Microsoft's MIX07, the touted 72-hour conversation with Web developers and
designers, is drawing to a close as you receive this. The Las Vegas-hosted conference
was first launched last year, but quickly rose close to the top of the Microsoft
road tour stack, thanks in part to Redmond's frantic Web development tools efforts.
From ASP.NET AJAX to Expression Studio to Silverlight, Microsoft has been working
in overdrive the past year-and-a-half.
The MIX07 event certainly reflected that. While an awful lot of news has trickled
out over the past six months, Ray Ozzie and crew were able to hit a few long
balls. Among them: news that the next version of Silverlight (formerly code-named
"WPF/E") will support
the Common Language Runtime (CLR) of .NET, as well as dynamic languages
like Ruby.
What's clear is that Silverlight is not simply a media play. Instead, Microsoft
is aiming to take its managed code environment to the broader Internet. With
Silverlight as a target, .NET developers can use the same skills (and much of
the same code) that they employ to build Windows applications to build rich
Internet applications.
Also announced was the Microsoft
Silverlight Streaming service, a free online hosting service that will allow
developers to serve their Silverlight content off Microsoft servers at no charge.
Obviously, the service is an effort to nudge Silverlight out of its cage and
get it into the wild.
Executive Web Editor Michael Domingo was at the show and managed to track
down several key Microsoft representatives. You can find out more about his
reporting and that of our news editor Chris Kanaracus in the special MIX07 coverage,
in the May 15 issue of Redmond Developer News magazine.
What are your impressions of Microsoft's MIX07 activities? Has Redmond hit
critical mass with its Silverlight effort? Write me at [email protected].
Posted by Michael Desmond on 05/02/20070 comments
I love digital rights management (DRM), honestly I do. Never has a technology
forced so much inane drama onto so many. Every time I turn around, it's something
new. Whether it's Sony dropping rootkits (rootkits!) onto its audio CDs or Steve
Jobs, the most successful purveyor of DRM on the planet, abruptly posing as
a champion for unencumbered online music sales, I know that every morning, the
wonderful world of DRM will surprise and amuse me.
So I experienced no small amount of glee watching Kevin Rose and his massively
popular Digg.com community site wrestle over the issue of publishing the hexadecimal
code used to crack the AACS encryption on HD-DVD movies and content.
Now, like most of you, I expected Digg to salute the establishment with a grand
middle-finger salute and allow its members to freely publish the hex string
in every post and comment. Instead, in response to a cease-and-desist letter,
Digg began deleting posts and nuking threads that displayed the offending digits.
And just like that, the
game was afoot.
Digg posters began posting and reposting the proscribed hex code. And by 9
p.m. yesterday, Kevin Rose
posted a mea culpa, saying that he would respect the will of Digg
subscribers who would "rather see Digg go down fighting than bow down to
a bigger company."
So Digg won't squelch posts containing the AACS hack. And the surreal comedy
that is DRM is sure to enjoy another rousing act. Most telling, though, is Rose's
last comment: "If we lose, then what the hell, at least we died trying."
What do you think? Is Rose right to ignore the cease-and-desist letter, even
if it means risking a sizable lawsuit? And if Digg gets dropped by legal action,
what does it say about the future of technical speech in public venues, forums
and the Internet? E-mail me at [email protected].
Posted by Michael Desmond on 05/02/20070 comments
Big companies like Microsoft and Intel can attract lawsuits like a mosquito
trap on a hot summer evening. After all, when you have the technology footprint
of Sasquatch, you're bound to stomp on the occasional patent or two.
At least, that's what Vertical Computer Systems contends. In a suit filed a
week ago today, Vertical complains that Microsoft
infringed on a patent for a "system and method for generating Web sites
in an arbitrary object framework." (You can also find a minimally informative
press release regarding the lawsuit here.)
The system and method in question is Vertical's SiteFlash, an XML-based technology
that (and I quote) "separates the key elements of complex Web sites --
form, content and functionality -- into individual components." It's classic
componentization, separating out domains so that changes can be made to individual
components independently.
There's no word on how much merit this action might have, or if Microsoft will
need to actively defend itself. But if the years-long battles with the U.S.
Department of Justice and European Union have proven anything, it's that Microsoft
is not afraid of a court challenge.
Are you surprised that Microsoft's .NET Framework is drawing legal scrutiny?
Write me at [email protected].
Posted by Michael Desmond on 04/25/20072 comments
Microsoft technical fellow Michael Howard has probably forgotten more about
secure software development than you or I will ever know. During a recent interview,
the man behind Microsoft's strategic Security Development Lifecycle (SDL) program
and the co-author of the book
Writing
Secure Code told me that young programmers entering the industry are
simply not being trained about security issues.
"Really good software engineering skills are in incredibly short supply.
We see that when we hire engineers out of school. They know nothing about building
secure software," Howard told me. "They don't know the issues -- it's
as simple as that. They don't understand the issues."
This is a lament I've heard before, and one that extends forward to deep concerns
about the general state of corporate software development. Internal development
shops are simply not doing enough to harden their code, particularly in an era
when attacks are increasingly moving to the application layer.
Howard points a finger at universities that fail to integrate security concepts
into their computer science curricula. He also singles out corporate development
shops for failing to address secure development concepts, both from a training
and operational standpoint. And that's not the worst of it, says Howard.
"You know, the most dangerous thing is the number of people who think
they know how to build secure software, when they don't. That's the scary thing,"
he said.
Is Michael Howard on to something? Tell us what your company is doing to secure
code against attacks and vulnerabilities, and how flawed development might have
helped create a crisis in the past. Write me at [email protected].
Posted by Michael Desmond on 04/25/20070 comments
Soma Somasegar and Prashant Sridharan are a couple of the heavy-hitters behind
the Visual Studio IDE. The two, along with program manager Amanda Silver, made
their way through some truly awful weather to meet with us in our Framingham
offices and talk about the imminent beta 1 release of Visual Studio "Orcas."
Rumors that Orcas could slip to May 15 and beyond seem to be off the mark.
In fact, the beta is likely to be available very soon -- within the next few
days. You can find information about Visual Studio Orcas here.
One thing is certain: Beta 1 is going to be a significant event for Visual
Studio developers. There is a raft of important new technologies represented
-- from the ASP.NET AJAX tooling to XAML support for working with WPF and sharing
projects with Expression Studio designers, to code support for Language Integrated
Query (LINQ) for advanced, programmatic data access. And that's honestly just
scratching the surface.
There will be more CTPs and, Somasegar says, at least one more public beta
before Orcas ships. We're told the WPF Designer (code-named "Cider")
module will get a lot of work after the upcoming beta. Also, word on whether
the final version of Visual Studio Orcas will include tooling for Silverlight
(previously
"WPF/E") won't emerge until the MIX07 conference starting on April
30.
Still, for the moment, the upcoming beta 1 gives Visual Studio early adopters
plenty to work with.
Do you plan to start working with the Orcas beta 1 right away? We want to hear
your takes and publish them in our next issue. Write me at [email protected]
and tell us your thoughts on the beta.
Posted by Michael Desmond on 04/18/20070 comments
As Microsoft product code names go, "WPF/E" had to be among the all-time
worst. Windows Presentation Foundation/Everywhere got its unfortunate nickname
from Windows Presentation Foundation (WPF). The idea was to convey that WPF/E
presents a subset of the incredibly rich graphics and UI environment delivered
with WPF as part of Windows Vista and the .NET Framework 3.0.
Last week, Microsoft finally coughed up a name for WPF/E: "Silverlight."
If you find the title a bit underwhelming, join the club. Microsoft, of course,
faced a tough task in putting a palatable moniker onto this vital technology.
After all, WPF/E (I mean, Silverlight) is supposed to be a lot of things to
an awful lot of people.
On the one hand, it's a decidedly Flash-like software runtime that installs
on Windows and Mac PCs so that various Web browsers (IE, Firefox, Safari) can
display video, animation, vector graphics and the like. On the other, it's a
design and development target that will feature tooling and resources for crafting
rich media for online delivery. And it's intended to cast its magic on everything
from desktop PCs to smart phones.
One thing Silverlight won't do, though, is run on Linux -- at least, not yet.
Interesting, that.
Silverlight seems to convey a couple things. One, the branding announcement
came at the National Association of Broadcasters (NAB) show, and it's clear
that Silverlight is intended to evoke the idea of the "silver screen."
Look for Microsoft to push this technology early and often on studios, broadcasters
and media providers of every stripe.
Second, Silverlight seems to convey a bit more of a "durable" presence
than its nearest competitor, Flash. It's interesting to me that Microsoft passed
on a catchy, single-syllable name (like, say, Spark) and went with a concatenation.
Ultimately, what really matters isn't the name, but the force that Microsoft
can put behind Silverlight developers. Silverlight will find itself quickly
installed on a ridiculous number of client systems, thanks to the wonders of
Windows Update. But what Microsoft really needs to do is convince designers
and coders that Silverlight is easier, cheaper and more effective to work with
than Flash.
Can they do it? You tell me. What would it take for you to switch allegiances
from Flash to Silverlight? Write me at [email protected].
Posted by Michael Desmond on 04/18/20070 comments
As a guest columnist filling in for Doug Barney in
Monday's
edition of the Redmond Report newsletter, I opined on reports of former
Microsoft executive Charles Simonyi's $20 million-plus orbital joyride on a
Russian Soyuz rocket.
Since Monday, the man behind Excel, Word and, later, Microsoft Office has
been kickin' it with astronauts on the International Space Station. In addition
to helping perform sundry experiments on the station, Simonyi also showed up
at the ISS door with a gift from Martha Stewart -- a gourmet dinner of quail,
duck breast, chicken parmentier and rice pudding that was specifically prepared
for microgravity.
One thing is certain. The ante for enriched ex-Microsofties has officially
been upped. By about 220 miles. And it looks like Bill Gates may be taking the
orbital bait, if the second-hand account from Russian cosmonaut Fyodor Yurchikhin
is to be believed. You can read about it here.
Closer to home, NASA recently announced a program called CosmosCode, an open
source project designed to bring together developers to work on software for
future manned space missions. The idea is simple: Catch the kind of lightning
in a bottle that helped charge popular software like Linux, Apache Web server,
OpenOffice and Firefox.
You can find more information about CosmosCode at the NASA CoLab Web site here.
It's an intriguing concept, and one that brings up an interesting question.
Would you want your space shuttle flight software provided by a distributed,
open source project? More to the point, is there any software that shouldn't
be developed under open source? Write me at [email protected].
Posted by Michael Desmond on 04/11/20070 comments
Back in February,
Redmond Developer News reported on the
release
of a community technology preview of Enterprise Library 3.0.
The software enables developers to streamline common enterprise application
development tasks for .NET-aware projects and improve overall code quality.
The final version of Enterprise Library 3.0 went live on Friday.
Tom Hollander, product manager in the Microsoft Patterns & Practices Group,
says this latest version will prove much less troublesome to deploy than earlier
editions of Enterprise Library, which had to keep pace with major changes to
the underlying .NET Framework.
"It really just builds on what the two first major releases really provided.
A lot of people are still wearing some scars, as we are ourselves, in the upgrade
from Enterprise Library version 1 to version 2," says Hollander. "There
were quite a number of breaking changes in that release. We are very pleased
that the changes between version 3 and version 2 are much, much, much simpler."
Key updates to the new library include Validation Application Block, which
integrates with Windows Forms, ASP.NET or WCF to provide data validation, and
Policy Injection Application Block, which Hollander says "separates cross-cutting
concerns from the core business logic."
Perhaps most interesting is the Application Block Software Factory, which Hollander
says uses Guidance Packages or Guidance Automation to generate code within Visual
Studio that conforms to a particular architectural style. Hollander says Microsoft
will be releasing new software factories, though there was no information on
what types of scenarios these might target.
For more information on Enterprise Library 3.0, visit the download page here.
Posted by Michael Desmond on 04/11/20070 comments
"Computers have enabled people to make more mistakes faster than almost
any invention in history, with the possible exception of tequila and hand
guns." --Mitch Ratcliffe
After a recent announcement by threat identification and remediation tools
vendor Fortify Software, maybe we should add AJAX to that list. The company
says a security vulnerability could make AJAX-based applications susceptible
to "JavaScipt hijacking," which lets unauthorized parties read private
content within JavaScript messages. You can read all about it in Jeffrey Schwartz's
article here.
Of course, JavaScript exploits are nothing new. In January, Adobe
kicked off a bit of JavaScript madness with its thoughtless implementation
of JavaScript in the ubiquitous Acrobat browser plug-in. The setup pretty much
opened the floodgates to phishers -- all they needed to do was get someone to
click on a valid PDF file link.
But Brian Chess, co-founder and chief scientist at Fortify, says this is not
your father's browser-based security problem. "It's not a new name for
an old kind of problem. This is a new JavaScript-related problem that arises
in AJAX-style applications," Chess said.
At issue are the AJAX frameworks and client-side libraries used for AJAX development,
which Fortify found are often not designed to prevent JavaScript hijacking.
The Microsoft ASP.NET AJAX tool (code-named Atlas), Google Web Toolkit and libraries
such as Prototype, DoJo and Yahoo! UI are all affected, says Fortify.
The good news? Patching the hole should be quick work for tool providers, and
developers can certainly prevent private information from being transmitted
without authentication. Of course, all this argues back to the biggest issue
with JavaScript and, going forward, AJAX. That is: In an era of intensely connected
applications, you cannot afford to write crappy code.
What do you think? If we set down the hand guns and tequila bottles and focus
on writing good code, can we ever hope to avoid calamitous mistakes? How is
your company making sure its AJAX code isn't vulnerable? E-mail me at [email protected].
Posted by Michael Desmond on 04/04/20070 comments
I spent a little time this week speaking with Alex Papadimoulis, better known
as the man who runs TheDailyWTF.com, recently renamed "
Worse
Than Failure." His site recounts tales of disastrous development, from
project management gone spectacularly bad to inexplicable coding choices. Over
the past three or four years, Alex has seen a lot of bad programming, and he
offers a few solutions in an interview to appear in the April 15 issue of
Redmond
Developer News.
"It's amazing. It's kind of disheartening to see how this is just so common
in the industry," he says of the epic programming meltdowns. "It really
shows that the industry as a whole has a lot of maturing to do. We're getting
there. But it's the same pattern, time and time again."
Papadimoulis says programmers are often their own worst enemy, creating overly
complex systems to solve problems that haven't emerged yet. His solution? Simplify.
Focus on the challenge at hand, rather than build lofty frameworks and systems
in the hope of shortcutting an issue down the road.
Is it frustrating, watching allegedly smart people make the same mistakes over
and over? Absolutely, says Papadimoulis.
"At the same time, we can have fun laughing at it because we all have
the same experience each day. And there's a lot of take-away to these stories
and how to avoid these things yourself," he says.
Have you learned from bitter experience? We'd love to hear your stories of
great WTF moments in development. Maybe, just maybe, you can save one of our
readers from making the same, tragic mistake. Write me at [email protected].
Posted by Michael Desmond on 04/04/20070 comments
Being the father of a 10-year-old son, I know a thing or two about the frustrations,
joys and pride that come from a decade of parental toil. So I think I might
have some clue how Prashant Sridharan, senior product manager for Visual Studio
at Microsoft, felt on Tuesday, when he gave a
keynote
speech about Visual Studio at the VSLive! conference in San Francisco. I
spoke to him soon after that speech.
"I've been around all 10 years -- I started out as a peon," he recalled.
"Ten years ago the idea was let's build one unified environment for all
developers. Let's build one integrated environment that would enable you to
share services across your projects and your language types, et cetera."
What started with Visual Studio 97 as a decidedly kludgy solution (he describes
languages like J++ and Visual InterDev being "sort of glommed on")
has grown remarkably in 10 years. Today, Visual Studio is a well-integrated
and expansive tool that allows for powerful plug-ins, rich features and guidance,
and increasingly comprehensive language support, as witnessed through the emergence
of Visual Studio tools for Ruby, PHP and other dynamic languages.
Of course, a lot of effort lately has been expended in stretching Visual Studio
both out and up. Various Team System flavors of Visual Studio have helped rope
in critical project tracking and management activities. And recent extensions
to the brand -- like Visual Studio Tools for Office and Visual Studio Tools
for Applications -- are bringing the development interface to new classes of
users.
What's next for Visual Studio? Obviously Orcas, which should finally pay off
on the foundational promise of .NET Framework 3.0 when the new IDE emerges late
this year or early next. Orcas remains months away, but like a parent who worries
about his 10-year-old's college prospects, I couldn't resist asking Sridharan
what's next.
"I don't even presume to know of programmer productivity level -- Anders
Hejlsberg productivity level -- that is going to happen. But I can trace the
meta trends of the industry," Sridharan said. "Larger and larger software
teams, and larger and more complex products will come out. More geographically
dispersed development teams. More complex projects. I look at the size and scope
and complexity of teams, and it is going to create a lot of problems in the
software development process."
Did you use Visual Studio during its early years? We'd love to hear how Microsoft's
IDE has evolved in the past decade. E-mail me with your takes at [email protected].
Posted by Michael Desmond on 03/28/20070 comments
They say bad news always comes in threes, and for loyal developer groups that
could be the case. When Visual Basic 6 is fully retired
in March 2008, it will be the last version of VB not slaved to the managed code
model of .NET. While the tools will still work and VB6 apps would continue to
run, the "retirement" of VB6 means no more updates, fixes, patches
and upgrades to meet emerging platforms.
Then came the news last week that FoxPro, the uniquely capable data-savvy development
platform, would see its last tweaks with the "Sedna" project and the
Visual FoxPro Service Pack 2 release. There
will be no version 10, says Microsoft, though the Sedna extensions and other
components have been released into the wild as open source code.
So I shouldn't have been surprised when Burton Group analyst Peter O'Kelly
mentioned that Visual Basic for Applications (VBA) could be next. The long-running
macro and programming tool for Microsoft Office has been sharing the stage with
Visual Studio Tools for Applications and Visual Studio Tools for Office. But
with Microsoft working overtime to turn Visual Studio into the ubiquitous face
of Windows-based development, the writing has been on the wall.
We're working on a feature now that talks about these retirements, what they
mean for developers and what strategies dev shops can take to adjust to the
changes (including migrating to new languages and tools). We'd like to feature
your experience and insight. Write me at [email protected],
and you could be featured in an upcoming issue of Redmond Developer News.
Posted by Michael Desmond on 03/28/20070 comments