This morning I arrived back home from my trip to Orlando, FL together with Marcel. It was a fun trip, where I got the opportunity to do two things: completing my final “exam” for becoming an official Xamarin University Partner Trainer and delivering my sessions at AppDev Trends, part of the Live! 360 2017 conference. It was weird to hear “I’m Dreaming of a White Christmas” and other assorted X-mas songs all day while the sun was shining through the palm trees in the tropical Florida scenery.
On Tuesday, I spent an intense but fun day with Rob Gibbens from Xamarin, going through the Xamarin University curriculum, presenting the material to him and exchanging tips. This was the final part of becoming a certified XamU trainer. My colleague Geert and I are currently the only official Xamarin University Partner Trainers outside the US. We can deliver 3 to 5 day on-site trainings that count towards the official Certified Xamarin Developer exam. Ping me for more info, or check out our website.
The rest of the week I got to spend time at the Live! 360 conference at the Royal Pacific Resort in Orlando, FL. Live! 360 is a yearly conference that is a combination of several smaller conferences such as Visual Studio LIVE!, SQL Server LIVE!, TechMentor and AppDev Trends. I was invited to deliver two sessions in the AppDev Trends track, and the fun part is that attendees can pick and choose between the different tracks. My talks were centered around cross platform mobile development.
Here are the slide decks for my sessions:
Mobile DevOps Demystified with Xamarin, VSTS and HockeyApp
In this talk I introduced the concept of DevOps and the unique challenges that come with mobile. This talk was pretty demo-heavy, in which I showed how to set up a continuous delivery pipeline in VSTS Build & Release, in conjunction with Xamarin Test Cloud and HockeyApp. I also briefly introduced the brand new Visual Studio Mobile Center, which was announced last month at Microsoft Connect();
Overcoming the Challenges of Mobile Development in the Enterprise
Big enterprises can be a challenging environment for doing mobile development. There’s tension between existing architectures and processes and the innovation and speed that mobile requires. In this session I shared my experiences in mobile projects in bigger enterprise environments.
Thanks to the AppDev Trends organisation and the speakers and staff of Live360 for another fun conference. And if you thought you could get away without another food post, think again… 🙂 We closed off in style with a great dinner at Emiril’s Tchoup Chop, where I enjoyed this mind blowing cocktail:
Holiday Cocktail: home infused bourbon with apple, cinnamon, nutmeg, cloves and other spices, mixed with home made raspberry syrup and topped off with rosemary
This week I worked on a feature for a Xamarin app I’m building that gave me quite some headaches because it involved a good amount of yak shaving to get it working correctly. My main reason for blogging this is for my own reference in the future, but maybe it can help someone else too 🙂
Yak shaving, gotta love it…
Our team is building a cross platform Xamarin app that has a good amount of shared code in an MVVM architecture. Most of the app is implemented in PCL libraries with a front end project per platform.
For communicating with a backend API, the app requires a token obtained from an Identity Provider. In addition to the API access token, we’re also getting an OpenId token that is crucial for the app. Using Xamarin.Auth for example, it’s pretty easy to setup an OAuth flow that lets the user login and the app obtain that token.
So far so good.
There’s a lot to be said about which OAuth flow is suitable in which scenario. For us, embedding a client secret in the app was a no go, since this can’t be kept secret if it’s embedded in the source code of the app (reverse engineering!). We chose a PCKE approach. Without going into too much detail around the flow, I want to focus on one aspect: securing the OpenID token. This blogpost is mostly about what I learned about token encryption and decryption.
Our requirement was to have asymmetric encryption in place, where the app provides a public key to the server, which it uses to encrypt the JWT. The app can then decrypt the data using its private key, so we could mitigate a token interception attack. The public key was to be transferred in an X509 certificate (PEM encoded). The idea was to have the app generate a private/public keypair on-the-fly as we don’t want to hard code a private key into the app. That would lead us to the same situation as the hard coded Client Secret. All we want is to make sure that the requesting app is the only one able to decrypt the token it requested.
There’s a nice standard for encrypting tokens using a variety of algorithms: JWE – JSON Web Encryption. The original token is in a JSON structure, encrypted and packaged into a standardized format. In our case, these were the specs:
Algorithm: RSA_OAEP – RSAES using Optimal Asymmetric Encryption Padding (OAEP) (RFC 3447), with the default parameters specified by RFC 3447 in section A.2.1
Encryption method: A256GCM – AES in Galois/Counter Mode (GCM) (NIST.800-38D) using a 256-bit key
Basically what happens is: the token payload is encrypted using a random Content Encryption Key (CEK) provided by the server. This is an authenticated encryption mode, where data is added to prove authenticity. In addition to the key, an Initialization Vector (IV) is added, and also an Authentication Tag (authTag) and Additional Authenticated Data, basically consisting of a Base64 representation of the JWE header. All this together provides a symmetric encryption through which we can decrypt the token. This is the A256CGM – AES step.
All the information I mentioned – the CEK, IV, cipherText (the encrypted token), AAD and authTag – are present in the JWE package. To add the final layer of security, the CEK has to be encrypted, otherwise anyone would be able to read the token. This is the RSA_OAEP – RSAES step mentioned earlier. In plain English, the CEK is encrypted using asymmetric encryption. The server uses the app’s public key for this, obtained from the X509 certificate in the request.
So the way back to obtain the token plain text is to decrypt the CEK using the private key, and then decrypt the token payload using the CEK together with the IV, AAD and authTag, as illustrated in the diagram below:
That looks pretty daunting, but luckily there are libraries that help us handle this scenario, or the many other combinations of algorithms and encodings. One popular example is the JOSE-JWT library for .NET. You can feed it the complete JWE package and the CEK decryption key, and it does all the heavy lifting. JOSE-JWT can also handle our scenario, with our combination of algorithms and encodings.
Here’s the catch…
This won’t fly in a PCL. JOSE-JWT is built on System.Security.Cryptography, which isn’t available in PCL code. There have been some attempts to make JOSE-JWT available for Xamarin, but this won’t work fully cross platform. So ideally, we’d want a library that solves this using PCL compatible API’s. And sadly, there is no JOSE-JWT implementation available for PCL yet.
Now what?!
JWE just uses standard encryption algorithms, so it should be possible to implement these on top of a crypto API that is available cross platform (in PCL). I have tried two options:
PCLCrypto: this library mimics the WinRTCrypto API’s but relies on native, platform specific crypto-engines to perform the encryption. This results in the fastest encryption engine but is limited in terms of supported scenario’s or algorithms.
BouncyCastle-PCL: a cross platform crypto library that supports all sorts of cryptographic algorithms.
Since PCLCrypto mimics the WinRTCrypto API, it seemed pretty easy to implement our JOSE-JWT port on top of PCLCrypto, by stealing borrowing from the experimental JOSE-RT port. (Thanks Dmitriy Vsekhvalnov for the tip!) And indeed, if you look at the AesGcmEncryptor class, it looks rather straight forward. Alas, it turns out our GCM authenticated mode isn’t supported by PCLCrypto. It threw a NotSupportedException at me.
So the other option was to use BouncyCastle-PCL. We ended up with a solution that does the following:
Generation of the public/private keypair
Generation of the X509 certificate containing the public key
Unpacking the JWE package
Decrypting (or unwrapping) the CEK using the private key
Decrypting the token payload
Mind you, I only had to support our specific scenario, but it’s a small step towards a full JOSE-PCL implementation. Maybe someday I’ll make an attempt 🙂
Without further ado, here is the code I ended up with:
using System;
using System.IO;
using System.Text;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Encodings;
using Org.BouncyCastle.Crypto.Engines;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Modes;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.Utilities.IO.Pem;
using Org.BouncyCastle.X509;
using System.Linq;
namespace JoseJWE
{
public class CryptoService
{
public AsymmetricCipherKeyPair GenerateKeyPair()
{
var random = new SecureRandom();
var keyGenerationParameters = new KeyGenerationParameters(random, 1024);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var keyPair = keyPairGenerator.GenerateKeyPair();
return keyPair;
}
public string GeneratePemEncodedCertificate(AsymmetricCipherKeyPair keyPair)
{
var random = new SecureRandom();
var signatureFactory = new Asn1SignatureFactory("SHA256WithRSA", keyPair.Private, random);
var gen = new X509V3CertificateGenerator();
gen.SetPublicKey(keyPair.Public);
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
gen.SetSerialNumber(serialNumber);
var x509Name = new X509Name("CN=MyCertificate,O=RoyCornelissen,OU=CryptoService");
gen.SetIssuerDN(x509Name);
gen.SetSubjectDN(x509Name);
gen.SetNotBefore(DateTime.UtcNow.AddHours(-1));
gen.SetNotAfter(DateTime.UtcNow.AddMonths(1));
var x509 = gen.Generate(signatureFactory);
x509.CheckValidity(DateTime.UtcNow);
x509.Verify(keyPair.Public);
using (var stringWriter = new StringWriter())
{
var writer = new PemWriter(stringWriter);
var pog = new PemObject("CERTIFICATE", x509.GetEncoded());
writer.WriteObject(pog);
return stringWriter.ToString();
}
}
public string DecodeJwt(string tokenData, AsymmetricKeyParameter privateKey)
{
var token = Parse(tokenData);
return DecodeAndDecrypt(token, privateKey);
}
private string DecodeAndDecrypt(byte[][] parts, AsymmetricKeyParameter key)
{
byte[] header = parts[0];
byte[] encryptedCek = parts[1];
byte[] iv = parts[2];
byte[] cipherText = parts[3];
byte[] authTag = parts[4];
var cek = Unwrap(encryptedCek, key);
var aad = Encoding.UTF8.GetBytes(Serialize(header));
return Decrypt(cek, iv, aad, cipherText, authTag);
}
private string Serialize(params byte[][] parts)
{
var builder = new StringBuilder();
foreach (var part in parts)
{
builder.Append(Base64UrlEncode(part)).Append(".");
}
builder.Remove(builder.Length - 1, 1);
return builder.ToString();
}
private byte[][] Parse(string token)
{
string[] parts = token.Split('.');
var result = new byte[parts.Length][];
for (int i = 0; i < parts.Length; i++)
{
result[i] = Base64UrlDecode(parts[i]);
}
return result;
}
private byte[] Unwrap(byte[] encryptedCek, AsymmetricKeyParameter key)
{
var decryptEngine = new OaepEncoding(new RsaEngine());
decryptEngine.Init(false, key);
var deciphered = decryptEngine.ProcessBlock(encryptedCek, 0, encryptedCek.Length);
return deciphered;
}
//Preconfigured Encryption Parameters
private static readonly int MacBitSize = 128;
/// <summary>
/// Performs AES decryption in GCM chaining mode over cipher text
/// </summary>
/// <param name="cek">aes key</param>
/// <param name="iv">initialization vector</param>
/// <param name="aad">additional authn data</param>
/// <param name="cipherText">cipher text message to be decrypted</param>
/// <param name="authTag">authentication tag</param>
/// <returns>decrypted plain text messages</returns>
private string Decrypt(byte[] cek, byte[] iv, byte[] aad, byte[] cipherText, byte[] authTag)
{
var keyParameter = new KeyParameter(cek);
var gcmParameters = new AeadParameters(
keyParameter,
MacBitSize,
iv);
var gcmMode = new GcmBlockCipher(new AesFastEngine());
gcmMode.Init(false, gcmParameters);
gcmMode.ProcessAadBytes(aad, 0, aad.Length);
var cipherBuffer = cipherText.Concat(authTag).ToArray();
var plainBytes = new byte[gcmMode.GetOutputSize(cipherBuffer.Length)];
var res = gcmMode.ProcessBytes(cipherBuffer, 0, cipherBuffer.Length, plainBytes, 0);
gcmMode.DoFinal(plainBytes, res);
var plain = Encoding.UTF8.GetString(plainBytes, 0, plainBytes.Length);
return plain;
}
// from JWT spec
public byte[] FromBase64Url(string base64Url)
{
string padded = base64Url.Length % 4 == 0
? base64Url : base64Url + "====".Substring(base64Url.Length % 4);
string base64 = padded.Replace("_", "/")
.Replace("-", "+");
return Convert.FromBase64String(base64);
}
// from JWT spec
public string Base64UrlEncode(byte[] input)
{
var output = Convert.ToBase64String(input);
output = output.Split('=')[0]; // Remove any trailing '='s
output = output.Replace('+', '-'); // 62nd char of encoding
output = output.Replace('/', '_'); // 63rd char of encoding
return output;
}
// from JWT spec
private byte[] Base64UrlDecode(string input)
{
var output = input;
output = output.Replace('-', '+'); // 62nd char of encoding
output = output.Replace('_', '/'); // 63rd char of encoding
switch (output.Length % 4) // Pad with trailing '='s
{
case 0: break; // No pad chars in this case
case 1: output += "==="; break; // Three pad chars
case 2: output += "=="; break; // Two pad chars
case 3: output += "="; break; // One pad char
default: throw new Exception("Illegal base64url string!");
}
var converted = Convert.FromBase64String(output); // Standard base64 decoder
return converted;
}
}
}
Its usage is demonstrated by the following unit tests:
<pre>using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using FluentAssertions;
using Jose;
using NUnit.Framework;
using Org.BouncyCastle.Crypto.Parameters;
namespace JoseJWE.Tests
{
[TestFixture]
public class CryptoServiceTests
{
private const string TokenPlainText = "{\"sub\":\"roycornelissen\",\"aud\":\"sample app\",\"nbf\":136424444,\"iss\":\"https://api.someorganization.com\",\"preferred_username\":\"Roy Cornelissen\",\"exp\":1364293137,\"given_name\":\"Roy\",\"iat\":13642555,\"family_name\":\"Cornelissen\",\"preferred_language\":\"nl-NL\"}";
[Test]
public void GenerateCertificate_Generates_Valid_X509Certificate()
{
var g = new CryptoService();
var keyPair = g.GenerateKeyPair();
var pemEncodedCertificate = g.GeneratePemEncodedCertificate(keyPair).ToString();
var p = new Org.BouncyCastle.X509.X509CertificateParser();
var certDecoded = p.ReadCertificate(Encoding.UTF8.GetBytes(pemEncodedCertificate));
certDecoded.Should().NotBeNull();
certDecoded.NotBefore.Should().BeBefore(DateTime.UtcNow);
certDecoded.NotAfter.Should().BeAfter(DateTime.UtcNow);
}
[Test]
public void Certificate_Used_For_JWT_Encryption_JWE_Can_Be_Decrypted()
{
var g = new CryptoService();
var keypair = g.GenerateKeyPair();
var cert = g.GeneratePemEncodedCertificate(keypair);
var base64Certificate = g.Base64UrlEncode(Encoding.UTF8.GetBytes(cert));
// try to perform local encryption and decryption for reference
var p = new Org.BouncyCastle.X509.X509CertificateParser();
var certDecoded = p.ReadCertificate(g.FromBase64Url(base64Certificate));
// use 3rd party library JOSE-JWT to encode the JWT (only works in .NET, not from PCL!)
var publicRsaKey = ToRSA((RsaKeyParameters)certDecoded.GetPublicKey());
var encrypted = JWT.Encode(TokenPlainText, publicRsaKey, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM);
// now attempt to decode it using our own cryptoService
var plainText = g.DecodeJwt(encrypted, keypair.Private);
plainText.Should().Be(TokenPlainText);
}
public static RSA ToRSA(RsaKeyParameters rsaKey)
{
RSAParameters rp = ToRSAParameters(rsaKey);
RSACryptoServiceProvider rsaCsp = new RSACryptoServiceProvider();
rsaCsp.ImportParameters(rp);
return rsaCsp;
}
private static RSAParameters ToRSAParameters(RsaKeyParameters rsaKey)
{
RSAParameters rp = new RSAParameters();
rp.Modulus = rsaKey.Modulus.ToByteArrayUnsigned();
if (rsaKey.IsPrivate)
rp.D = rsaKey.Exponent.ToByteArrayUnsigned();
else
rp.Exponent = rsaKey.Exponent.ToByteArrayUnsigned();
return rp;
}
}
}</pre>
Last week, October 4 & 5, the entire Xpirit team was present at TechDays 16. TechDays is the biggest yearly developer conference in the Microsoft ecosystem and thus one of our main events. Xpirit was platinum sponsor and as such we contributed a bunch of cool things to the conference: our CTO Marcel de Vries ran a CTO Track aimed at Enterprise CTO’s. We ran a Mini-Hacks Contest and gave away some nice prizes to contestants, we delivered 17 sessions in total with 7 speakers, hosted the speaker dinner in our Amsterdam office and we developed the official TechDays 16 mobile app.
I’ll blog about the mobile app later. First, here are the slides and videos of my sessions at TechDays 16. The videos are in Dutch.
Conquer the Network
Session abstract
Almost every mobile app you will build will be driven by data. In a lot of cases, this data lives on a server or somewhere in the cloud. Crossing the network from a mobile device brings more challenges than you might think at first hand. In this session, we will look at these challenges and how we can leverage some existing patterns and components to create a smooth and delightful experience for your end user. The technology will be based on Visual Studio, C# and the Xamarin platform to tackle the problems for all three major platforms at once.
Session abstract
Microservices is an increasingly popular style of architecture. There are many opinions on what a microservice is, and how microservices should be implemented. In this presentation I will define what a microservices architecture should look like, and also point out some of the misconceptions and pitfalls I have seen surrounding Microservices. Instead of just theory, I will make a concrete implementation of a small microservices architecture with events and messaging, using the NServiceBus .NET framework.
TechDays isn’t complete without a mobile experience for finding the rights sessions, interact with your favorite speakers and leaving feedback. For TechDays 2016, Xpirit built a cross platform native app with Xamarin and Azure Mobile Apps. In this session, we’ll give you a look behind the scenes of this cool app.
On September 22nd, 2016 I presented a session called “There is no app!” at the LevelUp Mobile 2016 event in Leusden. Here are the slides and video of that presentation:
[The video will be placed here shortly]
Abstract
Mobile platforms are evolving and getting richer and richer in features with every new release. The OS itself is becoming the primary interface for users to interact with, as are a new category of (wearable) devices.
What does this mean for us as app developers? Are the days of the traditional “mobile app” numbered? How do we serve our end users and optimize their mobile moment as much as possible?
The average smartphone owner has installed over 100 apps on their phone while they only use between 3 and 5 apps a day. By integrating your app more deeply into the mobile operating system can greatly increase the usage of the app. During this session we will show what you can do to integrate your apps in the Windows, iOS and Android platforms to keep your app top of mind. We’ll look at spotlight search, universal links, app indexing, Cortana integration and other APIs provided by iOS and Google Play services to engage your users in your apps. We’ll also look at new interaction models that are closer to the mobile platform: widgets, 3D-Touch, etc.
Call to action: join us at LevelUp Mobile on September 22nd in Leusden for a FREE inspirational evening on the future of Mobility and Devices.
The mobile platform war has been raging for almost ten years now. For now, it seems that Google (Android) and Apple (iOS) have won. (link) Microsoft, though still pushing Windows 10 for mobile as well, has accepted this and started providing high quality mobile apps for both Android and iOS.
Apple and Google have invested a lot in making their platforms richer and richer to attract and retain users. Apple’s advantage of 100% vertical integration of software and hardware has allowed them to create experiences like Apple Pay, 3D-Touch and Touch-ID that are very appealing to users and developers alike. At the same time, both Apple and Google have been putting features into the OS and stock apps that are competing with 3rd party offerings in the App Store. Furthermore, users have come to expect the same experience they get from their OS from 3rd party apps. Though some platform features might seem alike between iOS, Android and Windows, the way they are implemented can vastly differ and require access to core platform API’s.
As a strong proponent of Xamarin, I’ve been working in the world of cross platform mobile app development for almost 6 years now. The reason we chose to go with Xamarin was – first of all – of course the ability to share code amongst platforms, but – equally important – full access to the native platform API’s and the ability to create 100% native experiences. Given the trend of ever innovating mobile platforms, this puts us at a huge advantage over cross platform solutions that go for the lowest common denominator, both in UI (the same UI across all platforms) and UX (most of the time just the common superficial feature set across platforms).
With iOS 10, Apple is showing us a trend where apps can be integrated even deeper in the core OS experience. Of course we already had widgets in Android, but what to think about interactive widgets in iOS’s Today view, enriched with Siri’s AI capabilities? Interactive notifications are becoming more popular. Where a notification used to be a way to alert the user and allow them to open the accompanying app by tapping on it, notifications are becoming a User Interface by themselves, allowing the user to deal with the app’s functionality right from the lock screen.
Deal with a notification right away from the Home screen. No need to open the app!The boundaries of apps are blurring even more with advanced features like 3D-touch on the Home screen, and the ability to interact with apps from the Siri screen:
Direct access to an app’s features through 3D-Touch. No need to open the app! Siri knows how to invoke your app and show it as a widget right inside its own interface. No need to open the app! iMessage can invoke your app right from its own interface. No need to open your app!These are all iOS examples, by the way, but similar features can be found in Android and Windows 10, with its Live Tiles, Cortana integration, etcetera.
In general, user interaction with their mobile devices is becoming more and more streamlined, and to stay ahead as developers, we need to start thinking about these micro-interactions, these Mobile Moments, and offer the most efficient experience with our apps.
Mobile is not a neutral platform (link). The philosophy of web applications (built for browsers, available everywhere, with a consistent user experience everywhere) doesn’t apply here. We don’t build for the web, we build for the OS. Yay for native development! 🙂
There is no spoon.If we follow this train of thought, it leads us to an existential question: is there actually an app?
I would argue: not anymore – at least not in the traditional sense where we have an icon sitting on the home screen that launches into an application that comes into the foreground and occupies the whole screen. It seems like the days of the mobile “app” are numbered and we have to start thinking about apps as a set of autonomous micro-interactions that work together with the OS and/or other apps.
Luckily for us, as developers, there are plenty of new API’s and frameworks that help us build these interactions and I think it will only become more exciting from a technical perspective to build mobile experiences.
On September 22nd, I’m joining Brechtje de Leij (mobile strategist and expert), Jorn de Vries of Flitsmeister fame, Johan Gorter & Rick Hoving from AFAS Software and the ever brilliant Laurent Bugnion to speak at a one-off inspiring event about the future of Mobile and Devices: LevelUp Mobile. Together with my colleague Geert, our talk is going to be about the exact topic of this blogpost and we’ll show some real life examples of how to implement these Mobile Moments using Xamarin.
If you have not registered yet, you can do it here: http://www.levelupmobile.nl! It’s free and it’s going to be fun!
To get more inspired, read Laurent’s teaser blog post about his upcoming talk: A world of devices.
This blogpost marks the end of Xamarin Evolve 2016 already. Wow, time flies, but this was another great Evolve. I didn’t expect that the same vibe of Evolve 2013 could be recreated but Xamarin has some special fairy dust and made it happen again, only bigger. Much bigger.
Today was a bit of a roller coaster ride for me – and I wasn’t even at the Wizarding World of Harry Potter anymore! But more on that later…
I attended the Xamarin MVP breakfast at 7:00am, bright and early. A nice bunch of people from the MVP community showed up and we got to chat with some of the Xamarin folks about the Microsoft acquisition and the way forward.
Keynote
The main Evolve event continued with the Day 2 Keynote session with special guest Grant Imahara from Mythbusters. Grant had an inspirational story about his time as a Mythbusters team member, doing all these crazy things for the sake of science (and fun). The way he had to solve problems and challenges has parallels with how we approach software development. It comes down to fostering creativity and using failure as a design tool.
Sessions like these always work great for inspiration.
Breakout sessions
Designing for Touch – Josh Clark
I planned on attending the 2 hour ‘Designing for Touch’ seminar by Josh Clark. Josh is an engaging speaker and his presentation covered a lot of great tips about how people hold and operate their mobile devices using Touch.
Depending on the size of the phone, there are roughly three different types of grips: one-handed, cradled grip + 1 finger, the so called “BlackBerry prayer” grip. As it turns out, the thumb is the most important input “device” a user has, so it makes sense to optimize for input and/or manipulation via thumbs.
The preferred placement of controls on Android differs from iOS. Android has a fixed “soft button” navigation bar at the bottom of the screen, and putting controls just above that bar is tricky. On iOS it makes sense to put tab-navigation at the very bottom of the screen. Per platform native UI’s have very specific needs, so if you want to build a quality app, you must keep this in mind.
Josh put his slides up for download. They’re worth checking out:
Unfortunately I had to leave the second part – just when Josh started to talk about gestures – because I had a special invite for…
Lunch with Woz?!
Wow! I was privileged to join a party of Xamarins and customers in a small lunch setting together with Apple co-founder and inventor of the Apple I and II computers, Steve Wozniak! It was mind blowing to meet and greet such an icon of our industry.
I guess it was overwhelming to most of us because we sat there most of the time just marvelling at his amazing stories. Woz told us that he doesn’t eat lunch, he sticks with just one meal per day, which gave him plenty of room to talk. It was great to hear about his first endeavours in making computer hardware, soldering the circuits for arcade games, his favourite apps and the Apple Watch.
Three industry legends!
What struck me most was that he has a sincere passion for software development and software developers. He is definitely a tech geek for life and a genuinely nice guy. I got my picture taken with Woz, but I’m still awaiting the pic from the photographer… Exciting!
Xammy and Closing keynote
Xammy Awards – Stephanie Schatz
At the end of the day, it was time for the Xammy Awards, an award for outstanding apps built with Xamarin technology. The finalists are listed on the Xamarin Blog. One of them, in the Enterprise App category, was NS / Dutch Railways.
Marco and Patrick from Info Support are members in the team building this app. I worked at Info Support for 16 years and my last project before I left the company for Xpirit was: this very project! I was the solution architect during the startup and first iterations of development of this app and the team did a fantastic job building these apps on top of that architecture. So I was pretty proud when this happened:
Closing panel discussion – Steve Wozniak & Miguel de Icaza
Steve Wozniak and Miguel de Icaza joined on stage for a panel discussion about the history and future of apps. The same way as during lunch, Woz passionately told his fantastic stories and shared his vision on where computing might go in the future. Woz believes strongly in personal assistants like Siri and/or Amazon Echo.
Unfortunately we didn’t get to hear much from Miguel in this session, but Woz was an inspiration. Another thing that stood out was his dedication to educating young children to do programming. In his heart, Woz always stayed an engineer and a teacher.
Closing thoughts
We ended the conference at a closing party over at the Dragonfly restaurant. This was another great location with fantastic Japanese food.
Closing thoughts: Evolve 2016 was a fantastic conference. I’m amazed how Xamarin managed to keep the vibe of the original Evolve in 2013, and just made it bigger and more awesome. All Xamarins were very approachable and close to their community members. I found this in my bedroom after the keynote, for participating in the DevOps panel yesterday:
It says: Thank You! From Xamarin. I say: Thank YOU, Xamarin! See you next year at Evolve 2017. Let’s make this happen!
The band of brothers with whom I spent this week.
Still here? What’s that? Food posts? Ok, here are some…
Day 1 of the Xamarin Evolve 2016 conference is a wrap! It was a full day for me… It started at 6:15am for the Mini-Hack 5k run, organised by Craig Dunn. A bunch of Evolve attendees went for a leisurely run in the area, thereby unlocking the first Evolve Mini-Hack.
After a refreshing shower and some breakfast, it was finally time for the keynote. The one impression I had after this keynote is: Xamarin is on fire! The keynote was huge. A big stage, an enormous screen and 1700+ excited people in the room anticipating what Xamarin would be announcing.
I made a sketch note out of my personal highlights:
A lot of topics were covered. I want to share the ones that stood out to me:
open.xamarin.com The Xamarin team has been working hard to release the Xamarin platform and its surrounding frameworks as Open Source Software on Github. This morning it was released to the public. You can find it via open.xamarin.com, or directly on GitHub. This must be a breakthrough moment for Miguel! Congratulations to the whole team for this achievement, and thank you for being such strong believers in OSS.
It made sense that Xamarin was closed source when it was their bread & butter. But now at Microsoft, with their fresh new attitude towards open source, it’s great to see Xamarin added to that array of OSS products and frameworks.
Xamarin Studio 6 Release Candidate
The Release Candidate for the latest version of Xamarin Studio is available now in the Beta channel. This is a very nice release, which features a Dark Theme, a complete visual overhaul to fit with the UX guidelines for OS X El Capitan and built-in Roslyn support. I’ve been working with the preview version on and off and it has matured a lot. I really like the new polished look and the more stable code editor thanks to Roslyn. One of the most notable changes is the Broken State Support, so that IntelliSense doesn’t blow up if there’s a syntax error a few lines above.
iOS Simulator for Windows
The new iOS Simulator was already presented briefly in the //build/ keynote by Miguel. However today Miguel showed how pen pressure input on a Surface Pro running the simulator is passed through to the iOS Simulator which runs on a Mac somewhere in the network.
Xamarin.Forms
The cross platform UI framework, Xamarin.Forms, is becoming more and more mature. This update brings support for so-called DataPages: a ready built and styled set of views that you can feed Azure Mobile Services data or local storage of JSON data. This is a higher level abstraction that lets you set up data driven pages very quickly, but I’m not sure how suited this is for production scenario’s. There is no MVVM in play – at least not for the developer, maybe behind the scenes – to tweak the behaviour. And you know me when it comes to abstractions… 🙂
A feature I did like *a lot* is the ability to drop in a native UI control directly into a Forms layout hierarchy. It’s called Xamarin.Forms Native Embedding. So you can now add a native Floating Action Button to your Android app without the hassle of writing a Renderer, etc.
The Xamarin Forms Previewer is a built in player for your Xamarin.Forms markup code that gives you Gorilla Player like direct feedback inside Xamarin Studio while you’re editing your pages. This is so awesome, because it speeds up the development cycle tremendously! Definitely one of my favourite announcements from the keynote and Nina Vyedin did a great job presenting it.
Xamarin Workbooks
Miguel already talked about Xamarin Workbooks at //build/ and he showed us how the tool is progressing. Workbooks is a fantastic tool for teaching and communicating about code. My pal Marco already alluded to this in his blog: it’s a nice visual way to teach children to code for example. I’ve been doing some classes for the Dutch “hour of code” initiative called CodeUur.nl and I’m thinking about using Workbooks as a tool for that. In any case, it’s clear from the keynote that Workbooks is Miguel’s favourite project at the moment. And rightfully so.
HockeyApp, Insights and Test Cloud Live!
After the Microsoft acquisition, the mobile DevOps toolset at Microsoft is pretty complete. As became clear in the Keynote, Xamarin Insights will merge into HockeyApp to become a compelling tool for deploying and monitoring apps. Donovan Brown from Microsoft came on to rub some DevOps on all of this and walked us through those tools.
The keynote ended with a sweet “one more thing” moment: the announcement of Test Cloud Live. Wow! Ever had your app crash on some obscure device and had a hard time tracking down that bug? Well, now you can attach your debugger to that device in the Xamarin Test Cloud and start debugging your app! Mind blown!
Bear in mind that you’re debugging over a network connection to a device that sits in the Xamarin Test Cloud device center in Denmark, and the technology is early preview, but this is so promising!
I was amazed by all the announcements, especially how fast Xamarin was able to open source all of their stuff and release the new goodies.
Breakout sessions
For the breakout sessions, I mainly looked for sessions that were not so much technical, but more inspirational to get some nice new ideas.
Contextual Communication – Brent Schooley Brent is from Twilio, who are experts in communication technology, but he did a great job not making this talk about Twilio. Instead, I found this an inspiring talk about improving and modernising business communication.
The main 4 tenets he highlighted are that communications should be:
Contextual: what do you already know about the user/customer? Context matters to make communication more personal and …
Streamlined: if you can leverage context, you can get down to the point quickly and make conversations as short as possible
Secure: again, if you leverage context and what you already know about a user, you don’t have to communicate that information again every time. This saves you from exposing security or privacy sensitive information.
Medium of Choice: the customer must be able to choose his/her medium of choice. So an app cannot be the only option. Some people prefer to call or use chat.
Brent demonstrated this with an inspiring demo-app where he started a call from inside a fictitious airline app, and had information (context) exchanged automatically into the app during the conversation to get through a transaction in a streamlined manner. He then used TouchID to verify the customer’s identity to finalize the transaction (secure).
He also covered the new “Bots” trend. With Microsoft’s new Bot Framework and Cognitive Services, we can build interesting things to make these conversations as contextual, streamlined and secure as possible and reuse that across different media. It remains to be seen if 2016 will indeed be the year of the Bot.
I really enjoyed Brent’s talk; he definitely made me think about interesting use cases to improve communications by looking beyond “an app for one single process”. This is what I will focus on at Xpirit for our Mobile strategy.
Clicking on the Real World with iBeacon – Jim Bob Bennett
Similar to the previous session, this session also worked as an inspirator for me to look beyond that one app on the device that your user interacts with. iBeacons are a great way to make the physical world your interface. For example: as I walk into a Starbucks, using iBeacon, they can recognise that I’m entering the shop and know which coffee they have to make so I can walk right up to the counter and pick up my double espresso and pay with my credit card linked to my Starbucks account. Cool. Jim Bob showed how to do this with the iOS CoreLocation API’s.
Unfortunately I had to leave the iBeacon session early, to be in time for my DevOps discussion panel at the Mobile Leaders Summit.
The Future of Connected Devices with Philips hue – Eric Shapiro, Sait Izmit, Mike James To be honest, I was a bit disappointed with this session, as it was mainly a product placement session for Philips hue, driven by videos instead of much substance. The interesting part for me was Mike’s part in this case, where he showed how to develop against the hue bulb using the Q42.HueApi SDK.
Adventures in Performance – Mark Probst
This session was a deep dive on the way Xamarin does their performance benchmarking. It was a little bit different than I had expected, but interesting and entertaining nonetheless. I really appreciated Xamarin’s transparency: Mark spoke about some of the challenges they had in the Garbage Collector and the experimental ways they are trying to improve performance and bringing down GC pauses. Really some clever stuff!
No big lessons here, except appreciation of Xamarin’s transparency and respect for the smart guys working on the Mono runtime.
Xamarin Party!
In the evening, we celebrated Xamarin Evolve 16 at the Wizarding World of Harry Potter theme park. We took all the rides, including the crazy intense roller coaster and the big splash over in Jurassic Park. The food and the vibe were awesome!
I didn’t get to take many pictures, but there’s a lot of that going around on the #XamarinEvolve Twitter feed.
I’ll leave you with some inevitable food pics and some from the party 🙂
Time flies! The second day of training at Xamarin Evolve is over already and I just came back from the awesome opening party in the Darwin Lounge.
The main conference starts tomorrow. I’m honored to be on stage with some industry giants at the Evolve Mobile Leaders Summit track in a panel discussion about The Unique Challenges of Mobile DevOps. But that’s tomorrow!
About today: before the training, the day started at 6:15am (!) with a 5k test run with for the first Mini-Hack tomorrow morning. I spot an orange Xpirit T-shirt 🙂
The training part was another intense day from 9am-6pm, but it was a good day. I’d say the content of today was a bit better and deeper than what we learned yesterday, at least for me personally. We covered three major topics:
Securing local data
This part was all about dealing with data locally on the device, especially sensitive data in terms of privacy and security. We had a look at what the Xamarin.Auth component has to offer for local storage of sensitive data. This component (you can find it on GitHub and on Nuget) uses the platform specific facilities for storing data in a secure container, i.e. the KeyChain on iOS and a secure KeyStore inside the app’s sandbox on Android.
Be sure to get the latest 1.3.0 version of the Xamarin.Auth component though, as this is a bait-and-switch PCL library that also offers support for the Windows platform, whereas the older 1.2.x version doesn’t.
There’s one caveat with the Xamarin.Auth component though… The KeyStore file on Android is locked with a hard coded password. The Android app in one of my previous projects was actually flagged in a security audit because they extracted the Xamarin.Auth DLL, decompiled it and found the hard coded key. Pretty iffy, because this means that the KeyStore data in every app that uses this library can be easily opened and read by extracting the file from the sandbox and using the key that’s publicly available on GitHub!
I made a pull request about 2 years ago that fixes this problem, at least in a way that you can provide your own key. But somehow Xamarin didn’t get around to merge it yet, so the vulnerability was still there, also in the 1.3.x version. The funny thing was that as we were doing the training, one of the Xamarin developers was actively working on this component. We pulled him into the training, explained the problem and he immediately went to work to see if he could merge my fix. How awesome!
How awesome is this: Xamarin Developer DNA… everyone could add their own string, picking the pegs that fit with their preference. The result is this awesome, unique “Xamarin DNA” sequence. A work of art!
The other part of this chapter was about the awesome PCL.Crypto component. This component is also a bait-and-switch PCL library, which means that the PCL portion contains nothing more than the API definitions for your shared code to compile against (the bait), but uses the actual device specific implementation at runtime (the switch). This means that PCL.Crypto can use the platform specific crypto API’s developed by Google, Apple and Microsoft themselves instead of relying on its own security implementation. Much the same as the Xamarin.Auth component solves its local storage issues. For developers familiar with the WinRT crypt API’s for example, there is a special WinRTCrypto API that you can program against, but PCL.Crypto will map this to the underlying native API’s. Pretty clever. For example: a method for encrypting some data could look like this:
public static byte[] Encrypt (byte[] plainText, byte[] keyMaterial)
{
var provider = WinRTCrypto.SymmetricKeyAlgorithmProvider
.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7);
var key = provider.CreateSymmetricKey(keyMaterial);
var IV = WinRTCrypto.CryptographicBuffer.GenerateRandom(16);
var cipher = WinRTCrypto.CryptographicEngine.Encrypt(key, plainText, IV);
var cipherText = new byte[IV.Length + cipher.Length];
IV.CopyTo(cipherText, 0);
cipher.CopyTo(cipherText, IV.Length);
return cipherText;
}
PCL.Crypto can be used quite easily in combination with Xamarin.Auth to encrypt or hash data before storing it. At least as long as your app is using the not-so-secure version of Xamarin.Auth – with the hard coded key – using something like PCL.Crypto to secure the values that go into the secure storage is a real necessity! But it’s good practice to do it anyway.
OAuth
Next we went into OAuth for authorizing access to an API from a mobile app. OAuth in itself is a pretty broad topic and enough to fill tens of blogposts. One of the important points here is that for mobile apps, basically there are only two OAuth flows that are really usable:
The Implicit flow or the Authorization Code flow. The other flows aren’t really suitable for mobile apps (or browser apps involving JavaScript code), since this means that there will be client secrets hidden inside the app, and they involve dealing with a user’s password in the app itself instead of handing that off to an Identity Provider. The Client Credentials flow is typically used for service-to-service communication, usually on behalf of the user.
Xamarin.Auth provides some nice API’s to easily initiate a login sequence, using a web view that follows all the redirects that are part of the OAuth flow, to obtain an access token (or authorization code).
Memory Management Issues
The most interesting part of today was about diagnosing and dealing with Memory Management Issues. I actually learned a lot about how both the Xamarin.iOS and Xamarin.Android frameworks work in terms of memory allocation. It’s important to understand that in both cases, you are always dealing with native objects, managed peers and a binding layer in between, provided by Xamarin. At least, for those objects that are actual native platform classes.
Under the hood, there are some intricacies to be aware of. For example: in order for iOS’s reference counting mechanism to work, you have to be very careful to release references to native objects, for example by making sure to always unsubscribe from event handlers. For Android, it’s important to realise that you’re working with two Garbage Collectors: the Mono one and the one in the Android Java VM. There are a lot of details, but there is some nice guidance up on the Xamarin Developer site about this [iOS] [Android].
You can prevent a lot of memory issues by following a couple of important guidelines. Also the Xamarin Profiler is a great tool for diagnosing possible memory leaks.
Darwin Lounge
As for the (other) fun part of Evolve: the Darwin Lounge was opened this evening, accompanied by a huge buffet and a nice range of tasting stands for artisanal chocolate, local beers and hipster coffee 🙂 This tweet sums up how I felt this evening:
I expected to visit a mobile dev conference but instead I've come into food discovery heaven.… https://t.co/oecb9xiJWP
It’s no secret that I’m an avid foodie, so suffice to say that I was in seventh heaven when it comes to the food that was served here. This means that you have to sit through my Instagram food porn pictures now:
So… Xamarin sure knows how to throw a party 🙂 Of course, the Darwin Lounge at Evolve is mainly about cool geek stuff and tech inspiration. There’s lots of that going on as well. Lots of IoT stuff, drones flying around, etcetera. Check out the Twitter timeline for #XamarinEvolve for a great impression of the fun things out there.
Hi there from Orlando, FL! Yesterday was the first day of the Xamarin Evolve 16 pre-conference training. And man, we’re already having a blast here. Evolve 16 is even bigger than the previous one, and on the pre-conf training alone, there are more people than there were at the original, legendary Evolve 2013; in total! Impressive.
My mobile peer at Xpirit, Geert and I arrived on Saturday, together with a bunch of fellow Dutchies including some of my former colleagues from Info Support. It’s nice to catch up and hang out.
In the training, we’re doing the Intermediate track, which offers some more advanced topics. I have to say that most of the topics are already familiar, but for us this is also a great opportunity to get to know the Xamarin University material. We’re working towards certifying ourselves for delivering the official Xamarin University training curriculum at Xpirit to be the first Dutch Xamarin Training Partner! How awesome is that? Stay tuned for more news!
The main topics we covered were:
Asynchronous programming with async/await
For this module we dove into the mechanics behind the Task Parallel Library in .NET and the async/await keywords. This stuff is so important to get right as it’s crucial for quality apps to make sure that you’re not wasting the main UI thread by doing expensive work like heavy CPU-bound work or (network) I/O. The course went into some of the mechanics of async/await – with the compiler generated state machine that ends up in the generated IL.
The problem with async/await is that the syntactic sugar makes it almost too easy to make work inside your app asynchronous. The point is that making things asynchronous isn’t always necessary and using async/await the wrong way may actually hurt the app in the sense of complexity and possibly performance more than it helps. Understanding the state machine that the compiler generates, the effects of ConfigureAwait(false), working with the Dispatcher, etcetera is crucial if you want your apps to be responsive.
Patterns for reuse
A topic that’s dear to my heart. Marcel and I actually did a pretty popular talk about it at Evolve 2013. IMO, this stuff all still holds true, however we have progressed a bit when it comes to the maturity of the Xamarin platform. With the advent of Xamarin.Forms, more and more code sharing techniques are possible and go right up to the top UI level. On the other hand, Xamarin.Forms already takes away a lot of the hard work of bridging platforms. Very nice, but – my pet peeve – beware of the abstractions! 🙂
It all comes down to keeping things as simple as possible. In the training, we talked through using the Factory and Service Locator patterns, but our common conclusion was that they involve a fair amount of Yak Shaving.
In the end, Dependency Injection is a relatively clean way of dealing with dependencies that have per platform implementations. In my experience, using a light weight DI container like SimpleIoC is sufficient for most apps. Let’s be honest, in an average app, you don’t really need much sophisticated lifetime management or other things. You just want to be able to swap in per platform implementations of some components to use them from shared code. But before you start building your own components, head over to Xamarin’s plugin repo on GitHub because a lot of plugins are already available. And they generally use DI to set up.
Testing
We talked about the techniques that are at our disposal for validating the quality of your app. Of course using unit tests should be a no-brainer to developers, and there are actually some nice scenarios for testing the behaviour of your ViewModels and other logic in your app. These unit tests, being independent and mostly having their dependencies stubbed (another advantage of using DI is that it makes stubbing a bit easier), can give you the quickest feedback during your development cycle.
But an important part of your app will be the UI and that actually runs on the device. This has always been hard to test and we had a look at what Xamarin Test Cloud has to offer and the UITest API’s that you use to drive those tests. In a recent talk, I used this test pyramid diagram to show the stack I like to use for testing mobile apps:
Note that I still think that there will always be a certain amount of manual testing involved for the more complex cases. And specifically those cases where you want to check the behaviour of your app under different circumstances, such as actually being on the move through tunnels or other low connection situations, or being out in the field to make actual pictures with the camera. Manual field tests by the team and beta test platforms like HockeyApp, Apple TestFlight and Google Play Beta are excellent tools for this.
After the training it was time for some relaxation at LaFayette’s. Excellent food and great Southern style live music, and all the familiar faces from the Xamarin community there. Great to see everyone again! Really looking forward to the next few days!
To infinity, and beyond!
On Sunday, we had some spare time, so we spent the day at the NASA Kennedy Space Center. Wow what an amazing trip! It was incredible to see the huge rockets, it’s impossible to fathom how big they are until you see them. The same goes for the Space Shuttle. The Atlantis Space Shuttle is on display and you can see it up close. Super cool!
The biggest surprise came when we went on the bus tour to the actual launch site. Again, it’s impossible to fathom the scale of the site and the equipment there that’s used for space travel. At the end we got a great show about the Apollo missions. The actual control center used for the Apollo mission is there on display. And then there’s the overwhelming and HUGE replica of the Apollo rocket.
This platform takes the rockets to their platform. It travels at 1 Mph and gets about 3 feet to the gallon.
And the coolest thing was: our Uber driver who took us back to the hotel was an engineer on the Space Shuttles for 30 years! So he could give us some fun behind-the-scenes insights. Did you know for example that there was an actual Coca Cola machine installed in one of the shuttles? That was to test the effects of carbonation in space. But since Coca Cola is a commercial company, NASA was not allowed to talk about that 😉
This week at Microsoft’s //build/ 2016 conference in San Francisco, Scott Guthrie shared more details about the Xamarin acquisition and what this means for developers on the Microsoft stack. The keynote is worth checking out, also for the great Azure content. More interesting details about what Xamarin has in the works can be found in Miguel de Icaza’s session. Or you can watch the distilled announcement here:
In short, Microsoft has made the Xamarin tools available to everyone. If you have a Visual Studio Professional or Enterprise edition, Xamarin is included at no extra cost. Moreover, it’s also available as a completely free Community Edition, under the same Microsoft license terms (small teams, OSS developers and students). Wow!
Microsoft just removed all barriers for using #Xamarin: available for free on all VS editions and fully open source! Awesome! #Build2016
Even though the technology is widely regarded as excellent, as Miguel states in his talk: Xamarin used to be a bit of a niche product because of the pricing. And let’s be honest, they were steep and it turned people off, even though you could easily build a solid business case in terms of money and time saved due to higher developer productivity. But this means that Microsoft has removed a big barrier for a lot of companies and developers to adopt Xamarin! Not only that, but the fact that Microsoft is fully behind the Xamarin approach is very beneficial for customers who were betting their mobile development approach on Xamarin.
Open source FTW
One of the most notable changes within Microsoft lately is their big support for open source. Microsoft emphasised this by open sourcing their .NET Framework, which has received many pull requests and active contributions since. This lead to .NET being revamped to a cross platform runtime and framework which runs on Windows, Mac and Linux as well (my colleague Alex Thissen wrote an interesting article about .NET Core in the second issue of Xpirit Magazine). This is something that Mono and Xamarin have already been pioneering over the past years. It’s nice to see these things come together and the teams combining forces to move things forward. It’s a bit soon to tell what will happen with Mono in the future and whether it will merge with .NET over time, but for now it’s important to know that Mono has been re-lincensed under the MIT license, which is a pretty big deal in itself.
Moreover, Nat Friedman also announced that the whole Xamarin framework, their customized Mono runtime and Xamarin.Forms will be contributed to the OSS .NET Foundation. How cool is that!
Full cycle mobile DevOps
With the acquisition of Xamarin and – earlier – HockeyApp, Microsoft now has a pretty strong full cycle DevOps story for mobile development. Obviously the development story with cross platform C# already was strong, integration into VSTS for continuous integration is very powerful and continuous deployment to HockeyApp for internal enterprise apps is also quite easy. Check out my colleague Geert’s blog series on this topic. TestCloud remains an excellent way to mitigate test risks with their vast array of devices.
Over time, we’ll see Xamarin Insights integrated into HockeyApp for .NET native crash reporting and analytics. Xamarin Insights is a very nice product and their native support for .NET exception stack traces and ability to use the SDK in a shared PCL project is pretty powerful. I expect that after merging with HockeyApp, the pricing model for the analytics part will be much more attractive as well.
It would be cool to see more seamless integration of tools like Fastlane for easy and automated submission to public AppStores, etcetera.
Everyone can do Xamarin now! (?) This all means that every .NET developer can do mobile development with Xamarin now.
Or at least, technically… Moving into mobile development – especially iOS and Android – coming from a Windows, ASP.NET, back-end development background isn’t as easy as 1-2-3.
To me the beauty of Xamarin has always been that they provide unrestricted access to every native API that is also available to Swift, Objective-C and/or Android Java developers. In my opinion, this still yields the highest quality apps while still being able to reuse a good portion of your code across platforms. The power lies in the fact that you can play with the level of reuse vs. native platform specific code as it suits you as opposed to going all in with UI abstractions and reuse all of your code. Abstraction in software development is a slippery slope and Xamarin allows you to stop abstracting if you feel it goes too far. I sincerely hope that this direct-access-to-native-API’s approach will remain a core feature of the Xamarin product, and we won’t be forced into a “UWP for all platforms” model.
Having access to all the native API’s lets you leverage the unique capabilities of the underlying OS-es. Apple Pay, Touch-ID, etcetera. But this requires deep knowledge of how these OS-es work and how to use their API’s. iOS and Android are very different beasts when it comes to their architecture and solutions for problems. This means that in my opinion, there will still be iOS developers, Android developers and Windows Developers, even though they’re all working with the same language. Sure you can master them all, but I think a good mix of specialism and multi-disciplinary teams are the way to go. Mobile devs are just like normal humans, and can be pretty biased about their platform of preference. This sometimes makes for great and interesting discussions on how to solve a particular use case on all platforms, aside from the occasional fun banter about the Windows Mobile app gap, not being able to open links on iOS, or the immense device and OS fragmentation in the Android world.
In any case, there will be a whole army of .NET developers coming to the Xamarin platform and there will be a huge demand for knowledge. Xamarin’s Developer Center has been revamped and it looks very nice. It’s a great resource for learning how to build apps with Xamarin and they do an excellent job explaining the native API’s and how to leverage them from C#. But over the years I have found that presenting at user groups and conferences and delivering in-person training is also a great way to share knowledge.
Both Marcel and I at Xpirit have been heavily invested in Xamarin since the early days and we’ve had the opportunity to fly around the world to speak about Xamarin. I look forward to continue sharing our knowledge. Our team was recently enforced with Geert joining Xpirit, and we’re dedicated to helping developers and customers do professional mobile development with Xamarin and Microsoft.
Come meet us and dive in head first with us at one of the following opportunities:
Visual Studio Live! pre conference training and breakout sessions – June 13th, Boston
My hopes and expectations
It surely looks like Microsoft is invested in making the Xamarin tools a first class citizen in the .NET developer stack and Visual Studio ecosystem. We can expect deeper integration of Xamarin into Visual Studio, and Miguel already showed a glimpse of that with an iOS Simulator running on Windows. This sparked some debate about whether or not this is an actual simulator running natively on Windows, but if you listen carefully, Miguel explains that it is a simulator window remoted to a Mac. I think this trick is similar to how Xamarin does it’s build & app packaging for iOS with a remote build host over SSH:
I’ve seen a setup like this at many companies, where Windows PC’s were the standard developer setup, and Mac’s are considered “exotic”. Using a Mac Mini as a remote build host works ok, but if you wanted to test and debug, you needed to switch to that Mac physically or access it via VNC. That was sub-optimal and this solution is pretty sweet. I don’t think we’ll be able to have a native iOS developer story without a Mac because of Apple restrictions regarding their SDK but this promises to make the developer experience for a Windows based developer a whole lot smoother. I think Marcel will be happy 🙂
It’s no secret that I’m more biased towards iOS and developing on the Mac. Using Xamarin Studio, sometimes switching to Xcode for the Interface Builder and the pleasant experience with the much less bloated Xamarin Studio IDE has become more natural to me than working from Windows and I’ve come to prefer it. With Microsoft pushing towards developer tools for Linux and Mac (VS Code), it looks like Xamarin Studio is also here to stay, and hopefully with the same level of investment to push the product ahead. Who knows, maybe Xamarin Studio might become the official Visual Studio IDE for the Mac one day 🙂
In his //build/ session, Miguel showed off Xamarin Workbooks, which is based on the Xamarin Inspector. It looks very sweet as a test-bench for C# code and documentation tool. But even better: it can now be used to inspect and play with a live running app on the simulator! That is awesome as it shortens the dev/build/run/debug cycle tremendously. I hope that it will become a core part of the developer experience from within Xamarin Studio / Visual Studio but for now it has already saved me a lot of time this week while trying it out.
I also have good hopes that the original character of Xamarin’s approach (full access to native API’s) will remain intact. UWP sounds like a good idea for the Windows platform but Xamarin has always stressed that Xamarin.Forms has very specific use cases. It’s not a one-size-fits-all solution, and frankly that’s the main thing I’ve been arguing against ever since I chose to go with Xamarin as opposed to Cordova, Titanium or others. So while I do expect that there will be something like a UWP for Windows, iOS and Android, it cannot be the only way to develop native mobile apps.
More dots to come… Evolve 2016 promises to be a fantastic conference and a big party to celebrate the future of Xamarin at Microsoft. I hope to see you there.
Nat Friedman wasn’t kidding when he replied to my Instagram musing:
Call to action: join us at 
The mobile chef 