The April issue of Visual Studio Magazine will hit the Web (and most mailboxes) this Friday, and like the spring weather, the coverage in the upcoming issue is diverse.
The cover feature this month, written by Ben Day, explores a series of useful tips and practices for successful Model View View-Model (MVVM) development in Silverlight. Inside the issue, you'll find a feature by VSM Tools Editor Peter Vogel that dives into using the new Windows Identity Foundation (WIF) and how it provides solutions to authentication issues at all levels of application development.
There are some significant changes in the Language Lab section of the magazine. New this month is the Practical .NET column, by Peter Vogel. Peter has for years written the Practical ASP.NET column for VSM on the Web and (occasionally) in print. Now he's broadening his horizons with a column that explores the full gamut of managed coding challenges under the .NET Framework. His first column looks into why so few developers seem to be using LINQ, and some of the best ways to take advantage of the compelling data access technology from Microsoft. Also look for a Web version of Peter's new column to run twice each month.
The other column debuting in this issue is Mobile Corner, by Nick Randolph, which focuses on the emerging arena of Windows Phone 7 development. Nick is author of Professional Windows Phone Application Development (WROX, 2010), and his first column walks through building a YouTube search app for the Windows Phone. You'll find Nick's deep dives into WP7 development both in our pages and twice monthly on our Web site. Finally, C# Corner author Patrick Steele is hard at work, showing how you can translate C# code into expression trees to eliminate strings, standardize parameter validations and interact with other data structures.
Among our other columns and departments, look for our review of the new WebMatrix ASP.NET application development environment for non-programmers, and for Stephen Chapman's early take on how Windows 8 might impact .NET developers. Also check out Andrew Brust's thoughts on the recent MVP Summit in Redmond, and why the interaction between Microsoft and its top developers is so important to the future success of .NET development.
The weather is finally changing here in my corner of the country, and it seems that Visual Studio Magazine is doing a little changing with it. Are there specific issues or topics you'd like to see covered in a future issue of Visual Studio Magazine? Email me at [email protected] or leave a comment below.
Posted by Michael Desmond on 03/28/2011 at 1:15 PM0 comments
A year ago, Microsoft's Scott Wiltamuth published an informative blog post
that produced a lot of clarity around Microsoft's "co-evolution" strategy with C# and Visual Basic .NET. As product unit manager for Visual Studio Languages, Wiltamuth was able to provide a cogent breakdown of what Microsoft's commitment to its two flagship .NET languages really meant.
As Wiltamuth explained, .NET Framework has emerged as a "powerful unifying force" for the languages. He said C# and VB have two kinds of features, external ones like generics or LINQ that improve available API building blocks, and internal features that impact the languages themselves, such as changes to statements, expression and control flow.
Changes to features on the inside don't necessarily impact AP developers significantly, Wiltamuth wrote. But external changes are another matter. "In practice we have found that the best opportunities for language evolution and innovation have been in 'on the outside' language features rather than 'on the inside' ones," Wiltamuth wrote.
The upshot is that the new capabilities being introduced to VB and C# programmers are happening at the .NET level. And while significant feature differences between the languages certainly exist -- like VB's XML Literals or C#'s unsafe code feature -- the fact is that developers can access most of the same resources and achieve many of the same things using either language.
In fact, the biggest difference between the two languages could be Microsoft's uneven support. As any VB developer can tell you, Microsoft tends to release more, and more timely, code samples and guidance for C# than it does for VB. In fact, this situation is one of the reasons open source CMS provider DotNetNuke recently announced it was migrating its core CMS code from VB to C#.
It's been a year since Microsoft's co-evolution strategy for C# and VB was fully unveiled with the launch of Visual Studio 2010 and .NET Framework 4. What are your thoughts about Microsoft's handling of the two languages? Have you made a change in the language you rely on primarily, and if so, why? And what do you feel Microsoft could do to improve the way C# and VB are managed for the .NET developer community?
Email me at [email protected], or leave a comment in the space below.
Posted by Michael Desmond on 03/21/2011 at 1:15 PM27 comments
Raf Los, Web application security evangelist at HP Software, gave a presentation
at the Black Hat Conference
in Barcelona, Spain, this week, about what he says is an emerging front in the area of application security. He says that as organizations harden their infrastructure against common attacks like SQL injection and cross-site scripting, the threat is moving up the stack.
"As an attacker there are three things that drive me. The payout, which is a big thing; the opportunity, how many of these things are out there; and what is the cost?"
Programs like Microsoft's Security Development Lifecycle (SDL) and improved tooling and best practices have narrowed the window for attack against the application infrastructure. At the same time, the economics of hacking a credit card database are changing.
"Payouts are getting smaller because the black market is flooded with credit numbers," says Los. "All those things are shrinking. So how do I find something that costs less, has bigger vulnerabilities and still has a big payout?"
Los says attackers are increasingly manipulating the actual design behind the application. He offers an anecdote of a flaw that a friend of his discovered in a Web-based customer loyalty program. His friend was able to set up a purchase on the Web site, then have the site award points to his account against that setup purchase, without ever actually completing the transaction. As a result of flawed code on the site, it was possible for customers to rack up limitless awards points, without ever spending a dime.
"Now it's not called hacking, it's called fraud," concludes Los, who adds that dev shops currently have no effective way to automatically detect these flaws. "How do you spin up a piece of code that looks for another piece of code's logic defects?"
It's a good question, and one that Los says no one is really prepared to answer.
'Talking about mitigation'
"I'm not going to be coy about it. This is not an easy problem to solve," Los says. "I don't think we understand enough about the problem yet, to fully tell anybody how to stay away from it. I'm seeking to raise awareness and more importantly, start to be able to identify these issues. And then, once we have that, we can start talking about mitigation."
Los says developers need to look out for two types of threats against their processes: transaction control manipulation and privilege manipulation. He urges developers to fully understand the application flows and business processes they are supporting. Can attackers alter an expected input or cause actions to be processed out of order?
Ultimately, Los says, developers need to ensure that the code supporting business processes cannot be manipulated or undermined.
"We've said this before and security sort of shouts this all the time: Never trust data or information or anything that leaves your direct control. Whatever you send out, assume that what comes back is bad--make that assumption," Los says.
These flaws won't show up in your test and QA. And if you are the victim of a savvy attacker, they may not even show up when they are being fully exploited. Los offers the example of a man who had discovered how to hack a video poker machine, so that he could change his bet after all the cards had been shown.
"You know how he got caught? He got greedy -- he won the maximum amount every time," Los says. "Unless you're stupid or greedy, you can make out like a crazy fox."
Posted by Michael Desmond on 03/18/2011 at 1:15 PM2 comments
Last week Microsoft released Visual Studio 2010 Service Pack 1 (SP1), adding a host of sought-after new features to VS2010, which shipped originally in April 2010. Dave Mendlen, senior director of Developer Marketing at Microsoft, said developers were particularly keen on IntelliTrace support for SharePoint and 64-bit development, as well as the new Silverlight performance optimizer. He also singled out SP1's added support for unit testing in .NET Framework 3.5. Microsoft at the same time released a pair of Feature Packs for Visual Studio.
"We get a lot of input and feedback on service packs and rarely do we do more than fix bugs. And when we do add features it's usually finishing stuff we didn't get done in the original version of the product," Mendlen told me in a phone interview. He also talked about extending IntelliTrace support in the SP1.
"The 64-bit thing was a big problem for a lot of customers. SharePoint was another one, where we heard a lot of people asking about does this work with SharePoint. That was a big problem because we've been selling a lot of SharePoint and people were talking about it," Mendlen said.
LightSwitch and IE9
Earlier today, Microsoft released Visual Studio LightSwitch Beta 2, an updated pre-release version of its wizard-driven rapid business application development tool for business analysts and power users. The new beta adds support for Windows Azure application deployment and extensibility features. Mendlen said the final version of LightSwitch will ship "later this year."
Finally, last night Microsoft dropped the release-to-Web (RTW) version of Internet Explorer 9 (IE9), which aggressively supports the emerging HTML5 standard and boasts a streamlined interface and a number of updates for improving performance.
It's been a busy week or so in Redmond by almost any measure. And no doubt developers will be busy assessing and mastering the new tooling and resources. What are your observations about the new iterations of Visual Studio, LightSwitch and Internet Explorer? Let me know in the comments below.
Posted by Michael Desmond on 03/15/2011 at 1:15 PM0 comments
Like millions of others on the eastern seaboard of the US, I awoke this morning to discover that a massive 8.9 magnitude earthquake had struck off the northeast coast of Japan, producing a massive tsunami that has inundated sections of the Japanese coast and produced calamitous damage. It was among the most powerful earthquakes in recorded history, striking near one of the most densely populated nations on earth.
As reports roll in, my thoughts are with the people of Japan, who face an enormous challenge as they work to contain, assess and ultimately recover from the damage caused by this event. Most troubling, there is little doubt that the initial casualty figures, which numbers in the dozens as I write this, will skyrocket. This earthquake is, first and foremost, a human catastrophe whose true scale will not be known for days or weeks.
There will be a time in the days and weeks to come to consider the unique technological dynamics around this event. Japan is among the most urbanized, industrialized and information-savvy societies on the planet. It is also a nation with an infrastructure uniquely designed and prepared to weather the impacts of a strong earthquake.
Already, we are hearing reports that Internet access and communications stayed up even as land and cell phone networks failed -- a development that mirrored the experience of New Orleans-area residents during Hurricane Katrina. The availability of advanced information and communications systems is already playing a role in limiting the human toll of this calamity, as real-time data gathered from the vast network of so-called DART stations (for Deep-ocean Assessment and Reporting of Tsunami) allow officials to track the progress and power of the tsunami as it travels across the Pacific Ocean. The network of 39 DART stations was finalized just three years ago--and now is getting a critical test.
For today, my concern is for the people directly impacted by this terrible catastrophe. This is an event of almost unimaginable proportions, and as much as I am hoping for the best, I am very much fearing the worst.
Posted by Michael Desmond on 03/11/2011 at 1:15 PM1 comments
Microsoft yesterday announced that it is launching the Internet Explorer 9 (IE9) Web browser on Monday, March 14. The new browser will be available for download starting at 9:00 p.m. Pacific Time on March 14, according to the company's announcement.
IE9 marks a significant change in strategy for Microsoft, which has opted to aggressively support the HTML5 Web standard even at the expense of its Silverlight rich Internet application (RIA) platform. Notably, IE9 enables hardware-accelerated playback of HTML5-based audio and video, and is able to leverage a system's graphics processing unit (GPU) to maximize performance.
If imitation is the sincerest form of flattery, IE9 is a sincere browser indeed. It picks up several innovations from Google's Chrome browser, including the unified address and search bar (called "One Box" in Microsoft parlance) and the display of most visited Web sites on a new tab page. IE9 also features tab isolation and automatic crash and hang recovery for failed Web site connections. This stuff is welcome, but it's hardly new.
IE9 will go live almost one year to the day after the first platform preview was released at the MIX 10 event in Las Vegas. The first public beta dropped on September 15, while the release candidate went live on February 10. It's been a long road for this latest version of Microsoft's flagship Web browser. Will IE9 do enough to win back market share and earn the trust of a greater proportion of Web developers?
You tell me. What do you think of what Microsoft has done with IE9?
Posted by Michael Desmond on 03/10/2011 at 1:15 PM1 comments
For many Microsoft products, the first service pack is a right of passage. Many dev and IT managers don't consider a new OS or application mature until it has been updated with its first major service pack. By that metric, the release today of Visual Studio 2010 Service Pack 1
is big news.
As ever, Microsoft cites customer feedback as the driving force behind this latest service pack. Features like extended IntelliTrace support for 64-bit and SharePoint development projects, an improved Help Viewer and fully integrated tooling for Silverlight 4 were all requested by Visual Studio customers, according to Microsoft's Jason Zander. There's also now unit testing support for Visual Studio 2010 projects targeting .NET Framework 3.5.
The list of updates, improvements and changes is long and definitely worth a look for anyone using, or thinking of using, Visual Studio 2010. You can find a detailed rundown on the Microsoft Support site.
What's interesting about Visual Studio 2010 SP1 is that it's not one of those "put out the fire" service packs that Microsoft has scrambled to produce in the past. By most accounts, Visual Studio 2010 has been impressively stable. As Directions on Microsoft Analyst Rob Sanfilippo told me the other day: "VS 2010 has been a solid, successful release. It has delivered on its promises and has been a stable environment, without the requirement of any major patches since it shipped."
Jason Beres, director of product management at component maker Infragistics, says his company has been doing design time testing with the SP, and that it fixed "some visual issues" that reduced the productivity of some developers.
Will you be updating to Service Pack 1? I'd like to learn what you find out when you do. Email me at [email protected]
, or provide comment below.
Posted by Michael Desmond on 03/08/2011 at 1:15 PM6 comments
If you love someone, set them free. But if you want them to write apps for you, fence them in with razor wire. At least, that seems to be the guiding philosophy at Apple Computer, where some iPhone and iPad developers, again, face draconian rules in the Apple App Store.
As Keith Ward reported for our sister Web site Application Development Trends (Developers Unhappy with New Apple App Rules; Antitrust Investigation Possible), Apple recently instituted a new App Store Subscription policy that essentially ensures that App Store-based subscriptions will always be priced in parity with that of the same subscriptions offered through other channels.
The key language:
"Apple does require that if a publisher chooses to sell a digital subscription separately outside of the app, that same subscription offer must be made available, at the same price or less, to customers who wish to subscribe from within the app. In addition, publishers may no longer provide links in their apps (to a Web site, for example) which allow the customer to purchase content or subscriptions outside of the app."
Remember, Apple gets a 30 percent cut of everything that moves through its App Store. This is a huge disincentive to third party developers hoping to leverage the iPhone's seamless experience to drive subscription purchases. For those too beholden to the platform to just walk away, the policy will impose some tough pricing decisions. Do you push up prices across the board to account for Apple's 30 percent take, or do you make your iPhone/iPad sales at a cut-rate margin? In some cases, the 30 percent cut can completely undermine existing business models.
The larger question, of course, is whether this is a smart way to treat your developer ecosystem. Apple just six months ago backed down from its strict rules on the tools and platforms developers can use to write iPhone apps sold on the Apple App Store. Now Apple is telling many of these same developers how they may price and sell their subscription services. No surprise, mobile competitors like Google are more than happy to fill the gap.
What do you think of Apple's actions with regard to its App Store subscription service and what does it say about the company's commitment to its developer community?
Posted by Michael Desmond on 03/01/2011 at 2:20 PM0 comments
Well, it's snowing hard again in the Northeast, and that must mean we're getting ready to debut the next issue of Visual Studio Magazine. Just like last month, we're expecting a foot or more of the good stuff ahead of our issue hitting the streets. And just like last month
, we've got a great lineup of how-to features, product reviews and developer insight to offer our readers. Look for the issue to hit our Web site
on March 1st.
Roger Jennings leads off the March issue with his exploration of the new sharding features coming to SQL Azure databases. Jennings shows how to configure and work with sharding to achieve maximum performance, and puts to rest the myth that SQL can't scale to cloud proportions. Also check out Jeff Levinson's walk-through for associating unit tests with requirements in Visual Studio 2010. With more and more dev shops adopting test-driven development and other Agile-inspired techniques, programmers are looking to move beyond code coverage to ensure that they can map unit tests to requirements.
Our Language Lab columnists are hard at it with in-depth tutorials in our March issue as well. Kathleen Dollard digs deep into ASP.NET MVC 3 this month, introducing the Model-View-Controller programming technology and answering questions on topics like the new Razor view engine and dependency injection. Finally, On VB columnist Joe Kunk offers a primer on getting started with Windows Phone 7 development in Visual Basic. Kunk has been working with WP7 for a few months now and says he's very happy with the platform. Be sure to check out his useful introduction to Microsoft's fast-moving mobile platform.
VSM Tools Editor Peter Vogel has kept busy with in-depth VS Toolbox reviews. He explores Telerik's TeamPulse Silverlight-based team project management suite for Agile development, as well as ComponentOne's Studio for ASP.NET AJAX controls package.
As ever VSM is long on expert opinion and insight, with our columnists looking at how Microsoft manages the gaps. Mark Michaelis has been a Microsoft MVP on C#, VSTS and the Windows SDK for years, and his VS Insider column brings that experience to bear on Microsoft's strategy of mirroring functionality already available in open source solutions. Andrew Brust, meanwhile, weighs in on Microsoft's track record for bridging the gap between legacy and emerging technologies and platforms, from QuickBasic to SQL Azure.
Winter clearly hasn't lost its snowy grip. And with the big plans we have in place for our April issue, I'm a bit worried I may be writing about yet another snowstorm 30 days from now.
Posted by Michael Desmond on 02/25/2011 at 1:15 PM0 comments
Earlier this month Embarcadero Technologies released new Starter Editions
of its Delphi and C++Builder development tools. I corresponded with David Intersimone, vice president of developer relations and chief evangelist for Embarcadero Technologies, and asked him a question about the outlook for native C and C++ development going forward. He offered an insight response, which I've published here.My question to David Intersimone:
As managed and dynamic languages continue to gain traction, what is the outlook for native C++ development? What type of development is tending to stay or move to C++ and what advantages are devs getting with the language over managed alternatives like C# or VB.NET?His response:
Native C++ development continues to stay strong. There is an updated industry (ISO) draft standard for C++0X that will be finalized soon. We see C++ being used in scientific, industrial, real-time, embedded, mobile, enterprise, and everywhere else where application requirements include close to the hardware, demanding, high-speed execution and the smallest amount of space. Look at smart devices. Many of the applications and almost all of the low-level functionality is built in C++. Battery life, constrained memory size and processor speed often lead developers to using native code development tools and languages.
What advantages are developers getting over C# and VB.NET? More tool providers on more platforms for C++, for example -- there are C++ compilers for every platform, for every processor chip. RAD Studio includes C++Builder for Windows native code development. PHP runs everywhere. C# and VB.NET are only for Microsoft Windows (yes, there is the Mono runtime but it does not support full .NET functionality). If developers want to use managed code with .NET/Mono we have Delphi Prism for .NET, which is part of RAD Studio from Embarcadero.
Is C++ declining? Bjarne Stroustrup, the "father" of C++, in his FAQ writes:
No, I don't think so. C++ use appears to be declining in some areas and to be on an upswing in others. If I had to guess, I'd suspect a net decrease sometime during 2002-2004 and a net increase in 2005-2007, but I doubt anyone really knows. Most of the popular measures basically measures noise and ought to report their findings in decibel rather than "popularity." Many of the major uses of C++ are in infrastructure (telecommunications, banking, embedded systems, etc.) where programmers don't go to conferences or describe their code in public. Many of the most interesting and important C++ applications are not noticed, they are not for sale to the public as programming products, and their implementation language is never mentioned. Examples are Google and "800" phone numbers. Had I thought of a "C++ inside" logo in 1985, the programming world might have been different today.
One simple thing that confuses many discussions of language use/popularity is the distinction between relative and absolute measures. For example, I say that C++ use is growing when I see user population grow by 200,000 programmers from 3.1M to 3.3M. However, somebody else may claim that "C++ is dying" because it's "popularity" has dropped from 16 percent to 11 percent of the total number of programmers. Both claims could be simultaneously true, as the number of programmers continues to grow and especially as what is considered to be programming continues to change. I think that C++ is more than holding its own in its traditional core domains, such as infrastructure, systems programming, embedded systems, and applications with serious time and/or space constraints.
To end this discussion about programming languages, which ones are popular, which are gaining traction and such, I always say programming languages are tools. We have many tools. We use different tools for different jobs. No one programming language is the perfect language for every type of job a programmer has to do.
Posted by Michael Desmond on 02/22/2011 at 1:15 PM0 comments
Working developers are often forced to multitask. Whether it's banging out code or assessing new tools or managing teams of developers, the people who read this Web site and our magazine are doing a lot more than just programming for a living. The question I have is, what are you looking for from Visual Studio Magazine when it comes to these multi-faceted challenges?
Late last year we conducted our annual reader survey, which helps us understand who our readers are and what they are interested in. This survey confirmed a lot of standing assumptions and challenged a few others. For instance, despite VSM's deep roots in Visual Basic (going back to our Visual Basic Professional Journal days), only one-quarter of our readers actually code primarily in Visual Basic (another 4 percent report using VB6 or earlier). By contrast, just under half of survey respondents reported working mainly in C#. And nearly 10 percent said their primary programming language was C or C++.
But beyond the questions of what languages we should cover and how heavily we should cover them, is the issue of what we should be featuring at all. Just over two years ago Visual Studio Magazine merged with Redmond Developer News, the twice-weekly publication for .NET development managers. That merger shaped our editorial positioning, introducing more news, analysis and issue coverage to VSM. Today, each issue of VSM includes hands-on product reviews (VS Toolbox), expert analysis columns (Andrew Brusts' Redmond Review) and often broad cover stories that investigate strategic products like Visual Studio, Silverlight and Entity Framework.
The idea is that developers need both expert tutorials and insightful analysis to best do their jobs. But is that really case?
We're looking for your input. What languages, frameworks and programming technologies deserve regular coverage in our Web and print pages? How important to you are our monthly reviews of developer tools? Did you find broad cover features like recent ones we've done on Silverlight (Silverlight Futures, December 2010) and Entity Framework (Get Ready for the Entity Framework, September 2010) useful? Or would you like to see those marquee features focused tightly on how to work with these and other tools and technologies?
We're also interested in your take on our VS Toolbox reviews. Every month we review a pair of third-party tools, most recently Infragistics' Silverlight-based Data Visualization package and the Amethyst/WebOrb Flash development solution for Visual Studio. In addition, VSM Tools Editor Peter Vogel provides a behind-the-scenes glimpse into the workings of these products in his ToolTracker blog. He also highlights the best free dev tools, such as the Data Debugger Visualizer and VSCommands 2010 Lite. Are these reviews and insights useful to you, and are there specific tools you'd like to see us review?
At the end of the day, Visual Studio Magazine is doing its job if it helps you do your job better. I urge you to help us know how we can best go about doing that. Email me at [email protected], or let us know in the Comments section below.
Posted by Michael Desmond on 02/17/2011 at 1:15 PM13 comments
Today's epic winter storm nothwithstanding, subscribers to Visual Studio Magazine should be receiving the February issue of the magazine. Coverage from the issue is also featured here on the VisualStudioMagazine.com Web site.
This month we lead with a collection of useful tips and advice from VSM Tools Editor Peter Vogel for ASP.NET developers considering a move to SharePoint (Developer Tips: Making the SharePoint Transition). As Vogel points out in his article, there are a lot of misconceptions about SharePoint and how it works. Clearing those up can go a long way toward helping you make the most of your SharePoint development projects.
Also featured this month is a how-to piece on developing apps for the Android mobile platform using MonoDroid (Introduction to MonoDroid), a Visual Studio 2010 plug-in that allows .NET developers to target the Android OS. You'll also find Patrick Steele's C# Corner column on Object Equality in C#, as well as Kathleen Dollard's Ask Kathleen column titled How to Generate Code from a UML Model in Visual Studio 2010.
Finally check out Alexandra Rusina's insightful look at the dynamic keyword and Dynamic Language Runtime in .NET Framework 4 (Understanding the Dynamic Keyword in C# 4). The feature starts off with an overview of the dynamic features in the current version of C# before diving into their workings with other language and framework features, such as reflection and implicitly-typed variables.
This month's issue also includes a pair of VS Toolbox reviews: Infragistics' NetAdvantage for Silverlight Data Visualization and the integrated Flash development tools Amethyst and WebOrb. The VS Insider column this month features guest columnist Al Hilwa, program director of Applications Development Software at research firm IDC, who looks at how Microsoft's support for the ARM processor could presage some interesting developments in the Windows Phone 7 space. Finally Andrew Brust, in his Redmond Review column, thinks Microsoft might do well to return to some old innovations to win a share of the fast-growing tablet space (Tablet Toast or Slate Salvation?).
Posted by Michael Desmond on 02/01/2011 at 1:15 PM5 comments