Ryan Chapman

I've added an article here that discusses the performance characteristics of JIT-compiled code compared to native code.  The results are interesting and encouraging for anyone considering using the .NET Compact Framework for developing mobile applications.  As always, comments and questions are very welcome!

Cheers,

Ryan

I have the honor of presenting this year's NetCF performance talk at MEDC.  This has been an immensely successful presentation in past years and I'm hoping this one will live up to the same high standards.

One thing I'd especially like to do this year is include as much information from customers as I can--you've all had the chance to use NetCF v2 in production environments, what performance practices and tricks have you found to be useful and effective?

Any feedback will be highly appreciated!

Ryan

One of the coolest new features in v2 is the ability to diagnose problems through the new logging infrastructure.  With the new Windows Mobile 5.0 security model, loader problems can be hard to find and figure out.  If you have an app that just won't start and you can't figure out why, the following steps might help you locate the problem:

Enable loader logging.

There are two registry keys you need to enable:
HKLM\Software\Microsoft\.NETCompactFramework\Diagnostics\Logging\Enabled (DWORD) -> 1
HKLM\Software\Microsoft\.NETCompactFramework\Diagnostics\Logging\Loader\Enabled (DWORD) -> 1

Look for application load errors.

There should be a line in the netcf_Loader.log file that looks like this:

Loading module [\application.exe]

And it should be followed by something that looks like this:

Trust verification passed. Module [\application.exe], Trust [1], Proc [1].

Ignoring all the incomprehensible stuff, the key here is that it says "Trust verification passed."  That's good and it means your application passed the security check.  Anything else means that your application is not trusted by the underlying platform--there are a number of different reasons this could be the case (check out my earlier article).

Look for assembly load errors.

These can be a bit trickier.  Again, the log file gives you all sorts of useful information--the main one being the trust verification message above.  But now it's possible that your assembly is signed, but can't be loaded into the application because its trust level doesn't match that of the application.  If this sounds confusing, don't worry, it is.  Take a look at my article for some background.  This is what the log file tells you when this happens:

Trust verification failed. Module [\HelperDLL.dll], Trust [1], Proc [2].

What does this actually say?  The assembly HelperDLL.dll was assigned a trust level of 1.  There's a rule in Windows Mobile security that any code loaded into a process must at least have the trust level of the process.  In this case, the process trust level is 2 and the assembly's trust level is 1--the assembly doesn't have enough privilege to run in a level 2 process.

Make sense?!  The loader log has all sorts of other useful information as well.  We also have Interop and Network logging.  Steven's blog is a good place to start for all sorts of logging information.

Cheers,

Ryan

I've had a few people ask me this question--well now you can find out all about it at this link:

http://msdn2.microsoft.com/library/ws1c3xeh.aspx

This link and this one give a good overview of how the security model worked in past versions of Smartphone.  Future versions of the Windows Mobile platform will allow OEMs to enable this feature for PocketPC as well.  NETCF follows the same guidelines for loading assemblies.

I've posted an article that outlines (at a high level) some of the issues that you might run into as a developer.  Let me know if you have any questions or concerns!

Ryan

I'm normally pretty far behind the curve when it comes to new gadgets (it's a competitive climate here at MS...), but this time I got on the bandwagon early picking up the new Smartphone from Audiovox.  It's pretty cool, I like having my schedule and e-mail with me wherever I go.  (I could never get into PDAs--I like to keep the number of devices on myself to a minimum...)

The best thing is that it comes with NETCF pre-installed!  So, everybody, run out and start developing managed mobile apps!

Ryan

I'm sure every engineer has had one of those brilliant Dilbert moments where you just lived through something you saw in a strip.  Here are two of mine--I'd love to hear about any others!

1. I was working for Glenayre Electronics in Vancouver, BC.  I got there at the tail end of a major growth spurt, one of the results of which was a shiny new 6-storey building being built next door.  I had just seen a Dilbert (either the strip or animation, I can't remember) in which the company had to stop building a new building because they ran out of money.  About a week later, management announced that we were going to cap the new building at one storey.  It gave us a nice 6-floor parking garage, though.
2. I was working for a start-up.  The sane people had decided that not getting paid to work all the time actually wasn't that much fun.  Around that time, there was a stip in which Dilbert was asked to sit in a vacant cubicle to make it look like people were working.  About a month after we left, a group of us were called in to help the president with an investor presentation by sitting at our old desks looking busy...

Anybody else?  I think I might have some readers that sat through number 2 with me...

Kind of scattered today...

• I love this news.  Sure, it's the “other guys,” but as a music lover I love to see a company find a way to take advantage of technology to distribute art, rather than running around trying to hang on to dated notions of intellectual property.  I don't support the illegal trade of copyright material, but I do think the solution is to find ways to work with technology not to stand in the way of the tsunami trying not to get wet.
• We still have our soda.  But frankly I'm not that angry--I've worked in enough downright horrible environments to know that we are fortunate to work for a company that cares (granted, maybe less than before) about its employees.
• I kind of resent the notion that I was recruited because they knew I would sign up to the Way.  I sort of hoped it was because I was a good engineer.  Although the article is mostly optimistic, and I guess this post is helping to introduce a dollop or two of reality...

Cheers!

Ryan

As mentioned earlier, I been working on Code Access Security (CAS) for NETCF.  A delivery date is yet to be determined.  So because it's not in the product and because we haven't committed to delivering it, it's not really generating much discussion, leaving me without much to say.  To solve this problem, I'm going to enter a dream world (a year? two years? more?) in the future where everybody has it and is doing all sorts of wonderful things with it.

...launching Yes's “Starship Trooper“...

>>>~~~*****~~~~>>>^^~*~*~*~ (<-That's us in our time warp)

Hi folks!  I see you all have CAS-enabled NETCF and it's the killer feature you've all been waiting for!  What motivated you to deploy NETCF CAS?  Was it because, until now, Java gave you the only platform for managed security--a runtime “sandbox” so-to-speak?  Was this on your wish list back in the halcyon days of Summer, 2004?  I'd love to hear your thoughts!

I've been thinking a lot about security lately.  I'm not sure I'm making any sort of headway.  Everybody seems to agree that it is really really important, but I'm willing to bet that just about everybody has a slightly different view of what it actually is.  So my question of the week is this: what defines the boundary between a security issue and an end-user issue?  Where does the responsibility of a company end and the responsibity of its customers to behave responsibly pick up?

I like to think of things in terms of extremes in an attempt to make the middle ground more stark and expose the underlying issues.  For example, most people don't blame Ford if a drunk driver piles into a crowd at an intersection.  On the other hand, Blaster was the result of code flaw that end users had no control over.  The burden of responsibility seems pretty clear in these cases.  But what about something like the “ILOVEYOU” virus?  Outlook was the mechanism by which it spread, but it required direct user interaction to do the damage...who's at fault?  Or should we talk about shared responsibility in a case like this?

These sort of foggy areas make “security” hard to define.  The finest feature of a computer is its ability to spur creativity and imagination.  Developers instinctively understand this, so we try to build systems that impose no artificial restrictions on what a user can do.  If we've done our job well then we can't possibly imagine all of the different uses that people will find for our work.  How many of these uses will later be deemed to be malicious?  Can we possibly prevent them and keep the computer as a playground for unbridled invention?

Hmmm...

Ryan

Ah yes, the Evil Empire.  A clever moniker when I first heard it has become a remarkably well-known pseudonym.  But is it still relevant?

I was very interested by an article about this topic in a May issue of The Economist.  The main point: “Microsoft has decided to grow up, make peace with its enemies and work with its industry to form open standards and share vital technology.”

Indeed, as an outsider, I would have been quick to dismiss this and any similar reports as corporate doublespeak.  MS doesn't exactly have the best reputation and, in many circles, the pejorative nickname is well-earned.

However, in joining the company I was very pleasantly surprised to find an earnest effort underway to erase the image of brash arrogance and replace it with that of a good corporate citizen.  It seems to be understood that this sort of transformation takes a great deal of effort and resources.  From initiatives such as Trustworthy Computing to encouraging employees at all levels to interact with the computer-using community (hence this blog!), the company is genuinely interested in an image makeover--and is willing to do what it takes to get it done.

So now it's your turn.  Is it working?  Have you noticed a shift in the way MS does business?  Or do you think (as I likely would have!) that I've been brainwashed by The Man to write such silliness?!  I'm looking forward to all of your responses--fire away!

Cheers,

Ryan

Well, here I am blogging my first post (or posting my first blog?)...in the event that someone actually reads this, it'll give a brief intro:

My name is Ryan Chapman and I'm a new developer in the .NET Compact Framework group.  I'm new to both MS and the Seattle area--I grew up in and around Vancouver, BC.  (Well, I grew up in Abbotsford, but I don't expect too many people to know the outlying areas of the Lower Mainland that well...unless you happen to be a big airshow buff.)

I'm working one the Code Access Security features of the compact framework--unfortunately I can't give any information about when (and if!) it will be released, mostly because I don't have that info myself!  Stack walks aren't exactly the highest performance thing on the planet, so bringing them into the embedded world is a delicate balancing act...

Anyway, should you happen to find yourself reading this, please take a moment to say hi!

Cheers,

Ryan