First time here? You are looking at the most recent posts. You may also want to check out older archives or the tag cloud. Please leave a comment, ask a question and consider subscribing to the latest posts via RSS. Thank you for visiting! (hide this)

September 2010 Blog Posts

First European NHibernate Day: some updates

The NHibernate Day is just 21 days from today, so I wanted to give some updates on it.

Did you receive the email?

We sent an email to all the attendees, but seems like there might be some problems with spam (a few people already contacted me saying they didn’t receive anything). If you are registered for the NHDay, but you didn’t receive any email last week, please contact us (using the email specified on the event page) and we will forward the email to you.

Call for action: fill the form

But even if you received the email I’d like to repeat a few things that are important for the good outcome of the event:

Donations

Those who didn’t donate when buying the ticket, but want to donate now, we setup the donation page on the official NHDay site: http://www.nhday.eu/en/donations.aspx

That page also contains the list of all the attendees that already donated to help cover the costs of the event.

Change of speakers

Steve Strong cannot come and talk about Linq2NH due to problems at his job. He will be replaced by Gian Maria Ricci, awesome developer and guitar player. Gian Maria will talk about the new native implementation of Linq2NH.

Sponsors

We have quite a lot of sponsors for this event. Some contributed with money (Hibernating Rhinos, Umbraco, Proximo, CodicePlastico, SID and OrangeCode) and other gave us a lot of prizes to give away at the end of the event: Mindscape and Slyce Software will give away some licenses of their visual designers for NHibernate, TekPub will give some code for their “Mastering NHibernate” video course (plus some other codes for annual and 30day subscriptions), PacktPub will give away some copies of the soon to be released “NHibernate 3 cookbook” and Manning some other copies of “NHibernate in Action”. Approximately one third of the attendees will get a prize at the end of the day.

Thank you to all the sponsors for helping out.

Hope to see you in October.

Apple relaxing SDK license agreement: MonoTouch (and Flash?) officially allowed

xcode-icon-512x512 Do you remember when in April Apple changed the SDK license agreement in order to ban applications not natively written with Apple tools (like MonoTouch and Flash)?

The (old) clause was:

3.3.1 — Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs. Applications must be originally written in Objective-C, C, C++, or JavaScript as executed by the iPhone OS WebKit engine, and only code written in C, C++, and Objective-C may compile and directly link against the Documented APIs (e.g., Applications that link to Documented APIs through an intermediary translation or compatibility layer or tool are prohibited).

Today Apple announced that:

“… Based on their [our developers] input, today we are making some important changes to our iOS Developer Program license in sections 3.3.1, 3.3.2 and 3.3.9 to relax some restrictions we put in place earlier this year.

In particular, we are relaxing all restrictions on the development tools used to create iOS apps, as long as the resulting apps do not download any code. This should give developers the flexibility they want, while preserving the security we need.”

The new clause says (from the official PDF, the text in the agreement page is still the version from July):

3.3.1 — Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs.

As you see, the part about external libraries and other languages disappeared. This means that writing iOS applications with MonoTouch is now officially allowed, and probably also means that Flash applications will be allowed too.

The changes also allow scripting languages to run inside iOS applications, as long as the script comes as part of the application (and not downloaded from the web).

3.3.2 — An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and
not downloaded. The only exception to the foregoing is scripts and code downloaded and run by Apple's built-in WebKit framework.

Now you have no more excuses not to start using MonoTouch to develop you applications. If you want to learn more about MonoTouch I suggest you to buy the Professional iPhone Programming with MonoTouch and .NET/C# book. Really a good one.

Now off to developing my iOS application with MonoTouch.

Chrome 6 might break your Gmail (when behind proxies in corporate environments)

[UPDATE: There is a workaround]

This morning, following the release of Chrome 6, I decided to upgrade to the latest version.

But as soon as I tried going to Gmail I got the following error:

SSL connection error. Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

Error 128 (net::ERR_SSL_UNSAFE_NEGOTIATION): The SSL renegotiation extension was missing from the secure handshake. For some sites, which are known to support the renegotiation extension, Chrome requires a more secure handshake to prevent a class of known attacks. The omission of this extension suggests that your connection was intercepted and manipulated in transit.

This happens because “starting with 6.0.453.1 Chrome began requiring the TLS renegotiation extension from a small number of sites (Gmail included). This extension is required to prevent TLS renegotiation attacks”. This means that if you use Gmail (or any other Google application, like Docs, Reader and so on) over HTTPS and you are behind a proxy that alters in some way the data passed (like MITM proxies), you will not be able to access Gmail any more.

This problem has been reported on Google Chrome forums and also in the issue tracker of Chromium, but has been marked as invalid because they are now trying to increase the security, implementing the renegotiation extension.

While this is a good thing, most companies are not always up to date with the latest technologies, and since this extension is standard since “just” 6 months, Google cannot expect everyone to have it implemented already.

What you should do if you have already installed and you get the SSL Connection Error?

[UPDATE] After having commented on the Chromium bug, Adam Langley answered that if you manually specify a proxy, the check is disabled automatically. And if you have a transparent proxy (so no proxy configured in the options) you can disable the check using the command-line option: --allow-ssl-mitm-proxies.

Thank you Adam for also commenting here with the complete explanation of the problem.

The only thing you can do is revert Google Chrome back to version 5. Unfortunately this requires you to uninstall Chrome, and reinstall the old version using the offline installer that you can download from Google site at the following address: http://dl.google.com/chrome/install/375.55/chrome_installer.exe

Unfortunately uninstalling Chrome means you loose all your stored passwords and some other things because a Chrome 6 profile cannot be read from Chrome 5. So if you are unsure, do a backup of your profile folder before trying to update to Chrome 6.

I hope Chrome either allow users to “ignore” some errors, like they do when the certificate is not valid, and that in meantime all MITM proxies get updated to support the renegotiation extension (and all IT guys install the updated version).

Is Silverlight becoming a niche technology?

A lot of reactions started on Twitter this morning following the publication of the article titled “The Future of Silverlight” on the Silverlight Team Blog. One that caught my attention was written by Hadi Hariri:

original-tweet

After a few messages I realized that he was talking about Silverlight.

The problems Silverlight addresses

The official announcement says between the lines:

… Silverlight enables applications that deliver the kinds of rich experiences users want. We group these into three broad categories: premium media experiences, consumer apps and games, and business/enterprise apps.

Even in their own statement, they acknowledge that Silverlight is not for building web apps, but is to address very specific features that you don’t have in HTML/CSS/JS.

Most of the features of Silverlight are already included in HTML

But if you take a closer look to the features they list, and you compare them with what HTML (where with HTML I mean the sum of HTML, JavaScript and CSS) can do, you realize that, with the exception the adaptive streaming and other advanced video features, everything can be implemented in HTML: there is HW-accelerated canvas in HTML5 to fulfill the need of “power” of web games, there are already dozens of JavaScript UI control libraries, like jQuery UI to helps you build rich and “desktop-looking” web applications with very little effort, there is local storage and even a local database to store information locally in the browser, there are web workers to keep the application responsive during heavy computations, and much more will come with HTML5.

Some might argue that, even then, Silverlight has a more mature IDE and most developers don’t have a clue about programming in JavaScript and writing HTML+CSS. This only partially true: you reuse your C# skills and your knowledge of the CLR, but you need to learn all the pattern and best practices specific to this new paradigm, like MVVM, you have to deal with the “all is async” problem, and you probably don’t want to just drag and drop SL controls onto the developer surface, so even the IDE helps just a little here. And looking at it the other side of the coin, I’m pretty sure JavaScript oriented IDE and even more commercial control vendors will start making “d&d-able” controls to make JavaScript development as easy as desktop development.

Silverlight is more than the browser

The article finishes with that emphasis: “Silverlight is much more than a browser technology”. Sure it allows you to build “out of the browser” apps, even desktop apps, and now Windows Phone 7 apps. I think this is a great advantage for developers that build desktop apps, but I just don’t see Silverlight as a web application technology.

What is Silverlight really for?

If you asked me where I would use Silverlight I’d answer:

  • To build desktop applications
  • To build Windows Phone 7 native applications
  • And to build islands of interactivity of web applications, where the current “simpler and more standard” technologies are not enough, like in media applications.

Andrew Tokeley wrote a very nice post that goes into the details of when you need to use Silverlight instead of HTML/JS/CSS.

I think this is also how Microsoft should market it: a technology that allows you to create rich “web-looking” applications on the desktop, complex video components for the web , and to reuse the same skills to build native mobile applications for Windows Phone 7. But they should stop comparing Silverlight to HTML5, they are complementary technologies, not competing technologies.

What are your opinions on this topic? Please share them on the comments.