Windows Phone 7 Beta tools

In my experimentation with the Windows Phone 7 developer tools, certain things have been a little hard to find information on. Here’s some of the best resources I have found, along with little nuggets of good information I have discovered and want to document.

Resources

Also keep in mind that the Windows Phone 7 SDK is based mainly on Silverlight, so many resources that apply to Silverlight can be readily applied to WP7.

Checking internet connectivity

It’s suggested in several places that Windows Phone 7 developers should test for internet connectivity in their internet-connected applications, as it is not a guaranteed resource (and of course, respond accordingly if no connection is available). However, there are few places that document how to actually do this. In the Beta version of the tools, the correct way is by testing the result of the following function:

// Available in the System.Net.NetworkInformation namespace
bool connected = NetworkInterface.GetIsNetworkAvailable();

Note that this has changed from the CTP version of the tools.

Creating a scrollable region

Another seemingly under-documented feature is how to create a region that scrolls using the typical finger scrolling action. Fortunately, this is as simple as wrapping your controls in a ScrollViewer element:

<ScrollViewer>
    <!-- Insert controls here -->
</ScrollViewer>

This gives you scrolling momentum for free, along with a little position scrollbar that appears as you scroll. Very easy!

Dark Visual Studio 2010 theme

Looking for a refreshing change in colour? Getting sick of coding against that glaring white background? Look no further!

I’ve decided to upload my Visual Studio 2010 Fonts and Colors settings for public consumption. The colour scheme is loosely based on the Railscasts TextMate theme. Here’s a couple of screenshots to give an idea of appearance:

(Click to view larger).

To install:

By default, the theme uses Consolas size 12. You can adjust these settings easily by opening menuĀ Tools -> Options and finding the Fonts and Colors section under Environment.

Note that Visual Studio is a prick, and has something in the order of 100 different colours that can be set. I have only set up colours for things that I am commonly doing, such as coding in C#, HTML, or XAML. Every now and then you might come across a colour that looks funny against the dark background. This can of course be modified by hand in the Color settings by tracking down the appropriate item in the colour list.

Visual Studio tip

If you’re like me, the way that Visual Studio 2008’s Solution Explorer jumps around to select the file in the current tab makes you disoriented and frustrated. Fortunately, I have found the ideal solution!

Not sure if this works in other versions of Visual Studio, but it’s working a treat for me!

Next big thing

I have something of a prediction. If not a prediction then a wish. A wish for a feature that should become part of IDEs everywhere, in much the same way that IntelliSense-esque tools and refactoring tools have.

To explain the feature, first let me explain the problem it solves. Supposing I have a number of similar lines of code:

Item1.Text = GetData("Item1")
Item2.Text = GetData("Item2")
Item3.Text = GetData("Item3")
Item4.Text = GetData("Item4")
Item5.Text = GetData("Item5")

… and I want to make a similar change to each of these lines, such as:

Item1.Value = Convert(GetData("Item1"), String)
Item2.Value = Convert(GetData("Item2"), String)
Item3.Value = Convert(GetData("Item3"), String)
Item4.Value = Convert(GetData("Item4"), String)
Item5.Value = Convert(GetData("Item5"), String)

Currently, I can use tools such as Find and Replace to replace e.g. “.Text = GetData(” with “.Value = Convert(GetData(“, but replacing “)” with “), String)” is a bit more tricky. For that I would probably copy and paste “, String)” onto the end of each line. Either way, this is a very repetitive task. And if there’s one thing that we know, it’s that computers are excellent at automating repetitive tasks. I would love a tool that, after I’ve changed a couple lines, spots the repetition and intelligently asks if I want to apply the same modification to subsequent similar lines – ideally with a preview to check accuracy.

Another example. Supposing I have a list of blank <select> options that I’ve quickly copied and pasted ready for population:

<option value=""></option>
<option value=""></option>
<option value=""></option>
<option value=""></option>
<option value=""></option>

… and I fill the lines in like so:

<option value="Item1">Item1</option>
<option value="Item2">Item2</option>
<option value="Item3">Item3</option>
<option value="Item4">Item4</option>
<option value="Item5">Item5</option>

Again, I would fill in the first couple of lines, but this one would work a bit differently. The tool would realise that the value and text of each item is the same, and automatically fill out one based on what I type in the other. I.e. I’d type “Item3” into the value field of the third option, and it would automatically put “Item3” as the inner HTML. Taking it a step further, in this particular example, it could also pick up the sequential numbering of items, and suggest to fill out the remaining items automatically. A step further again, and you could get it to work with e.g. form elements or project datasource columns, to automatically produce entire forms and classes based on a bit of initial prompting – i.e. write out some code that mentions the first and second columns of a given datasource, and it suggests lines of code similar to the lines entered, but with the other column names.

Of course this tool is completely hypothetical – at least as far as I’m aware… But in theory would not be too drastically hard to create, and would save developers everywhere a lot of time; I’m allowed to dream, aren’t I? If it became a reality, it would be a huge feature – the next big thing perhaps?

Facebook Connect observation

Here’s a bit of a dud write-up. Dud because the risks are minimal, as I realised when I started looking into cross-domain iframe DOM scraping… But potentially interesting reading for web developers nonetheless.

If you have been browsing the internet lately, you have more than likely seen a Facebook Connect box. It looks like this:

This particular screenshot is taken from Gameplanet Forums, but Facebook Connect makes it easy for any website developer to embed the panel into their website. I could put one on tom.net.nz, if I was so inclined.

Now, Facebook would argue that this frame is a naive, harmless feature, because the information is never passed directly to the website in question, but rather the website just embeds a little piece of code, and Facebook generates the actual content of the pane. The code embedded is identical for any user visiting the website.

This is all well and good, however (!), the content that Facebook generates for this pane will differ depending on whether or not the user viewing it is currently logged into Facebook. If they are, then Facebook tries to show information more “relevant” to that user. For example, in the above screenshot, “Matt” is my friend on Facebook (and the only person in my friends who has “liked” Gameplanet on Facebook). The other people are generated randomly, but no matter how many times I refresh the page, Matt will always appear in the list. Do you see where this is going?

One might assume that Facebook has put some measures in place to stop the site from scraping this information, however the tech savvy can follow the following link which generates the box for Gameplanet’s Facebook Connect pane: link. If you view the source, there are all the names, in plain HTML, with links to both the photo, and (perhaps more disturbingly), the profile of each person. I was also able to scrape my own user ID from the HTML. Fortunately, in most modern browsers, XSS (Cross-Site Scripting) protection prevents the parent page from accessing the DOM of Facebook’s frame, but this is still a major potential security problem for older browsers which don’t have such protection built-in. By inspecting the list of users on a few page loads and looking for duplicate names, a malicious site could ascertain who is friends with the user browsing the page. The parameters passed to the frame source allow significant customization of the response, for example with a bit of tweaking I was able to come up with the following source, which now shows 100 users instead of the default 15. To take it a step further, a malicious page could potentially load this frame without even showing it, meaning the user would be completely unaware that the site was doing anything to do with Facebook, meanwhile it’s scraping the user’s private information.

Of course, those using a remotely modern browser do not have to worry about this sort of attack… But I think it does highlight the potential risks associated with these completely unnecessary “features” – not to mention the dangers of using an out-of-date browser. I would have hoped that at the very least Facebook would have performed some source obfuscation or dynamic JavaScript DOM population.