Category Archives: Windows


What every software vendor needs to know about SHA1/SHA2 and digital certificates

TL;DR : If you digitally sign your software you need to make sure you have an SHA2 certificate and use it to dual sign your software with both SHA1 and SHA2 digests.

Digital certificates are used to prove who authored a piece of software and that it hasn’t subsequently been tampered with. Starting with Windows XP SP2 you get a warning message if you download software that that isn’t signed with an appropriate digital certificate. So most commercial software vendors digitally sign their software. We grumble about price gouging by the certificate vendors and the hoops we have to jump through to get a certificate. But, apart from that, the system seems to work tolerably well. However Microsoft have thrown a spanner into the works by deprecating digital certificates using the SHA1 algorithm. I only found out about this a few weeks ago from a fellow vendor’s blog. Thanks for nothing Microsoft. If you are using a digital certificate you purchased more than a year ago, it is probably SHA1. This post explains what this means for software vendors, based on my research so far. I am not an expert on this topic and things seem to be changing fast, so please let me know if there are any mistakes or omissions.

I don’t digitally sign Windows software, does this affect me?

No. But perhaps treat Windows unsigned software warning with some skepticism until Windows software vendors sort this mess out. If you only develop for Mac OS X you can feel a bit smug (at least until the next time Apple nukes your development ecosystem from orbit).

What is SHA1?

SHA1 (Secure Hash Algorithm 1) is a cryptographic hash function that was used in digital certificates issued until recently. SHA1 was known to have weaknesses as far back as 2005. Microsoft (and Google) have finally decided that SHA1 is too vulnerable and SHA2 digital certificates should be used instead.

What happens if my certificate is SHA1?

If you signed your software with a timestamp before 01-Jan-2016:

  • It will be treated by Windows XP SP2/XP SP3/Vista as signed.
  • It will be treated by Windows 7/8/10 as signed only until 01-Jan-2017.

If you signed your software with a timestamp on or after 01-Jan-2016:

  • It will be treated by Windows XP SP2/XP SP3/Vista as signed.
  • On Windows 7/8/10 and you will get an ugly “The signature of <file> is corrupt or invalid” or “The signature of this program is corrupt or invalid” error when downloading. If you don’t see this, it might be because you haven’t done a Windows Update recently (shame on you).

Windows seems to treat software that has been downloaded from the web (with ‘mark of the web’) differently. So make sure you test a version of your software you have downloaded from the web. I carried out some tests on 01-Mar-2016 using an SHA1 certificate to sign an executable and then dowload it. It worked ok when downloaded using Firefox or Chrome, but was shown as corrupt when downloaded using IE.

How do I know if my current certificate is SHA1?

  1. Right click on your most recently signed installer and select Properties.
  2. Click on the Digital Signatures tab.
  3. Select the signature and click on the Details button.
  4. Click the View Certificate button.
  5. Click the Details tab.
  6. Look at the Signature hash algorithm.sha1 digital certificate

What should I do if my certificate is SHA1?

If you certificate hasn’t expired you should ask the company you purchased it from to issue you a new SHA2 certificate. They should do this free of charge. In the process they will revoke your SHA1 certificate, so you can no longer use it for signing. You should then use your new SHA2 certificate to double sign new releases (see below).

I have an SHA2 certificate, now what?

If you want a new release to be treated as signed on both Windows XP SP3/Vista and Windows 7/8/10 then you need to double sign the file for SHA1 and SHA2:

signtool.exe sign /f <pfx file> /p <pfx password> /t <sha1 timestamp server> /v <installer>

signtool.exe sign /f <pfx file> /p <pfx password> /tr <sha2 timestamp server> /fd sha256 /td sha256 /as /v <installer>

Note the the order of the above is important (SHA1 first).

The Comodo SHA1 and SHA2 timestamp server is:

You can add a /debug flag for verbose output.

If you only want to support Windows 7/8/10, then you can omit the first line (but why would you?).

You can use chktrust.exe to check the signature:

chktrust.exe <installer>

Note that only version 6.3 and later of signtool.exe (which comes with Windows 8.1 SDK and is also available here) supports the /as flag.

I always sign the program, as well as the installer.

Can I double sign .msi files?

I have seen reports that .msi installers don’t support double signing. But I don’t use .msi installers, so I haven’t investigated further.

What happens to software I signed with my SHA1 certificate after the certificate is revoked?

Software you signed previously will not be affected, e.g. it will be treated as signed by Windows 7/8/10 until 01-Jan-2017

How do I sign Windows XP SP1/XP SP2 software?

Windows XP SP1 doesn’t warn you if there is no signature, so you can ignore XP SP1. SHA2 signatures are not supported in Windows XP SP2. So you will need to have both valid SHA1 and SHA2 certificates to support XP SP2 and all the later versions of Windows. Its not clear that certificate vendors will allow this. Also, how many people with Windows XP SP2 (an unsupported OS) are out there buying software? I won’t be bothering to support signing for XP SP2.

Does this affect SSL certificates as well as code signing (Authenticode) certificates?

I believe so. But I don’t have any SSL certificates, so I haven’t investigated further.

How does this affect signing of device drivers?

I understand there are some differences for device drivers. But I don’t create device drivers, so I haven’t investigated further.

What is the difference between SHA2 and SHA256?

SHA2 is a family of two similar hash functions known as SHA256 and SHA512. SHA256 uses 32-bit words where SHA512 uses 64-bit words.

How secure is SHA2?

Er, it was designed by the NSA. Supply your own joke.

I don’t have a digital certificate, where can I get one?

I got my Comodo code signing certificate from reseller They have a good reputation, and are significantly cheaper than Comodo. I don’t have any business relationship with them beyond being a happy customer.

Anything else I should know?

Microsoft has reserved the right to move the SHA1 deprecation date forward from 01-Jan-2017.


Thanks to Nikos Bozinis for first alerting me to this issue and to Mitchell Vincent of for fact checking this article.

Further reading


02-Mar-2016: Added missing link and minor update.

03-Mar-2016: Minor update.

First impressions of the Retina 13″ Macbook Pro

macbook pro retinaMy table planner software runs on Windows and Mac. Previously I took a Windows laptop with me when I was out of the office or on holiday, so that I could provide technical support to my customers. But it isn’t (legally) possible to run Mac OS X on Windows, so this made it hard to give Mac customers the best possible technical support. For example I couldn’t send them Mac screenshots or replicate Mac-only bugs from a Windows laptop. However it is legally possible to run both Mac OS X and Windows on a Mac. So I decided to buy a 13″ Retina Macbook Pro for my new laptop, so that I could have access to both OSs when out of the office. I was also attracted by the screen and design of the new Retina Macbook Pro. I choose the 13″ model, rather than than the 15″ model, simply because it is more portable (e.g. more likely to fit in a hotel safe). I also paid to upgrade the SSD from 128GB to 256GB to have room for both Mac OS X and Windows setups. I have now had my Macbook Pro for a few weeks, so I thought I would share my initial impressions.

The good points:

  • The 2560 x 1600 Retina screen is gorgeous, both in terms of sharpness and colour. It makes the display on my old Toshiba Windows laptop look very tired.
  • With a 2.5 GHz Core i5 processor, 8 GB of RAM and an SSD it is very responsive.
  • The aluminium chassis is beautifully designed. Despite being only 19mm thick and 1.6Kgs, it feels very sturdy. The power brick is quite small and light as well.
  • The keyboard is nice. Automatically backlighting the keys in low light is a nice touch.
  • The power cable attaches magnetically. This means it is easy to attach. But, more importantly, accidentally kicking the cable just pops the cable out, rather than the whole machine crashing onto the floor.
  • Gestures work very nicely on the touch pad. For example you can drag two fingers up and down to scroll or tap with 2 fingers to simulate right click.
  • I have Windows and Mac OS X  stored on separate partitions. I can access Window either by booting into Windows or from inside Mac OS X using Parallels (cost approx $80). Being able to access Windows from Mac OS X without a reboot is very useful.
  • The speakers are surprisingly good.

The not so good points:

  • The Macbook Pro is expensive compared to Windows ultrabooks with similar specs.
  • There are a limited number of ports:  2 USB, 2 Thunderbolt, 1 headphone, 1 HDMI and 1 unidentified (SD memory card?).
  • There is no Ethernet port. So if there is no Wifi, you are out of luck.
  • There is no Kensington slot, so you can’t physically lock it down. This is especially annoying given the price.
  • As someone who mainly uses Windows I’m still struggling to get used to the Mac keyboard. For example there is a Backspace key, but no Delete key. Also there is no Home or End key. Worst of all the cursor sometimes  jumps to a different line while I am typing. I have no idea why.
  • Parallels and Windows don’t do a brilliant job of handling the very high resolution of the Retina display. Fonts are sometimes shown very small or very large in Windows. Some applications, such as Keepass v1, looks very fuzzy. Hopefully this will improve with new versions of Parallels and Windows as Retina-like displays become  more common.
  • Not all applications support gestures. For example Firefox on Mac OS X doesn’t support pinch zoom. But I expect this will improve as new versions of applications are released.
  • Not having a built-in DVD drive is a pain. I was able to install Windows 7 by ripping a DVD to a USB stick using Infrarecorder (free). But this didn’t work for Photoshop Elements 11, so I had to download it from the app store, despite having it on DVD.
  • I couldn’t get Windows 8 to work. I installed it into a Bootcamp partition, but when I booted into Windows I just got a mouse pointer and  blue bar down the side of the screen. Apparently Windows 8 is not yet supported by Bootcamp.
  • I am told the graphics performance isn’t great. But I’m not intending to use it for games, so that doesn’t bother me much.

Overall it is an impressive machine and I’m pretty happy with it so far. In particular it is great to able to support Windows and Mac OS X on a single machine. But it does have some annoyances and I wouldn’t have purchased it to just to run Windows. No doubt PC ultrabook manufacturers will have copied its more innovative features fairly soon.

A couple of tips:

  • If you are  in the UK, consider purchasing from John Lewis. They will price match other ‘bricks and mortar’ vendors that have stock. But (at the time I purchased) they were offering 2 years additional warranty. I got them to price match PC World’s £100 off deal. I got £100 refunded and 2 years extra warranty. The service at John Lewis is usually also very good.
  • You probably want to get some form of case or sleeve to protect your lovely and expensive new Macbook. Beware that many of the existing cases are designed for the old Macbook Pros. Consequently they might not be a good fit for the thinner Retina models. I bought this Cool Bananas case. It is a good fit and quite well made. I just wish it had a bit more padding. No doubt more cases and sleeves will become available to fit the new models.

Buying a lean, mean, compiling machine

Nearly two years ago I wrote an article about speccing my ultimate development PC. Somehow there was always something more pressing to do. But I finally took delivery of my shiny new PC this week, partly spurred on by the fact that I wanted tried and trusted Windows 7 for the OS. Also my current development PC is getting increasingly crufty after 5 years of continual use.

I emailed my requirements to the top 3 custom PC companies in the UK as rated by PC Pro magazine : Chillblast, Cyberpower and CCL:


I’m looking for a PC for developing software. Prime requirements in order of decreasing importance:

1. reliability
2. cpu + disk speed
3. quiet
4. value for money

Here is my wishlist of components:

-i5-3570K CPU
-an SSD (at least 128 GB) + 2 fast and reliable HDDs (7200 rpm, at least 1 TB each)
-ASUS, Gigabyte or EVGA motherboard supporting USB 3.0 and SATA/600.
-16 GB of fast RAM
-Windows 7 64 bit professional
-quiet is good, open to suggestions on sound insulation, fans and/or passive cooling
-AMD Radeon HD 6850 graphics card
-at least 2 USB ports on the front and 2 USB ports on the back (ideally more, ideally including USB 3.0)
-DVD drive
-Gigabit ethernet
-full size case
-kensington security slot, so I can lock it to the ground
-I don’t need a monitor, keyboard, mouse etc
-I don’t need WiFi
-It has to be *super reliable* – I want reliable SSD + HDDs, good quality motherboard, good quality branded power supply etc.
-target price, not more than 1,500 inc VAT, less is better obviously

Can you build something to meet this spec or get close? Please send me the spec and your price (including UK delivery).

Both Chillblast and Cyberpower sent me quotes for a system fairly close to what I wanted within 1 working day. I then spoke to their sales people and went online to tweak their suggested systems using their web based system ‘configurators’. In the end I chose Chillblast over Cyberpower due to:

  • higher rating from PC Pro readers
  • cheaper for a comparable system
  • better warranty
  • better online configurator (I found the number of choices on the Cyberpower online configurator a bit overwhelming)

However there really wasn’t a lot in it. CCL took nearly 2 whole working days to respond to my initial email,  so I discounted them as insufficiently responsive.

Following some suggestions made by the sales people I spoke to, this is the spec I ended up with:

  • Chillblast Fusion Longbow
  • Windows 7 Professional 64 bit
  • Onboard High Definition Audio
  • Corsair CX 750W 80 PLUS Bronze Certified PSU
  • Sony 24x DVD-RW Drive
  • Seagate Barrcuda 2TB 7200RPM Hard Disk
  • AMD Radeon HD 6850 1024MB Graphics Card
  • Intel 120GB 520 Series Solid State Drive
  • 16GB Corsair PC3-12800 1600MHz DDR3 Memory
  • Asus P8Z77-V LX Motherboard
  • Akasa Venom Voodoo Ultra Quiet CPU Cooler
  • Intel Core i5 3570K Processor 3.40 GHz (No Overclocking)
  • Fractal Design Define R3 Low Noise Case – Black Pearl – USB 3.0 Edition
  • Total price: £1089.80 + VAT (inc MSOffice Home Edition)

I take security fairly seriously. I have a motorbike style ground anchor in my office and I want my shiny new box physically locked to it. But I was told that almost no PC tower cases have a Kensington lock slot. This seems crazy to me. My current Dell tower has one and the cost of one tiny little extra slot in the chassis must be pennies. So I had to buy a lock adaptor kit. It’s not the most elegant solution, but it works fine.

I ordered the system on 02-Oct and it arrived on 22-Oct. Here are a couple of photos of the new system with the side panels off.

The PC took a few days longer than the originally advertised time to arrive. This wasn’t a big issue in my case. But I only found out it was going to be late when I emailed them after the expected completion date. It would have been a lot better if they had been more pro-active and emailed me first. Other than that I am fairly satisified with the service from Chillblast so far.

There are a few issues with the case, which aren’t really Chillblast’s fault. It looks rather lovely in its big, black, minimalist sort of way, a bit like an obelisk from ‘2001 a space Odyssey’. But the case scratches rather easily if you lay it down to change a component on my laminate floor. The side panels are also a bit fiddly to get on and off (my old Dell PC is better in this regard). Worst of all, it has rubber grommets (is that the right word?) that fall out into the case (and potentially into the fan or heat sink) if you even look at them funny. This means lying the case down to retrieve them, struggling with the side panels and more scratches. I have had to do this at least 4 times so far. It seems that they have made them of rubber that is far too soft for the job. Grrr.

How fast is the new PC? It certainly feels very snappy. I benchmarked it against my old Dell development PC (Dual Core 2.13 Ghz, 4GB RAM) building my event table planner software from scratch. This is 83k executable lines of C++ according to SourceMonitor:

Build time Old PC New PC
Debug build 6 minutes 56 seconds 1 minute 32 seconds
Release build 6 minutes 23 seconds 1 minute 28 seconds

So it is more than 4 times faster than the old PC at its key task – building software. Admittedly it isn’t a ‘fair’ comparison of the hardware. The older machine has a different version of Visual Studio, a different OS and probably some unnecessary services running in the background. But it is the best I can do in the circumstances and I doubt a ‘fair’ test would be much different. Despite the fact that I only went for a mid-range graphics card, the new PC can also handle playing Half-Life 2 on full 1920 x 1200 resolution without any noticeable issues. Hopefully the faster build times will give a significant boost to my productivity (as long as I don’t play too much Half-Life 2).

The new PC is also eerily quiet. I would guess more than 4 times quieter than my old PC. Even when it is doing a build, all you can hear is the faint whir of a fan.

Only time will tell how reliable it is.

I have just launched at new website at  This website contains free countdown clocks,  for both Windows and web, to allow you to count down the days, hours, minutes and seconds to any event. It can be a wedding, a birthday or a major cultural or sporting event. Are your children wondering how many days, hours, minutes and seconds it is to Christmas ? Wonder no more! You can also use it to count up from an event e.g. giving up smoking or Perl.

web countdown clockweb countdown clock for Mac, iPad, iPhone and Android

windows countdown clockWindows countdown clock

The hope is that a significant number of people interested in planning events will go to for a free clock and a small percentage will click through to and buy my software. I have no idea how successful this will be. I certainly don’t expect a quick payback on the investment. But hopefully it will pay for itself in a few years, and then anything after that is pure profit.

This project has also been a small scale experiment in outsourcing that might lead on to greater things.

  • The web design and CSS/HTML coding was done by Sergey Pozhilov of μISVStyle.
  • The Windows countdown clock was done by Milan Marusinec of VectorGraphica.
  • The Javascript for the web countdown clock was done by Paul Kossowski of Dolphin Futures.

They all did a great job and the total cost was less than I would have paid for a couple of ads in event industry newsletters (which I tried recently, with fairly miserable results).

I have quite a few ideas about how I can improve, but I wanted to get something out there ASAP. After all if you aren’t embarassed by v1.0 you didn’t release it early enough. I would be interested to hear any feedback. Backlinks to would also be very welcome. ;0)

Speccing my dream development PC

My main development machine is a 4 year old Dell desktop, PC running 32 bit Windows Vista. Time for a new PC. I have been doing a bit of research, mostly by looking through back copies of PC Pro magazine (which I recommend,  by the way). I am speccing it out here on my blog in the hope that I, and anyone else thinking about a new PC, can benefit from my research and (more importantly, given my limited knowledge of hardware) the assembled wisdom and experience of readers of this blog.

A system failure could lose me several days work and a lot of mental energy to sort out, so reliability is my number one requirement. After that I am interested in performance, particularly speeding up compilation and linking, as this has a significant effect on my productivity (my table planner software is now well over 100k lines of C++ code). Getting a fast machine also means it will last longer before it becomes obselete.

Form factor

Tower desktop. I don’t like using laptops for extended periods and there is plenty of space under the desk for a tower case. Having a bigger chassis means more options for upgrading and hopefully less chance of overheating. I like to have my PC physically locked to a ground anchor to reduce the possibility of theft. So the case needs to have a Kensington-compatible security slot I can attach a security cable to. Some LED bling wouldn’t hurt.


Windows 7 64 bit Professional (or Ultimate is if I decide to use bitlocker drive encryption). Windows 7 is increasingly what my customers are using. 64 bit will allow me to address >4GB RAM.

As I develop for both Windows and Mac, I could use a Mac for my main development machine. But I am more familiar with Windows and its associated apps, you get more bang for your buck with a PC and I’m not keen on Apple’s authoritarian attitude to developers. So I prefer to use Windows for my main development machine and use a Mac Mini for porting.


8GB of DDR3 RAM. Maybe more, depending on cost. But I am not sure whether having more than 8GB of RAM will make much of a difference to real world performance. DDR3 memory seems to be fairly standard on high end PCs. I can’t imagine the clock speed of the memory (e.g. 1,333 MHz vs 1,600 MHz) affects development related performance much. I haven’t seen any data on this.


Possibly a 128GB Crucial RealSSD C300 SSD for storing \Windows and \Program files and a 600 GB 10,000 RPM WD Velociraptor HDD for storing everything else. SSDs seem to be increasingly the way to go for storage that is predominantly read-only and the prices are coming down. 128 GB should be ample for Windows and lots of applications. But there have been issues over the reliability and performance of some SSDs, notably those with Indilinx controllers., Jeff Atwood and PC Pro all rate Crucial SSDs well. The WD Velociraptor is one of the fastest HDDs around and 600 GB is currently the biggest one you can buy. It is pricey though at around £0.30 per GB, with 7,200 RPM drives around £0.05 per GB. Especially if I buy an extra one to keep as a hot spare.

I am still making up my mind on this though. Having two separate drives means an extra possible point of failure. Also some people say that, while benchmark results are impressive, the difference in performance between SSD and fast HDDs isn’t that great in real world scenarios. I also wonder whether a 10,000 RPM HDD is going to be as reliable as a 7,200 RPM HDD, such as the Samsung Spinpoint F3. I don’t know of any independent data on HDD reliability between different makes and models. In the absense of such data I guess the next best bet is to look at how long the manufacturer warranties are. You need to be fairly confident on reliability to give a 5 year warrantly.

I am also considering encrypting the drives for extra security. This will keep my data secure in case of theft and it also means I can return a defective drive under warranty without worrying about the security of the data on it. The main alternatives are Truecrypt and Windows 7 Bitlocker. Tests show Truecrypt AES encryption adding a 5-12% performance penalty. Anecdotal reports seem to show that the difference is hardly noticeable in real world use, especially with a fast CPU. A comparison of Truecrypt and Bitlocker from April gives Bitlocker a small advantage for speed, but favours Truecrypt for its flexibility. Also Truecrypt is free, whereas Bitlocker is only available if you buy Windows 7 Ultimate.

My current PC has 2 disk HDDs in RAID1 (mirrored) configuration. This was intended to decrease the chance of data loss, but it has been a huge headache. I have had to replace one or other of the RAID1 HDDs 4 or 5 times while I have had this PC. I can only assume that RAID was responsible for this catastrophic failure rate, so I certainly won’t be going for RAID again.


Any reputable make of DVD drive that can write dual layer DVDs should be fine. The 8.5 GB capacity of dual layer DVDs is useful for backups. I don’t see any need to pay a premium to get Bluray.


A Gigabyte or Asus motherboard with support for USB 3.0 and SATA/600. I have just bought a USB 3.0 external HDD for backup so I would like to make the most of the additional USB 3.0 performance and a fast SATA connection is necessary to get the most from a fast HDD. Gigabtye and Asus motherboards seem to do well in the PC Pro magazine tests.

Power supply

Any respectable make should be fine. If a power supply fails the power surge can wreck the whole machine, so it definitely isn’t worth risking a cheap and nasty power supply to save a few pounds.

USB ports

Lots, including some USB 3.0 ports.

Graphics card

AMD Radeon 6850. I don’t play a lot of computer games, but I want a graphics card fast enough to give me the option. I would also like to have the option of multiple monitors, so it needs to have at least 2 DVI outputs. PC Pro magazine are recommending the AMD Radeon 6850 as exellent value if you don’t need the fastest possible card.


Intel Core i5-750 (4 cores). Raw processor speed is obviously important, but you pay quite a premium to get the very fastest chip. The i5-750 seems like a good balance between price and performance. Multiple cores are useful for running VMs and compiling (apparently Visual Studio 2005 requires a tweak to use multiple cores for compilation). Quiet fans would be nice. I’m not interested in overclocking as I worry about the effect this could have on reliability.


Gigabit Ethernet.

VDU, keyboard and mouse

I will re-use my existing monitor, keyboard and mouse.


The less crapware pre-installed with the OS the better.


The longer and more comprehensive the better.


I have neither the time, the inclination nor the aptitude to build a PC myself. So I will be looking for a UK company that can build a PC close to the above spec. I had a terrible experience trying to buy a media PC from earlier this year (I had to do a chargeback to get my money back when neither PC or refund had appeared after a month), so I certainly won’t be approaching them. Thankfully they seem to have gone out of business anyway. Given the problems I have had with the current Dell and the ludicrous cost of Dell replacement parts, I won’t be going for Dell again either. UK PC manufacturers that regularly do well in PC Pro tests include:

So I will be investigating how close a system they can provide me to the above spec and for what price. Interestingly all these custom PC companies seem to have products aimed very much at gamers, not developers. Given that there are a lot of developers in the UK that seems surprising. I guess most developers get their PC bought for them by IT departments and don’t have the luxury of a custom built PC. I think these companies are missing a trick by not having a PC aimed at developers amongst their base specs.

If you had roughly £1000/$1700 to spend on a development machine, what would you choose differently from the above and why?

App stores set to dominate future software sales?

Following the success of the iPhone app store (over 6 billion downloads to date), app stores are becoming more and more of a feature of the software landscape. In case you missed it, Apple announced yesterday that there will be an App Store for Macs  ‘within 90 days’. In summary:

  • The Mac app store will be tightly integrated with Mac OS X, including automatic install and update.
  • There will be restrictions on technology, for example Java apps will not be allowed.
  • Apple will keep 30% of any revenue from sales.
  • $99/year subscription for developers.
  • Developers will still be able to sell their software outside the App store.

It is easy to see why Apple would want to do this:

  • A potentially huge new revenue stream from third party Mac software sales.
  • They get even more control over the customer experience.

And this could have advantages for Mac users:

  • Simpler payment and installation.
  • Screening out of low quality apps and malware.

And potential advantages for Mac developers:

  • Mac users might buy more software if it is easier to do so.
  • One main channel to concentrate your marketing efforts on.
  • Some of the boring infrastructure of selling software (licensing, shopping cart etc) can be taken care of by Apple.

But the disadvantages are all too obvious:

  • Your app could be rejected outright. And you won’t know until you submit it for approval. Apple are judge, jury and executioner. The iPhone app store has been infamous its capricious and opaque approval process.
  • 30% is a huge chunk of revenue. Typical payment processors take 5-10% of revenue. Where the new app store cannibalises existing sales (and it is hard to see that it won’t) vendors will lose 20-25% of existing sales revenues.
  • New apps and updates will be delayed by days or weeks as they go through the app store approval process.
  • A single centralised app store is likely to make it harder for niche/long-tail apps to make any sort of living. Certainly this is what seems to be happening in the iPhone App store.
  • Apple are control freaks and have traditionally taken a rather heavy handed approach with developers, including the liberal use of NDAs. The app store will give them even more control.

And worse might follow:

  • Apple makes a lot of their money from selling over-priced hardware. It may be in their interest to drive software prices down so they can sell more hardware. $5 is considered expensive in the iPhone App Store.
  • This could be the first step to making Mac OS X a closed system, like iPhone, where only Apple approved apps can be installed.

I guess they can’t piss off developers too much – a computer without third party applications isn’t going to be very attractive to customers. But I am finding it hard to work up any enthusiasm for a Mac app store. If it is successful I can either be in the store and give up a lot of freedom and cannibalize exisiting sales at a much lower margin, or stay out and be shut out of a large chunk of the market. It isn’t an attractive choice. As my app is written in C++/Qt, rather than Objective-C/Cocoa, I am not even sure that it will be eligible for inclusion in the store. I could just abandon Mac OS X, but Microsoft is also rumoured to be working on their own app store (despite the failure of DigitalLocker). That is a truly terrifying prospect given the awfulness of their ‘Works with Vista’ approval process (I speak from personal experience).

Suddenly web apps are looking more interesting.

Why I won’t be bothering with the Windows 7 logo program

not compatible with Windows 7Am I the only one being totally bombarded with ‘Give your application the green light’ and related emails from Microsoft and its minions? I must have had at least 30 so far. I took a few minutes to list my product in the Windows 7 compatibility guide (beware, cheesy audio). But that is all I intend to do.

I went to the trouble of getting the ‘works with Vista’ logo in 2007. The process was very broken:

  • The winqual and Partner websites give me “certified by unknown authority” warnings.
  • The Winqual website didn’t work at all in FireFox.
  • There was a complete lack of clear guidance about what you needed to do next at each stage.
  • The documentation was very poor, with broken links and much of it completely out of date (i.e. “more information will be available in 2006”, this was 2007).
  • It took me about an hour of rummaging around on the winqual site and an email to tech support to work out that you can ‘sign’ the legal documents online (you have to tick a permissions checkbox on a separate page and do a few refreshes).
  • You had to download a signing tool. It was in a zip file with a password. They didn’t tell you what the password was! Luckily I already had signcode.exe installed.

It was easily the most frustrating thing I have done in my career as a microISV. For that I ended up with an ugly ‘works with Vista’ logo (that probably just made customers think my software didn’t work on Windows XP), an entry in Windows marketplace (I already had one) and a Verisign authenticode certificate that I wasn’t allowed to use to sign my software.

Hopefully Microsoft have cleaned up their broken logo process since the Vista launch. But the benefits of the Windows 7 logo program seem slim:

  • a “Compatible with Windows 7” logo (prettier than the ghastly “works with Vista” logo admittedly)
  • 30 Partner Points for use in the Microsoft Partner Program (I have no idea what I would want those for)
  • some PR templates (when did having a near identical press release to thousands of other companies become a benefit?)
  • priority Listing in the “Windows 7 Compatibility Center” (I doubt any of my customers know or care about this)
  • Windows built-in error reporting (I rolled my own, thanks)

Worst of all I would have to buy another overpriced Verisign certificate to authenticate myself to Microsoft winqual, even though I already have a perfectly valid authenticode certificate from Comodo.

I think I’ll pass.