Blogs

This Blog

News

Favorite Posts

Archives

ctodx

Discussions, news and rants from the CTO of DevExpress, Julian M Bucknall

August 2008 - Posts

  • Silverlight Control Builder Contest '08 complete

    A couple of days ago the Silverlight Control Builder Contest '08 that Page Brooks organized came to an end. He'd managed to convince a whole bunch of vendors like ourselves to pony up prizes (ours was a subscription to DXperience Universal and a $500 gift certificate to NewEgg) and had managed to amass something like $17,000 worth.

    So how did it go? Well, unfortunately that was a problem. Only one person entered, Faisal Waris, and of course he won. Despite this, he didn't win with a piddly progressbar control or something, but instead created a stunning FishEyeGrid control for Silverlight -- you should certainly go and check it out. (Note, for some reason it wasn't working for me in Firefox 3, so use IE7.) Certainly a worthy winner.

    Many congratulations to Faisal. The part of your prize from DevExpress is on its way.

    But my post is not about Faisal's winning entry, it's about what went awry. Why only one entrant? That's a real shame. I came up with some thoughts:

    1. The competition was for US developers only. As it happens, I can understand this: in the past we've looked at whether we could organize a competition in the same vein as this and the legalities can be overwhelming. Just in the US there are rules and laws about giving away prizes (for instance, the rule that everyone has heard of: "No purchase necessary"). I can't imagine what it's like in other countries; it could be there's tax liabilities or to give away a prize you have to have a legal office/address in that country, for example. Anyway, in this international, interconnected day and age it's all a bit of a mess.

    2. It's hard creating controls for Silverlight. OK, I'm being more jokey than serious.

    3. Silverlight is still too new for many people to have gained expertise in writing controls. Applications, maybe; controls, not so much. This is perhaps a better reason than 2. Although there is a lot of buzz about Silverlight 2, it is still in beta and not many workplaces will be using it yet, or even experimenting with it. So without work-related experience, you're left to play around with it at home in your spare time. And of course, there's a lot from Microsoft in the same space jockeying for your attention and learning abilities (WPF, ASP.NET MVC, etc). And, to be honest, not many people write controls (and most of them would be working for companies like Developer Express Wink.

    4. There wasn't enough time. A difficult one this: you want to give the potential contestants well enough time to experiment and design and write something, but you don't want to make it so long that the buzz dissipates and people say "uh, what contest?"

    5. It takes a lot of time to create a compelling control that would win a competition. And as we all know, time equals money. Perhaps the $17,000 of prizes didn't have enough in gift cards/money/cheques to make it worthwhile. Sure it's nice to have the top of the range products from us and our fellow prize-giving vendors, but in the end a lot of the contestant's spare time goes into this. I calculate $1000 in certificates that can be used to buy "stuff" to repay your efforts for the first prize, $475 for second place, $200 for third place. Maybe that's not compelling enough to sink many tens of hours into the contest.

    6. There was no registration. Without that Page had no real idea about how many people were considering entering the contest nor who they were, so he couldn't email all the registrants a week from the end to say, how are you doing?, are you going to finish? Without that knowledge, it becomes hard to make a decision to, say, extend the contest another week. With registration, more people might have persevered -- it's like signing up for a beta, you tend to feel compelled to try it out.

    Nevertheless, it was a good contest and, as I say, well organized by Page and we all got a great control from Faisal that everyone can use.

  • .NET Framework Assistant

    When you install the .NET Framework 3.5 SP1 that was released today, and you're running Firefox 3 as your browser du choix, the next time you run Firefox you'll get the Add-Ons dialog showing you that a new add-on has been installed.

    image

    Funny that, I don't remember okaying that particular choice, but anyway. I'm about to install SP1 on another machine, so I'll look out for it.

    This add-on provides click-once support for Firefox and also will report back to whatever web server is asking the latest version of .NET that you're using. Back in May, Scott Guthrie reported that this would be part of the SP1 beta, although it's fun to try and find it:

    ClickOnce Client Application Deployment Improvements

    • ...blah blah...
    • FireFox browser extension to support Clickonce installations using FireFox browsers

    Just a friendly heads-up from your homies at DevExpress...

  • Is .NET too successful?

    Over the past few months I've been reading of rumblings in the .NET blogosphere about the directions Microsoft is taking with .NET.

    The poster child for these rumblings is the dichotomy between LINQ to SQL and the ADO Entity Framework (EF). Both in essence are used to get data from your database engine into your .NET application, both implement an ORM (object-relational mapping), but it's not really clear which one to use. So there's a whole cottage industry that's grown up around this, with many august commentators opining for their readers which they'd go for (just google for "LINQ to SQL" "Entity Framework").

    It turns out the reason there are two frameworks that have such wide overlap is that, ta-da!, they were written by two different teams at Microsoft. LINQ to SQL was written by the C# team, whereas EF came about through some long-winded gestation (I'm visualizing that scene from one of the Lord of the Rings movies where you see the orcs been "born") from something called Object Spaces and is owned by the ADO.NET team. LINQ to SQL was recently given over to the ADO.NET team.

    Roger Jennings, in a post from May this year, wonders whether the ADO.NET team are just going to abandon LINQ to SQL. It's crippled in the sense that it only works with SQL Server and, as I said, there's a great deal of overlap between it, and EF. Why have 2 official ORMs when just having one will do?

    And another example: the Patterns and Practices (P&P) group at Microsoft have been producing "best practices" type libraries, such as CAB, for a long time. Last year, just before TechEd, there was a flurry of information about a new product codenamed Acropolis that seemed to replicate a lot of what the P&P group were doing, but in a shiny new framework with designer support in Visual Studio. By October it had gone, its ideas to be subsumed in P&P and eventually the .NET framework itself. P&P has expanded its repertoire of libraries since.

    And of course we have WPF, WCF and WF, all frameworks that expand on the basic .NET Framework. Ditto ASP.NET MVC. Poor old Visual Studio just can't keep up, which is unfortunate since they all really need VS's discoverability and designers to make them easier to use. So there's more blogging advice from august commentators...

    The .NET Framework no longer seems to be single and indivisible. Instead it's turning into this multiheaded hydra, a victim of its own ease-of-use and productivity enhancers. Different teams at Microsoft seem to be producing libraries and frameworks as quickly as possible without anyone having much of any control over the process to try and unify them. David Worthington of SD Times seems to have a key to someone's filing cabinet at Microsoft, since he's quoting from yet another internal memo about exactly this issue in his latest article.

    I don't know quite honestly what the answer to this might be. In one sense, it's great to get all this functionality flowing out of Microsoft. On the other, it just makes the whole process of developing with the .NET Framework that much more complex. Also, looking at it from our viewpoint, should we try and support everything that it makes sense for us to do? Wouldn't that spread us too thin, meaning our existing products and customers getting reduced love, but getting more marketing hits for new anemic products that support the latest framework/library? Or should we be more cautious, and test the waters a little with some experimental products before jumping in or retiring?

    This is all a shame since the .NET universe was so much simpler than the previous COM and ActiveX universe. Are we getting to the point when another super abstraction is needed to make .NET simpler. together with full support in Visual Studio?

  • New VCL spell checking component

    Alongside the new version of our VCL pivot table control, ExpressPivotGrid 2, that Ray introduced here, we are debuting our new spell checking component, ExpressSpellChecker, in the same release.

    This component provides you with an uncomplicated way in which you can add Microsoft® Office® style spell checking capabilities into your next Windows® application. Features include:

    • Built-in support for Ispell and OpenOffice dictionaries.
    • The ability to check text in standard text editors as well as in DevExpress text input controls.
    • If you do use text input controls from Developer Express, words that aren't in the dictionary can be underlined.
    • The ExpressSpellChecker automatically checks spelling as you type, word by word. This is done in a separate thread without affecting the responsiveness of your UI.
    • Custom dictionary support is provided and uses a plain text format.
    • Dictionary dialogs allow end-users to add unrecognized words to a dictionary, so that they can build a custom word list as they work.
    • There is a choice of two error indication dialogs, the dialogs that allow users to correct spelling mistakes. Both replicate dialogs found in Microsoft Office:

      image
    • Pre-built Options editor. Options include the ability to ignore emails, URLs, mixed case/upper-case words, repeated words and words with numbers within them:

      image
    • You can force the spell checker to start scanning the text from the current cursor position or to check the current selection first.
    • Error correction can be done using a customizable built-in context menu:

      image
    • The ExpressSpellChecker's API includes methods to spell check an arbitrary string, the content of a text editor, or the content of all text editor controls within a specified container.
    • The spell checker provides a complete set of events to allow you to manage the spell checking process - including the suppression of built-in forms, modifications to suggestion lists, skipped words, manual error processing, etc.

    The Developer Express VCL spell-checking component will be available with the VCL Subscription.

    [Supported compilers: Delphi 7, Delphi 2005, Delphi 2006, Delphi 2007, C++Builder 2007]

  • Security is broken when you leave it to end-users

    And before you think I'm slamming those damn lusers, think again. I'm including you and me in this.

    A couple of weeks ago, I took my wife's car in for a recall. Since I work at home and she works downtown and the dealer is the other side of downtown, I said I'd drop her off at work, drop the car off for its service, and drive home in the loaner car. No problem, everything went as planned until I got home...

    ...When I realized that I didn't have a front door key, and I didn't have the garage door remote. It was pointless going back to the dealer since my wife's garage door opener is built into her car (it's a feature of some Acuras - a programmable remote). I was stuck outside my own house.

    Needless to say, I managed to get in. No, I'm not telling you how, but it scared me that I was able to do it without any expensive damage, and that no one saw me do it either and I consider our neighborhood to be safe and crime-free. The whole episode made me think about security and how we take it for granted and how easily it can be subverted.

    Another story. At the end of June, we were visiting my parents-in-law, when my father-in-law asked me some questions about viruses; the computer kind, not the biological kind. This led me to a demonstration of why Vista's UAC (User Account Control) was such a good idea. It heartened me that he had hardly ever come across the "dreaded" UAC dialog, meaning that for many people it's pretty invisible. I showed him how the UAC dialog will come up whenever the system detects that something is about to alter the system itself, such as installing a program. I drilled it into him that he should always click Cancel if it ever came up in his normal interactions with his computer, but that if he initiated the event that caused the UAC dialog then he was free to click Allow, although he should think about it first.

    But there's a big problem with UAC and any other method of asking the end-user permission to do something when the end-user doesn't have the expertise needed to properly assess the risks: social engineering. Social engineering is the technique of fooling people into revealing secret information or of making them do something they shouldn't do. There are many examples of this:

    • Phishing emails. You get an email from your bank, you click on the link, you go to a site which looks exactly like your bank's website and you enter your userid and password. You get a page saying, due to high workload the site is temporarily down, please try again later, but of course the baddies are already making off with your savings.
    • CNN Top Ten lists. (Man, I'm getting sick of these.) The latest scam email purports to come from CNN.com, lists some kind of Top Ten set of videos. Each item is a link. Click on the link and you go to a page with a video, but, alas, it seems your video player is out-of-date, so could you install this latest version? Ta. Oops, the install seems to have failed, but we did mange to install a bot without you knowing. Welcome to the Storm botnet.
    • You get a phone call, an automated recording, saying that your car's warranty is about to expire and you only have a very short amount of time to buy an extended warranty. Press 1 to talk to an operator. You break out in a sweat, press 1, talk to someone, pass over your credit card details, etc, put the phone down before you realize that they didn't know what car you had, how old it was, whether it had a warranty or not.
    • You can't afford some software, so you go looking for cracked versions on warez sites. You find a zip of the application you want and download and install it. Well, we know what happens next. Pwned!

    The common theme to these examples is that the point of failure is the human being. We are conditioned to be trustful. In general the people we meet and talk to are not trying to fleece us, so when someone who acts trustful towards us, we can easily be duped by them. It also seems that we are also unable to evaluate risks properly: if something has low friction (clicking on a link) we'll ignore the risks, when we know we should go the long, but less risky, way round (type the URL into the address bar).

    Security is hard to get right. Not only that, it's downright difficult to patch on afterwards. If we write a program we should think about the security issues right up front. We should build in security so that the end-user doesn't have to think or worry about it. For example, are you going to have an auto-update option in your software? How can the user be sure that the update is coming from you? Perhaps a digital signature might be the answer, maybe something else entirely, but you should think about this first and not tack it on when the software is complete. Consider doing a threat analysis.

    Security is also about education and risk-assessment. Educate your users on what to expect with your software and with your company, and train them to contact you if something else happens. Keep it simple. If you trade using the foobar.com domain, don't suddenly send your users emails from foobar-thatsus.ru (and if you do, and some users respond, then someone wasn't listening). Learn how to assess risks as well. This is a much harder lesson to learn, and, to be honest, just taking airport security as an example, you shouldn't feel bad that you may get it wrong some of the time.

    And make sure you carry your front door key with you at all times.

  • Some Clouds Dissipate

    It seems that someone at the US Patent and Trademark Office (USPTO) finally realized that "laughingstock" and "USPTO" should no longer be in the same sentence.

    The USPTO has canceled the Notice of Allowance for Dell to trademark "Cloud Computing", which I mentioned in this post. Phew.

    I wonder if this same person is now going to look at some of the more, er, obvious patents that have or are about to be granted. Did you know for example Microsoft has a patent on the three-ring binder? Issued in November 2007?

  • The Cloud Thickens

    For several years now it seems, pundits have been talking about software as a service (SaaS) and how it's about to take off. This is the idea that people would prefer not to buy their software outright, but to rent those bits they need. Of course, in order to facilitate rented software, you have to have a medium for distribution, and furthermore one with high bandwidth. Enter the broadband Internet, and for the first time we're getting close to having SaaS a day-to-day reality. SaaS and broadband are known ubiquitously as Cloud Computing.

    Many times though, it's hard to see where the payment part of "renting" comes in. Many services and many SaaS sites are free, and I would guess they rely on advertising revenue or premium levels to make their profits.

    Some examples:

    • Amazon Web Services. Essentially in two parts: S3 (Amazon Simple Storage Component) and EC2 (Elastic Compute Cloud). With S3 you pay for storage of data, both in terms of the amount of data and in transferring that data to and from Amazon's servers. With EC2, you pay for virtual web servers to serve up your web application. Using Amazon's services you can easily set up an online presence selling things (even software) without have to fork out a lot of money for servers and high-bandwidth Internet connections.
    • Flickr (and Picasa and photobucket and ...), the photo sharing sites. Yes, you can use Flickr for free to share your photos with everyone you want, but you can also pay money for the advanced tier allowing you more storage for photos (and believe me you soon reach the free limits). Flickr also gives you access to Picnik, which gives you the tools online to edit your photos and also comes with a premium service. With Piknik, there's no real need for a local install of Adobe Photoshop, for instance (unless you are into lots of messing around tweaking digital photos).
    • Mozy (and JungleDisk and Carbonite and ....), the online backup services. Essentially lots of online data storage and a backup program that copies your files (and compresses and encrypts them) to that data storage. JungleDisk in fact uses Amazon's S3 as the data storage. You pay a flat fee or a fee depending on the amount of data you transfer and the storage used.
    • Tax return preparation. Many tax preparation software companies now provide you the opportunity of preparing your tax returns online and electronically sending them to your "favorite" government Revenue department. OK, the computing part of this is not that onerous (what did you make? how much do you have left? send it; so the old joke goes), but the rest is.
    • Lulu. Create and publish your own book online. OK, the preparation of the book and the print-ready PDF is still a "think-client" activity, but the rest is pure cloud computing. The money is made from when a book is actually printed: Lulu take their cut then.
    • Google's online "office apps": calendars, email, sharing word-processing documents and spreadsheets and whatnot. Free for individuals, but Google would love to sell you their services if you are a business.

    This brief non-exhaustive set of examples shows that Cloud Computing is already here and making inroads into the normal retail channel. Companies like Microsoft, Google, IBM et al are pushing a lot of money into Cloud Computing and it seems that if you miss this particular boat you're toast. Heck, even BusinessWeek has just published an article about it, saying this:

    Some analysts say cloud computing represents a sea change in the way computing is done in corporations. Merrill Lynch estimates that within the next five years, the annual global market for cloud computing will surge to $95 billion. In a May 2008 report, Merrill Lynch estimated that 12% of the worldwide software market would go to the cloud in that period.

    Using anyone's yardstick, that's a lot of money.

    (You can also see how important this whole thing is: recently Dell applied for the trademark "Cloud Computing" and on July 8 this year gained a Notice of Allowance. They now have to file a Statement of Use in order to go to the next step, registration of the trademark.)

    In looking at all this, there's one area where I don't see much movement: Programming as a Service. How soon will we be able to use Visual Studio in the cloud? Basically, log into some website, spawn off a new instance of Visual Studio, say on a virtual machine, and program at a distance? Or even this: have a web development hosting website where you go to develop web software and publish it to an affiliated web hosting company (think editing your photos in Piknik and publishing them to your pages on Flickr)? Maybe not ASP.NET, but using Rails or Silverlight or Flex, say?

    I'm going to guess this is all closer than you or I think. Maybe a couple of years away? And how does this affect what we, DevExpress, do (selling frameworks and UI controls and so on)? That's to be thought about and discussed in the interim. See you then...

  • Great independent XAF blog

    So call me late to the party, but I'm going to guess all the eXpressApp Framework (XAF) gurus already know about Alex Hoffman's XAF blog. But, just in case your desert island has only just got Internet access, you may want to check it out. From my quick perusal, there are lots of good informative posts there.

« Previous page
LIVE CHAT

Chat is one of the many ways you can contact members of the DevExpress Team.
We are available Monday-Friday between 7:30am and 4:30pm Pacific Time.

If you need additional product information, write to us at info@devexpress.com or call us at +1 (818) 844-3383

FOLLOW US

DevExpress engineers feature-complete Presentation Controls, IDE Productivity Tools, Business Application Frameworks, and Reporting Systems for Visual Studio, along with high-performance HTML JS Mobile Frameworks for developers targeting iOS, Android and Windows Phone. Whether using WPF, Silverlight, ASP.NET, WinForms, HTML5 or Windows 8, DevExpress tools help you build and deliver your best in the shortest time possible.

Copyright © 1998-2014 Developer Express Inc.
All trademarks or registered trademarks are property of their respective owners