Piracy is always a big issue in the software industry.  It’s a global epidemic and everyone is guilty of it.  You are too, and you know it.  That doesn’t make you evil, it just means you are as morally flexible as everyone.  So taken this as a given, as a SME developing custom software, how do you protect your investment and ensure the success of your product?

First, we need to address some universal truths.

1. All software of any value will be pirated.
2. All copy protection mechanisms will be worked around by someone of sufficient intelligence.
3. If you have produced a good product for sale on the open market, it will be pirated.

Stealing software is VERY easy.  Once we, as professionals, are comfortable with the fact that our products WILL be stolen, we can start attempting to maximise the sales.  In order to sell just about anything, you need to know who your target audience is.  Who exactly are you selling to?  There are four types of user…

1. The Legitimate Customer

   If you have the pleasure of having a legitimate customer, make sure nothing stands between them and using your software.  Help them out at every turn and never obstruct their usage.  They pay your bills, remember that.  These people will pay for your software and upgrade and maintenance.  They may well all be corporate entities who under threat of inspection need to remain 100% above board (tip: Develop software for the legal industry, they’re pretty much not allowed to steal).  Home users may fall into this category simply because they don’t know they can steal software easily.

2. The Moral Pirate

   You probably fit into this category.  You pay for software, you like to think you’re a good software citizen.  You may occasionally go to the pirate bay to grab a cracked version of an application because the demo or cripple-ware version really gets in the way of you trying the software.  You probably wouldn’t think twice about installing one copy of Windows on two separate machines however.  People can end up accidentally becoming moral pirates simply due to a lack of understanding of (often confusing) software licenses.

3. The Immoral Pirate

   Immoral pirates use file sharing networks, Usenet, peer to peer or private FTP as their default method of software delivery.  They don’t want to pay for software.  They may believe they’re stealing, they may believe they’re in the moral clear as your product endorses evil / closed source mentalities / kills kittens.  You’ll only ever get a sale from the camp if your software is so incredibly hard to steal or find that it’s much more convenient to pay for it.  And even if that’s the case, they’re more likely to investigate an alternative first.

4. The Career Pirate

   You will never sell a copy to this person, except if they’re actively trying to produce a crack themselves.  Career pirates will produce cracks, publish 0-Day copies of your application, and they’ll do it for the challenge.  Intricate copy protection mechanisms act as encouragement to career pirates.  The harder the better.  It’s an arms race that they will *always* win.

Coming to Terms With Piracy

The first thing you have to realise is that software piracy isn’t actually a bad thing.  Software piracy often introduces people who will later become legitimate users of your software to your product.  If you find that a vast majority of your users are stealing your software, the first thing you need to do is find out why they’re stealing instead of paying…

• Is your software too expensive?
• Are you pricing for business but aiming at the individual user?
• Is the cracked version of your application actually better than the paid for edition?
• Is your “home” offering too basic and people prefer to steal an overpriced “Professional” edition?
• Worst of all, is your software crippled by draconian DRM?

If the answer to any of the above questions is yes, then you’re not dealing with a technical problem, you’re dealing with a social engineering and marketing issue.  It’s YOUR FAULT that your software is being stolen because you’re not selling it properly.  You have to be prepared to take responsibility for a misjudged business decision.  It’s not about blaming anyone, it’s about fixing the problem.

Targeting Your Audience

Out of the four groups of users listed above, ignore the fact that the third and fourth group exist.  You will never sell software to those people, they will steal it.  Get over it and move on.  You’re not going to stop them, don’t waste valuable time and money trying to.  Yes?  Good.

You need to protect your software in a way that it actively encourages the first and second groups of users to pay you for your hard work.  The legitimate customer is easy.  They’re going to pay.  Don’t make it hard for them.

The second group is slightly harder.  They’re probably going to pay you, but if they can steal your software really easily, they probably won’t bother.

What you need is some kind of authentication system that is reasonably simple, doesn’t hinder the users and offers some kind of advantage to the paying customer.  Now the funny thing is, this is a solved problem.  For the past decade companies have been experimenting in trying to squeeze the odd payment out of the immoral and career pirates who were not going to pay a penny to start with.  The answer is the serial number.

Serial numbers work.

If you take anything from reading this essay, please take this.

What Not To Do

The following authentication mechanisms are horrible ideas…

• Online authentication

  Do not presume your clients have always on internet access.  If they don’t and you implement this, they WILL pirate your software or go to a competitor.

• Products that Phone Home

  If you’ve been naive enough to saddle your software with online authentication and start thinking that products that phone home are a good idea, start thinking about what happens when that product no longer has internet access…

• Commercial Root-kits 

  There is nothing more immoral than saddling your users machine with software they don’t know about and can’t remove, especially when it is recording their usage and using up CPU cycles.

But!  What if these authentication mechanisms can actually net me a few more sales!  Forget it.  They won’t.

The pirates will still steal, and most importantly…?

You’ll have just spent a small fortune in R&D, infrastructure and development creating a bypass-able authentication system that you then have to keep operational forever.  Unless you manage to con your users into what is essentially a software rental model, those servers of yours have to be available until the end of time, with databases of all your registered users, the level of access they’re allowed to your application and all manner of other data.

Running these oppressive registration mechanisms is expensive, and can potentially introduce defects into your pristine code.  What’s more, they can get in the way of legitimate users and paying customers, driving them to become moral pirates.  As was stated at the start of this piece, you must never put obstacles between legitimate users and paying for your software.  That is commercial suicide.

This is not to say that you should give your product away.

Protecting Your Software

Now that we’ve looked at what not to do, how on earth can we protect our software?  I really do believe in the serial number.  But a few sane coding practices can help you protect your software fairly easily.

At the simplest level, a serial key can be achieved using common Public-Private key encryption techniques.  Take some key data regarding your application (commonly something like registered user / organisation name, number of licenses granted, perhaps an email address) and encrypt it with a private key.  Your application has the public key embedded within it.  If that information decodes correctly, then the application is registered.  Simple.

But not fool proof.  I’d rather not mislead you by implying that that solution would just work perfectly.  If a cracker could isolate the portion of your code where you load the public key into memory, he could produce a cracked executable with a different public key encoded inside, and thus sign his own keys that would unlock the modified application.

The good news is that depending on your target audience, it’s almost certainly more work than your average user would bother with to steal your program (just don’t load a file from “approot\publicKey.key” and think you’re being diligent!)

The benefits of a simple solution?  Easy.

1. It’s really really easy for users to register your software.  They pay you, they get a serial key.
2. You need not store lots of user information for registered users, the key can be regenerated given the same inputs.  Therefore, low overhead on authentication servers as the user technically only need perform this operation once.
3. Relatively secure, uses known cryptographic techniques.  Certainly beats some traditional “just multiply the username as bytes by some random number”.
4. Low impact on the application as a whole.
5. Authentication data can be changed between minor versions, breaking any key generators in the wild and making the software more inconvenient to crack a second time.

There are a few other tricks you can use.

1. If your software is lucky enough to print out user data in some output, then you’re home free, people won’t share a serial number if their name is stamped on all the documents that the counterfeit copies produce.
2. Don’t externalise your serial number checks in to an easily replaceable DLL / assembly.  It’s just too easy to isolate and replace.
3. Don’t call the authentication method just once returning a boolean representing “is registered” or not, this is also easy to isolate and replace.
4. If you use an interpreted language, user code obfuscating tools to stop simple decompilation.

Conclusion

Hopefully the above outlines have made the issue of small software piracy a little easier to understand along with explaining why obstructive software registration techniques won’t win you sales and instead often cost you both sales and development money.

Don’t fear software piracy, just attempt to give your legitimate users an experience that’ll make them want to act as your agents to their friends and associates.

You can’t pay for any marketing as effective as genuine goodwill.

What happened to “don’t be evil”? 

Why do you insist that people “posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services”?

What made you think that the world needed another browser?

When you decided you wanted a browser, was the design brief “Opera, but use WebKit, and a new JavaScript implementation”?  That’s really all you produced.

JavaScript needs fixing, you’re right about that.  But if for a second you think the “correct” way to fix JavaScript is to ignore significant inroads made by other corporations and organisations in a massive “not invented here” haemorrhage then you’re very, very mistaken.

But most of all, what made you think that people won’t see this as the transparent attempt to force the hand of web standards that it is?  Seriously, let me get this straight;  When Microsoft do ActiveX and invent things like the XML RPC object, that’s evil and against standards and trying to lock everyone to Windows.  But when you create a browser and re-implement JavaScript in an attempt to force the other browsers to follow your lead in an further attempt to give Google Apps a stranglehold on the majority of “online applications” that’s just fine?

JavaScript really really needs fixing, and yes, a lot of people use GMail, but to try and suppose that the entire web is so dominated by Google Apps that a browser need be created to drive market share towards them is pure egotism, especially for a company with at most (and I’m being generous) four successful projects under it’s belt (Search, the killer app.  AdWords, the money.  Google Maps for a slick implementation and debatable GMail due to market share).  It’s lunacy to think that you’re fixing anything, rather just adding an extra layer of development and complexity on to the already arduous battle for web compatibility.

Your browser isn’t bad, it’s quite clean, it’s likely another eternal beta, but in the end, it’s just a stripped back version of Opera.  I’m sure you’ll do a good job of it, but in the end, will yet another minority browser really be worth it?  You need another hit, I really appreciate that, but try remember not to be evil on the way.

I just wish you’d put all this effort into existing technology.  One of Mozilla’s millions of prototypes (you are the sugardaddy after all) or even Opera (seeing as you like it so much) would be ideal, lets not repeat history again and again.

There’s nothing more rewarding than programming on huge displays.  Say all you like about notebooks and pocket sized this and that, but if you really want to bed in and do some hardcore development, or graphics editing, or just a bit of browsing, whilst gaming, whilst listening to music, whilst watching videos, there’s nothing like masses of screen real estate.

For the past year and a half or so I’ve been enjoying two 19″ monitors (single monitor configurations feel very claustrophobic to me these days) and the experience has been “ok”.  However, finally the price points on reasonable 24″ monitors are right and I’ve invested in a little bit of an upgrade…

That’s 19″ (1280×1024) - 24″ (1920×1200) - 19″ (1280×1024).  I’ve not added the numbers together to get an accurate calculation of desktop real estate, nor have I attempted to work out how much more productive the lack of task switching and windowing has made me.  But I’ll tell you what… it’s incredibly cool.  And yes, it does take up the entire length of a dining room sized table.  And no I don’t have a problem with that.

The graphics card powering the configuration is pretty simple.  People rave about the Quadro FX cards but I went with a wholly more LO-FI setup of my current-ish generation 3d card 7900GT in PCI-E x16 mode powering the 24″ in “Single display” 3d rendering mode (for gaming), along with an old (as in, in a box somewhere) 7300GT in PCI-E 2x mode (same family, easy compatibility, same driver…) powering the two 19″ displays.  Works a treat.  Finally I found a use for the fact I needlessly bought an SLI motherboard.

I can’t begin to explain how much benefit you get from dual displays (and other people have explained it far better than I could), but the third is pure luxury.  The ability to have documentation, masses of source code and a running app a glance away is priceless.

The new display is a Benq 2400.  It’s a TN panel, so graphics “enthusiasts” will probably deride its colour reproduction (TN panels can’t quite produce the same depth of colour as other panel types), however it’s well reviewed, has decent contrast ratio and response times and no dead pixels.  Looks and feels fantastic to my heathen eyes and I’d definitely recommend it (£257 inc vat.).

I’ve got two or three things lined up and half written on technical subjects to finish up before they appear here (mostly surrounding good API design and how to achieve it, and myths about Exceptions in the .NET framework) but I’ve been exceptionally busy lately.

I’ve been enjoying the semi-private beta of Stackoverflow, Jeff Atwood and Joel Spolsky’s project to provide a “developer self help” community akin to Experts Exchange (just “without the suck”).  It’s pretty solid and appears to be playing out like a kind of Xbox live for programmers, at least in the beta, while people try to quickly answer things to get reputation and badges (think achievements).  I don’t know if the enthusiasm will hold out post release, but people do like shiny virtual awards, and people always have questions.

Attended the Bloodstock Open Air music festival at Catton Hall in Derby over this weekend.  Horrible horrible drive (whoever figured that not lighting roads where you’re expected to drive at 70mph was a good idea probably should be taken out the back and shot) but we stayed in a Hotel in the nearby Burton Upon Trent rather than camped.  The music was very much above par (if you like metal / extreme metal) across the three days.  In all honesty, I went to see Opeth headline the Friday and Soilwork play third slot on the Saturday but there was generally a lot of good material to fill the time.

Over the three days we managed to watch (earliest to latest):

A few of those are partial (as much Dimmu Borgir as I could handle until I got bored, only about half of Destruction, Mob Rules and Overkill).  We caught the first track Napalm Death played before I remembered that they’re a little special (and not in the good way), and I made a point of leaving before Nightwish on Sunday night (it was raining, and Nightwish make me feel ill!).

Highlights were Opeth headlining (shortened set, Fredrik Åkesson seems to fit in better on lead guitar than he did on the pre-Watershed tour), Soulfly playing a lot of Sepultura, Tyr and Alestorm for utter hilarity (battle metal and pirate metal respectively), Soilwork being as tight as ever, Swallow the Sun being very atmospheric and At The Gates being metal as hell.

Overall at the end of the weekend I was feeling somewhat burnt out watching live music.  Which means going to Leeds next weekend will be a bit of effort…  I suspect we’ll just go to watch the big headliners (Metallica, Slipknot, rage against the machine and Queens of the Stoneage) perhaps skipping the Sunday entirely as it’ll be a case of driving to and from Manchester each evening.

I also went to check out the Star Wars: The Clone Wars animated feature length this evening.  As a huge extended universe Star Wars fan I pretty much feel indifferent about it.

It looked nice, was fluid, the voice acting was decent enough, the battle sequences were pretty cool, the light saber fights were decent looking if soullessly put together. 

Unfortunately they wrote an average main story (instead of one of a million better clone wars related tales they could have filmed) added a very annoying seemingly cross dressing English talking Hutt, and then went through the dialogue of the script adding pet names for minor characters to make the dialogue feel a little awkward and kiddie.

It wasn’t bad, I did enjoy it.  I’ve always left Star Wars cinema experiences (usually on opening night, they somehow slipped this under the radar) feeling elated, and this time I came out feeling pretty indifferent.  It was reasonable, a great kids film I guess, but whereas they previously made Star Wars kid suitable, this time it feels like they didn’t quite make the directly kid orientated release adult friendly enough and somehow made a few Star Wars characters say things they shouldn’t ever have had to say (Jedi calling a Hutt lave “Stinky” is just plain wrong).  I guess I just hope they make the animated series a little more adult friendly.

Hopefully I’ll get a few technical posts finished up in the next few days.  In the meantime, checkout Stackoverflow.com, see the Clone Wars if you can silence your inner adult and go listen to some Swallow The Sun.

I’ve just picked up on the fact that The Brainy Gamer blog is doing a gaming club (a-la ye old book clubs / reading circles) and the focus for the next session is Grim Fandango.

http://www.brainygamer.com/the_brainy_gamer/2008/07/vintage-game–1.html?cid=122321778#comment-122321778

If you have time to participate, I’d really recommend it.  Not because I have any idea how it’ll go (I obviously hope it goes well), but more because Grim Fandango is possibly the greatest adventure game ever written.  Easily in my top 10 games of all time (if I were fearless enough to make a list) and a game that holds storytelling and good game play in the utmost regard.

If you’ve played it, play again, if you haven’t, play it for the first time.  It’s a classic, and scarily it’s probably turning ten this year.  If I recall, the original tag-line was “An epic tale of crime and corruption in the land of the dead” and that holds.  An art-deco masterpiece of good storytelling, humour, and your first (and probably only chance) to play a travel agent for the department of the dead.

Buy it here:

http://www.play.com/Games/PC/4-/2555356/Grim-Fandango/Product.html?source=5003&kwmid=4481214&kmcid=1664184991&match_type=

http://www.amazon.com/gp/offer-listing/B00004WGW1/ref=dp_olp_2

Demo here:

http://www.fileplanet.com/32113/30000/fileinfo/Grim-Fandango

Read the Escapist feature on it here:

http://www.escapistmagazine.com/articles/view/issues/issue_139/2994-Walk-Don-t-Run

Cornered By Technology

It’s not uncommon in enterprise software development to be tasked with integrating with a third party platform that just won’t play nicely however hard you try. These scenarios often creep up on you at the most unexpected time, be it as a requirement, or a partnership with an uncooperative or unskilled vendor or technical partner. Even worse, it can often become clear that the relationship between your platform and a third party platform is effectively untenable after you’ve invested significant development effort to get “most of the way” there.

The Need for Application and Data Separation

The really bad news is that this isn’t an uncommon scenario, and there are countless businesses operating whilst being held to ransom by systems that they paid for. Unfortunately, these systems cannot be abandoned, normally because the system holds some crucial operational data that the company would cease to function without. Antiquated CRM solutions, Billing platforms and databases are a few of the most common places these issues arise. The fact that you’ve been effectively backed into a corner by a technology partner isn’t the root of the problem however.

These scenarios normally spawn from a historic or bad choice in application design either on your own part or on the part of the offending partner as a side effect of intertwining corporate data and applications into a tightly coupled relationship. You shouldn’t offer the keys to your business to any single piece of software, especially a piece of software operated by a third party, and it’s of the highest importance that you have a clear exit strategy if you choose to enter such an abusive relationship.

Anyone that works with real software on a day to day basis well knows that a full separation of software and the data on which it operates isn’t entirely practical. In reality, you are going to end up with applications controlling certain portions of your data in proprietary formats, but with due diligence and a mind for separation of concerns when choosing available solutions, business crippling crisis should be easy to avoid.

When choosing platforms and service partners, don’t skim over the details of data storage, try and ensure any application that you’re trusting with your business data is storing it in a way that you can migrate that data elsewhere if you so desire.

All People Perform To the Best of Their Abilities When Available Time and Constraints Are Accounted For

It’s very easy to become adversarial when faced with a business crippling technology partner or application and it’s of the upmost importance that you keep your ego and temper in check when dealing with an especially uncooperative partner. This sounds like an obvious piece of advice when dealing with people but it’s just as appropriate a guideline when dealing with software.

Don’t do or say anything you’ll regret, don’t antagonise your opposition (and if you’re unlucky, an uncooperative service partner will certainly become an opponent), and certainly don’t make any knee-jerk decisions regarding your own codebase. It’s important to remember that whilst the system you’re attempting to integrate with may well appear intentionally antagonising or impossible. It’s likely that the functionality of the system was not achievable in any other way, and you genuinely are working with the best product that is available. Concentrate on productive measures, not the conflict and stress of a business threatening problem.

It’s Not You, It’s Me

It should be quite evident that there’s only one solution to this particular problem; technical divorce.
The goals of a project to end an abusive software relationship are reasonably clear cut and simple:

1. Don’t negatively impact business operation without good reason.
2. Achieve data and application logic separation.
3. Escape with minimal impact on other integrated systems.
4. Take preventative measures; don’t get hurt again.

Your number one goal is to not disrupt day to day business during this period of technical therapy. You need to continue working with your technology partner on a daily basis in order to operate and it’s important that you don’t anger your partners or hinder the operation of the soon to be replaced system with disruptive development. Following good software development practices in general should ensure you avoid technical issues of these kinds.

Your second goal is to separate your mission critical data from the dying system. Data ownership is a huge task and not something that can be summed up in a few paragraphs. You may need business analysts to investigate who owns the data in your business and where it should reside. As a good guideline, it’s worth considering that as a business you should own all of your business data with specific applications fed on the data they require to operate. Results should be imported back into a master database or data-store. It’s not a silver bullet or a solution for everyone, but if you approach the problem of data ownership from this perspective then you’re at least thinking along the right track where your applications are secondary to your data needs. An order tracking system should only be concerned with order items and names, a billing system should only be concerned with financial data and billing, try and ensure you don’t get lost in a spaghetti mess of duplicated data.

Your third and most difficult goal is to make this process transparent to the end user by reducing the impact of the change on your other systems. I’ll spoil the fun now by telling you that this is probably impossible and that the user will see a difference. The key is ensuring that difference is only ever iterative improvement to existing business processes and never prohibitive to productive work.

The fourth goal is preventative and hard to define. Seeing as you’re going though this painful technical divorce, ensure that the amount of thought and work that goes in to this project is sufficient to prevent this scenario reoccurring. Employ good business analysts to help you design the project, investigate data ownership and data warehousing, invest in technologies that adhere to open standards and allow for data portability. Build your replacement system in such a way that when you want to replace it with the next wave of technology, that your own developers won’t face the challenges you’re facing now.

Designing a Solution

In order to escape from this heavily relied upon piece of software we’d do well to learn a few tricks from the people who have participated in Software Modernisation over the years.

The Wikipedia entry for software modernisation (http://en.wikipedia.org/wiki/Software_modernization) reads;

“Software Modernization is the process of understanding and evolving existing software assets.

There is a vast amount of highly functional, operational software, representing enormous commercial value deployed in organizations around the globe. To be precise, existing systems are defined as any production-enabled software, regardless of the platform it runs on, language it’s written in, or length of time it has been in production.

These entrenched software systems often resist evolution because their strategic value and ability to adapt has diminished through factors not exclusively related to its functionality. Common examples of such factors are a system’s inability to be understood or maintained cost-effectively, inability to interoperate or dependence on undesired technologies or architectures”

The goals of software modernisation are functionally similar to the goals of replacing an uncooperative system, albeit with a different motivation for the system replacement. This “modernisation” is happening due to the need to maintain defective but business critical operations in the short term rather than retaining currently good functionality in the long term.

Software modernisation is a whole topic in and of itself, but at its core there are two common methods of modernising software; black box modernisation and white box modernisation. These terms retain their standard computer science meanings.

Both modernisation practices require the encapsulation of the legacy system in modern code, creating a fresh set of APIs in a modern language, which in turn calls an API or function of the legacy system.

Black box modernisation involves calling only the publicly facing APIs of the legacy system where as white box modernisation involves a degree of knowledge of the underlying platform and its operations. It’s exceptionally common for extensive reverse engineering of a platform to take place in white box modernisation whilst black box modernisation is more or less a thin wrapping layer.

We’re going to take the idea of system encapsulation from software modernisation and treat our uncooperative system as though it were a legacy system and develop an API to encapsulate the systems functionality.

Function Not Form

During the “aggressive replacement” of the uncooperative system, modern development methodologies will get you a long way. You should keep a keen focus on loose coupling of the interface you create to describe the business needs and the underlying wrapping code of the system beneath it.

When designing your replacement API, you should endeavour to describe the business needs rather than mapping new API calls to the uncooperative system in a one to one fashion. You should take great care to describe function rather than form, decoupling the core business needs from the implementation underneath.

Good API design isn’t something you wake up with the innate ability to do, and thoroughly describing the business requirements of the uncooperative system in your new API will likely take several iterations. This isn’t a problem however, as it’s recommend that you iterate through a process of this scope rather than attempt some big bang replacement of the uncooperative system to avoid great risk and inconvenience to the business.

Your API should creep in to existence, method by method. Existing applications should be updated to use the new API methods as their developed to allow for an iterative migration to the new wrapping code.

Embrace, extend, extinguish

Once you’ve designed the API you wish to use to replace your uncooperative system, you actually have to produce code that maps between the two.

This is no small task and will probably be the majority of the work required by the project. This code is very implementation specific. You may be able to just codify your new APIs in to a few API calls of the uncooperative system itself, conversely you may have to deconstruct the behaviour of the system and replicate it in entirely fresh code. Either way, it’s exceptionally important that at this stage you keep your implementation separate from your API and service layer.

Thus far we’ve embraced and accepted our uncooperative system, we’ve extended a hand towards it in the form of a neatly designed API, and the final step of your project will revolve around replacing the system entirely.

Once your API is fully featured, and all the dependant systems in your business are referencing it for any communication they need to perform you can begin seeking a replacement system.

Choose wisely, at this point you’ll likely be more than aware of the pains involved in another costly migration! Take your time, there’s no hurry, developing your own solution is even an option.

Once you’ve chosen the replacement, you need to write some code again, this time to translate calls from your new API across to your replacement system. Because you did remember to keep your API decoupled from the implementation, right?

At this point you’ve succeeded in using an iterative approach to software design to fully replace a system that may have previously seemed inseparable from the business. The ROI of a project of this nature is hard to quantify, but I thoroughly believe that if you feel that you need to embark on a project of this nature, its completion will surely strengthen one of the most brittle parts of your operational business.

Congratulations! You made it out alive.

Footnote: Avoid the same thing happening to you

This is honestly a plea to anyone that’s ever going to write a system they expect other developers to communicate with. Practice designing APIs. Write them well. Document them well. Keep them up to date. Support them. Define concise operations. Be good. If everyone is “good” then hopefully fewer people will have to suffer difficult integration exercises.

It appears as though the Microsoft M.V.P’s that were called upon to advise on the technicalities of the forthcoming Entity Framework hit a little bit of a roadblock.

When I say “a little bit”, it seems as though Microsoft just point blank disregarded their warnings and recommendations in regard to creating OR mappers. It’s probably the first time I’ve seen this kind of scenario end with the technical advisors posting a warning and a general vote of no confidence.

I’d be lying if I didn’t say I felt a little disappointed that after making steps in the right direction and asking domain specialists for advice, that Microsoft entirely disregarded the advice of the specialists they consulted resulting into what seems like an unusable shipping product.

I’ve not attempted to use the entity framework in and form, but the technical criticisms in the vote of no confidence are quite explicit, and as a developer who makes extensive use of OR/M, if those criticisms are accurate (which is very likely) I’d certainly treat the entity framework with the same unfortunate disregard.

At least nHibernate isn’t broken!

The word cloud has been thrown around for years to describe the internet, but there’s a growing trend at the moment to launch services that seem to embody actual “cloud / grid computing”.  This movement to some extent is just the logical extension of the rich web applications that have gained popularity as part of the “web 2.0″ epidemic of increasing bandwidth and remote server horsepower.

The two obviously notable solutions in this area are Microsoft’s Live Mesh, which was announced and put into a public beta / technical preview a few months ago (Ray Ozzie’s second attempt to solve the problem of distributed device synchronisation after the canned “.NET My Services”) and Apples Mobile Me.  I’m normally a somewhat critical Microsoft supporter (not an apologist), I’ll put that on the table now, however I suspect that Apples service is likely to get more traction due to iPhone 2.0 support and it’s forthcoming lower price point (at the very least in the UK, possibly elsewhere).

Both of these services effectively offer the same thing, centralised data storage and device synchronisation, Apple offer what they call the “me.com suite of web applications” and Microsoft offer the “Live Desktop” as the online interface to this storage pool, both offer mobile clients, both offer desktop clients for both computing platforms.  They’re effectively the same service, it’s Exchange Home Edition with Outlook Web Access enabled, for want of a better example.  It’s Microsoft and Apple desperately trying to get between the desktop and Google Apps.

But that’s really what I have a problem with.  The great benefit of grid computing is the utilisation of large amounts of CPU resource to accomplish large tasks very quickly, not data warehousing your users personal data.  It’s seemingly something that both of these “cloud computing” solutions have entirely missed and in reality, they’ve supplied Active Sync and Exchange for the home user combined with the three million iDrive, YourDrive, MyDrive, HisDrive services that became popular before the Web 2.0 bubble in about 2001-2002 and effectively managed to shut themselves down after being used solely for piracy.

I don’t actually believe that the world internet infrastructure is ready for these types of services yet because of the data ownership implications and I feel that these services have been designed almost inside out in nature.  Data synchronisation is nice, I’m sure everyone would agree with that, but by forcing these solutions to market before we’re in an ecosystem where users can host their own file-identity-synchronisation services out of the home in a process as simple as signing up to something like Mobile Me or Live Mesh, we’re setting a precedent.  That precedent says that it’s ok to surrender your personal data to a giant third party data store in the sky, and honestly this is not ok. 

This is a choice the vendors are making, and in my single honest opinion, an exceptionally bad one.  Apple could just as easy focus their energy into making a Mac Mini derived small home device that provides the same functionality as Mobile Me, that plugs in to a home router.  I don’t mind them offering a Mobile Me like service for people that don’t want to be responsible for the keys to their home, but I sure as hell have a problem with both them and Microsoft forcing people to give up their homes in the name of data synchronisation.

This is another case of a good idea that people will enjoy, poorly implemented and pushed out to market, when the effort should be in enabling a permanently connected high speed internet for the masses, and the engineering of devices that allow the user to control their own resources.  I know I sure as hell don’t want to loose all of my data because of some sloppy code and an exploit or two.  I’m sure companies of the size of the big players in this market can secure data, but walking around with a target on your back is never a good idea.  Cloud computing should be about applications and not data, do not be told otherwise.  They bring the technology and knowledge and you bring your data to that party, not the other way around.

As a footnote, I think both implementations look pretty slick and offer good functionality, albeit nothing above and beyond synchronising to a mobile device with a HDSD card in it (my current solution involves a large memory card, a HTC Touch and ActiveSync to effectively reproduce this functionality).  Online identity, sharing and data stores are the future, lets just not let people lock us in to a poor aggressive implementation.  Vote with your wallet people.

Now Playing: Between The Buried And Me - The Decade Of Statues

There’s a very good argument for saying that the thing that makes or breaks a new programming language is actually the tools the work with and around it, rather than language features themselves.  If you ask the average programmer to guess the percentage of language features of their language of preference that they used on a daily basis, or even ever, I suspect many of them would respond somewhere in the 25-30% range. 

Programming languages these days are big.  By that I mean, programming frameworks these days are big.  Most people tend to not just use the language natively, but the selection of a preferred platform tends to be based on the features of the dominant framework available for that language.  As a simple statement this is neither here nor there, but it illustrates the point that the development environment, for a large proportion of its users, makes a language.  I’d argue that Visual Studio made Visual Basic popular, and that without it, it would probably haven’t stood a chance against Turbo Pascal and Delphi, even with all the clout of Microsoft.  So we rely on tools, and in honour of tools, here are a list of tools I find invaluable whilst developing in .NET.

JetBrains ReSharper

This is the king of all visual studio plug-ins.  Imagine it as a kind of, interactive FX cop while you work.  It offers background compilation, refactorings, stream lines existing visual studio functionality and basically makes you code better.  It teaches you things you didn’t know about the language and helps you improve your code quality proactively rather than retrospectively.  The biggest programming crutch known to man, and a descendant of the IntelliJ IDE for Java.  JetBrains have trials available and if you drop my name in you can get an improved trial period and a bit of a discount on purchases.  If I could take just one tool home, it’d be this.

Lutz Roeder’s Reflector

Ever thought that there was a bug in someone else’s compiled assembly?  Fancy a crawl around the internals of the .NET framework?  This is the tool for you.  Reflector translates the IL of a compiled assembly back in to C# and lets you poke around inside.  It’s very much read only, but if you ever think there’s a bug in something you’re not supposed to touch, you can prove it and code around it with the help of this excellent tool.

System Internals / Microsoft Debug View

I’ve written about the usefulness of this little application in the past.  Debug View lets you view the Windows Debug output stream in real time.  That’d be anything written using System.Diagnostics.Debug.WriteLine or the more traditional C / C++ equivalents.  Allows you to monitor an application built in a debug state in real time.  Perfect for debugging Windows services or other troublesome applications that you need to monitor whilst running during development.

Visual Studio Remote Debugger

If you have Visual Studio you actually already have this (the link above is to setup information).  It’s hidden away in C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger (replace the visual studio version as applicable) and it allows you to attach an instance of Visual Studio to an application running on another machine.  Again invaluable if you’re writing distributed services and deploying to test servers, this application allows you to run your service or application on another machine, then connect to it using the visual studio debugger and break and step through your code as though it were on your local machine.  Great for when you deploy something to an integration test server, it fails, and you just can’t work out why without digging through the code in real time.

MbUnit and Rhino Mocks

Two for one, an xUnit derived unit testing framework, and Ayende’s mocking framework.  Unit test with confidence and unit test often.

ANTS Profiler

ANTS profiles your .NET applications at a level I’ve not seen in any competing products, giving you a line by line, method my method breakdown of execution time and code bottlenecks along with all the stats you could ever want to generate on a piece of code.  You really can use this to find horrible hidden performance issues in your code and fix them.

Honourable Mentions

Notepad++

Everyone has their own favourite notepad replacement utility.  This is mine.  I used Context for years but this is just better in every way..

Pro C# and the .NET 3.5 Platform

The only “giant programming bible” I’ve ever been able to read like a book.  Grab an E-book so it’s searchable and you’ll probably get more information than you could Google for.

These are just my personal preferences, and applications that I use on a daily basis.  Give a few of them a try and you’ll see your productivity increase and hopefully, your code improve.

I commute to and from London very frequently and the trains, whilst high tech and reasonably pleasant, can lead to very long journeys (especially in times of maintenance).  Because of this frequent travelling I’m practically forced to carry a laptop around with me for the sake of my sanity.  I tend to enjoy watching DVDs, playing late 90s and early 2000s PC games, and spiking and prototyping software ideas to pass the time on these train rides (which can stretch up to 4 1/2 hours some Sunday evenings).

Now, my laptop is a Dell Inspiron 5160, picked up in 2004 when the phrase “desktop replacement” in a laptop made my mind think of good things.  It has a desktop Pentium 4 processor (with hyper threading, for all the good that did) clocked at 2.8Ghz, 1.25Gb RAM running XP Pro and a 15.4″ screen (to give a sense of scale).

At the time, those were very respectable (desktop replacing!) specs.  The downside is that it weighs as much as the desktop it pretends to replace.  9.7lbs to be precise, which if I recall is something like 5Kg give or take.  Add to that the power of a chunky laptop power supply and most weekends I feel as though I’m carrying a small child from the north to the south of London.  Not fun.

I came to the conclusion (prompted by back ache) that I should probably look into replacing my monolith with something designed to, dare say, be portable.  Anyone that watches PC hardware will be aware of the waves that the current range of sub-notebooks have been making in the IT press so I figured I’d take a closer look.

The options seemed to be the much publicised Asus EeePC, the forthcoming HP Mininote and the HTC Shift (and other similar large smart-devices) as far as ultra portables went.  These devices are really, really cool.  Eight to nine inch displays, 700Mhz to 1.2Ghz VIA processors and chipsets and weighing just over 1Kg.  They really are tiny little devices and perfect in the cheep connected device market, but unfortunately the ability to run Visual Studio and to watch DVDs that I’ve just bought (ripping isn’t really relevant as I tend to buy things at train stations) were deal breakers.  I toyed with the idea of buying an external DVDRW drive to keep alongside a tiny sub-notebook, but at that point the rice would be approaching about £400-£450 and it was starting to feel like I’d really be ending up at the wrong end of the price-performance curve.

I’d definitely recommend anyone that just needs a really portable Internet / office device to check out reviews of the HP Mininote, it should be out this month and I was very very tempted by it, it’ looks fantastic and seems exceptionally powerful for it’s form factor.

I abandoned the idea of picking up a sub-notebook and decided to take a look into the very small regular notebooks on the market.  I’d had a very positive experience with he 11″ T-Series Sony Vaios‘ in the past  Their build quality is second to none, specs are brilliant and they weigh just 1.25Kg.  Unfortunately you also pay £1500+ for the privilege of a tiny notebook of comparable spec to a £400 15″ notebook.  If you’ve got the budget then I’d recommend one in a second, but they’re a far cry from the £200 EeePCs.  I figured I could stretch up to 12″ and still manage to pick up a very light, fully featured laptop and to be honest was quite surprised at the lack of products on the market.  I suspect this could partly be due to the recently (as in yesterday) announced new reference designs for sub notebooks , or perhaps companies are waiting on the Intel Atom CPU announced late last month, but either way the range of notebooks on the market at that size and weight point is remarkably sparse.

That said, there are some options.  Acer have a 12″ offering in the shape of the Aspire 2929.  an Intel Core Duo based machine with 1-2Gb RAM, Vista and about 100-200Gb of disk space, depending, it seems, on who you buy it from.  It’s part of their clamshell range apparently co-designed with Ferrari.  I’m guessing that’s their excuse for the laptop looking like utter shit, but on paper, the specs read ok, for about £500-600, vendor dependant.

I was still unsure, so I’d decided to go to PC World to see if I could just get a feel for the notebooks available,  It’s pretty hard to get a handle on the weight and size of something from raw specifications and websites so I figured it’d be time well spent.  I walked in the door, and on the second display stand as I entered the store was a tiny 12″ notebook branded “Advent”, which the smart or unlucky amongst us recognise as one of PC Worlds own brand product lines.  Looked good though, visually.  The build quality is no Vaio, but the price tag isn’t either, at only £450.  Core 2 Due 1.83Ghz, 2Gb RAM, 160Gb Hdd.  On paper, the specs were actually excellent for the price point.  Figured I’d ask for a full spec and pulled out my phone to start googling.

Interestingly there were very few mentions of the machine online.  Meaning it’s either very very new, or that the people that buy PC World own brand laptops don’t have too much to say about them online, none the less the spec sheet was quite revealing.  It appears that this laptop, almost £200 cheaper than the Acer Aspire 2929, and light years better looking, is practically the same machine underneath.  It uses exactly the same Intel chipsets, exactly the same onboard graphics, has exactly the same set of features (3 Usb and a Firewire port, onboard card reader, identical audio chipsets) and is to all intents and purposes just a nicer looking and cheaper version of the 2929.  Oh, and it weighs only 1.8Kg

I still don’t trust PC World hardware, so I went home to do a bit of extensive googling and slept on it, returned the next day and picked up one of the notebooks with Vista Premium.  That was two days ago.  I’ve spent the following few evenings tuning up Vista and installing software, and in all honesty, the machine really seems to fly, and at this point I’d go as far as recommending it.

I guess the moral of the story is that you never know what you might find lying about PC World.  But moreover, if you’re looking for a nice portable notebook on a reasonable budget without sacrificing power, PC World appear to have them in stock in the form of the Avent 4401, filling a curious hole in the market that other manufacturers appear to not want to compete in.

As a quick tip, due to PC World being… somewhat strange, if you’re interested in buying one of these machines, purchace it online and select “Collect @ Store” and you’ll save about £50 on the store price of the notebook.

Do with this information what you will.