Windows App Store

I'm developing applications for PC and the iPhone at the moment. It looks like the iPhone application will be the first to market for two reasons: it is a simpler application (which always helps), and there is less hassle to get it out the door. The main reason there is less hassle developing an iPhone app (ignore Apple's approval process) is because most common things are managed for the developer.

The iPhone App Store

I can't say I'm a big fan of owning hardware that you have little or no control over but I do love both my iPhone and my Xbox 360. These controlled environments provide several benefits to the consumer:

• People feel safe using their credit cards to buy software. I don't think people are very keen to use their credit card at any old place - they don't want to be ripped off by paying for something that doesn't arrive and they don't want their credit card details stolen for other unauthorized uses.
• There is no fear of malware. Having all the software up for sale screened by a third party prevents malware from creeping in. Even if it does get in the vendor can release an update to disable it remotely.

There are also many benefits for the developer:

• No need for a complex installer. This is a huge pain on Windows and Linux (I'm not sure about OSX) and having a simple standard means of deploying the application is great.
• Distribution handled. The developer doesn't need to find or pay for hosting applications even free ones.
• Payment handled. The payments from the customer are handled automatically.
• Licensing handled. There is no need for a custom activating and licensing mechanism.
• Error reports handled. On Windows there is winqual but it requires a $99 certificate, avoid that cost requires a custom solution.
• Single payment. The app store vendor takes a cut of sales so there is no separate cost for a winqual certificate, signing certificate, hosting, etc.

Windows App Store

An app store for Windows would address several key problems for desktop development:

• Remove the need for custom installers.
• Automatic updates and a single update notification. It seems like almost everyone does a poor job of updates and on my PC I have separate Adobe, Java, Apple and Google processes checking for updates.
• Distribution. No need to find hosting.
• Unified "feel" for applications. Consumers would have a single spot they felt safe using their credit card and knowing they weren't downloading malware. A great example of this on Windows is Steam.
• Mandated quality standards. This would hopefully move towards removing crapplets on PCs.
• A easy & safe way to make payments.

Microsoft already have "Windows Marketplace" which apparently supports third-party titles however a quick look at the site fails to show any such applications. I think at a minimum they should re-brand whatever app store they make perhaps using Bing. "Bing App Store"?

Perhaps Valve will moving into distributing applications as well as games...

Secure Updates?

Currently I'm looking into secure automatic updates for a .net program I'm developing. I've asked on stackoverflow for people to review my approach to the update process here. In the process I've come across some interesting articles on automated updates and I thought I'd review how other applications go about it.

Java

• Downloads http://java.sun.com/update/1.6.0/map-1.6.0.xml which has details of various updates:

<java-update-map version="1.0">
   <mapping>
      <version>1.6.0-rc-b98</version>
      <url>http://javadl-esd.sun.com/update/1.6.0/au-descriptor-1.6.0_15-b71.xml</url>
   </mapping>
   <mapping>
      <version>1.6.0</version>
      <url>http://javadl-esd.sun.com/update/1.6.0/au-descriptor-1.6.0_15-b71.xml</url>
   </mapping>

   ...

</java-update-map>

• Then downloads the specific file given in the 'url' element (e.g: http://javadl-esd.sun.com/update/1.6.0/au-descriptor-1.6.0_15-b71.xml):

<java-update>

  <information version="1.0" xml:lang="en">
    <caption>Java Update - Update Available</caption>
    <title>Java Update Available</title>
    <description>Java 6 Update 15 is ready to install. Click the Install button to update Java now.  If you wish to update Java later, click the Later button. To get a FREE copy of OpenOffice.org, the global standard in free, Microsoft compatible office productivity software, just click the More Information link below.</description>
    <moreinfo>http://java.com/infourl</moreinfo>
    <AlertTitle>Java Update Available</AlertTitle>
    <AlertText>A new version of Java is ready to be installed.</AlertText>
    <moreinfotxt>More information...</moreinfotxt>
    <url>http://javadl-alt.sun.com/u/ESD6/JSCDL/jre/6u15-b71/jre/jre-6u15-windows-i586-iftw.exe</url>
    <version>1.6.0_15-b03</version>
    <post-status>https://sjremetrics.java.com/b/ss//6</post-status>
    <cntry-lookup>http://jal.sun.com/webapps/installstat/CountryLookup</cntry-lookup>
    <predownload></predownload>
    <options>/installmethod=jau SP1OFF=1 SP2OFF=1 SP3OFF=1 SP5OFF=1 SP6OFF=1 SP7OFF=1 SP8OFF=1 SP10OFF=1 MSDIR=ms4 NEWMSTB=1 SPWEB=http://javadl-esd.sun.com/update/1.6.0/sp-1.6.0_15-b71</options>
    <urlinfo>6068ce6c957932593d20059bebab0dfc8b056ac3</urlinfo>
  </information>

  ...

</java-update>

• It does download a file from VeriSign which may be a check for the downloaded binary, e.g. http://ocsp.verisign.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRODEXefhs%2FUZFum2o8YfzOFwceMwQUkz5j3yJ0BOBkhDHd2yOfDq%2B2TZMCEA89qsgV9niZmSI6gIO0S%2FU%3D

Paint.net

• Downloads http://getpaint.net/updates/versions.5.600.x86.en.txt which looks like this:

; 3.xx manifest

DownloadPageUrl=http://www.getpaint.net/download.html

StableVersions=3.36.3158.38068
BetaVersions=3.50.3550.40197

3.36.3158.38068_Name=Paint.NET v3.36
3.36.3158.38068_NetFxVersion=2.0.50727
3.36.3158.38068_InfoUrl=http://www.getpaint.net/roadmap.html#v3_0
3.36.3158.38068_ZipUrlList=http://www.getpaint.net/updates/zip/Paint.NET.3.36.zip
3.36.3158.38068_FullZipUrlList=http://www.getpaint.net/updates/zip/Paint.NET.3.36.zip

3.50.3550.40197_Name=Paint.NET v3.5 Beta 1 (Build 3550)
3.50.3550.40197_NetFxVersion=3.5.1
3.50.3550.40197_InfoUrl=http://paintdotnet.forumer.com/viewtopic.php?f=46&t=31684
3.50.3550.40197_ZipUrlList=http://www.getpaint.net/files/zip/preview/Paint.NET.3.5.Beta.3550.Update.zip,http://www.dotpdn.com/files/Paint.NET.3.5.Beta.3550.Update.zip
3.50.3550.40197_FullZipUrlList=http://www.getpaint.net/files/zip/preview/Paint.NET.3.5.Beta.3550.Install.zip,http://www.dotpdn.com/files/Paint.NET.3.5.Beta.3550.Install.zip

• This manifest file and the associated binaries don't appear to be signed in any way. Update: Rick Brewster has commented to say that the downloaded binary is signed and the signature is verified.

Skype

• Checks for updates by querying: http://204.9.163.158/ui/0/4.0.0.227./en/getnewestversion?ver=4.0.0.227&uhash=143c299d62b6baac1f30936f72dd4683f

4.1.0.166

• Downloads the update file: http://163-158.static.quiettouch.com/ui/0/4.0.0.227./en/upgrade
  
• Unless the downloaded binary's signature is checked this would be vulnerable to a man in the middle attack.

Other

• iTunes posts a big blob of data back to Apple on startup checking for updates - I didn't look into this much.
  
• Google Chrome also posts back information when checking for updates. My version of Chrome was up to date so I didn't see the update process in action.
  
• Firefox was already in the process of downloading a new version so I had already missed the file download negotiation.

Summary

It seems like everyone is doing automatic updates differently (no surprises there). It also looks like there is plenty of scope for man in the middle and spoofing attacks if the downloaded binaries aren't signed or don't have their signatures. It doesn't seem like many people are checking their manifest files before downloading binaries which could lead to Safari style "carpet bombing" where malicious binaries are downloaded onto the system.

Roomba Review

Last Christmas we got a Roomba 530 (you can see a similar model here). A Roomba is a robotic vacuum cleaner, however, it mostly collects rubbish (dirt, garbage, hair, etc) using it's system of brushes. Since it is battery powered it doesn't have a very strong vacuum action. Having had Roomba in our house for almost a year I thought I give a quick review of it's pros and cons.

Firstly before I go into the details of the actual Roomba unit there are a few important background details:

• I live in a small unit that has all hardwood floors.
• I also have two cats who generate a lot of cat hair.

This combination is almost perfect for an automated cleaner: small amounts of dust and cat hair need cleaning every few days, there is no carpet to soak up dirt.

Pros

Roomba is awesome!!!11

It is quite cool to have an automated robot to go and clean your floors while you sit back and watch. And it is very mesmerising at first the way Roomba negotiates chair legs, people and other obstacles. Its a cliché but I do wonder if the next generation will even know what a "manual" vacuum cleaner is.

Roomba is small

In a small unit space is important, Roomba takes up a fraction of the space of a traditional vacuum cleaner.

Roomba cleans where you can't

To paraphrase the iRobot promotional video, 'Roomba cleans under stuff'. I am constantly surprised at how much gunk it is able to find underneath furniture like our couch (out of sight out of mind I guess).

Fire and forget

You can put Roomba on and go out; it will happily clean and re-dock itself once its done. However it practice you need to clear the floor of cables, etc. Otherwise you will come back to find Roomba has eaten the cord of your curtains and is hopelessly stuck.

Quiet

Roomba is noisy, but compared to a regular vacuum cleaner it is very quiet. My cats would run away when we started to put together the old vacuum cleaner but with Roomba they are happy to hang around and watch it with disdain.

Cons

Maintenance, maintenance, maintenance

The main problem with Roomba is that while it cleans your house without much supervision you need to clean it. After every clean you need to empty its pathetically small bin and after most cleans you need to clean the main brushes. Every three or four cleans I have to also remove hair from it's wheels and in the bearings of the main brushes. Occasionally you have to unscrew the 'flicking' brush to remove some long string that its eaten. Finally after about 8 months I notices that Roomba was no longer driving around in a straight line and I had to clean its sensors with a cotton bud.

Hair on the brushes	Hair in the bearings
Hair cleaned off the brushes	Gunk from the sensors

Fire and forget?

Fire and forget is sometimes like fire and get stuck: unless you prepare your floor removing any big particles (or are insanely neat) Roomba will eat a rubber band, pen, string, cable or similar and get is main brushes stuck. Usually I put Roomba on and then start to clear things that it might get caught on.

Dark furniture

Roomba uses several sensors to work out if it is going to bump into things before it actually triggers its big bumper. Unfortunately these sensors don't pick up dark furniture very well and as a result Roomba bangs into things (quite loudly). Short of putting reflector strips at Roomba height you can always move the furniture or just ignore it.

Summary

Roomba is awesome and I love it but it does require maintenance. Having seen it in action I feel that it works best on hard floors but it seemed to work well on carpet when I tried it at my parent's place. The main advantages are being able to put it on and leave it and also that it cleans under furniture. It does have some annoying quirks but nothing that has bothers me too much.

Epic Meltdown

August Links

Utility

• Online text case converter

VM Ware

• Automating VMWare Tasks in C# with the VIX API
• VMWareTasks: C# VixCOM

Misc

• How to write a disassembler

iPhone Reaching Critial Mass

It seems to me that the iPhone is beginning to reach critical mass. And by critical mass I mean that the iPhone is reaching the status of the iPod or Nokia 5110: everyone has one. Part of my reasoning is that everyone I know seems to be talking about their iPhone or planning to get one. (Of course my sample size is very small and probably biased, but hey).

Travelling to work and back home everyday it seems like heaps of people already have them. Since it is becoming more popular is also seems to becoming less flashy and pretentious. Admittedly I live and work in inner Sydney so the sample set may be biased again.

And what alternative is there? In the same way that PC makers are struggling to design and build PCs that match Apple's sleek designs no one seems to be making a viable iPhone competitor. Also the AppStore is a very attractive place to put an application since consumers are quite comfortable using it to purchase software. Which in turn means all the developers are looking at developing for the iPhone.

It all adds up to one thing: critical mass and unfortunately lock-in. And the scary thing is that everyone seems comfortable that Apple won't abuse its position and become an evil monopoly.

Microsoft

Since it seems like Microsoft has lost the lead in the mobile space I think the only way out of the Apple-opoly is to bring their awesome set of developer tools to the iPhone. The lure of Visual Studio and C# / VB.net shouldn't be under estimated. If developers could easily make cross platform applications that ran on both the iPhone and Windows Mobile/Blackberry/Android it would be a big step towards breaking that lock-in.

Who's working towards bringing the C# and the CLR to the iPhone? Novell.

It seems like a strange move but I'm very keen to try it out...

TWAIN Dot Net

I just released the first version of TwainDotNet, a TWAIN library for the .net framework. It is an open source, MIT licensed work built on top of Thomas Scheidegger's article from The Code Project: .NET TWAIN image scanner.

I had two main reasons for starting the project on code.google.com. Firstly code attached to an article provides no way for people to collaborate. There is no issue tracking, not place to feed back changes, etc. Secondly, I wanted to change the code to work with WPF and feed those changes back to everyone else!

So anyway the code is now up there and an initial binary available for download. I've picked the MIT license since it seems to fit the spirit of Thomas's original public domain dedication but with limitation of liability. And hopefully now there will be a bit more collaboration! :)

 

On a side note I've tried out Mercurial for the first time. The python based TortoiseHg is not quite as polished at TortoiseSvn but it is still very easy to use. I will seriously be thinking about moving my other Subversion projects over to Mercurial at a point in the future...