Log in

View Full Version : Windows Mobile 5.0 Developer Resource Kit: Everything You Need, All in One Place


Darius Wey
01-22-2006, 03:30 AM
<div class='os_post_top_link'><a href='http://msdn.microsoft.com/mobility/windowsmobile/howto/resourcekit/default.aspx' target='_blank'>http://msdn.microsoft.com/mobility/...it/default.aspx</a><br /><br /></div>An updated version of the Windows Mobile 5.0 Developer Resource Kit has surfaced, and includes everything you need to start developing for Windows Mobile 2003 and Windows Mobile 5.0.<br /><br /><img src="http://www.pocketpcthoughts.com/images/web/2003/wey-20060122-WM5DRK.jpg" /><br /><br />The kit, which is available at the cost of shipping and handling, includes Visual Studio 2005 Professional Edition (90-day trial), Windows Mobile 5.0 SDKs (for Pocket PC and Smartphone), ActiveSync 4.1, .NET Compact Framework 2.0, SQL Server CE and SQL Server 2005 Mobile Edition, localized emulator images and other useful developer tools. Alternatively, you can download a <a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=3baa5b7d-04c1-4ec2-83dc-61b21ec5fe57&DisplayLang=en">subset</a> of the kit, but do note that it does not include Visual Studio 2005, which is a requirement for the installation and use of the SDKs.

Airscanner
01-22-2006, 02:59 PM
I've used the DVD -- it's definitely worth ordering.

Now if they could just get Visual Studio 2005 to work :)

Getting the bugs out of WM5.0 would be a great bonus, too. I'm hoping some form of WM5.0 Second Edition comes to the rescue soon :)

msafi
01-22-2006, 07:26 PM
and when the 90-days trial expires what happens? do the individual developers have to pay 1000 usd to develop small utilities for the platform or what? is this a move by Microsoft to restrict WM5 development to the big guys? All the tools for developing for the earlier versions of WM were free?!

Airscanner
01-22-2006, 09:58 PM
It's definitely a dark day and a pivotal point in the CE platform...Read on if you are a small developer.

We switched from Palm development to Windows CE development a few years ago for precisely this reason: that Palm put up too many barriers for developers. It's one of the reasons we predicted the Palm platform would die -- and this was back in their heyday (about 2001). We new Microsoft would win out because they made things so free and easy for developers. Its the rich and diverse choice of 3rd party apps, as much as the platform itself, that seems to drive the success of CE.

Now, however, Microsoft apparently thinks they have enough momentum and market share to pull back on the free development tools. Maybe they are right.

But the cost of a "legal" copy of VS2005 will now exceed the modest income some small developers make on their apps. It's going to drive a lot of good, solo programmers out of the CE platform for good.

But there is another problem. WM5.0 now has it's most intimate parts "locked" so that some apps require a signing certificate from Verisign in order to run. And to get a Verisign cert you have to buy signing tokens at $400 for a 10-pack. That means if you have a fairly comples app with several DLLs, .exes, etc., it's going to cost you hundreds of dollars for each version you release!

What's worse is that to even test the app on your device, you have to buy these signing tokens. You can try using the SDK cert to test on the emulator, but that only works on the emulator. You can't use it on the actual device. And you know the emulator can be useless for testing network apps. So you have to spend your precious, expensive certs just on test versions. You could easily run up hundreds if not thousands of dollars more at this point.

Oh I almost forgot...after you buy the Verisign tokens, you still can't get a privileged cert unless you go ask Microsoft to approve it. And for this they require you to first "logo certify" the app with a 3rd party test partner like QualityLogic. That's going to cost you another $500 bucks.

As bad as all the expense is, there may be a worse feature: developers now depend on Microsoft in order to survive. Because they can revoke your privileged cert at any time!

Security expert Bruce Schneier wrote about the dangers of forced signing way back in 2001. Just imagine if you desktop PC could only run signed apps. You would not be able to run any of the great freeware that independent developers put out. It would certainly kill much of Microsoft's market share in the PC space, and would drive consumers to Linux. In short, it's unthinkable. So why are they enforcing signing on the Windows Mobile platform, which is still young and less likely to withstand the blow?

As a small developer you are between a rock and a hard place. Windows Mobile development is now trapped between the prohibitive cost of VS2005, and the restrictive forced signing of WM5.0.

Slightly bigger companies will be able to survive. Many small developers won't. And when the smaller developers die out, there will be no pressure on bigger companies to write good software. Why should they? All their good competitors -- the independent developers -- are now out of business.

msafi
01-22-2006, 10:09 PM
It's definitely a dark day and a pivotal point in the CE platform...Read on if you are a small developer.

.....

****ing Microsoft!

altden2002
01-23-2006, 12:59 AM
As far as I know, PocketPC (including phone edition) are not app-locked, only Smartpone is app-locked. There are more PocketPC devices sold anywa, so what's they worry?
Operators would not allow to ship a phone that is not app-locked, so this is kind of inevitable.

VS2005 cositng so much for small developers is silly though, i agree.

JohnKennedy
01-23-2006, 01:54 AM
Disclosure: I work in the Mobile and Embedded Devices division at Microsoft. These comments are my own, and not those of my employer.

Remember firstly, that you can STILL develop for new Windows Mobile devices using the free tools. Embedded C++ can still be used to create applications that run on Windows Mobile 5.0 devices.

That said, the many cool new features in WM5.0 won't be available to you.

Secondly, the $1000 amount mentioned is just wrong. To develop for Windows Mobile 5.0 after the 90 day free version of Visual Studio, you will need to purchase the Standard Edition, which at the time of writing, is $262 on Amazon. It's not free, but it's certainly not $1000 either ;-)

Sure I wish there was a free version: but the extra tools that are present in Visual Studio 2005 are very impressive. There's a lot of new stuff in there that is worth the money (in my biased view of course ;) ).

If you want to use Visual Studio to learn C# or other languages, I would suggest you look at the Express editions, which are currently available at little or no cost.

By all means feel free to flame me, but sadly I've no control over pricing. But why not try out the free version on the DVD for three months, and decide for yourself if it's worth the money?

zoomie
01-23-2006, 02:27 AM
There is a shipping fee of about $5.80. The disk is currently on back order.

Nurhisham Hussein
01-23-2006, 02:56 AM
What's the difference between this version and the original that was shipped out two months back? Updated version of VS2005?

Airscanner
01-23-2006, 03:57 AM
As far as I know, PocketPC (including phone edition) are not app-locked, only Smartpone is app-locked. There are more PocketPC devices sold anywa, so what's they worry?

I should have been more clear. This is a totally separte issue from a "locked" vs "unlocked" phone. Its that many important parts of the registry and APIs are now off limits to developers unless they go to the trouble and expense described above. WM5.0 (including Pocket PC) blocks these apps from working unless they have been digitally signed by Verisign tokens. (This was supposed to be a security improvement, but I think we're going to find it hurts, rather than helps, security. More on this soon.)

All this won't be an issue if you are developing a simple minesweeper game, for example. But it's the complex and communication-based apps that we really need smaller developers working on. These days one smart programmer can often make an app better than some larger companies. Only now, sadly, a lot of them won't be able to.

We have only come across these signing issues in the last couple of weeks. From reading newsgroups, others are also running into trouble. I'm worried that more and more Windows Moble developers are going to find themselves in a bad situation soon.

Darius Wey
01-23-2006, 04:12 AM
What's the difference between this version and the original that was shipped out two months back? Updated version of VS2005?

Updated versions of VS2005, .NET CF 2.0 (Final), ActiveSync 4.1, and additional resources (such as the WeFly247 material which was available as a separate DVD).

JohnKennedy
01-23-2006, 04:21 AM
Signing is a complicated issue - and a lot depends on what policy the network operator chooses to enforce.

There are some good technical documents available for developers on MSDN. I'll dig them out tomorrow.


john
(my comments, not Microsoft's)

ctitanic
01-23-2006, 02:04 PM
It's definitely a dark day and a pivotal point in the CE platform...Read on if you are a small developer.


I'm happy to see that I'm not the only developer that think that all these so called "Security Features" in WM5 are not more than another way to suck money from developers. They have lowered the price of VS2005 because they expect to get the money from their "security" features.

http://x51v.blogspot.com/2005/11/microsoft-security-initiatives.html

BTW, I have been using VS2005 for the last 2 weeks and compering it to the old VS2003, I'll stay with the old one if I could. VS2005 sucks. It's slow like hell (and I'm using a Pentium 4 at 3 GHz), and it gives errors in everywhere.

I'm very dissapointed with VS2005 and with the future of development for mobile devices. To develop for SmartPhone is almost impossible. And the Pocket PC world is not far from suffering the same thing, just test a Dell X51v with WM5 and you will find out how OEMs have started to explore the security features of WM5 ;)

ctitanic
01-23-2006, 02:06 PM
As far as I know, PocketPC (including phone edition) are not app-locked, only Smartpone is app-locked. There are more PocketPC devices sold anywa, so what's they worry?
Operators would not allow to ship a phone that is not app-locked, so this is kind of inevitable.

VS2005 cositng so much for small developers is silly though, i agree.

No yet!
But Dell, has explored these security features already. ;)

Airscanner
01-23-2006, 04:29 PM
Thanks ctitanic,

I know you're an expert in this area. Do you know what features of signing Dell has turned on in their X51v? I can use your registry trick to turn off the "warning: you are installing an unsigned app" nag screen.

However, I still can't access the privileged parts of the registry, and in fact some registry keys disappear after the 2nd (not first) soft reset. I'm wondering if this is a bug in WM5.0, or has Dell actually turned on some signing restrictions?

Note that I can drop my own "root" certificate on to the device, so I don't think they've enforced ALL security features yet.

burtcom
01-23-2006, 04:41 PM
WM5.0 now has it's most intimate parts "locked" so that some apps require a signing certificate from Verisign in order to run.

Is there any sort of list available of what is locked with WM5? I'd sure like to know before I make any investments in it.

ctitanic
01-23-2006, 04:48 PM
Thanks ctitanic,
I know you're an expert in this area. Do you know what features of signing Dell has turned on in their X51v? I can use your registry trick to turn off the "warning: you are installing an unsigned app" nag screen.

The "unsigned app" warning so far has been activated only by Dell.

However, I still can't access the privileged parts of the registry, and in fact some registry keys disappear after the 2nd (not first) soft reset. I'm wondering if this is a bug in WM5.0, or has Dell actually turned on some signing restrictions?


They have disabled the RAPI access.
1001(4097) set to 2 when it should be 1 to allow users access to registry from a PC.

Airscanner
01-23-2006, 04:56 PM
OK ctitianic, I just read your excellent article on the subject that you link to above. You are definitely ahead of the curve. There is a big storm headed our way, and many developers won't see it coming until it's upon them.

If Microsoft doesn't shut off these "security" features, it is very possible we will lose many of our best, independent Windows Mobile developers overnight. Windows mobile apps don't sell enough yet to shell out $1,000 for every version upgrade or bugfix!

And you are dead-on about the security. Signing doesn't protect against viruses, but it does block security software from working properly. It's like giving a huge advantage to the bad guys; like helping to create "drug resistant viruses." Viruses will get in anyway, as we have seen, via buffer overflows, coredll flaws, etc. (We will be writing more about the security disadvantages of forced app signing soon).

It seems that the idea of a petition to "unsign" Pocket PC is a good idea. But it might be better if we could get the eMVPs to go to bat for us. They seem have the ear of Microsoft.

This could well be an epic disaster for Windows Mobile, and few people seem realize it yet.

ctitanic
01-23-2006, 05:11 PM
But, that's no all. I believe that Service providers like Nextel are violeting the customer's rights when they lock phones like the i900 where owners only can install what Nextel wants/allows.

What would you think if you buy a Pocket PC phone edition and you can't install 90% of the applications currently in the market????

ctitanic
01-23-2006, 05:40 PM
If Microsoft doesn't shut off these "security" features, it is very possible we will lose many of our best, independent Windows Mobile developers overnight. Windows mobile apps don't sell enough yet to shell out $1,000 for every version upgrade or bugfix!

In my case, I update my main application sometimes up to 3 times in one month. We are talking of paying from 5000 to 10000 dollars a year, just for that program alone. Just forget it. They have pushed me to help hackers to violate the i900 security (YES, THAT SECURITY CAN BE BROKEN). And don't get me wrong, I'm not proud of that, I would be happier if I could just work in my applications not having to deal with users that bought the phone to find out that my applications can't be installed there.

And you are dead-on about the security. Signing doesn't protect against viruses, but it does block security software from working properly. It's like giving a huge advantage to the bad guys; like helping to create "drug resistant viruses." Viruses will get in anyway, as we have seen, via buffer overflows, coredll flaws, etc. (We will be writing more about the security disadvantages of forced app signing soon).

You are right. I'll appretiate if you send me a link to post it at my sites and in everywhere I can. Security applications are affected, backup applications are affected, programs that need to access the registry like mine and other registry editors. So basically, the are affecting mostly to those who help them to keep this OS going forward.


It seems that the idea of a petition to "unsign" Pocket PC is a good idea. But it might be better if we could get the eMVPs to go to bat for us. They seem have the ear of Microsoft.


I don't know about MVPs... I have my opinion about it and I feel better no being one of them. I just think that they serve as betatesters to Microsoft but when Microsoft have decided something there is nothing that MVPs can do about it. If you don't believe me, ask some of them how many times MVPs have asked to add the Close option functionality so users can select between minimize or close a program. ;)

About the petition, the i900 owners opened an online petition and so far they have not received any answer from Nextel.

Dell also knows that the "Unsigned Prompt" cause more damages than benefits, I have not seen that they have changed that in 3 ROM upgrades.

The only thing that I believe that could help is an action sue from Owners/Developers affected by companies applying these security features.

Something like what they did to Sony ;)

Phoenix
01-23-2006, 05:51 PM
But, that's no all. I believe that Service providers like Nextel are violeting the customer's rights when they lock phones like the i900 where owners only can install what Nextel wants/allows.

What would you think if you buy a Pocket PC phone edition and you can't install 90% of the applications currently in the market????

Well, I've never heard of that. I mean, not to disagree with you in particular, but that doesn't make any sense. That would be like buying a computer from Dell and Dell deciding what software you could and couldn't install on your computer. How stupid would that be?

How could any wireless provider hope to sell any WM product if people couldn't install what they wanted to onto the device? The provider would kill the product!

I have a hard time believing that Microsoft and wireless providers would make such a stupid decision that would kill off market share and interest in the platform and its associated devices as a whole.

I'm a new developer - I just received my copy of VS2005 Pro (got it for free for participating in a Microsoft Usability Study), and some of this is really discouraging to say the least, and although I hear what you fellows are saying, I'm not going to let it keep me from developing. But on the other hand, hopefully, the cost won't prevent me from making product available to others.

The power behind keeping the platform a success is great software. And the way we get that is by enabling developers so they can make a lot of it. If the industry makes it too hard on us, then Windows Mobile dies.

ctitanic
01-23-2006, 06:02 PM
Well, I've never heard of that. I mean, not to disagree with you in particular, but that doesn't make any sense. That would be like buying a computer from Dell and Dell deciding what software you could and couldn't install on your computer. How stupid would that be?


Well, I present you one of the stupids

http://www.petitiononline.com/unlock/petition.html

But... Cingular had the mpx220 that they sell partially locked. That means that users can install application as long as these applications do not try to edit certain registry areas.

Orange in Europe was one of the first "stupids" if you want to know more of them....

And now, with WM5 for Pocket PC, we have Dell, testing various levels of stupidity... sorry I meant to say security. :D

Airscanner
01-23-2006, 06:08 PM
This could be the grounds for a class action lawsuit, yes. But I hope it doesn't come to that. I would hate to see it.

And by the time it got any attention, we would have lost all our good, independent programmers. Thousands of freeware and affordable shareware could soon evaporate. The developers will be long since bankrupt trying to sign their apps.

If only they could just let the user choose whether to enforce signing, or not. Default would be secure, but the user could opt out of it.

Phoenix
01-23-2006, 06:11 PM
...But... Cingular had the mpx220 that they sell partially locked. That means that users can install application as long as these applications do not try to edit certain registry areas.

Orange in Europe was one of the first "stupids" if you want to know more of them....

And now, with WM5 for Pocket PC, we have Dell, testing various levels of stupidity... sorry I meant to say security. :D

Unbelievable. I tell ya, it's getting harder and harder to make a living these days.

It's clear the industry leaders' greed is clouding their judgement, and if they don't come to their senses and this is truly the way things are going to be, they'll just have to learn the hard way - that is to say, lighter pocketbooks.

Airscanner
01-23-2006, 06:18 PM
P.S. note that we were recently told that we would be banned (booted off) Handango's InHand program for Smartphone operator apps because we were "unsigned" for one specific carrier device.

So we decided not to sign it. And yes, we got booted.

NOTE: This is not meant to drag Handango down into this issue. Overall Handango rocks! We really like them. But it seems like they may be getting swept in the wrong direction here by the big telco carriers. It's a disturbing trend.

ctitanic
01-23-2006, 06:22 PM
Handango is MS selected store ;) what would you expect.
I opted for not participating in the Inhand program for the same reason.

Sedwo
01-24-2006, 07:33 PM
Is there a listing of the WM5 API's that are only accessible through VS2005?

I still develop still using the free eVC4 tools, with Win32. There shouldn't be any restriction of API's at this level. And would be shocked that they somehow found a way to restrict my use of them.

Does Microsoft want developers anymore? What happened to their "developers, developers..." chant?

tadanderson
02-13-2006, 02:32 PM
I don't think the new kit is any better than the first Mobile 5.0 beta release one.

Here are 2 blogs related to this topic:

http://realworldsa.dotnetdevelopersjournal.com/wse30compactframework20.htm

http://realworldsa.dotnetdevelopersjournal.com/net_compact_framework_20_guidance_and_documentation_is_pitif.htm