OSNews

It's web programming, not Windows programming.

This is most likely the sample code to which the article refers:

http://www.identityblog.com/?page_id=430

Last I heard, .NET 3.0 was just .NET 2.0 + WinFX... Has anything changed?

.NET 3.0 adds 4 new system to .NET 2.0

Windows Presentation Foundation (WPF)
Windows Communication Foundation (WCF)
Windows Workflow Foundation (WWF)
Windows CardSpace (WCS)


Workflows is going to be tremendously useful to anyone programming enterprise applications.

And, of course, the phrase "only 200 lines of code" made my day.
I mean, we're talking about web sites, right?
Not some monstrous do-it-all enterprise app.
Just a web page whose only purpose is to get the identity of a given user.


Why not take a look at those 200 lines of code to see what it actually does, and then point out why it's bloated?

Because the code was not there, did you even bother to read the article?
I'm not gonna search every single page on MS-servers just to point out exactly why it's bloated.
Judging from the article, 200 loc referred to the part
of the code that was used to somehow interface with
Windows CardSpace.
This smells like boilerplate code for something that should be small and simple.

If you really want to improve security make it simple.
Otherwise people won't use it.
Just look at PHP's GET and POST method and guess which is more popular...

In addition, I did not say it was bloated - I only said it was not all that small by website standards.

We know what those 200 lines of code do: it's code added to a PHP app to integrate with this new security mechanism. It should not take 200 lines of code to do something like that, period.

As RandomGuy rightly pointed out, it's quite likely mostly boiler-plate. Why? Because that's what nearly every Microsoft API is like. That's why it takes dozens of lines just to create a winow in Win32, and why just setting up a DirectDraw window takes pages of code. That's why you see multi-volume thousand page tomes about individual Windows APIs, and why things that are very simple in other APIs (say mmapping a file), is a multi-step, multi-function procedure in Win32.

http://osnews.com/permalink.php?news_id=16173&comment_id=171804

Let's assume the example linked to in this post is the one referred to, or at least equal to the example referred to.

In the php-listings I see a LOT of error handling code.
And various comments.

If we cut out error handling and the comments, we can probably cut the code by at least 50%, if not more.
It can probably be reduced even more if we reduce the example to a special case and assume other things as well.


I haven't coded enough Win32 to comment on that, but for .NET you don't need a lot of code "just to create a window". Especially not if you reduce the window to use default settings for everything, and don't bind any event-handlers to it.
Does other API's magically know what you want to do with them? I'd really want to know, because I have tons of ideas that I could use such an API for.

No. Indeed, creating a window with an empty event loop in Win32 does not take that much code. It takes more code than if you wrote some simple abstractions that make assumptions about what you want done--the so-called sensible defaults--but that is true of any low-level API. Creating a GL context with GLX and then doing some event handling with Xlib for matrix transformations is not exactly concise.

In practice doing either is rarely your problem, but then Rayiner really likes to complain about Microsoft's terrible, awful APIs. Oh for shame, MapViewOfFile, for shame.

The Win32 API isn't really that great, and well MFC was just a down-right bad direction for a class library, but Microsoft has a lot of APIs and quite a lot of them aren't that bad at all. No, they aren't all "one function is all I need for my whole program," but that's because they're intended to be flexible; use a simplified interface abstraction and move on with your life. There's a lot of them, after all.

Checked exceptions are not all that great. In fact exceptions in general are far from perfect in highly-reliable code because they represent a jump through several frames of the callback and perhaps through some layers of abstraction. For a quick and dirty program, checked exceptions are a pain and for a serious app, they don't buy your much beyond what you get from having a team discipline around error handling. I'm an error-codes kind of guy myself and so is a lot of MSFT based on what Larry Osterman writes.

Because I'm almost sure they won't be supported.

.NET 3.0 is built on foundation of Windows 2003 SP1 / Windows XP SP2 and thus only those operating systems will be supported. Including Vista, of course.

Changes made to W2003 SP1 and WXP SP2 are too radical to be backported. Anyway, this is a enhancement for initial project which was meant to make WinFX only available to Vista.

Of course, this is also done to shrink the range of Windows systems. Right now, there are quite too many W98 or WindowsNT/2000 systems. However, it would be really difficult to backport such wide changes to such old systems.

Right now, there are quite too many W98 or WindowsNT/2000 systems.

Onestat puts that number at less than 9%:

"The 10 most popular operating systems in the world on the web are:

1. Windows XP 86.80%
2. Windows 2000 6.09%
3. Windows 98 2.68%
4. Macintosh 2.32%
5. Windows ME 1.09%
6. Linux 0.36%
7. Windows NT 0.24%
8. Macintosh Power PC 0.15%"

Net Applications suggests around 10%.

http://marketshare.hitslink.com/report.aspx?qprid=2

Hmmm... I'd have said those systems had a bigger market share. We always hear about how difficult was WindowsXP prenetration.

If those numbers are real, then it's clear why those systems are not supported.

You do realize that those numbers are from a extremely limited scope of websites, rendering the numbers absolutely worthless?

You do realize that those numbers are from a extremely limited scope of websites, rendering the numbers absolutely worthless?

OneStat has 50,000 customers each with 1 or more websites.

NetApplications has 40,000 websites (different than the ones OneStat monitors).

I think the numbers are really useful.

Face facts ... 95% or more of home computers had XP installed on them for the last 5 years. Corporations may have installed Windows 2000 on their PC's for a few years after XP RTM'd, but surely over the last 3 years most would be XP.

How are you going to explain that their shared, signed, encrypted token file(?) is shared, signed or encrypted in the wrong way, or just mangled, expired, invalid, or belongs to someone else.

Something like Outlook pulls when its encryption gets hosed.

"Your name was not found by the underlying security system"

or

"The messaging subsystem returned an error"

nice and clear for the end user.

And how many lines to set up the message loop, create the window class, etc?

Just compare a few of the steps between Win32 and GTK+:

- Application setup: 1 call in GTK+ (gtk_init), 0 calls in Win32 (because WinMain wraps the relevant setup for you).

- Creating the window class: 0 calls in GTK+, filling out of about a dozen struct fields + 1 call in Win32.

- Creating the window: 1 call in both, but the GTK+ version has one parameter, while the Win32 version has 11.

- Showing the window: One call in GTK+, with one parameter, and two calls in Win32, with three parameters total.

- Initializing the message loop: one call in GTK+, with no parameters, a loop with three calls and half a dozen total parameters in Win32.

Or, consider something like handling an expose event. In GTK+, to handle an expose event, you have no setup. You connect the signal handler, GTK+ passes it everything you need, and you just draw. In Win32, you've got to get a PAINTSTRUCT and an HDC from BeginPaint, and finish drawing with EndPaint.

Yes, a lot of this is boiler-plate, but that's what we're talking about here. There is rarely a simple, quick way to do a given task with Microsoft APIs. To do one thing, you first have to deal with setup procedures that expose you to the full generality of the system. That's just bad API design.

Edited 2006-10-16 04:25

Yeah, because comparing a low level API to a high level one is really relevant.

Try Win32 vs Xlib or .NET vs GTK.

This is where you compare creating a button control on a window in Win32 to doing the same using Xlib. Hohoho, I crack me up.

The Win32 widget API is at the same level of abstraction as GTK+: both are low-level procedural interfaces to conventional widget toolkits. Xlib is at the same level as GDI: both are low-level procedural interfaces to window-management and drawing functionality; neither deals with widgets. .NET is at the same level as GTK#, both are object-oriented wrappers over their respective procedural APIs.

The area of Win32 that you are discussing and GTK+ are not at the same level of abstraction--that's plain silly. Even when considering the use of common controls is a little iffy, because the event model of a basic Win32 program and GTK+ is completely different for example, and even message cracker macros do little to paper over that. You would be better off comparing MFC and GTK+ for terseness.

Xlib and GDI are not really on the same level. Xlib implements event handling, window management, atom management, and lots of other things not in GDI, because GDI basically just deals with device context tasks like drawing, some limited image stuff, and fonts. Parts of Xlib are the same level of GDI, but Xlib is larger. It clearly isn't comparable to the common control aspects of the Win32 API, which are more comparable to Xt.

I'll do you one better: with Visual Basic all I have to do is create a project and my program creates an empty window by default. Take that, bad GTK+ design!

Real glib, but that's an incorrect comparison. If you bring code generation into play, as you're doing, any API can be as automatic as Visual Basic.