Fog Creek Software
Discussion Board




Welcome! and rules

Joel on Software

Is anyone using .NET ?

Hello,

Just curious whether anyone is using .NET for major developments yet, or whether it's still in the 'evaluation' and 'small, less-important stuff only' stages.

I've got a major web-based project starting in Q1 next year which would benefit enourmously from using ASP.NET, etc. However, I'm uncomfortable being a trail-blazer for such a critical project.

Seasonal greetings to all.

Steve Jones (UK)
Sunday, December 29, 2002

I think a lot of people are now starting to use .NET for large web based projects. I think the take up for actual windows apps is a lot slower, as you'd expect, becuase most users don't have the runtime. However, new versions of Windows will include this as core functionality, so I think there will be a major growth in the use of .NET for desktop app development as soon as the next consumer version of Windows is released.

On the web side, I would say it's reasonably mature, but with a few big holes, at least as far as i'm concerned. Standards compliance and accessibility of control produced code, and state maintenance code is an issue for me, but I accept that it won't be for the majority of developers.

That wouldn't stop me advising you to use it though if that's not a worry for you. It's a very rapid tool, and if you can make time and money savings with it, I would say go for it. You've obviously got some experience with it, so it seems like a logical choice. I think it's mature enough for big projects of a web based nature is my bottom line.

Andrew Cherry
Sunday, December 29, 2002

We're currently developing a WinForms app (for internal use) to get aquainted with VB.NET.  After getting over the learning curve, I'm a lot more productive than with VB6.  The IDE is so much nicer to work in.

In a month or so we'll be begining development on our primary product, another WinForms app, in VB.NET.  There's also talk of porting an existing product from VB6 to VB.NET.

So yes, we're using it.  Our primary concern is code security, especially for our software registration component.  That's probably not as big of a concern with ASP.NET.

Joe Paradise
Monday, December 30, 2002

We're using .NET to build a shrinkwrap product (SourceGear Vault).  Our entire product is written in C#.  The client uses Windows Forms.  The server is a collection of ASP.NET XML Web Services running under IIS.

In general, .NET has behaved itself very well compared to other two-year-old children I've known.  We've had a few "early adopter surprises", but not very many and nothing really bad.

Eric W. Sink
Monday, December 30, 2002

Joe, could you expand a little on why code security is your "primary concern"?  Are you concerned about untrustworthy code repurposing your tools, or what?

I am always trying to get a better handle on what real programmers need from the security system.

Thanks!

Eric Lippert
Tuesday, December 31, 2002

I suspect in this case "code security" means "we're worried that anyone who wants it can use ILDASM and other tools to reverse-engineer our source code and steal our intellectual property."

Mike Gunderloy
Tuesday, December 31, 2002

Mike got it.  We (along with every other shrinkwrap shop) are debating how best to protect our registration code algorithm.  The last thing I want to do is find key generators for our software on Kazaa, considering the licenses can run up to $50K or more.

Joe Paradise
Wednesday, January 01, 2003

Eric L.,  I'm looking forward to reading your book on code security.  Picked it up a few weeks ago, and now it's on the top of my list.

Joe Paradise
Thursday, January 02, 2003

For a product that sells for $50K, you should at least be able to evaluate a 3rd party tool to handle licensing enforcement... Who knows if it'll help you or not, but if it does you should be able to afford it.

Granted, <i>nothing</i> is ever crack-proof, but you can make it a lot more difficult than just reverse-engineering the key generation algorithm and posting a bunch of fake keys.  (By stepping through the asm/msil/bytecodes in a debugger or however they're doing it these days ;-)

For little desktop apps, it's often said that companies benefit more from the extra exposure than they lose from the lost licensing fees.  But for specialized expensive software this often isn't true... This is an interesting topic for the industry.

Michael Kale
Wednesday, January 08, 2003

We did look at several 3rd party tools (don't remember names).  The problem was most just gave a valid/invalid evaluation of the registration code.

Our software is divided into several functional areas, each of which must be licensed to be activated.  We needed a system that not only provides the valid/invalid response but also tells you what has been purchased so the proper functionality can be enabled.

The component we came up with does this:  demo timeout capabilities, a yes/no response on validating the customer name/registration code combination, as well as 15 boolean values that can be used alone or in any combination to represent purchased functionality.

So while this meets our needs, there was not a lot of development time involved and I'd be willing to junk it for something with the same capabilities but better security.

Right now our plan is to use our homebrew component and change settings (e.g. encryption seed key, boolean flag combinations) with each new version.  Although it requires that our customers get a new registration key with each version (about once a year), it also allows us to weed out customers who have dropped the support agreement (which provides free software updates).

The big picture is that this software is sold to companies, so legal action against piracy is a viable (last) option.  This is not a computer-related industry, so I wonder if I'm worried about nothing here.

I agree that the biggest concern should be making registration easy for legit customers.  Lost revenue to piracy can be insignificant to lost revenue from bad PR.

Comments appreciated.

Joe Paradise
Thursday, January 09, 2003

*  Recent Topics

*  Fog Creek Home