Silverlight on the Mac: picture

Here at Mix07 we’ve seen some impressive demos of Silverlight running on the Mac. All the demos worked; the applications looked the same on the Mac as on Windows. Scott Guthrie showed “Silverlight Airlines”, which uses .NET code to call an ASP.NET web service. You draw a line between cities to show where you want to travel, select a date, and a grid populates with the available flights. Here’s my fuzzy picture, though I imagine the demo itself may be put online soon:

 

Technorati tags: , , ,

Silverlight with cross-platform .NET runtime announced, alpha download available

Microsoft’s Ray Ozzie and Scott Guthrie, here at Mix07, have announced the addition of a cross-platform .NET runtime within Silverlight, Microsoft’s browser plug-in for streaming video and rich internet applications.

I’m not sure this counts as a major announcement – after all, this very thing was talked about here at Mix last year. What is new though is that you can download the alpha from today, for Windows and Mac. Nothing has been said yet about timing, but I guess the fact that this is described as alpha implies a significant wait before a final release.

Nevertheless, this is a critical development for Silverlight, particularly as Adobe’s Flash now has a JIT-compiled Javascript runtime that in language terms is not that far removed from C#. Differentiation may be mainly in the runtime library that is available, and of course Visual Studio integration.

 

Technorati tags: , , ,

AppForge: a product activation nightmare

Nobody likes product activation, but it is used increasingly by software vendors in search of more effective anti-piracy measures. Microsoft is the most prominent example, but many smaller vendors do the same. Codegear, for instance, use activation for Delphi. Even if you have a valid registration key, you cannot use the product until it has checked in with Codegear’s license server.

Last month Appforge went bust. The company made a development tool called CrossFire, which lets you code in Visual Basic or C# but cross-compile for numerous platforms including Palm, Nokia’s Series 60 and Series 80, Blackberry and Windows Mobile. A useful tool, but AppForge has an activation system that applies both to the development tool and in many cases to the client runtimes.

The AppForge license server is now offline. Result: developers with CrossFire applications and fully paid-up licenses can no longer deploy their products.

AppForge has been acquired by Oracle, but apparently Oracle has no interest in continuing the CrossFire product. Here’s what Oracle says:

Please note that Oracle’s acquisition of AppForge’s intellectual property did not include the purchase of the company as a whole, or the purchase of other AppForge assets including its customer contracts. Accordingly, Oracle does not plan to sell or provide support for former AppForge products going forward.

Former customers are fighting back. There is talk of a competition to crack AppForge activation: money for the prize is being put on the table.

What about Oracle? Is it really so difficult to resurrect the AppForge license server? Ending all support and development for a product is bad enough; robbing existing users of the right to use it seems extreme.

There may yet be a happy ending. But for now, this really is the nightmare scenario that opponents of the product activation concept feared. No, I don’t think something similar could happen to Windows and Office; but clearly there are real risks when using products from smaller vendors.

A solution is to use some form of escrow where unlocked versions of the software are guaranteed to be made available in the event that the original company can no longer offer activation services. The AppForge saga suggests that customers should insist on this or some alternative protection before committing to activation-protected software.

 

Do you want Office in the cloud?

David Berlind has a series of interesting posts about Google apps versus Microsoft Office; the series starts here, more or less. Today there’s a related post from Dan Farber, who reports Microsoft’s claim (from Jeff Raikes) that there is little demand for Microsoft Office in the cloud.

Cloud-based applications have huge advantages – easy collaboration, zero install – but it happens that for me, there is little incentive to use Google’s Docs and Spreadsheets or the like. Cloud storage is more important than cloud applications. Cloud storage solves several problems including anywhere access and off-site backup. I also use an internet-based subversion repository that gives me document history. But I don’t need to use cloud applications in order to benefit from cloud storage. When out and about I usually work on my own laptop, not in internet cafes or on other people’s PCs. 

When I first saw Amazon S3 I knew immediately that it would be useful to me. When I saw Docs and Spreadsheets (and its predecessors like Writely), I was greatly impressed but had little reason actually to use the applications.

I am speaking personally because this will not be true for everyone. For some, the collaboration and zero install benefits of cloud apps will be more significant than they are for me. Further, these online applications are also an easy route to cloud storage; I realise that not everyone wants to mess around with S3 or Subversion. There is friction in having to think about where to save a document. With online applications that friction is removed.

What if Microsoft made cloud storage as seamless in Office as it is in Google Docs and Spreadsheets? It is surprising that an option to save to Windows Live is not built into Office 2007. Of course there is Sharepoint, whichI presume is the underlying platform for Live storage, and there is Groove, but the average home or small business user won’t have these set up. There are a couple of mysterious options in Word, under the Publish menu, for saving to a Document Management Server or creating a Document Workspace. They don’t do much out of the box. There is no wizard to help users create a new free Live account, with extra space and features for subscribers, for example.

There is also the question of bloat, which Berlind considers here and here. This is one of those things you don’t care about, until you do. I don’t care about bloat if an app performs well and the unneeded features are not in my way. I do care when it turns into an Outlook 2007 debacle. You run Outlook; then you run Thunderbird; and you see the downside of bloat. Word and Excel? Not an issue right now, they hum along fine.

So what does next-gen Office look like? Is it an improved Docs and Spreadsheets? Or Microsoft Office/Open Office plus cloud storage? I’m interested in opinions.

 

Why I’m not using Google Web History

Google Web History has two main benefits.  First, it enables smarter search. Google can take account of which pages you visited, presumably giving greater weight to sites where you viewed numerous pages rather than diving in and out quickly. Second, you get a nice Google-ised search of pages you’ve viewed, instead of attempting to find what you want in the history list of links, in IE or Firefox.

So why not? First, because Google has enough of my data already. I use Google for search, because I find it the best search engine more often than not. I use a Gmail account occasionally. I use Adsense. I’m experimenting with Docs and Spreadsheets. That will do.

Don’t I trust Google? Sort-of. It has a good track record, as far as I know. And it is not that I have anything particularly to hide. Still, the AOL disaster last year was a warning flag. And I do read the privacy policies, and don’t find them reassuring.

There’s a second reason. To sign up for full Web History, you need to install the Google Toolbar. This is how Google gets a record of pages you visit beyond your searches. However, I have a minimalist approach to add-ons, especially those which run all the time. My reward is a more stable and better-performing operating system. So I would need a strong reason to install the Toolbar, and I don’t have one.

There’s more. When you are invited to install the Toolbar, you are given an opportunity to read Google’s terms of service. Despite its generally excellent usability elsewhere, the big Goog doesn’t make it easy to read this document. The terms of service are in a narrow scrolling window. I recommend that that you Select All, Copy, and then Paste into your word processor. It comes to 14 pages in Word:

Except – here’s something strange. If you get to this page in FireFox, you get the general terms of service as mentioned above. If you get to this page in IE, you get a different document, which is for the Google Updater and the Google Pack:

The document is actually shorter than the general terms, but not good news if you like to keep control of your PC:

The Software may communicate with Google servers and/or Third Party servers from time to time to check for available updates to the Software, such as bug fixes, patches, enhanced functions, missing plug-ins and new versions (collectively, “Updates”). By installing the Software, you agree to automatically request and receive Updates.

There’s a similar clause in the general terms, but without the reference to third parties. Further, in this document you agree to stuff from Adobe, Real, Skype, Symantec and others. In practice I’m sure you can install the toolbar without all these other pieces, but still … this is a big red flag from my perspective.

As an aside, I wonder if corporate legal departments ever make the connection between what employees may be agreeing to online, and their normal legal policy? Put another way, what if I copy this agreement into an email, fire it across to legal, and ask, “Is it OK if I agree to this?” Complete with some wide-ranging indeminities, limitations of liability, non-warranties, and in some cases, the right to install stuff on your computer without asking again?

Bottom line: I’ll live without Google web history.

 

How not to get support

I’ve had four successive emails of increasing urgency from someone using my simple sqlite wrapper.

It’s sometimes difficult to handle such requests – the code is free and there is a limit to how much time you can give away – but in this case I’m unable to reply. The sender is using an email address that is not valid on the internet; the domain ends .local and it is not obvious what the real email address is.

If that’s you – please reconfigure your email client and try again.

 

Technorati tags: ,

C# code to detect UAC elevation on Vista

A couple of days ago I posted about programmatically detecting whether UAC is enabled. I was proposing to read a registry entry. Thanks to the power of blogs, my post drew a comment from Andrei Belogortseff, who has posted C++ code that does this properly. His library has functions for detecting whether the current process is elevated, detecting whether UAC is enabled, and running new processes both elevated and non-elevated (the last of these is the hardest to do).

I liked the libary but wanted to use it from .NET. I compiled his code to a DLL and did a C# wrapper; then I considered the hassles of adding a dependency on the Visual C++ runtime libraries. I therefore did a quick C# implementation of the functions I cared about; I haven’t included the code for running new processes. Please go ahead and download the code, and let me know if you have any suggestions, or even if there is a much easier way to do this that I have missed. There is an app called UACElevationCheck, which calls functions in VistaTools.cs.

The code is only intended to be called from Vista and will throw an exception otherwise; of course you can modify it as you like.

I’ve included a function IsReallyVista that looks for a Vista-only API call, rather than relying on the reported version information. This is because the version information is unreliable if the app runs in a compatibility mode. On the other hand, IsReallyVista is a hack; if you don’t like it, use IsVista which uses the version information instead.

You may be able to do this using the System.Security namespace rather than PInvoke. I had a quick look but the PInvoke code seemed easier to me, especially since Belogortseff has already done the real work.

 

Technorati tags: , , , , , ,

More Windows Installer confusion: managed code custom actions a no-no

People who should know say not to use managed code custom actions in your Windows Installer setups. Like Rob Mensching of Wix fame who says:

…today the Windows Installer does not support managed code CustomActions and the general direction appears to be to try to reduce the need for CustomActions overall.

Read the blog entry for the reasons. The strange thing is, Visual Studio 2005 has specific support for managed code custom actions; there is an Installer class and an MSDN walkthrough on how to use it

Now, I have always avoided managed code custom actions anyway, but only from instinct. Windows Installer setups are problematic enough as it is; adding .NET Framework dependency seems unnecessary. Mensching’s post above explains why it is also error-prone. See also Aaron Stebner’s post from March 2005.

… in summary, I strongly encourage you to not use managed code in your product setup.  I realize that some teams do this here at Microsoft, but please don’t use our bad (in my opinion) examples to justify doing so in your own setup….

Presuming these guys are right, might it not be wise for the Visual Studio folk to remove support for managed code custom actions from the product? A point of confusion is that the managed installer class works with a utility called InstallUtil which is distinct from the Windows Installer; in fact, I believe that Visual Studio setup projects which include managed code custom actions actually call InstallUtil.

I suggest Delphi as a handy alternative, if you would rather avoid Visual C++.

Finally, I hear many good things about Wix, the free XML-based authoring too for Windows Installer setups. If you are embarking on a new setup project it is worth a look.

 

Technorati tags: , , ,

Programmatically detecting whether UAC is enabled

An application may sometimes need to know whether or not the current user has administrative rights. This is complicated in Windows Vista by User Account Control (UAC) – the user may be in the Adminstrators group on the local machine, but nevertheless running with limited rights. When I came across this blog entry on COM elevation by Christoph Wille(thanks to Daniel Moth) I was interested to see the function he mentions called IsUACEnabledOS. I downloaded his code, but was disappointed to see this:

// a really simple check that does not account for possible UAC-disabledness via group policy
public static bool IsUACEnabledOS()
{
int majorVersion = Environment.OSVersion.Version.Major;
int minorVersion = Environment.OSVersion.Version.Minor;

return (majorVersion >= 6);
}

This just detects Vista or higher; in fact, it won’t always return the correct result, since Vista will lie about the version number if an application is running under compatibility settings. How then do we discover if UAC is enabled? The best I’ve come across so far is to query this registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

If the entry does not exist or is 0, UAC is not enabled. Of course there is no guarantee that this always work, but it’s unlikely to change. I also haven’t checked that it is there in the base versions of Vista; again, it is probably the same.

Update: See the comments to this post for a better solution from Andrei Belogortseff, using the GetTokenInformation API call.  

I’ve now posted a C# implementation of Andrei’s code.

Technorati tags: ,