Windows Azure. Even in the beta, LightSwitch apps always use WCF RIA Services, which means they are web-oriented applications. Data sources supported in the beta are SQL Server, SharePoint and generic WCF RIA Services. Apparently in the final release Access will be added.

10. Speculation – LightSwitch will one day target Windows Phone 7. I don’t know this for sure yet. But why else would Microsoft make this a Silverlight tool? This makes so much sense: an application builder using the web services model for authentication and data access, firmly aimed at business users. The first release of Windows Phone 7 targets consumers, but if Microsoft has any sense, it will have LightSwitch for Windows Phone Professional (or whatever) lined up for the release of the business-oriented Windows Phone.