Category Archives: professional

image

Don Syme on F#

I’ve posted a lengthy interview with Don Syme, designer of Microsoft’s functional programming language F#. It covers:

  • The genesis of F#
  • Why it is in Visual Studio 2010
  • How it differs from other ML languages
  • Who should use it
  • What it brings to parallel and asynchronous programming
  • Unit testing F#
  • Future plans for F#
  • Book recommendations

One of the questions is: if I’m a C# or C++ developer, what practical, business-benefit reason is there to look at F#? Worth a read if you’ve wondered about that.

Setting up RemoteApp and secure FTP on Windows

I spent some time setting up RemoteApp and secure FTP for a small business which wanted better remote access without VPN. VPN is problematic for various reasons: it is sometimes blocked by public or hotel wifi providers, it is not suitable for poor connections, performance can be poor, and it means constantly having to think about whether your VPN tunnel is open or not. When I switched from connecting Outlook over VPN to connecting over HTTP, I found the experience better in every way; it is seamless. At least, it would be if it weren’t for the connection settings bug that changes the authentication type by itself on occasion; but I digress.

Enough to say that VPN is not always the best approach to remote access. There’s also SharePoint of course; but there are snags with that as well – it is powerful, but complex to manage, and has annoyances like poor performance when there are a large number of documents in a single folder. In addition, Explorer integration in Windows XP does not always work properly; it seems better in Vista and Windows 7.

FTP on the other hand can simply publish an existing file share to remote users. FTP can be horribly insecure; it is a common reason for usernames and passwords to passed in plain text over the internet. Fortunately Microsoft now offers an FTP service for IIS 7.0 that can be configured to require SSL for both password exchange and data transmission. I would not consider it otherwise. Note that this is different from the FTP service that ships with the original Server 2008; if you don’t have 2008 R2 you need a separate download.

So how was the setup? Pretty frustrating at the time; though now that it is all working it does not seem so bad. The problem is the number of moving parts, including your network configuration and firewall, Active Directory, IIS, digital certificates, and Windows security.

FTP is problematic anyway, thanks to its use of multiple ports. Another point of confusion is that FTP over SSL (FTPS) is not the same thing as Secure FTP (SFTP); Microsoft offers an FTPS implementation. A third issue is that neither of Microsoft’s FTP clients, Internet Explorer or the FTP command-line client, support FTP over SSL, so you have to use a third-party client like FileZilla. I also discovered that you cannot (easily) run a FTPS client behind an ISA Server firewall, which explained why my early tests failed.

Documentation for the FTP server is reasonable, though you cannot find all the information you need in one place. I also found the configuration perplexing in places. Take this dialog for example:

image

The Data Channel Port Range is disabled with no indication why – the reason is that you set it for the entire IIS server, not for a specific site. But what is the “External IP Address of Firewall”? The wording suggests the public IP address; but the example suggests an internal, private address. I used the private address and it worked.

As for RemoteApp, it is a piece of magic that lets you remote the UI of a Windows application, so it runs on the server but appears to be running locally. It is essentially the same thing as remote desktop, but with the desktop part hidden so that you only see the window of the running app. One of the attractions is that it looks more secure, since you can give a semi-trusted remote user access to specified applications only, but this security is largely illusory because under the covers it is still a remote log-in and there are ways to escalate the access to a full desktop. Open a RemoteApp link on a Mac, for example, and you get the full desktop by default, though you can tweak it to show only the application, but with a blank desktop background:

image

Setup is laborious; there’s a step by step guide that covers it well, though note that Terminal Services is now called Remote Desktop Services. I set up TS Gateway, which tunnels the Terminal Server protocol through HTTPS, so you don’t have to open any additional ports in your firewall. I also set up TS Web Access, which lets users navigate to a web page and start apps from a list, rather than having to get hold of a .RDP configuration file or setup application.

If you must run a Windows application remotely, RemoteApp is a brilliant solution, though note that you need additional Client Access Licenses for these services. Nevertheless, it is a shame that despite the high level of complexity in the configuration of TS Gateway, involving a Connection Authorization Policy and a Resource Authorization Policy, there is no setting for “only allow users to run these applications, nothing else”. You have to do this separately through Software Restriction Policies – the document Terminal Services from A to Z from Cláudio Rodrigues at WTS.Labs has a good explanation.

I noticed that Rodrigues is not impressed with the complexity of setting up RemoteApp with TS Gateway and so on on Windows Server 2008 R2:

So years ago (2003/2004) we had all that sorted out: RDP over HTTPS, Published Applications, Resource Based Load Balancing and so on and no kidding, it would not take you more than 30 minutes to get all going. Simple and elegant design. More than that, I would say, smart design.

Today after going through all the stuff required to get RDS Web Access, RDS Gateway and RDS Session Broker up and running I am simply baffled. Stunned. This is for sure the epitome of bad design. I am still banging my head in the wall just thinking about how the setup of all this makes no sense and more than that, what a steep learning curve this will be for anyone that is now on Windows Server 2003 TS.

What amazes me the most is Microsoft had YEARS to watch what others did and learn with their mistakes and then come up with something clean. Smart. Unfortunately that was not the case … Again, I am not debating if the solution at the end works. It does. I am discussing how easy it is to setup, how smart the design is and so on. And in that respect, they simply failed to deliver. I am telling you that based on 15+ years of experience doing nothing else other than TS/RDS/Citrix deployments and starting companies focused on TS/RDS development. I may look stupid indeed but I know some shit about these things.

Simplicity and clean design are key elements on any good piece of software, what someone in Redmond seems to disagree.

My own experience was not that bad, though admittedly I did not look into load balancing for this small setup. I agree though: you have to do a lot of clicking to get this stuff up and running. I am reminded of the question I asked a few months back: Should IT administration be less annoying? I think it should, if only because complexity increases the risk of mistakes, or of taking shortcuts that undermine security.

PivotViewer comes to SilverLight – data as visual collections

Microsoft has released a PivotViewer control for Silverlight. Data visualisation is a key business reason to use Silverlight or Flash rather than HTML and JavaScript for an application, so it is a significant release. But what does it do?

PivotViewer is the latest tool to come out of the Microsoft Live Labs Pivot project. Pivot is based on collections, which are sets of data where each item has an associated image. A pivot item has attributes, similar to properties, called facets; and facets have facet categories. Facet categories are used to filter and sort the data.

More complex Pivot data sets have several linked collections, or dynamic collections which are generated at runtime as a query result. This is necessary if the size of the data set is very large or even unbounded. You could create a web search, for example, that returned a pivot collection.

Once you have created and hosted your Pivot collections, most of the work of displaying them is done by the Pivot client. There is a desktop Pivot client, which is Windows-only; but the Silverlight PivotViewer is more useful since it allows a Pivot collection to be viewed in a web page. The client (or control) does most of the work of displaying, filtering and sorting your data, including a user-friendly filter panel.

PivotViewer also makes use of Deep Zoom, also known as Seadragon, which lets you view vast images over the internet while downloading only what is needed for the small section or thumbnail preview you are viewing.

The result is that a developer like Azure Technical Strategist Steve Marx was able to create a PivotViewer for Netflix with only about around 500 lines of code. This kind of product selection is a natural fit for Pivot.

I was quickly able to find the highest-rated music movies in the Netflix Instant Watch collection.

image

Starting with the full set, I checked Music and Musicals and then set Rating to 4 or over.

 

image

It seems to me that the strength of Pivot is not so much that it offers previously unavailable ways to visualise data, but more that it transforms a complex programming task into something that any developer can accomplish. Microsoft at its best; though of course it will only work on platforms where Silverlight runs.

Windows 8: detailed plans leaked, show Microsoft cycle of invent, fail, copy

No doubt crisis meetings in Redmond as plans for Windows 8, shared apparently with OEM partners, leak to the web. Of course it may all be an elaborate hoax, and even if not, the slides all state:

Disclaimer – Windows 8 discussion, this is not a plan of record

Still, it looks plausible. So what’s new?

In some ways, Windows 7 was low-hanging fruit. Simply fix what was broken in Windows Vista, make Windows faster, more reliable and more pleasant to use. Windows 8 needs to take a step forward, and according to these slides this is what is planned:

1. Elevation of the Slate as a key form factor. The slides refer to three basic form factors: Slate for web and media consumption, laptop for productivity and all-in-one touch control desktop for both.

2. 3D content display along with “HTML 5 video” and DRM, focus on DLNA.

3. Instant On, always connected. Hang on, wasn’t this promised for 7? And Vista? The docs do refer to a “New Off state” called Logoff + Hibernate, with optimised hibernate plus a “Boot/Shutdown look and feel”. The idea is that this becomes the norm for a switch off.

4. Log on with face recognition. One of the few pieces of real innovation on offer here.

5. Proximity based sleep and wake.

6. Another go at the Windows App Store. This time Microsoft is serious. Approval process. Dashboard for developers with telemetry. Auto update. Software license roams with the user, as do settings – a great idea. Partner co-branding, ho hum.

7. Reinstall or “reset” Windows while keeping apps, docs and settings. A bit like the old repair install, though the difference here seems to be that this is a genuine wipe and reinstall, with apps reinstalled from the App Store. 

8. Windows accounts “could be connected to the cloud”. I would think they must be, if the app store stuff with roaming software licenses is to work. Hooking your Windows login to a Passport ID is not new though; I’m guessing it will just be more prominent and important.

Needless to say, this is not the whole Windows 8 story, even if genuine. What do we learn though? Mainly that Microsoft is taking its lead from Apple and accepts that the App Store concept is central to our future computing experience; the Slate also seems influenced by iPad.

We are also seeing the return of Passport. Most of what was in the controversial .NET My Services from 2001 is now accepted as normal, after Google and Facebook have softened us up for the concepts.

There’s a pattern here. Microsoft gets bright idea – Tablet, Windows Marketplace, Passport. Does half-baked implementation which flops. Apple or Google works out how to do it right. Microsoft copies them.

When do we get Windows 8? You can try and puzzle out the slide on “Windows 8 product cycle” if you like; but I’d bet that it will be around three years from the release of Windows 7: mid to late 2012.

Big browser and RIA news: Canvas comes to Internet Explorer 9

I’ve just installed the third Internet Explorer Platform Preview (on a virtual machine just in case) and run through a few of the demos. One of the most impressive is Canvas Pad, which demonstrates the HTML 5 Canvas element.

image

Canvas is particularly interesting, since it provides a surface to which you can draw anything you like. Canvas support was not announced at Mix earlier this year, when IE9 was unveiled, and some of us speculated that Microsoft would omit it in order to preserve the value of its Silverlight plugin – though in doing so it would also help Adobe Flash. Well, apparently the IE9 team decided to risk it. Not only is canvas supported; it is also hardware-accelerated:

Like all of the graphics in IE9, canvas is hardware accelerated through Windows and the GPU. Hardware accelerated canvas support in IE9 illustrates the power of native HTML5 in a browser.

Is there still value in Silverlight and Flash? There is, for several reasons. A plug-in presents a predictable runtime, insulating the application from browser variations. A plugin will work on browsers that do not yet support Canvas. Further, Silverlight includes the .NET Framework with its rich library, and supports the .NET languages, whereas for HTML5 you have to use JavaScript – though don’t forget Google Web Toolkit, which compiles Java to JavaScript, and other similar projects.

Even so, once you have hardware-accelerated Canvas there will be few occasions when you absolutely have to use Flash, Silverlight or Java.

Microsoft is doing the right thing. Crippling IE for the sake of Silverlight would only push users to other browsers, so it would not achieve its goal.

A full list of what is new in IE9 is here. It is shaping up to be the most interesting new IE since version 4.0 back in 1997.

Adobe financials: strong Creative Suite 5 and Flash, claims company undervalued

Adobe has released its financial results for its second quarter, reporting $227.3 million net income (GAAP) compared to $161.4 million in the same quarter last year; and revenue of $943 million which it says is 34% year on year growth.

Much of this is thanks to a successful launch for Creative Suite 5, which accounts for 56% of Adobe’s revenue. However, Adobe has also reported 12% year-on-year growth for LiveCycle, its enterprise server products about which I learned last week in Amsterdam. The “platform” segment, which includes the Flex development tools, Cold Fusion, and Flash media services, is also growing, from $36.8 million in Q2 2009 to $45.4 million in Q2 2010.

CEO Shantanu Narayen is upbeat, saying “we believe Adobe is significantly undervalued today” and backing his judgement with a share buyback program.

I was particularly interested in the focus on Flash in Adobe’s statements and conference call:

Approximately 3.5 million Flash designers and developers are working with Flash-based solutions today, and their ranks grew by 59 percent in 2009

said Narayen; while Executive VP Mark Garrett noted:

CS5 products containing Flash authoring and output as a product component achieved revenue growth of 22% version-over-version to date

making the point that this exceeded the growth of CS5 overall.

Any clouds on the horizon? Two that I can think of. One is that Apple wants to kill Flash. CEO Steve Jobs says:

Flash was created during the PC era – for PCs and mice. Flash is a successful business for Adobe, and we can understand why they want to push it beyond PCs. But the mobile era is about low power devices, touch interfaces and open web standards – all areas where Flash falls short.

The other issue is that Adobe is dependent on Creative Suite, desktop software that arguably will be a business hard to sustain in the cloud and device era.

Still, these are good figures, the best we have seen from Adobe for a while, and despite the efforts of Steve Jobs both Adobe and Flash are prospering right now. A side-effect of Apple’s Flash downer is that competitors have hastened to support it, with Google building Flash support deeply into its Chrome browser.

Detailed figures from Adobe are here.

Adobe LiveCycle and the Apple problem

Earlier this week I attended Adobe’s partner conference in Amsterdam, or at least part of it. The sessions were closed, but I was among the judges for the second day, where partners presented solutions they had created; the ones we judged best will likely be presented at the Max conference in October.

Seeing the showcased solutions gave insight into how and why LiveCycle is being used. LiveCycle is actually a suite of products – the official site lists 14 modules – which are essentially a bunch of server applications to process and generate PDF forms and documents, combined with data services that optimise data delivery and synchronisation with Flash clients, typically built with Flex and running either in-browser or on the desktop using AIR. These two strands got twisted together when Adobe took over Macromedia.

LiveCycle applications are Java applications, and run on top of Java Enterprise Edition application servers such as Oracle’s WebLogic or IBM’s WebSphere. This does mean that support for Microsoft’s .NET platform is weak; Adobe argues that that Microsoft’s platform has its own self-contained stack and development tool (Visual Studio) which makes it not worth supporting, though of course there are ways to integrate using web services and we saw examples of this. Many of the partners whispered to me that they also build SharePoint solutions for their Microsoft platform customers, and that SharePoint 2010 is a big improvement on earlier versions for what they do. Still, Java is the more important platform in this particular area.

Why would you want to base an Enterprise application on PDF? The answer is that many business processes involve forms and workflows, and for these LiveCycle is a strong solution. PDF is widely accepted as a suitable format for publishing and archiving. One thing that cropped up in many of the solutions is digital signatures: the ability to verify that a document was produced at a certain time and date and has not been tampered with plays well with many organisations.

Here’s a quick flavour of some of the solutions we saw. Ajila AG showed an application which handles planning permission in parts of Switzerland; everything is handled using PDF form submissions and email, and apparently a process which used to take 45 days is now accomplished in 3 days. Another Ajila AG solution handles the electronic paperwork for complex financial instruments at the Swiss stock exchange. Ensemble Systems showed an e-invoicing system which includes a portal where both a company and its suppliers can log in to view and track the progress of an invoice. Impuls Systems GmbH used PDF forms combined with Adobe Connect Pro conferencing to create online consultation rooms and guided form completion for clients purchasing health insurance. Aktive Reply built a system to replace printed letterheads for an insurance company with 10,000 agents; not only does the system save paper, but it also synchronises any address changes with a central database. Another Aktive Reply application lets lawyers assemble contracts from a database of fragments, enforcing rules that reduce the chance of errors; we were told that this one replaced a complex and error-prone Word macro.

OK, so why would you not want to use LiveCycle for your forms or document-based workflow or business process management application? Well, these solutions tend to be costly so smaller organisations need not apply; and I did worry on occasion about over-complexity. More important, the whole platform depends on PDF, often making use of smart features like Adobe Reader Extensions and scripting. After all, this is why Adobe added all these abilities to PDF, despite security concerns and the desire some of us have for simple, fast rendering of PDF documents rather than yet another application platform.

PDF is well supported of course, but once you move away from Windows and Mac desktops, it is often not the official Adobe Reader that you use, but some other utility that does not support all these extra features. In many cases it is not just PDF, but Flash/Flex applications which form part of these LiveCycle solutions. Adobe understands the importance of mobile devices and I was told that more effort will be put into Adobe Reader for mobile devices, to broaden its support and extend its features. Reader for Android is also available, as an app in the Android Market.

That’s fair enough, but what about Apple? Curiously (or not) PDF is not well supported on the iPad, though you can read PDF in Safari and in mail attachments. This is not Adobe Reader though; and given that PDF now supports Flash as well as scripting there seems little chance of Adobe getting it onto the App Store. Flash itself is completely absent of course.

Lack of compatibility with Apple devices did not seem to be a big concern among the partners I spoke to at the conference. Many of the solutions are internal or work within controlled environments where client compatibility can be enforced. Nevertheless, I can see this becoming an increasing problem if Apple’s success with iPhone and iPad continues, especially in cases where applications are public-facing. My suggestion to Adobe is that it now needs to work on making LiveCycle work better with plain HTML clients, in order to future-proof its platform to some extent.