Thursday, January 8, 2009

Why I am no longer crazy about SilverLight 2.0

Over the past year there has been a frisson of excitement about SilverLight 2.0 in the .NET world. I too was swept away in it. Why? It looked like the 3rd time would be a charm. What do I mean by the 3rd time is the charm?

Sun tried to introduce Applets with their Java platform more than a decade ago. About 12 years of experiance has proven that this concept was (is) a market failure. The technology works fine and almost nobody uses it. I can only name 3 or 4 working applets out there on the net that are of any significance. Strike one for hard code in the browser.

Microsoft tried to counter Applets with ActiveX in the browser. This was an unmidigated catastrophy. Words cannot express what a disaster this was for Microsoft. The echos and reverberations of this calamety are still being felt today throughout the world. ActiveX controls/applications inside IE5 & IE6 had no practical limits. You could do absolutely anything with ActiveX inside IE5&6. If you could code it, you could do it. This resulted in the great Spyware Pestilence of 2003. IE became the greatest vector of contageon the computer world had ever known. This gave Microsoft a seriously bad rep for unreliable and insecure systems, prone to ID theft. They are still trying to live down this bad rep today. What a disaster!

So now here comes Silverlight 2.0. This is basically a .NET Applet which is portable across multiple platforms and browsers, but based on a tight security model. You can write your .NET code in the language of your choice, but not all things are possible. You can't just do anything and everything you want to an end-user's machine. Silverlight 2 is not intended as a Flash killer. It is not in competition with Adobe Flash, no matter how often this erroneously statement is repeated. The intent is to put smart applications in the browser, just like Java Applets, just like ActiveX apps.

A lot of XAML graphical junk is possible. You can talk with web services. There is the possibility of 3d graphics and games. Rockford Lhotka is bringing his marvelous CSLA framework to Silverlight 2.0. His firm believes Silverlight is the way, the truth and the light. No one will reach the father without Silverlight 2.0, acording to Mugenic. However, and this is a drop dead issue for me, all of your code gets downloaded with Silverlight 2.0 applet zip file. This is CIL code... or original source code... I can't seem to get a clear answer on this question. In any event, the app can be totally disassembled and de-obfuscated using .NET Reflector and its marvelous plugins. I have done this. It is perfectly possible. It is easier now than ever before to interogate somebody else's code and figure out how it is done.

So why does this matter? When you code in ASP.NET or the MVC framework, you enjoy code privacy. Competitors will need to hack their way into your servers to get your source code, and thereby discover how you do things. That is a tall order. If you know what you are doing, it ain't so hard to lock these little fuckers out. If your rival knows what he is doing, it is difficult to hack into his server. I am a private source guy. My company is a private source company. A lot of crucial trade secretes are embeded in our source code. Not many know how to do what we do. Many confidential bits of knowledge can also be found inside the running bits of our app code. The web has protected our trade secrets rather well by hiding this stuff on our servers. Putting them into Silverlight would let the proverbial cat out of the bag. Personally, I can tell you that my blood runs cold at the thought of exposing our code to the world. It's not because I am embaressed about what I have written. Rather the opposite. I am afraid I am going to educate our rivals.

For this reason, my enthusiasm for Silverlight 2 has flat-lined. It no longer has a pulse. Although I was daunted by it at first, my enthusiasm for ASP.NET MVC is growing by the day. I believe this is the path to ultra-high reliability software. If implemented fully--in all its glory--MVC should deliver flawless software to the consumer and provide strong security for the authors. I believe in ASP.NET MVC.