Random writings, thoughts, tools, and ideas....

Updated: This has been resolved, see comments below for details from YallaApps.

YallaApps, the company that submit Windows Phone Apps in parts of the world Microsoft forgets, has a BIG problem at the moment and to make things worse they are not talking about it publically!

In short something is borked between YallaApps and App Hub (the Microsoft submission side) and as such there is a hold on all submissions! So the very purpose for it has stopped, and there is not a mention on the blog or site about this. Very poorly done Yalla!

How did I find out? I emailed them because after 5 days my app hadn’t been submitted! Below is their response.

Microsoft used to be a horrid company with regards to their security, then they sat down and made security a quality gate – we do not ship if security is wrong. How do they know what is wrong? A 24 page guideline with 68 bullet points?! Perfect holiday reading

The security development lifecycle team has recently tried to help us developers improve our applications so we not the next company with a bad security issues with two acronyms which will improve security notices to our users: NEAT & SPRUCE

What is NEAT?

• N: Necessary – Only show messages that you need. If you can take a safe action automatically or defer the message, do that!
• E: Explained – If you do interrupt the user, explain in everything to the user. EVERYTHING?! Yes, and the SPRUCE acronym will help explain what everything is.
• A: Actionable – A message should only be presented to the user if there is steps the user can take to make the right decision.
• T: Tested – A security message needs to be tested. TDD, Usability Testing, Visual Inspection, every test.

So, we need to show the message now – what do we put in there? SPRUCE:

• S: Source – Why are we showing this message? Did a website do something or a file or a user action? Tell the user.
• P: Process – Give the user the steps they need to go through to make sure they make the right decision.
• R: Risk – Explain what the consequences of getting the decision wrong.
• U: Unique – If your software knows everything, do the right thing automatically. So if you are showing the message, it means the user has unique information that is needed to make the decision. Explain what information is needed (slightly similar to P).
• C: Choices – Show the user all the options and recommend the safer one.
• E: Evidence – Provide any additional information that the user may need to make the decision.

Now that the training is done, let’s look at real implementations:

A web page contains secure & nonsecure content

Here is what the dialog looked like in the bad old days of IE6:

In IE 9 where this logic has been applied:

Let’s look at the differences:

• N (Necessary) has been applied – previously this was a blocking model UI, which the user was forced to deal with to continue working. Today it shows discreetly with at the bottom and only if the user needs to work with this they have to, otherwise ignoring it.
• E (Explained) has had been done with the What’s the risk? – which shows the dialog below. It is not perfect as it hasn't followed SPRUCE fully but it is a good improvement.
• A (Actionable) has been applied – previously you had both a yes & no, now we have one action that can be done. Close or ignore and nothing happens.
• T (Tested) there is some weird language issues with the old one especially if English isn’t your primary language because of the yes/no not being perfectly clear. The new dialog has a single very clear labelled button!

Takeaways

Now that we have looked at how it can help you and how to do it, attached is a nice simple 3 page document with more details and reminders about this. GO IMPROVE YOUR APPLICATIONS!

Update 26 July 2011: Note that once you have done this you must move off of YallaApps to AppHub by 20 August 2011 or you will not get refunded. See this post for details on how to do that

The single reason I don’t tell people to buy Windows Phone 7 devices in South Africa – no market place. This issue for users means a 3rd rate experience on the device compared to other smart phones. For developers this was an issue, because it meant we couldn’t get our phones unlocked and we couldn’t publish… this WAS an issue for developers.

Now we developers have YallaApps, a service to allow developers where Microsoft doesn’t have a marketplace to develop and publish apps. It is a good but slow service, but today is not about Yalla, today is about you.

As a South African, you can signup for YallaApps (no phone needed) and get

• $100 (about R800) worth of credits for free
• Your phone unlocked (if/when you get one)
• A free developer account (value $100) when the marketplace arrives

All you need to do is signup – it takes 5 minutes. My suggestion, regardless if you have a phone now or not or if you plan to develop an app – DO IT NOW! Get those free benefits banked for later so that if you do decide one day it costs you nothing!

Lightswitch is a fantastic tool but has a MAJOR downside to it – it eats disk space like no-ones business. A simple test project with 1 table, 1 screen & some code on the client side and server side is over 90Mb of space!

If you are a developer you will have some sort of version control system in place and you should be following some best practices in version control. For this post, the one I want to look at is to only check into the repo what actually needs to be in the repo. A polluted and huge repo is not only hard to work with, it puts people off and lowers adoption

I have been using Mercurial a lot recently and part of a new LS project I took the time to look at how much of the LS project needs to go into the repo – and you know what… it is VERY VERY LITTLE, in fact it is about 0.4%!

Mercurial, for those new to it, has a .hgignore file which uses a regular expression like language to tell it what files to ignore, i.e. don’t commit those files to the repo. Below is what my .hgignore file looks like. That first 4 line group is the LS specific lines while the rest is for general Visual Studio projects:

syntax: glob

*.lsproj.user
ServiceConfiguration.cscfg
*/_Pvt_Extensions/*
*/GeneratedArtifacts/*

*.csproj.user
*.vbproj.user
*/[Oo]bj/*
*/[Bb]in/*
*.suo
*DXCore.Solution
[Tt]humbs.db 
*.user
*.bak.* 
*.bak 
*.[Cc]ache
*/[Pp]ublish/*
*.vssscc
*.vs10x
*/[Dd]otfuscated/*
[Dd]otfuscated/*
*.vsp
[Nn][Dd]epend[Oo]ut/*
*.licx
*.docstates
*.cscfg
*.csdef

It is important to note that when you pull from the repo (or checkout for TFS/VSS/SVN folk) you’ll get the disk saving, until you open it up that is. Once opened LS will regenerate everything and the size on your machine will be back to the massive 90Mb+, however the repo will remain small, commits will remain small, network traffic will remain small and performance improved – just what we wanted from following those version control best practises.

I am a fan of ALM (application lifecycle management) and an awesome source control tool is Mercurial. It has plugins for VS, Windows (Tortoise HG) and a command line. I use the command line a lot but can’t remember all the commands so below you can find an easy cheat sheet for all the Mercurial commands:

HIGH resolution XPS & PDF below.

I tweeted yesterday that my job can be a little weird because I had to sit in the kitchen at the BBD office and watch a TV for a while. This generated some confused discussion, so what was I doing?

Our team is experimenting with the idea of putting screens around the company to share content and information and I had to sit in the kitchen to make sure it worked by watching loop the content for a bit

This is also a great opportunity to share some learning's from this with you:

TightVNC is still the best VNC option

Remote Desktop from Microsoft is THE best way to remote onto another machine but it has one downside, it locks other user out. For out screen we can’t have the login shown, and I don’t even know where it is to login manually – we need to see the content on the machine so we dropped to an older technology: VNC.

There is a lot of options in the VNC space, but ended on TightVNC as it actually runs as a service on a Windows 7 machine where other VNC clients run in the user space.

Auto Login to Windows

The login screen is also an issue with the machine when it boots and I don’t want to remote in every time to login – so we configured Windows to auto login to a specific account. This is thanks to the folks at Channel9 in particular Sarah Perez & Bradley Ward:

1. Change the following registry key to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon
2. This enables the feature to be surfaced in Windows.
3. Then run the following command: control userpasswords2
4. In this UI you can UNTICK the option Users must enter a user name and password to use this computer and click OK
5. It will then prompt you for the username & password to use and done! Note this is a bad security and so not recommended, but sometimes it is needed.

Open & Play slideshow

We are using Microsoft PowerPoint for the content and needed to auto run a slideshow at login, so we created a shortcut to run PowerPoint with the /S switch (see this for info on switches) and the filename: PowerPnt.exe /S c:\demo.pptx

That opens PowerPoint and starts the presentation!

Insert web content into PowerPoint

Lastly we wanted include some live web pages in it, which PowerPoint doesn’t support out of the box. MVP’s to the rescue! Some MVP’s created an add-in that allows it: http://skp.mvps.org/liveweb.htm

Really awesome!

Update 6 June 2011 15h30 (GMT +0200): All is working now, post left for archival purposes.

Pepper, everyone's favourite Visual Studio add-in for synchronisation of Visual Studio settings, is currently DOWN and trying to use Pepper will cause it to crash Visual Studio

Something has gone seriously wrong in the SQL Azure database that powers it and I’ve logged a call with Microsoft to have it investigated and repaired.

As soon as I have any updates, I will update this page. Thanks for your patience.

Updates:

Update 6 June 2011 13h45 (GMT +0200): Testing is showing the database issue is resolved however I am awaiting confirmation from Microsoft Support before I sound the all clear.

Update 6 June 2011 15h30 (GMT +0200): All clear. The cause was the database disappeared! Seriously, just gone. Couldn't see it in SQL management studio or in the Azure management portal and the web services Pepper uses couldn't talk to it either. During the Microsoft investigation the database reappeared and unfortunately support has been unable to identify what happened (or they not telling me... but I'm paranoid).

It is often the case I need to setup training machines and a sometimes I get VirtualBox images which I need to deploy to the machines. I tend to avoid virtualisation on the training machines because of driver related issues, especially with graphic cards and things like WPF (which powers Visual Studio). If you have a good graphics card & good drivers then you can get a decent perf improvement with WPF apps, but unfortunately some virtualisation drivers are too poor.

So how can I take an virtual hard disk created in VirtualBox and easily convert it to physical disk so it can just run?

Process:

It is possible but it is not easy to a real disk but it is not easy.

• Step 1: You need to use a tool from Microsoft called SysPrep to unload the drivers. Basically this means that it strips all the driver info out, and puts the image in a clean state so that the next time it boots Windows searches for the hardware again. If you do not do that Windows will freak out because the hardware it expects does not exist.
• Step 2: Then you use a tool designed for disk imaging to create an image. Tools like Norton Ghost (paid) or CloneZilla (free) are designed for this purpose and the image they create is portable unlike the vmi (VirtualBox hard drive) format which can't do this well.
• Step 3: You then restore that image to the real disk using the same tool and you are done.

Slightly more work than you would expect, but that is a solution which always works.

Caveats:

I have not tried this with Hyper-V or VirtualPC disks (vhd) yet, but I suspect VirtualPC will work fine. Hyper-V has an additional Hypervisor layer and I suspect that SysPrep will not remove that and the restoring process will fail.

Finally you also want to be careful with SysPrep as it can have some undesired effects with certain software, for example SQL Server. There are specific steps to go through if you want to use SysPrep & SQL Server: http://msdn.microsoft.com/en-us/library/ee210754.aspx

So make the time to have the first few attempts fail and learn the nuances of the software you work with.

For DevDays, BBD Software arranged a special video to be created to tell the story of the company and why it is such a special place to be.

Pity they didn’t mention the free vending machines or the bar we have or the great parties – but at least they focused on the important one the awesome people

WOW! Microsoft DevDays 2011 in Cape Town & Johannesburg was fantastic, my fellow speakers rocked, the venues were brilliant and most importantly YOU, the audience was amazing!

Thank you to everyone who attended my talks, especially since they were at the end of a very tiring day. I hope I delivered value to you and if you have any questions or comments on them, please feel free to get in touch with me.

I promise the slides & demos would be made available so here they are:

Let’s get ready for the cloud: Building your applications so they are cloud ready

• Azure voucher codes so you can use Azure for free for 30 days with no credit card. Remember to select South Africa as your country.
  • Cape Town: DEVDAYS11CT
  • Johannesburg: DEVDAYS11JHB
• Slides (1.3Mb)
• Base for demo, this is what I started with for the demo’s (2.4Mb)
• Completed demo (2.4Mb)
• Demo script (200Kb)

Lightswitch basics: Building your first Lightswitch Application

• Slides (1.1Mb)
• Completed Demo (1.7Mb)
• Demo script (25kb)

All the files again (my blog does this)