SQLite: what a difference transactions make

I received an email from something trying my simple Delphi wrapper for Sqlite. He wanted to add a million rows to a table of 10 columns of doubles, but was disappointed with the speed.

I tried with your SQL commands from the wrapper and just for 10000 elements it took me for ages…

I had a hunch that wrapping the inserts in a transaction might solve this one, and so it proved. The difference is staggering.

10,000 rows in 2 seconds, 1 million in under a minute.

Without the transaction it takes, well, forever, as the email says.

Worth noting if you use Sqlite; and in fact, many database engines behave like this. The reason I guess is that if you do not explicitly place a sequence of SQL statements within a transaction, then each statement is in effect its own transaction. That means the database engine has a lot of housekeeping to do in order to ensure that the changes were really written to disk, and in opening, writing and closing the journal file.


Technorati tags: , , ,

Try Delphi for PHP for one day

Codegear is offering a free trial of Delphi for PHP … for a single day:

Long enough to evaluate a developer product? To my mind this is taking RAD a step too far. Just as well, since, this is what I got when I tried to download it:

This means one of two things. It either demonstrates the huge interest in Delphi for PHP, or the unfortunate lack of scalability in CodeGear’s server applications. Which, it appears, are not coded in PHP.

To be fair, the product has just been slashdotted. The thread is not especially illuminating so far, though I thought this was a telling comment:

For a reference, this is how this looks in plain PHP (granted no MVC and so on, but for the sake of example..):
<?php echo “Hello World” ?>
What does Delphi do?

  1. Loads several thousand lines VCL code
  2. Loads all the menu, form, container and “external” controls, although they’re not used (thousands of lines of code)
  3. The Hello World is a label (no simpler way) which has around 50 properties (color, bg color and what not) defined in an XML file. I left all at defaults, but never mind. The file is loaded, parsed.
  4. The Label class inherits from CustomLabel, which inherits from Components which inherits from other stuff I didn’t even bother check, it goes through all properties, and figures out after a lot of thinking that it should print the words “Hello World”.

Yes, that’s the trade-off with frameworks, though some are better than others. Now we need some counter-examples. Anyone?


Technorati tags: , , ,

Don’t call your Windows app UpdateAnything

I wrote a little Windows utility that updates a file. It’s safe and harmless; it just modifies a file which is in my user documents folder. I called the utility UpdateMSI. Under Vista with UAC enabled, running this app throws up a dialog:

An unidentified program wants access to your computer

But why? Simple: Vista inspects the name of the executable, notes that it includes the word “update”, and concludes that it needs local administrator rights.

On the face of it, this is silly. First of all, Vista is wrong: my app does not need admin rights. Second, it is infuriating that I am not given any choice in the matter. The UAC dialog says “Cancel” or “Allow”. It does not include the option to run with my normal user rights.

Microsoft did this in an effort to detect setup applications; the word “setup” has the same effect. It will trigger if the word is anywhere in the executable name. I tried it with WorldCupDatePicker.exe – same result.

Surely it would not have been too hard to give the user a say in this? Just a checkbox that says “Let me run this how I want on my computer”? You can disable UAC of course; but I’m not going to do that; overall it’s a good feature.

If you wrote the app, there is a fix. You have to embed a UAC manifest in your application. There are simple instructions here, though note that these explain how to force the UAC prompt, not how to suppress it. If you don’t want to run as admin, modify the line:

<requestedExecutionLevel level=”requireAdministrator”/> 

to read instead:

<requestedExecutionLevel level=”asInvoker”/>

Bottom line: always include a manifest.

Technorati tags: , ,

A common-sense introduction to software factories

If you’ve been intrigued by Microsoft’s idea of integrating software factories into Visual Studio, you might want to read this mini-series by Edward Bakker and Jezz Santos:

The motivation behind this effort has been that we’ve recognised that there is little practical information helping ordinary professional developers on getting started with building and understanding software factories. We have had quite a head start on this and wanted to share our knowledge and experiences with you and the community to promote the uptake of building factories, which in turn should promote the adoption of software factories and the industrialisation of software in general. This series was created in a format that asks a logical sequence of questions that you might have when trying to figure out how to build software factories today.

Pretty good as a guide for the perplexed. A couple of other links. Jeremy Miller explains why he is sceptical:

The big hangup that I have with software factories is that I think some atrociously bad systems are going to be created by blindly following the “guidance” from the software factory.  Also, *who* is building the guidance in these software factory thingies?  Are they really good enough to do that?  Is my system really suitable for a generic set of patterns?

I also liked the comment to his post which asks about:

Microsoft software which uses the product (other than demo, please):

I’m reminded of when I asked Scott Guthrie what modeling tools were used by the ASP.NET team. His answer: a whiteboard.

Finally, RegDeveloper editor David Norfolk has some comments on UML and MDA arising from the article.


Technorati tags: ,

Delphi for PHP is done

Hot on the heels of Delphi 2007, CodeGear has announced the completion of Delphi for PHP. Apparently download purchasers can buy immediately.

The name is controversial: this product uses neither the Delphi IDE, nor the Delphi language. Rather, it is inspired by Delphi; maybe it was created with it too. I guess it would have used the Delphi IDE had it not been a third-party buy-in; perhaps it will in future.

The associated library, called VCL for PHP, is meant to be open source; but its home page on SourceForge remains empty at the time of writing.

More when I’ve had a chance to try it out; again, I’d be interested in hearing from early adopters.


Technorati tags: , , ,

Automating development: Software factories for Visual Studio

The Register has my piece on software factories, based on an interview with Jack Greenfield, a Microsoft software architect. Greenfield talks about a 40% – 80% productivity gain.

If you’re not familiar with this stuff, a bit of orientation may help. When Greenfield talks about software factories, he means both factory instances, which automate the building and customization of specific types of application, and also factory-making tools, which let you create or adapt factories to suit your specific needs. And when Greenfield talks about the factory “runtime”, he means the infrastructure in Visual Studio and its SDK that lets you put your factory to work.

You can actually play with this stuff now. The runtime is called the Guidance Automation Extensions and the authoring tool is the Guidance Automation Toolkit; perhaps one should add the Domain-Specific Language tools. All can be downloaded. You can also download the first four software factory instances. If anyone has tried these and has comments, I’d love to hear from you.

I was intrigued by the internal debates Greenfield mentions. He says it was a mistake to ship the “White Horse” modeling tools in Visual Studio 2005 (Design for Deployment) as a fixed set which are used only occasionally. He is now focused on shipping tools to make and customize tools, a strategy which he believes has more future.

We will always need tools; improvements are welcome. That said, I am also reflecting on the lesson from Qcon: the human factor counts most.


Don’t just blame users for woeful security online

The BBC this morning reports that many net users are not safety aware. The piece is based on research by Get Safe Online, a UK Government-sponsored initiative to promote internet safety. More details of the survey are here. I’m intrigued by a couple of these figures. Apparently 45% of internet users only connect to “secure” wi-fi networks outside the home. That’s surprising since most public wi-fi is not secured; but why would you trust the security of someone else’s network anyway? I’m in the 55%.

There’s also some figures on passwords, showing that nearly 25% of users have a single password they use everywhere. Even more surprising, another 25% claim to use a different password for every site. It’s a mess either way. We will never get even a moderately secure internet without better authentication.

The key question, as this Get Safe Online press release observes, is about who should take responsibility for online safety – meaning everything from viruses and fraud to predatory chatroom impostors. Here are some popular candidates:

  • The ISPs
  • The banks (presumably for financial safety)
  • The individual
  • The security companies – Symantec, Sophos etc.
  • The operating system vendor – Apple, Microsoft etc
  • The Government – let’s regulate

I guess the answer is “all of the above”, though the role of security software is vastly exaggerated, especially that of anti-virus software which in reality does not work well – see Ed Bott’s recent piece The Sorry State of Security Software.

User education is welcome though anyone with technical knowledge will likely find the homely advice doled out by a site like Get Safe Online frustratingly inadequate. Online safety is difficult for all sorts of reasons. One problem is that users get confronted with decisions they are not equipped to make. Another issue is that even conscientious and informed users are forced to compromise in order to get their work done, like the occasion last week when Thawte advised me to turn off my firewall in order to buy its product.

The Internet will never be safe, but it can be made better. Strong authentication, no more passwords. Digitally signed emails. Networks of trust. Secure operating systems. It’s no good just blaming users, many of them are doing their best.


Visual Studio 6 on Vista

Why would you want to run Visual Studio 6 on Vista? Two reasons. First, because it includes Visual Basic 6.0, the last version not based on .NET. Second, because Visual C++ 6.0 is still widely used to avoid issues with the C runtime library. There is little point in installing the other products in Visual Studio 6.0.

Visual Basic 6.0 is supported on Vista, but Visual Studio 6 is not. One reason is that it includes the Microsoft Java Virtual Machine which Microsoft promised Sun it would withdraw. This is the stated reason why Visual Studio 6.0 is no longer available for download, even for MSDN Universal subscribers. Fortunately I still have some old MSDN DVDs, so I dug these out and ran setup for the Enterprise edition of Visual Studio 6.0, installing on Vista Professional.

I can’t pretend it went smoothly. First there were compatibility warnings, which I ignored. I deselected applications other then Visual C++ and Visual Basic. Then setup appeared to hang on the screen where it detects installation components, and Vista popped up its “Program not responding” dialog. I believe this is just a matter of patience. My tip is to run task manager and see if the ACMSETUP process is taking up CPU time. If it is, give it more time.

So setup completed, but with an error towards the end:

RegCreateKey failed for \Interface\OLEViewerIViewerCLSID. Access is denied

followed by a DLLREgisterServer failure. I was informed that setup had failed, but nevertheless VB 6 and VC++ were installed and seemed to run OK.

Naturally I wanted to apply the service pack – SP5 or SP6. This is where I had the biggest problems. I could run SETUPSP6.EXE, but the install always failed. If I logged the install, I found this entertaining error:

Do not ship. Error message to log function that detects what VS products are installed in what language unable to function.

Hmmm. I Googled to no avail, though I found this thread where several others report the same problem. Then I tried removing Visual Studio 6.0 for a reinstall, but got the same error from add/remove programs. I finally twigged. The problem was that the first install never completed. Although the product was mostly installed, some part of the Microsoft Installer database had not been updated. The error message actually makes sense: the products were not installed.

Therefore I re-ran the original setup. This time I went into the Tools part of custom setup, clicked Change Option, and deselected the OLE/COM object viewer. Setup now completed without error; so too did SP6. Success.

The apps seem to work OK too – so far so good, though I’m resigned to having to use Run as administrator.

Try this at your own risk; as I mentioned above, Visual C++ 6.0 is not supported on Vista; in fact, I don’t think it is supported at all.


Thawte promotes security, insecurity

I recently headed over to Thawte to purchase a digital certificate for code-signing. According to Thawte, it:

Promotes the Internet as a secure and viable platform for content distribution

I agree with the value of signed code. However I had problems making the purchase, which involves a web form and some ActiveX stuff. Here’s what Thawte tech support advised me to do:

  • Switch off the personal firewall.
  • Add the url to the trusted sites store.
  • Set all the activex controls and plug-ins to prompt or enable.
  • Set the privacy security level to low.

It is not quite as bad as it looks at first. You only need to do the ActiveX changes for trusted sites. Further, I’m not convinced all the steps are needed in all circumstances.

Still, asking someone to connect to the Internet with a disabled firewall is, on the face of it, irresponsible. In mitigation, if you are trying to purchase a digital cert you are probably clueful enough not to disable a personal firewall unless there is some other protection in place; most users have at least a NAT router between their PC and the Internet.

There is a generic problem here. Support departments confronted with users who “just want it to work” may resort to scattergun disabling of security software, never mind the risks. Of course it is better to figure out exactly what is not working and find the minimal relaxation of security needed to solve it, but this is harder to do.

Nevertheless I’m disappointed that Thawte can’t find a more secure technique for delivering its certificates; and that these technical issues are not spelt out more clearly on its site (perhaps it is embarrassed?).


Technorati tags: , ,

Semi-documented APIs in Windows

There have long been complaints about undocumented functions in the Windows API which give Microsoft’s internal developers an advantage over third-party software developers. Perhaps even more frustrating are those that are semi-documented. An example was found recently by a user of the htmleditor, a .NET wrapper for the HTML editor built into Internet Explorer. If you write an editor you might want to support undo and redo; there are simple undo and redo commands available but they are crude. The API also provides more advanced functions, including a change log and the ability to undo or redo entries in the log. You can find the documentation here; the relevant interfaces are IHTMLChangeLog, IHTMLChangePlayback and IHTMLChangeSink.

All looks good on a brief inspection; but note the lack of any sample code. Then think about how you might want to use this API. What exactly does an item in the change log represent – a single character, an HTML element, a paste operation, or what? How can you inspect the items (they seem to be a binary black box, understood only by an API function called ExecChange)? There is only one function for iterating through a change log, called GetNextChange – are you intended to cache the entries somewhere, since there is no GetPreviousChange or GetFirstChange? The API allows for notification of changes, but the Notify event has no arguments: presumably you are meant to call GetNextChange and do something or other with the log entry.

Of course developers have shrugged their shoulders and experimented a bit. Some have found Notify failing to fire, particularly with MFC. Others have just been puzzled. I tried it with my C# wrapper and got strange results; I think the only way forward would be to reverse-engineer the log entries to work out what it is they represent.

But what about Microsoft’s developer support? There are managed newsgroups, which are meant to guarantee a response for developers with MSDN subscriptions, as well as other online forums supposedly monitored by Microsoft developers – like Senior Program Manager Dave Massy, who says in his welcome:

Welcome to the MSDN forum for Internet Explorer Addon Development. If you have questions around development of extensions for Internet Explorer then this is the place to ask them.

Perhaps it is; but Massy is strangely silent on the intricacies of IHTMLChangeSink. I have seen this often: easy questions get a ready reponse either from Microsoft or from community members, but the tough ones, where only Microsoft has the answer, are simply ignored; or else there is a request for further information which looks promising at first but leads nowhere. Try Googling on this API; you will find questions but few answers.

My question is this: why bother publishing the API at all if it is so poorly documented and badly supported that nobody can figure out how to use it?

I would guess that this API is or has been used internally, by other Microsoft products that use the IE editor, and that somewhere in the bowels of Redmond there is proper documentation or sample code, perhaps not in sufficiently polished form for general release.

It’s time Microsoft either stopped pretending to offer developer support through these online forums, or put in the effort required to make them work.