“Karsten shows how to build an animated version of Task Manager using the 2-D animation infrastructure provided by Avalon, then moving into the world of 3-D, showing how to create a dynamically animated 3-D mesh.”

Jason Whittington has some thoughts about ClickOnce and user-managed permission evaluation. Basically, he thinks that the user should have to sacrifice a chicken to get a FullTrust component running on their box via ClickOnce (I’m paraphrasing : ). I definitely see his pov. Thoughts?

Rod Paddock sat down to use Avalon in a real way and then kept notes.

Some of those notes said good things about Avalon

Some of them said not so good things.

While we appreciate the good things, we need to hear about the bad things. And we appreciate it. Thanks, Rod!

Keep it coming!

I had a question in my inbox the other day that went something like this:

“Since programming within the partial trust sandbox I get by default when using ClickOnce is so hard, why wouldn’t I just kick it up to FullTrust and let the user press the OK button?”

You can do that. Since ClickOnce supports user management of permission awarding for code deployed via ClickOnce (aka there’s a dialog that the user has to approve if the app wants more permissions than are the default), you could ask for FullTrust.

If I were you, I wouldn’t ask for FullTrust in my ClickOnce apps and not just because I don’t want users to be freaked out by the dialog box I expect to see that says “Danger, Will Robinson, Danger, Danger!” Personally, I don’t want the liability. If I write code the requires FullTrust, I have to write my code to take full responsibility for its actions, including if the code is hijacked by other code to do bad things.

On the other hand, if I request the minimal set of permissions that I need, I’m walking with a net. If I miss an exploit, I’m limited to doing bad things inside of the limited set of permissions that the user has awarded to me and not the whole darn thing.

Full trust isn’t easier; it’s much, much harder. I like partial trust because I’m lazy: I don’t want to do the work to warrant the user’s full trust.

Here.

Ford McKinstry, PM on the Microsoft Indigo team, gives us a hint as to when the next preview release of the Indigo bits will be available:

“We are planning a CTP release with Indigo soon after the VSLive event. But  it will not be available simultaneously with VSLive. We’re moving on it as quickly as we can and we appreciate your interest and patience. –Ford McKinstry, Indigo Program Manager”

[via Stuart Celarier]

It’s time for the annual .NET Developer’s Journal Reader’s Choice awards. Even better, this year Windows Forms Programming in C# has been nominated (yea!). And while it’s an honor to be nominated, it’d be an even bigger honor to actually win (my birthday’s coming up : ). Voting for MSDN and Visual Studio 2003 would be cool, too. Don’t be shy! Vote!

I just noticed these two posts from Steve Makofsky formatting web content for compact devices:

• Pocket IE
• dasBlog and .Text on Pocket IE

Mostly, I’d listing these links for myself, as I’ve a hankering for some Smart Phone programming…

To get technical work done, I sometimes let my inbox fill up beyond what makes my comfortable. Today, that caught up with me, but I plowed into it and handled it like a man:

• Handled 206 incoming emails (filed, deleted or dealt with in some other way):
• Started with 47 emails in my inbox
• Received 177 emails
• Ended with 18 emails in my inbox
• Sent 92 outgoing emails

I don’t normally track such things, so I can’t say if that’s a lot or a little, but it sure seemed like a lot to me.