Category Archives: software development

microsoft, software development, windows

Microsoft on Visual Studio 2008 and beyond

I spoke to Prashant Sridharan, group product manager for Visual Studio. He told me that Visual Studio 2008, formerly codenamed Orcas, is set to ship by the end of the year, which probably means November or December. Among many new features, he highlighed LINQ (Language Integrated Query), which he classified as a productivity feature, new optimization and analysis tools, and scalability and performance improvements in Team System. SQL Server 2008 will be supported. We will also get designers for WPF (Windows Presentation Foundation), and in due course for Silverlight as well. Shridharan said that the final Silverlight designer might not make the initial release, but will be available shortly after at worst.

I am still puzzled as to why it has taken Microsoft a year from the release of .NET Framework 3.0, which was released with Vista, to come up with non-beta designers for WPF. Shridharan did not really explain the delay, but commented that .NET Framework 3.0 was really an interim release; Visual Studio 2008 will ship more or less simultaneously with .NET Framework 3.5.

I asked whether the direction established with the free Express tools is likely to continue. Shridharan says that it will, but that he feels the current Express line is too complex and confusing for its target novice users. The 2008 range will be similar, but it may be further simplified in subsequent releases. I am not sure how to decode this message. Is it really that the tools are confusing for novices, or is Microsoft giving too much away and wants to draw back a little? The complexity problem is real, but chopping out a few features will not improve it much; it would take radical re-thinking of the whole development approach – think PopFly, which I’ve just noticed also uses the Express word in its slogan, “Express yourself.” See also the note on commoditization below.

I also touched on the question of software factories, about which Jack Greenfield enthused at the architecture conference I attended in March. Will this be surfaced at all in Visual Studio 2008? Well, one thing which was apparent from my chat to Greenfield was that Microsoft’s software architecture strategy is vulnerable to the musical chairs of internal reorganization. Shridharan did say that the Patterns and Practices team is now integrated with the Visual Studio team, which should mean that more of its (most interesting) work is surfaced in Visual Studio itself. That sounds good; but what of Greenfield’s vision for how software factories can transform software development? It doesn’t seem to be one shared by Shridharan, who observed that all the Visual Studio designers are software factories and was vague about future developments in this area. That may mean he is the wrong person to talk to about this, or it might suggest a more conservative approach than Greenfield hopes for. In any event, it seems that it won’t be this release which delivers radical changes in the modeling or software factories area.

Finally, I asked Sridharan about the commoditization of development tools, and whether Microsoft might one day give away Visual Studio in order to promote its platform. He prevaricated a bit. “We’re not a profit centre in the same way as Office. We do make a sizeable chunk of revenue of out Visual Studio … you can have co-existence of free tools with a high-end product on which you drive revenue.”

All true, but the free tools are improving and the trend is in that direction. “We are I think close to an infexion point , but I don’t think we’re quite there yet, in terms of the commoditization around tools,” says Sridharan. “We’re very close. Within Microsoft that gets a lot of debate, and we’re investigating actively. You’re certainly not going to see anything happen in Visual Studio 2008, but over time, who knows?”

microsoft, software development

Time to stop using non-generic collections

2 Comments

This is one for .NET programmers. Do you use collection classes like ArrayList or HashTable? These are useful in .NET 1.0 and 1.1, but .NET 2.0 and higher has generic collections like List<T> and Dictionary<K,V> which are safer and more efficient. It’s time to tidy up your code, because in Silverlight’s implementation of .NET these non-generic collection types have been removed completely. The BCL Team Blog has the details, together with a handy guide on how to convert your non-generic collections. Of course you can simulate non-generic collections by declaring collections of type Object, so there’s no reason to continue using the old collection types.

Technorati tags: , ,
internet, software, software development, web authoring

Adobe AIR security concerns

6 Comments

Adobe’s Paul Robertson has a thoughtful response to my complaint about AIR security. The point I made is that any AIR application has the same access to the file system as the user. This includes local SQLite databases as well as other documents. Robertson’s response:

In order for a user to access an AIR application, he or she must first choose to install the application, including going through a security dialog that will describe whether the application was signed with a security certificate. In this way, an AIR application is comparable to any other desktop application, such as one written in C++. Since any C++ application could theoretically include the SQLite library, installing an AIR application is no different from installing any C++ application in the sense that, by doing so, a user opens himself up to possible abuses and security risks.

The security risks of desktop apps are well-known, and that’s why users have learned to be cautious about installing them. A possible concern though is that Adobe wants to make installing AIR applications really easy. Here’s the description in the docs for seamless install:

The seamless install feature lets you provide a link in a web page that lets the user install an AIR application by simply clicking the link. If the AIR runtime is not installed, the user is given the option to install it. The seamless install feature also lets users install the AIR application without downloading the AIR file to their machine.

I’ve seen how much kids love playing Flash games on the Web. Some of these games would be a natural fit for AIR: play the game from a desktop shortcut, option to save your game locally, no browser baggage. What if a lot of these games turn into AIR apps? Suddenly, instead of online Flash games being relatively safe, they become relatively risky. If users become complacent about passing the AIR install dialog, then all the bad guy needs to do is to create a whizzy game that does a background search of your computer looking for online banking passwords.

The risks will be mitigated if Adobe restricts AIR to signed applications. That’s not the case with the beta:

A further point is that despite the scary dialog, AIR apps are actually tightly locked down from a developer perspective, with no access to native code such as the operating system API, scripts, or native dynamic libraries. While that’s good in one way, it’s arguably the worst of both worlds: not secure (because of full file system access), and not extensible either.

The appearance of the words “System Access: UNRESTRICTED” in the above dialog suggests that Adobe has or is planning a richer security model. If the default were no file I/O, or file I/O isolated to the source domain of the AIR application, that would help considerably. Add compulsory application signing and it would look better still.

I’ll add that I’m most impressed with Paul Robertson’s willingness to enter into this dialog. I wish other software vendors were equally responsive. AIR is in beta so there’s time to fix problems.

Technorati tags: , ,

 

borland, delphi, software development, windows

CodeGear puts 64-bit on the roadmap

CodeGear has updated its Delphi Roadmap. Newly added is Delphi codename “Commodore”, set for Winter 2008, which is to include native 64-bit development. After that the company is promising to focus on multi-core/multi-threaded development.

What else is coming? Delphi “Highlander”, due later this year, is a belated update to Delphi .NET, will support .NET 2.0, and has a new .NET database called SQL Datastore (likely some sort of port of JDataStore). No word on WPF or LINQ though – CodeGear is still playing catch-up here.

Delphi “Tiburón”, due next year, will bring another long-requested feature: full Unicode compatibility in the Win32 Delphi language and VCL (Visual Component Library), along with parameterized types. C++Builder “Barracuda” will follow, bringing the same features to C++.

The really interesting stuff comes at the end. CodeGear is “researching” a number of areas includes development for mobile devices, Rich Internet Applications, and cross-compilation to other operating systems. All this is at the “sometime, never” end of the time scale, so don’t get too excited.

All the above will be welcomed by Delphi developers, though I fear most of the potential .NET market has already been ceded to Visual Studio.

It’s not a bad roadmap though. That said, to my mind the most critical issue for CodeGear is quality control. Poor quality is what spoilt the launch of Delphi for PHP earlier this year. I discussed this issue with the new CEO Jim Douglas and EMEA product Director Jason Vokes when I was researching a recent article for The Register, and got the sense that the familiar pressure of having to release product (ready or not) to hit particular financial quarters is still a problem. Still, Delphi 2007 was a smoother launch than Delphi 2006, and that was miles better than Delphi 2005, so leaving aside Delphi for PHP things are improving.

software, software development

SQLite, test-driven development, and the inscrutable SQL standard

2 Comments

I interviewed Dr D Richard Hipp, the main author of SQLite, for the Guardian Newspaper.

Among the things I found interesting is that he attributes the high reliability of his database engine to the extensive test suite included in the code. I’m not sure whether he practices test-driven development as such, but it is a great case study for the advantages of integrating tests with your code. One of the points he made was that the test suite enables him to replace entire subsystems and be confident that nothing gets broken. By contrast, I have heard of cases where key sections of code in large, old applications is marked “do not touch” because nobody dares to risk the consequences.

I also asked him about the importance of standards in software development. He gave me an answer that somewhat surprised me:

When I coded up SQLite I did not refer to any official SQL standard. I used the PostgreSQL documentation. That was my reference. If you’ve ever picked up a copy of one of the official SQL standards you will find it largely inscrutable. They are next to impossible to make sense of. Even for particular details of syntax you can study it, and they are so vague that you can’t really understand what they mean. So a strategy we’ve used when there’s some question about how something should work is we write a little test script and run it on lots of popular SQL database engines, PostgreSQL, MySQL, Oracle, and try and find a consensus. Then we code to make SQLite work the same as everybody else does. Clearly that’s not the right way to do a standard, but in practice the implementations vary so widely that it’s the only practical thing to do.

Many companies boast about how they respect and observe software standards; sometimes the reality is more pragmatic than you might have thought.

internet, software development, web authoring

The version problem of today: browser compatibility

1 Comment

David Berlind reports on a case where 35% of developer time is spent on browser compatibility issues.

It’s a huge problem, though I’m cautious about attaching too much weight to a singe anecdotal report. Of course it’s nothing new. Browser compatibility issues are as old as the Web; it was getting better, until AJAX and a new focus on the web-as-platform meant greater stress on advanced browser features. For that matter, version issues are as old as computing. Yesterday, DLL Hell. Today, web browsers.

What’s the solution? All use the same browser? Not realistic. The browser developers could fix the incompatibilities? It’s happening to some degree, but even if Microsoft came out with a 100% FireFox-compatible IE8 tomorrow, there’s still a big legacy problem. My web site stats for this month:

IE7 24%

IE6 22%

IE5 4%

FireFox 2.x 22%

FireFox 1.x 3%

Opera 3.9%

Safari 2.3%

etc

Interesting that the FireFox folk seem to upgrade more quickly than those on IE – but even so, there are a lot of older browsers still in use. I suspect a lot of those IE6 users are corporates with conservative upgrade policies.

Another idea is to use AJAX libraries that hide the incompatibilities. That makes a lot of sense, though if you stress the libraries you might still find compatibility issues.

Finally, you can bypass the browser and use some other runtime, most likely Java or Flash. Unfortunately this doesn’t remove all version issues, but at least it means you are mainly dealing with one vendor’s evolving platform (Sun or Adobe). Silverlight could help as well, though its “cross-platform” only means Windows or Intel Mac at the moment, which is not broad enough.

This will be an important factor in the RIA (Rich Internet Application) wars.

microsoft, software development, windows

Office Open XML vs COM automation

2 Comments

Looking at the new Open XML API, introduced by Kevin Boske here, makes you realise that old-style COM automation wasn’t so bad after all.

There are two distinct aspects to working programmatically with OOXML. First, there’s the Packaging API, which deals with how the various XML files which make up a document get stored in a ZIP archive. Second, there’s the XML specification itself, which defines the schema of elements and attributes that form the content of an OOXML document.

The new wrapper classes really only deal with the packaging aspect. You still have to work out how to parse and/or generate the correct XML content using your favourite XML parser. And it’s a lot more complex then HTML.

By contrast, the old COM automation API for Office presents a programmatic object model for the content, and you don’t have to worry much about how the document gets stored – you just tell Word or Excel to save it.

The (very big) downside of the COM object model is that it depends on the presence of Microsoft Office. High resource requirements, version problems, Windows-only, and inappropriate for server apps.

We seem to have traded one problem for another. What Microsoft needs to provide is wrapper classes for the content, rather than just its packaging.

Technorati tags: , , , ,
internet, software development, web authoring

Why doesn’t Adobe’s AIR dev guide mention SQLite?

8 Comments

I’ve been trying out the Adobe AIR (formerly Apollo) SDK.  It’s a confusing business. There are two varieties of AIR apps, Flex, or HTML. The HTML kind is essentially a browser app that runs in WebKit, as wrapped by the AIR runtime, instead of in the browser, while the Flex kind compiles Adobe’s MXML into a Flash SWF which again runs within AIR. The AIR SDK only supports HTML AIR apps, so for the full experience you also need the Flex 3 beta SDK.

But I digress. I have a long-standing interest in SQLite so one of the first things I looked for was how Adobe is using this in AIR. It is there: it’s mentioned in the press release, which emphasizes that AIR has some of that open source fairy dust:

Key elements of Adobe AIR are open source, including the WebKit HTML engine, the ActionScript™ Virtual Machine (Tamarin project) and SQLite local database functionality.

However, you wouldn’t know it from the docs. The word SQLite does not appear in either the Flex or the HTML developer guides. Here’s how it introduces the “local SQL databases” section:

Adobe Integrated Runtime (AIR) includes the capability of creating and working with local SQL databases. The runtime includes a SQL database engine with support for many standard SQL features.

The SQLite library itself appears to be compiled into the main AIR runtime library, Adobe AIR.dll.

Why do I mention this? A few reasons.

First, it stinks. Let me emphasize: Adobe is entirely within its rights in not crediting SQLite in its docs. The main author of SQLite, Dr D Richard Hipp, has disclaimed copyright. So it is not illegal, but it is discourteous. By contrast, here’s how the Google Gears docs introduce the database module:

The Database module provides browser-local relational data storage to your JavaScript web application. Google Gears uses the open source SQLite database system.

Second, it’s unhelpful. As a developer familiar with SQLite, I want to see an explanation of how Adobe’s build of SQLite differs from what I am used to – what is added, what if anything is taken away. I also need to know how easily I can access the same database from both AIR and from another application, using the standard SQLite library.

Third, I’m increasingly sceptical of Adobe’s claim that it is somehow “aligning” its API in AIR with that in Gears. Here’s what Michele Turner, Adobe’s VP of developer relations, told me:

Adobe, Google, Mozilla and others will be working to align the APIs used to access local database storage for offline applications, so this functionality will be consistent for developers both in the browser and via Apollo on the desktop.

Perhaps, but there’s really no sign of this in the current beta. The AIR database API and the Gears API are totally different. The full text search extension which is part of Gears seems to be missing in AIR. Another key difference is that unlike Gears, AIR makes no attempt to isolate databases based on the origin of the application. In AIR, a SQLite database may be anywhere in the file system, and it’s equally available to any AIR application – a big hole in the AIR sandbox.

This is all beta, of course, so it can change. I hope it does. Here’s my wish list:

  • Proper credit for SQLite in the docs.
  • Use the Gears code – full text search could be very useful – and deliver on the promise of aligning the API.
  • Failing that, set out exactly how AIR’s SQLite differs from the standard build.
Technorati tags: , , ,
java, software development

The problem of old Java runtimes

The August PC Pro arrived this morning, and I enjoyed Steve Cassidy’s rant (page 174) on old versions of Java that typically litter PCs:

I’ve made it my habit to go round all the LAN’s I visit removing all older versions of Java from the machines, because the Java updater doesn’t remove them automatically.

It reminded me that I’d intended to post about this dialog, encountered when installing Accurev for a short review:

The decision here is whether to let AccuRev install its own version of the JRE (Java Runtime Environment), or to use one you already have, in which case you have to identify it. It’s a tough decision. If you follow the recommendation to install a private version, you end up with multiple different versions of Java which will likely never get updated except by the application vendor, if indeed you choose to upgrade. I understand why vendors do this: it simplifies testing and installation, and gives apps a predictable platform on which to run.

Unfortunately the downside is substantial too. In the AccuRev case it was slightly unfortunate, since the supplied JRE was incompatible with Vista and broke Aero graphics. A more painful example was when the JRE installed with APC’s PowerChute utility failed because of an expired cryptographic certificate; the consequences were extreme, and in many cases affected systems would no longer boot. See here for the gory details.

I prefer the way Microsoft handles the .NET runtime, where more than one version can be installed, but they are system files for which Microsoft takes responsibility through Windows Update. Sun installs an updater with its JRE that works for web browsers and other applications that use a shared JRE, but there are still many apps like AccuRev that install private versions.

Technorati tags: , , ,
apple, internet, software development, web authoring

Apple iPhone needs Google Gears

1 Comment

At its developer conference Apple announced that the forthcoming iPhone will support Web 2.0 applications. In this context, “Web 2.0” means at a minimum an embedded web browser (Safari) that runs JavaScript, but that’s no big deal; we expected nothing less. It’s at least a little more than that though:

Developers can create Web 2.0 applications which look and behave just like the applications built into iPhone, and which can seamlessly access iPhone’s services, including making a phone call, sending an email and displaying a location in Google Maps.

The emphasis is mine. This implies some sort of hole in the sandbox, but web apps on the iPhone needs more than just the ability to make phone calls if they are going to be useful. They need to work offline. In fact, a mobile phone (ironically) is one environment where offline web apps will be particularly useful. Nobody is always-on when travelling; it varies from mostly on (urban travel) to mostly off (trains, planes). As a regular train traveller, I find attempting to run web apps on a mobile utterly frustrating.

Fortunately Google has come up with an answer to this with its Gears initiative. Here’s how you write a good Gears app:

  1. Write your app to work offline.
  2. Add synchronization with the server that happens transparently when connected.

This is perfect for a mobile app. Running web apps rather than local apps also bypasses one of the main obstacles to mobile development: the need to get your binaries approved by a telecom provider before they can be installed.

Now, I have no idea whether Apple plans to include Google Gears, or an equivalent, in the iPhone (I’m not at WWDC). But I do think it is a great idea, for this or any mobile device. Combine it with Flash or Silverlight and we will wonder why we ever wanted more.