Looks like I'm going to miss the good stuff today. There's a Company Store visit this afternoon
at 5:00 - and they're giving us $120 in credit. Damn, apparently the games are pretty cheap there.
They've also arranged for a Longhorn Demo during the company store visit. I did manage to get internet
access with my phone and Ben's charger - so I should be able to do some real-time updating this morning.
I think one of the coolest things about this conversation is we're learning about how software is developed on a huge scale. These guys develop more software than anyone else and they do it on a very large scale. Can you imagine developing software for 90% of the computer users out there?! That would be nuts.
Oh boy - now we have an audience member ragging on the guy for Windows. He thinks it should be open source because OSes are going to be commodities soon. Personally, I don't think there's anything wrong with having a closed-source Windows. But I also don't see a problem with closed-source Java. What's wrong with companies making money? The main reason I'm in this industry is to make money - so what's wrong with the corporations doing the same thing?
.NET CLR Architecture
Started work on the Component Object Runtime (COR) back in '97. It was a small incubation project in the MTS group round metadata and compiler integration. Several API's still use the "Cor" prefix and engine DLLs are named MSCOR???.DLL. Apparently, this was all announced at the '98 PDC in Denver. Lots of code/marketecture names to follow: COM3, COM+ Runtime, NGWS Runtime, Universal Runtime (URT) and finally the Common Language Runtime. The big unveiling of CLR was at PDC 2000 in Orlando.
CLR Design Goals: Simplify development and deployment for classic Win32 programmers. Unify programming models, provide managed environment and support multiple languages.
The CRL is Language Neutral and has a commons set of features (i.e. Generics) guaranteed to be in all languages. Supports strongly typed languages, dynamic languages and functional languages. Because compilers are always targeting MSIL and the metadata, you get for free: shared object layouts and cross-language inheritance, exception handling, reflection, remoting and integrated tools for debugging and profiling. MS is very excited about having Jim Hugunin and IronPython on board and they expect to add even more killer features for dynamic language authors in the future. I wouldn't be suprised to see an IronRuby implementation in the next year or two.
CRL Version 2.0: More class libraries: collection classes, serial port, etc. Generics, 64-bit support (IA64, x64). RAD support: Edit and Continue, Just My Code, single-click deployments. SQL Server: fiber mode, integrated security, loading. Avalon, Indigo and Windows Longhorn.
Is this a boring session? Yes, but I'm sitting in the front row today, so it's a bit easier to pay attention and take notes. I'm doing AppFuse development for the most part and taking notes while AppGen tests are running in the background.
The CLR will be hostable in numerous environments: ASP.NET, VSTO for Office, DB/2 Stinger, Oracle 11g and SQL Server 2005. Oracle and DB2 are out-of-process with v1.1, SQL Server will be in-process with v2.0.
ASP.NET 2.0 by Scott Gu
-
ASP.NET 2.0 Application Services APIs: Membership, Role Manager, Personalization, Site Navigation (XML and CMS-based), Database Caching, Health Monitoring. These are all based on a new "Provider Model Design Pattern" that seems to be a set of interfaces that you can easily switch or implement yourself. Out of the box providers: Windows, SQL Server, Access (ha!).
-
ASP.NET 2.0 "Page Framework" Features: Master Pages (like Tiles, moreso than SiteMesh), Themes/Skins, Localization, Client-Scripting (using XMLHttpRequest). Holy shit - the guy said that they're testing their controls, particularly the scripting ones on IE, Safari and Firefox! That's pretty surprising to me.
VS 2005 has a new feature - where you don't need to have a web server installed, it'll work off the file-system. A new project doesn't have any files in its directory - which is definitely an improvement. VS definitely looks pretty slick - you can switch the "compliance-mode" of your page from IE6 to XHTML Transitional. When you switch modes, it changes the code completion attributes - so you'll get much more options for IE6 than you will for XHTML. It also has full code-completion for JavaScript - and the options are based on your mode of operation. Accessibility checking is also included - you'll actually get underlines for elements that don't have all the required attributes. Java needs an IDE like this soooo bad it's not even funny. Can you imagine having full page/HTML validation and code-completion based on doctype?!
Scott did a master/detail screen with VS and made it look damn easy. Most of the audience oohed and aawed. It's cool and all, but the code in the .aspx pages is a lot like JSF - there's hardly any HTML in the pages! It does seem to have much better support for skins and themes - you can easily change the look and feel right in the IDE and there's a whole bunch of built-in themes. The one thing I really like is the page-backing classes have a pre-init() method that can use to initialize properties. JSF really needs something like this. It's a shame that frameworks like Shale have to provide this and it's not a part of the core JSF framework.
ASP 2.0 Beta 2 will ship in the next month. Heh, Scott just gave a demo adding security and authentication in about 20 seconds - complete with Remember Me. There's actually a "Login" control that doesn't everything for you, including validation. The membership system (database) will actually get generated on-the-fly. He follows it up by creating a signup page that creates new accounts in under a minute. I can't really bash on this, writing authentication for Java webapps is definitely harder than it needs to be. Of course, if you use AppFuse, you don't have to write it at all.
Time to run and catch up with my sister - have a good weekend y'all!
At lunch, I got to meet Scoble, which was pretty cool. He was wearing a blue Firefox shirt for those
that are interested. During lunch, he and his co-worker talked about
Channel 9 and what they're doing with it. Channel 9 is named "Channel 9" because this is the channel
that United (the airline) uses to allow passengers to listen in on the pilot's conversations. It's supposed
to be an avenue for folks to listen in on what's going on at Microsoft.
Now we're sitting in a talk titled Developer Community Outreach Efforts. The speaker is
named Sanjay. He's the VP of Worldwide Developer Evangelists, of which there are around 1000. Sanjay
believes that MSDN is way too large. It does have a lots of interop
and migration content for those that are interested.
Sanjay's trying to get ideas from us on what they can do better. The general feeling from the room
seems to be "why should we help you", "what's in it for us" and "why do you care now, but not before".
It's a tough room for sure. I don't seem much point in this whole talk. A lot of folks are telling
this guy what he (and Microsoft) can do to become better to be better citizens to the programmer
community at large. A lot of the conversation is centered on accepting open-source and providing
a clearer message about the platform (should be inclusive, not exclusive).
SQL 2005 and the Developer
Now we have a guy (missed his name) that's talking about how SQL Server 2005 will allow you to expose
web services directly from your database, without IIS involved. Apparently, it exposes queries and
stored procedures as web services using a native Windows DLL.
Ben asked about benchmarks for SQL 2005, specifically against MySQL and PostgreSQL. The MS guy
says that these vendors will need to do the "standard" TCP benchmarks, and do the comparisons there.
We all know that SQL Server would get their asses kicked, and that's why they don't do any direct
comparisons. While we're on the subject of SQL Server, why are most SQL Server databases so screwed
up? In my experience, SQL Server DBAs tend to be over-optimization freaks that are stored-procedure happy
and don't know much about making a database application-friendly. Maybe it's because all you need
is a SQL Server DBA Certification to get the job - and your knowledge is based on a book, not experience.
Next topic: Access. Access is not going away. "SQL Express" is supposedly the target replacement for
Access. It's throttled to prevent users from using it for a full-blown database. "You can never write
a bad query for SQL Server." This is a direct quote, and the guy's reasoning is because the optimizer
will change the query to be performant. Sounds like a bunch of hoo-ey to me.
Today, you can write extended stored procedures in C++ with SQL Server. This code is not sandboxed,
and can pretty much to whatever it wants. In SQL 2005, you can do this with C# and use VS.NET to
write the code and debug it. Apparently, they have a whitepaper on SQL CLR vs. ADO.NET and when to use
one over the other.
Product Development Process with Iain McDonald (Director, Windows Server)
Iain is from Australia, which naturally makes him fun to listen to, just because of his
accent. The purpose of this talk is to explain how they do things. Cross-org at Microsoft means
that that development is spread across 7 businesses, each organized under own leadership with individuals
p&ls.
- Business Solutions
- Home & Entertainment
- Information Worker
- Mobile & Embedded Devices
- MSN
- Server & Tools
- Windows Client
Each group has a lifecycle model that they try to follow. Microsoft has thee different stages:
Product Definition, Product Development and then Product Servicing. I'm willing to bet their
product development cycle follows the waterfall approach (confirmed: "How agile are we? We suck."). Actually, this brings up something I heard
last night from one of the Microsoft Evengelists. Apparently, each developer has two QA folks that
write tests (read: code) against their code.
Suite of Project Tools
- Feature Inventory Tool: an inventory of features and their dependencies, tracks when the features
will merge into the main branch.
- Checkpoint Express: tracks all compliance throughout the project, requires sign-off prior
to product being shipped.
- Basics: list of fundamentals that product is expected/required to meet, examples include
performance and manageability.
- Change Management: uses an infopath form with links to the feature inventory tool and bug
tracking database (product studio).
Iain admits that security in 2000 was an afterthought and the security guys were seen as some mangy
dogs over in the corner. Bad RAM causes 20% of Windows crashes - who knew?! Bad RAM on OS X has certainly
affected me in the past. I couldn't upgrade to Panther b/c I had 3rd party RAM in my PowerBook.
Microsoft is in a competitive battle against other companies, not the free world. No corporation in
their right mind is going to download and install a free version of Linux - most are going to buy
a distribution from companies like Red Hat or Novell. Iain claims that there's no way you can
install Linux (at a corporation) for less money than Windows Server. It sounds to me like MSFT is willing
to give you some discounts on Windows Server if you're thinking of buying Linux.
Break time. I'm definitely bored, but happy to have some time to work on AppFuse. Some guy asked
me in the hall why I haven't asked more questions. I told him because I don't develop for Windows.
For the most part, none of this stuff matters to me.
Windows Architecture
Now we're listening to two guys talk about Windows and how it's developed. Windows XP and
Windows 2003 Server are two separate code bases. It's a nightmare to maintain b/c they have to
patch one code base and the other one as well. Longhorn is componentized, so it should be easier
to build client, embedded and server products. Someone asked about legal vs. technical reasons
behind the componentization. Apparently, it's all for technical reasons, and they have to separate
Windows Media Player for the EU, but that's about it. 40% of blue screens are from device drivers, and Longhorn
has done a lot to handle this and reduce crashes.
This talk centered on XAML, WinFX and Longhorn - what they are, what they do and when they're
scheduled for release. <Yawn/> While it has been a boring day (for me) technically, I do have
to admit that the speakers have been great. They're dynamic and enthusiastic, which is more important
IMO than good technical content. They also seem to be very open (as a whole) to ideas and criticisms.
I think I'm just a bad audience member.
OK - here's something that's interesting. We're talking about IE 7 and its features. The top priorities
are to stop spyware, fishing and any other security issues. #2 is tabs and #3 is CSS compliance. These
priorities are based on user feedback and sound like good choices to me.
"An open and honest dialog" - that's what the goal of this shindig is. Most of these sessions aren't
really interesting to me. If there's APIs I can talk to, I'm cool with that, but as far as SQL Server
2005 and Windows Architecture ... I'm not interested. The thing I'm looking forward to today more than
anything is meeting Scoble.
Most of the folks in this room seem to be community leaders, i.e. JUG Founders and architects. There's also
a fair amount of "Developer Evangelists" in the room. Probably half the room is MS people. I wonder what
the hell a Developer Evangelist does? Do they write any code? I'm guessing there's no MS coders in the
room.
Michael Howard - Improving Security at Microsoft by changing the process
Michael Howard is the co-author of the "Writing Secure Code" book that we all received this morning.
He's writing a new book called the "19 Deadly Sins of Software Security" - which apparently covers everything:
Windows, Linux, OS X, Java, JSP, MySQL, Oracle, etc. Sounds like a pretty good book - it's got some
open-source guy as a co-author too. It's a McGraw Hill book and should be short-n-sweet at 300 pages.
Michael is the Senior Security Program Engineer and sounds like a champion of the "Trustworthy Computing"
mantra here at Microsoft.
zone-h.org tracks the number of web server attacks. Michael is talking about the fact that IIS 6.0 has
had one security bug in 2 years, while Apache 1.3 has 13 and Apache 2.0 has had over 20. "Apache has more
security bugs than IIS."
Everyone has security bugs, we're the only ones doing something about it.
Application compatibility is now a #2 priority at Microsoft, Security is #1. They're willing to break
application compatibility, a.k.a. "app compat", for the sake of security.
Threat Modeling - they do a lot of research on skills vs. motivations. They're basically trying to
understand not only how, but why hackers attack.
OK, this is a pretty boring talk - mostly because it doesn't interest me. There's a lot of talk about
security in "Whidbey", which is the next version of Visual Studio.NET. Apparently, it's now got some
tools to detect security issues and memory leaks. My boredom has caused me to start working on AppFuse,
and to try out the USB Flash Memory Drive they gave us. It's kinda funny - the box it came in has
a link to where you can download the drivers for Windows 98/SE. No driver is needed for ME/2000/XP.
I also discovered that it works great on the Mac. Cool - too bad it's pretty much useless if you're
always online like I am.
Heh, shortly after writing the above, I yanked out the device and it killed both
Keynote and BBEdit. It's definitely a useless device!
Don Box - Microsoft Messaging Futures Using Indigo
Don is taking an interesting approach to his presentation - and typing it all in notepad. He wants
us to tell him why we think MSFT sucks. Don works on the XML messaging stack. Specifically, he's
an architect on Indigo and he worked on the WS-* specs. An audience member puts a stop to the typing
because he's legally blind and can't read anything. Here comes the talking. How does Microsoft suck?
Audience feedback:
- Community Involvement sucks
- Need to do security by default
- COM+ isms not there - transactions more mature in J2EE
- Does MS believe in managed code?
- 2 year platform cycles, re-invention w/ every release
- Dependency hairball - shouldn't have to buy other products to make simple things work
- Dependency Injection, IoC, ORM
I brought up the fact that MSFT crushes or buys their competition more often then not. Don spent
some time answering this question, defending MSFT a bit, but also saying that we're in a new decade
now and it's a very competitive industry. For the record, I don't really believe MSFT is the "Evil Empire" like
many hard-core Linux and open-source guys. I have quite a few MSFT certifications, but I've found
most of them useless in my career - except that I can easily troubleshoot and fix most of the issues
I have on Windows. I use Windows and prefer it over OS X for the most part, but that's because I'm
more efficient using Windows, and because my Windows box is much faster than my PowerBook.
Don reminds me of a good friend of mine - Chad Shoup - but he's about 10 years older. For those of
you who know Chad, you know he's fun to listen to. I don't have much interest in the talk (I don't even
know what Indigo is), but it's an enjoyable talk - mainly because he's enthusiastic about what he's
talking about - and he's walking around the room, keeping the audience involved.
RelaxNG is better than XSD. The primary goal of Indigo is to satisfy the customers
and consolidating the choices in .NET so that choices are easy and explicitly - instead of having a number
of different products that do the same thing. They don't plan on taking choices away - they just plan
on making the choice easy and explicit. If you're working with .NET, there might actually appear to be an
architect behind it all.
Don goes on to address all the audience feedback and explain MSFT's position and what they're doing
to address this. Sorry, I tuned out as I wasn't that interested. The one interesting quote I got out
of this session is "I believe we're going to be more than competitive in O/R Mapping. Soon."
Richard Monson-Haefel asks "Is there a place for AOP in .NET or is it too sophisticated for your developers."
Don's take is "My development platform should allow me to write code w/ a couple of beers in me." He ragged
a bit on Java developers and said their main problem is they think they're smarter than they are. He also said that if he could change on thing
at MSFT, it would be that Ruby becomes the language of choice.
Break time: yogurt and granola. I got a picture with Don and will post that as soon as I find a cable. I'm also
going to see what this "Double Strength, Double Size, Rockstar Energy Drink" is all about. It sounds poisonous, but it's
likely to give me a wicked buzz or make me throw up. Seems like a good experiment.
Looking outside, it's raining now - which seems appropriate now that we're going to have a Programming Language
Design Panel. The rain goes with my depression that I have to sit through this session. I doubt it'll be of any
interest to me.
Programming Language Design Panel: Jim Miller (CLR Architect), Herb Sutter (C++ Architect),
Jim Hugunin (Lead for IronPython and dynamic languages on CLR)
Jim Miller: The five programming languages that Microsoft ships: C#, VB.NET, C++, J# and JScript. Generics are now a part
of the run-time environment. Closures and light-weight code-generation will also be available.
Herb Sutter: Only guy on the panel that cares about managed and native code.
C# Guy: C# 2.0 features: Generics - code looks a lot like Java, but implementation is very different in CLR. Closures so you can
pass methods as arguments. Iterators - lazy enumeration of collections like Python and Ruby. Partial types or structured
include files - multiple files make up one class (good for code generation).
Jim Hugunin: Used to be a Java Developer, working with AspectJ and other dynamic languages. He
wanted to see why .NET was such a horrible platform for dynamic languages. A year later, he found himself working
for Microsoft. He's found that .NET is a good platform for dynamic languages (of course, right?). His current job
is getting IronPython to 1.0.
Dion asks about Ruby on .NET and about AOP in .NET. Jim doesn't know of any major projects that are addressing
Ruby on .NET. C# guy says that we have a lot we can learn from dynamic languages and thinks the best thing is to
allow less typing (i.e. declare type once) in strongly-typed languages like C# and Java. As far as AOP, the C# guy
is still in the wait-and-see mode.
Rockstar Energy Drink Status: I made it about 1/3 of the way through it before the stomach ache kicked in.
Now I'm jittery and nauseous... <great/>
IronPython will likely be an open-source project b/c the Python Community will probably reject it otherwise.
Will Java 5.0 code be able to easily port into J#? The panel doesn't know and thinks it's more of a legal question.
J# currently supports JDK 1.4 syntax and they don't think there current license allows supporting JDK 5.0.
Mono - they've been taking a wait-and-see approach to see the commercial uptake on it. So far, they haven't seen
a whole lot of commercial interest in Mono, nor any licensing requests from Novell.