All posts by onlyconnect

flash, java, linux, open source, vista

Ubuntu Hardy Heron – very cool

I had a spare desktop after upgrading my Vista box – at least, I popped my old motherboard in a spare case and added a hard drive. It seemed a good opportunity to try Ubuntu Hardy Heron. Ubuntu has a policy of  upgrading its Linux distribution every six months, in April and October, and Hardy Heron is this year’s April release. I tried a late beta, since final release is not until the end of the month. Burned a CD, stuck it in the drive, and installed it.

The install went smoothly. The main hassle with Ubuntu, and most other Linux distros, is that there are a few add-ons which you can’t easily do without, but which are excluded from the main release either for legal reasons, or because they are proprietary. For example, I tried to play a DVD, but the Totem movie player said it did not have the right GStreamer plugin. It would be nice if Ubuntu had a one-click install, something like “OK, I give in, give me libdvdcss2, give me Flash, give me Java, and I’ll take the consequences.” I fiddled around with Medibuntu, then realised you can get something close to a one-click install if you add ubuntu-restricted-extras to the repository. It didn’t actually take too long before I was up and running: DVDs played, YouTube worked, Java worked. I also added the NVIDIA proprietary driver which is needed to enable the Compiz Fusion 3D desktop. That one was easy: Ubuntu prompted me to do it.

The “what’s new” list includes Linux kernel 2.6.24, Firefox 3 (although still in beta), and better virtualization support with KVM. Gnome is updated to 2.22. Think incremental rather than dramatic changes.

Subjectively, Ubuntu performs better on the same hardware than Vista. There is just less waiting around. I had some fun connecting to my Vista desktop using the Terminal Server client. Then I pressed Windows-Tab to cycle between applications (note the cool reflections):

The key factor for Ubuntu is not features, but usability. In this respect, it seems to get better every time I look.

Technorati tags: , , ,
internet, software development, web authoring

Reality strikes for Blog Friends Facebook app

1 Comment

Just spotted this sad note from the developers of one of the few Facebook apps I’ve enjoyed using, Blog Friends. The app combines blog aggregation with social networking, and does a good job of highlighting interesting posts you might otherwise miss:

Although it appears simple on the surface, Blog Friends is actually an unusually complex and resource-intensive application to maintain and grow …. the way that Blog Friends is currently tied into the Facebook Platform means we have been at the mercy of Facebook’s frequent modifications of their Platform specifications, and that has also been another disabling factor for us.

What is needed is a complete rewrite of Blog Friends, one that makes it properly scaleable and independent of Facebook. As you can imagine, this is a huge undertaking and unfortunately we don’t have the resource or money to do this; we have never inflicted any advertising on you our users, so we haven’t made a penny in revenue from Blog Friends.

We’re shutting down, as of today.

It’s tough to prosper without a sane business model; and it’s tough to survive on some third-party’s proprietary platform.

Proprietary platforms love developers (Ballmer’s battle cry, remember), because they add value. They are risky for developers though, because the platform owner can change the rules.

Is Bubble 2.0 going to end the same way as Bubble 1.0?

microsoft, software development

Microsoft discusses next-gen MSDN … on Facebook

2 Comments

According to this blog post, Microsoft is setting up a buzz group on Facebook to discuss the next generation of its online documentation for developers, the MSDN (Microsoft Developer Network) Library:

We have put a facebook group together to aggregate together the folks who want to work with us to provide feedback, usability and ideas for the next generation of the MSDN Library. We call this project Library 3.0 and we will be organizing events and presentations from this group to bring us together on the project. My goal is build quorum of members over the next months with kickoff’s in late May for the first events.

It’s an interesting place to hold the discussion. Yes, Microsoft has a small stake in Facebook; but it also runs a vast network of technical communities and is doing great business with its Sharepoint collaboration platform. So why use Facebook?

Of course, two key areas that need improving in MSDN are collaboration and search, so you could argue that choosing a third-party platform for collaborating on MSDN itself is significant.

Then again, it’s probably more to do with internal red tape. What’s easier: getting corporate agreement on some new developer relations initiative and setting up the infrastructure, or just sticking a new group on Facebook?

If you are interested, the group is here. Currently it has no content or discussion whatsoever. Not a good start; but there’s time…

Technorati tags: , ,
codegear, java, microsoft, vista, windows

JBuilder 2008 and Vista’s Program Compatibility Assistant

One of Vista’s annoyances is this dialog, which you may see shortly after installing an application:

As you can see, I got this after installing CodeGear’s new JBuilder. The reason it annoys me is that it doesn’t tell you what “compatibility settings” it has applied. In this case, even if you go to JBuilder.exe in Explorer and view its properties, you will find all the compatibility options unchecked. So what has it done?

Of course I clicked “What settings are applied”. Here’s what it says:

As you can see, this still does not tell you what settings are applied. By the way, Group Policy enables you to disable the Program Compatibility Assistant completely, but does not show the settings for individual applications.

I ran the registry editor, and found this entry:

It looks like the Persisted key tells Vista which applications have already had settings applied, while the Layers key tells Vista what settings to apply. ELEVATECREATEPROCESS lets the application create child processes which require admin rights, though they still raise a UAC prompt.

I also found this Microsoft article which does a good job of explaining how the Compatibility Assistant works. It appears that JBuilder 2008 tries to run something which requires administrator permissions, but does not use the  correct Vista technique for doing so. I soon found out what it is:

It’s running regedit, and exporting some keys that appear to relate to Mozilla’s Gecko Runtime project, for embedding a browser in an application. Unfortunately it does this (twice) every time it runs, which is unlikely to be necessary. You would have thought there would be a better way to use these registry entries, than exporting a temporary file.

Conclusions? None really; I just wanted to know what this annoying wizard does. A couple of observations though. First, it’s careless of CodeGear to let JBuilder 2008 out like this. It just looks bad, to have your app identified as an old one that needs compatibility help.

Second, if you read Microsoft’s article you’ll notice that among other things Vista “instruments” the CreateProcess API call in order to make this work. There must be a performance impact. I guess Microsoft will say it is a small one; but I guess it also makes its little contribution to Vista’s overall performance issues.

Uncategorized

Microsoft’s business model for Silverlight

3 Comments

Pretty vague. As you’d expect. In this excellent interview Microsoft’s developer division VP Scott Guthrie cites three revenue opportunities:

  • Tools and servers
  • Customer engagement leading to ad sales
  • As a platform for other, presumably profitable, apps

I’m most interested in the third of these. By the way, I like Silverlight. Cross-platform .NET has been a personal interest of mine for ever. In 2002 I wrote an introductory article about .NET, and said:

It would do .Net enormous good if it became a credible cross-platform contender, say on Windows, Linux and the Mac. It would do Microsoft enormous good if it could be seen to work with the open source community in the same way as IBM does so successfully.

Six years on, the cross-platform potential in .NET is finally coming together. However, it is as a web-based runtime, rather than as a desktop runtime. That wasn’t quite what I expected back in 2002, but it is no bad thing. If Microsoft is serious about refactoring all its software for cloud services, as Ray Ozzie stated at Mix08, then Silverlight could be a key enabling technology, giving a rich desktop-like experience but in browser-hosted applications.

I was also interested in Guthrie’s comments on open source:

…people in the Linux community are much more likely to trust Novell and, specifically, Miguel [de Icaza] and the Mono Project and feel like, “Okay — if it is open source, I can get access to all the source [code]. You’re telling me that I can snap the source and build it myself if you’re not doing a good job? Okay, that’s interesting.” The higher level libraries that we are distributing — our controls and things like that — those will just work on the Linux version of Silverlight. They can take our source and use them for that.

Microsoft isn’t posting its source for the Silverlight runtime, but it is supporting an official open source implementation. That’s an intriguing distinction versus Flash, which has open source implementations none of which have taken off. Adobe has open-sourced Flex, but not the Flash runtime. However, note Guthrie’s comment:

We actually deliver the media graphics stack to Novell, so we use the same video pipeline and same media pipeline on the Linux version as on the Windows and Mac versions.

So that “media graphics stack”, is that open source? I suspect not but would be glad to be proved wrong. This point might make a difference to Linux distributions that exclude proprietary software by default.

Finally, Guthrie makes some remarks about Adobe AIR and the fact that Silverlight doesn’t have an equivalent cross-platform desktop engine. He says businesses are more interested in a “web-based model”, and observes that the full .NET and WPF stack is already a desktop runtime.

I’m not sure that this is a big deal. It wouldn’t be a huge step to host Silverlight in a cross-platform desktop application, for example by including it in a browser control. At the 2007 Mix, the New York Times folk told me they intended to do this with Times Reader. We are also going to see a number of different approaches to this problem. Mozilla is working on desktop integration for browser apps. Google shows a desktop shortcut in its introductory video for offline access. I recall Adobe’s Kevin Lynch remarking on the psychological barrier to opening a browser application when offline, as being one of the motivations for developing AIR, but there is more than one way to mitigate this.

microsoft, software

Microsoft: OOXML has won approval as an ISO/IEC standard

1 Comment

According to Microsoft’s press release, and a document in unofficial circulation, Microsoft’s Open Office XML, an XML format for Microsoft Office, has been approved as an ISO standard.

It’s been an ugly process. That said, I suspect the spec has been significantly improved by all the attention it has received. The spat has exposed the money and politics behind standardization processes. This seems to be a theme of late: see also Blu-Ray vs HD-DVD, and even the Java Community Process.

I welcome standardization, but dislike the way both sides have put their standards wars ahead of the convenience of users.

Technorati tags: , , ,
google, security, web authoring

Is Google Gears safe?

3 Comments

I imagine that is the question most users will ask when they see this dialog:

There are a couple of things I don’t like about this dialog. First, the website is defined only by an URL. The problem is, it’s a plain http connection so there’s no SSL certificate involved, so I can’t easily check the identity of the site. This one is Google, so it’s not too difficult; but what if it is some other site? It is not particularly easy to verify the ownership of an URL; whois information is not reliable.

Second, what are the implications of my decision? If you click What is this, you get this page, which explains offline functionality but doesn’t mention security. It does mention that Gears is a beta – personally I think this should be up-front in the security warning dialog as well. Do you trust this beta software?

If you go to the Frequently Asked Questions, there is still no mention of security. Is nobody asking about it? This article is the closest I can see, but merely repeats the information in the original dialog, that Gears allows websites to write to my computer. Enquiring minds ask: where can they write data? Where can they read data? Could they install malware or execute code?

We could do with a link to this page, about the Gears security model. This tells me that Gears uses a same origin policy:

A web page with a particular scheme, host, and port can only access resources with the same scheme, host, and port.

It also says:

Google Gears data files are protected with the user’s operating system login credentials. Users with separate login names cannot access each other’s Google Gears data files, as enforced by the operating system.

The bit about “as enforced by the operating system” should be highlighted. If your users have local admin rights, as on some Windows boxes, they will be able to access files belonging to other users.

But is Gears safe? What if I’m taken in by a scam site and give it permission to use Gears?

It may not be too bad. Gears can’t write anywhere on my hard drive, only to a location in my local profile or home directory. It doesn’t use the browser cache, presumably because it isn’t reliable; it may get cleared. Still, I guess some sort of attack might be possible along the lines of: write an executable to my local resource store, then give me a link to click and run it. Gears could fill your home directory with stuff you do not want, of course, but that’s the explicit permission you give when you agree to let a site write to your computer.

This presumes that Gears does not have security bugs. There may be and probably are ways to mount attacks using Gears that I have not thought of.

Bottom line: Gears is probably fairly safe, provided that the site really is trustworthy, but it is a beta and the usual caveats apply. Check that URL carefully. Avoid Gears when used by smaller organizations that might not have sites well defended against malware. I still don’t like the dialog though; and I’m surprised that Google does not make it easier for users to examine the security issues.

This post is prompted by yesterday’s announcement of Offline access to Google Docs.

microsoft, software development, windows

Help! We’re running a VB3 app and we’ve lost the code

2 Comments

I write a programming column for Personal Computer World. A reader contacted me with a problem. He had an application which he knew was written in Visual Basic 3, but for which he did not have the source code. He now wanted to adapt it to run on Windows Mobile.

VB 3.0 came out in 1993, a mere 15 years ago but an eternity in Internet time. It was hugely popular, partly because it included the JET database engine, the same one as used by Microsoft Access. Both professionals and keen amateurs used it to create little (and not so little) business apps. VB 3.0 is 16-bit, and although these apps may still run OK on Windows XP or Vista 32-bit, though perhaps with a few cosmetic glitches, they will not run on 64-bit Windows, which has no 16-bit emulation layer.

Not many organizations are moving to 64-bit desktops just yet, though they may well do so in a couple of years, but there is still a problem if you need to adapt or port the code.

I thought this would make a fun case study so I wrote it up in the May 2008 column. I tracked down the VB3 decompiler put out some years back by Hans-Peter Diettrich, also known as Dodi. He gave me a demo version to distribute to readers. The app in question turned out to be very simple, and decompiled easily. I then imported the project into VB 6 (because later versions won’t look at VB3 apps), and finally pulled the VB6 conversion into Visual Studio 2008. Once I’d fixed up the Windows version, I created a new Compact Framework solution into which I copied code from the desktop project. Much of the code made it all the way from the VB3 original to the Compact Framework, and ran fine on my IPAQ Pocket PC.

Working with decompiled code is a bit like solving a crossword puzzle. Variable names are mangled so you have to work out what they are for. It won’t be a quick and easy process except in the simplest of cases.

The incident makes me wonder: how many business-critical apps with lost source are out there? Someone posted a cartoon recently which I can’t now track down, but it was a graveside scene. One mourner says to another, “I’m sorry to ask at a time like this, but did he say anything about source code?”

apple, microsoft, multimedia, windows

How hard can it be to play an AVI file?

3 Comments

It depends. I saw Matt Mullenweg’s post about new features in WordPress 2.5. He’s included a video in several formats, and since the embedded Flash version didn’t want to play (maybe bandwidth issues), I downloaded the AVI and double-clicked. Windows Media Player tried to play it, said it was acquiring the codec, and then played only the audio. This is what I got when I looked at properties:

Did Mullenweg include restrictive DRM on his promo for the next WordPress? Unlikely. I right-clicked and chose to open in QuickTime. QuickTime said I needed some new components to play the file, and directed me here – but without telling me which of the 10 downloads on offer might fix the problem.

I right-clicked again and chose VLC. Perfect playback. But I was intrigued. I looked at the Stream and Media info in VLC and found that the video codec was TSCC. I looked this up and found it here. It is the TechSmith screen recording codec. I downloaded and installed the TSCC codec (ignoring Vista’s insistence that it “did not install correctly”) and now the file plays fine in both WMP and QuickTime.

Still, I have a couple of questions. If TSCC is a reasonably well-known codec, how come these players are not smart enough to direct users to the right download, or at least display the name of the codec to make it a little easier to find?

Second, why does WMP think media usage rights are missing? More Windows DRM madness.

Note: the problem with AVI is that it is just a way of bundling audio and video into one file. There are many possible formats for the internal streams, so just because one AVI file plays OK, it doesn’t mean that another will. Hassles like this are one of the reasons Flash video is so popular.

internet, microsoft, software, windows

Small Business Server 2008: no ISA Server, no built-in tape backup

16 Comments

I have caught up a little with what is coming in Small Business Server 2008, code-named Cougar. Short version: Microsoft is focusing on ease of use but omitting some of the features that made previous versions attractive. This will be an upgrade headache if you used those features.

The new version is 64-bit only and includes Exchange Server 2007, Sharepoint Services 3.0 and WSUS (Windows Server Update Services) 3.0 as standard. Go Premium to get SQL Server 2008 and a license for a second server (which can be 32-bit).

Program Manager Sean Daniel says in an interview (video) that the install is easier than before, and that wizards are scenario-based rather than task-based. I think this means that more decisions are taken for you. However, two changes have caused some consternation.

The first is that tape backup is no longer built in. The new backup system only supports external USB or FireWire drives. I’m not sure about backup over the network; it would be silly to omit this, but who knows? It is based on differential backup, which means you can backup in 10 minutes and do it every hour if you like.

Microsoft says this is because external drives are cheaper than tapes, and that most SBS users have moved to hard drive backup in any case. This is true unless you have a lot of tapes. However, tape advocates point out that tapes are more robust in transit and safer for archiving. Personally I’ve had problems with the cheapest bus-powered external drives, mainly because of the power being inadequate, but I’d hope that up-to-date hardware fixes this. If you still love tape, the solution is to buy a third-party tape backup system.

The other big omission is ISA Server, Microsoft’s firewall and proxy server. This is a bigger deal. ISA is a complex but sophisticated product that requires two network cards to be installed. If you can work out how to administer it, it provides extra security in conjunction with an external firewall, and numerous features for publishing internal servers and services. Why has it been dropped? Daniel makes a curious comment in this Q&A:

I am as disappointed as you with this. Certain circumstances with the changes in Longhorn server left us without firewall solution in our standard product. We attempted to move ISA into the standard product, but legal issues prevented this. There was nothing we could do.

Legal issues? This is a Microsoft product bundled with a Microsoft product. I wonder if he means internal politics?

In particular, note that there is a new multi-server bundle called Windows Essential Business Server 2008, which does include ISA.

So what do you do if you have a full-works, dual-NIC SBS 2003 box and want to upgrade? There’s no in-place upgrade, because this is 32-bit to 64-bit; and the disappearance of ISA means you have to rethink your network architecture, or upgrade to the aforementioned EBS.

Two things disappoint me here. One is that Microsoft is pushing small businesses towards multiple servers, in SBS Premium or EBS. Although this has administrative advantages, it’s not very green, it’s losing the essence of what SBS was about, and seems out of tune with the more general industry move towards fewer servers and virtualization.

The second disappointment is that Microsoft seems to be pretty much ignoring the cloud. I may be wrong: the blurb says “Integration with Microsoft Office Live Services Small Business”, though I’m not sure what this amounts to. Personally I reckon the cloud is the future for the niche that SBS fills. I’d design SBS Next as a local cache for cloud services.