Application Security Testing: An Integral Part of DevOps
Like many people I was in for a huge surprise. Besides being way off base on my outline I discovered that Microsoft had big plans for VB7, and the first and slightest indication of this was that it would be called Visual Basic .NET. So, while at an author's summit in Redmond I took furious notes, completely scrapped my original outline, and wrote a new outline that is now the published title Sams Visual Basic .NET Unleashed. (In fact, I am working on my third and fourth .NET books as I am writing this article.)
Fast forward to the future.
First, let me say that the question is surprising because I think there have been more books published about Visual Basic .NET and .NET in general than any new technology to date. Counter-posed against the embrace of .NET made by the publishing industry I am surprised that every programmer and company hasn't switched to Visual Basic .NET.
If you are a programmer that wants to switch to .NET but has been unable to convince your manager or boss to do so, I feel your pain. I have been programming with VB.NET for more than a solid year, and I don't want to ever go back. Let me tell you why, and perhaps provide you with some better arguments to take back to your manager.
Personal Perspectives on Visual Basic 6
I liked VB6 well enough. However, I am a bit of a linguist. Because I started programming before VB1 showed up I had to learn other languages like BASIC, Turbo Pascal, C, C++, COBOL, Clipper, Databus, and FoxPro. I also tinkered with Modula, QBASIC, Smalltalk, GW-Basic, ObjectRexx, and Perl. Having programmed professionally with all of these languages gave me some perspective on what is and isn't a good language. These perspectives are my own.
C is a great language. Perhaps it is one of the founding languages of modern computing as much as any. Unfortunately, C is also weakly typed and based on structured programming. It is impractical for modern computing for this reason. C++ is probably my favorite language as languages go, but I have seen tons of projects canceled because C++ is a hard language to use well and is prone to introducing big bugs if used poorly. Plus, the GUI tools for C++ have always been a bit esoteric and themselves hard to use. (Anyone remember using the Zinc GUI libraries for DOS?) Turbo Pascal evolved into Object Pascal and then Delphi from Borland, and Microsoft had QuickPascal for a while too. For six of the last seven years Borland's Delphi was the technologically superior language for Windows programming. Technologically there was no real competition, yet Borland was unable to convince a majority of the development community that this was so. Where was Visual Basic 1 through 6 during this period? Somewhere in between.
It was easier to build Windows applications with VB6 than it was with C++ but not as easy as it was with Delphi, and both Delphi and C++ offered better, more complete object-oriented languages. If this is true then why are there more VB6 programmers? There are probably two reasons: VB6 is very approachable and Microsoft does a superlative job at marketing products. This makes VB6 perhaps the most common language and one with the highest market visibility but programmers, especially non-VB6 programmers knew there were problems with VB6. If this weren't true we would be using VB7 instead of VB.NET. Clearly even Microsoft recognized some technological deficiencies in VB6.
Technical Perspectives on Visual Basic .NET
Have you ever had the experience where you told another programmer you wrote code in VB6, and they sneered because they thought VB6 wasn't a real language? I know C++ quite well yet have had that experience. VB6 is a real language but it isn't as hard to learn as C++ or Delphi, so programmers who use those languages sneered. (This is sort of how Army airborne rangers sneer at regular infantry. Ranger training is much more rigorous than plain old basic training and jumping out of planes is nothing to scoff at.)
VB6 is a real language and there are a lot of good applications that were actually finished in VB6 when many C++ projects failed. However, VB6 is not as technologically as complete an object-oriented language as C++ and Delphi are. This is where .NET comes in.
When you use Visual Basic .NET for the first time, you will quickly notice that there are some fundamental similarities in grammar. That is where the similarities end. Visual Basic .NET rests on the same .NET framework as C# and every other .NET language. Visual Basic .NET also supports almost all of the same idioms that C# and other object oriented languages support, except for a few. The net effect is that you can use the same familiar VB grammar but do anything with Visual Basic .NET that any other programmer can do with another language.
Visual Basic .NET supports inheritance, interfaces, both inheritance and interface polymorphism, garbage collection, multithreading, multiple interface inheritance, constructors and destructors, nested classes, and much more. These language features are important because they support implementing patterns and refactorings that have been demonstrated to help productivity, but it is not these new idioms that will help you be the most productive. Your greatest productivity gains will come out of the .NET framework itself.
Just like Java's framework, Microsoft's MFC, Borland's VCL, and frameworks from TurboPower helped you be productive in other languages, the .NET framework will help you be productive with .NET. The .NET framework is not just any framework though. Microsoft has leap-frogged over older frameworks adopting the best of existing technologies—like regular expressions and garbage collection—and innovating—the CodeDOM, attributes, and XML Web Services—to evolve into a best of class framework.
It is the comprehensive, well-designed, and publicly available—the sscli called Rotor—framework that will help you be more productive than ever. Unfortunately as I said at Comdex frameworks are only sexy to architects and programmers, and usually it is not these people that are the volume corporate buyers.
Emotional Arguments to Present to your Boss
I think Microsoft knows there framework is great but a framework won't compel business managers to adopt .NET. That's why you are hearing so much about Web Services and security. Bridging legacy systems, interoperability, open standards—XML—and security is probably a better selling proposition to managers. And, Microsoft has added real value on these fronts.
Managers will eventually buy into .NET because their golf partners and peers in other companies that have adopted .NET will beat the pants off of them in time to market, efficacy, and cost of ownership. However, this kind of revolution can take a while, so I have included a few ideas you can try to speed things up. These ideas are tried and true but require some extra dedication on your part.
- Work after hours on a parallel project one in .NET and the other in VB6. When you have a significantly advanced after-hours solution show your boss
- Agree to a shorter deadline if you can use .NET for your next project
- Start a brown bag lunch club where developers bring a bag lunch and begin teaching each other things about .NET. Each session have someone present a new topic
- Join your local .NET users group and invite speakers to your brown bags
- Buy your own copy of .NET
- Slowly begin replacing your VB6 books with .NET books on your shelves at work
- Ignore your manager and build it in .NET anyway, playing dumb when he or she catches on
- Say things like "of course if we were doing this in .NET then we could do it in a)half the time, b)at half the cost, c) with greater reliability or security, or d)all of the above
- Talk about great new features and then say "oh, well that is available only in .NET"
- And, if all else fails simply tell your boss it is time to upgrade the version to VB7 and don't say ".NET"
In all seriousness there is a technology drawback here. To run .NET on client's computers those computers must have the .NET framework (unless you are building a Web application). However, you can download the framework for free and it is no different then having the Java framework on a client computer. Upgrading infrastructure is a big deal to businesses, so you will have to make this seem as trivial as it really is.
Visual Basic .NET is an exciting language to program in. You will be more productive, and you will write better software than ever before, but there are a couple of stumbling blocks. The anti-Microsoft faction is beating up Microsoft on issues of security and reliability. And, while a lot of security issues have to do with non-OS related issues, the anti-Microsoft faction aided by the press is having an impact. A second roadblock is the perception of complexity when it comes to putting the .NET framework on client PCs. If you work for a big company this is a big job. You will have to articulate that there are already other vendor frameworks on those same PCs—like Java—and that this is not a big deal nor is it a lock in strategy. Those same PCs can have other vendor's tools whether they were built with .NET or not.
At the "Great Debate: .NET or .What?" the oppositions point of view was that .NET is a lock in strategy for Microsoft. This isn't true. I have Sun's Java, Borland's VCL, VB6, and MFC based applications all running merrily on the same computer. .NET is a framework that will help propel the needs of present and future computing. .NET does address real present and future needs of Internet applications, and .NET is comprised of both real products, like Visual Basic .NET, C#, and ADO.NET and marketing hyperbole. Marketing is an essential aspect of communication.
In closing, I encourage you to evaluate individual offerings tagged with .NET and evaluate against their purported and actual merits. As developers we will certainly reap a huge technological windfall.
About the Author
Paul Kimmel is a freelance writer for Developer.com and CodeGuru.com. Look for his recent books "Advanced C# Programming" from McGraw-Hill/Osborne and "Visual Basic .NET Unleashed". Paul Kimmel is available to help design and build your .NET solutions and can be contacted at firstname.lastname@example.org.
# # #