Tuesday, February 16, 2010

Hacking the Xap for Business Intelligence (BI)

I did a post a while ago on 'Hacking Xap' files primarily around dynamical loading resources. The past few months I have been playing with another even cooler way to 'hack' xap files. In this case its about business and taking a precompiled xap file and instrumenting that xap file without recompiling your application or any code changes to the application. This kind of detailed usage information can be extremely helpful in looking at how applications are used and help identify key areas to focus on. From a hack standpoint to take a precompiled xap and put 'code' into all the method calls dynamically is just cool. Granted that collected information just doesn't show up on your desktop, you have to build a web service to collect the data but just the fact that I can take a precompiled xap and get it wired up without any jumping around is just cool.

so lets get to the meat of my experience...

I meet with a guy at PDC09 at well PDC from Preemptive Solutions http://www.preemptive.com/ and he brought up a tool that they have that is part of their 'dotfuscator' product. Most .net developers have either heard of 'dotfuscator' or seen it since its part of visual studio. But part of their main 'dotfuscator' tool is around 'Business Intelligence' and a little known additional feature that in my mind should be the main focus is my main interest and the subject of this post. In any case I got excited about this xap hacking tool er 'Business Intelligence tool' and he got myself a license.

So I got my license and found that getting it working is/was very problematic, not only a license key but an activation key and a bi key etc. I had to get a hold of tech support basically twice with an ongoing thread with their tech support... to be honest I'm no longer a fan of DRM or any other security system that prevents apps from running when installed or secures files. I understand that this is needed to keep software from being pirated and intellectual property stolen but preemptive got way overly excited with their implementation.

Install experience and setup aside it all seems pretty straight forward. The hard part of using the software is building the wcf service and collecting the data. Once you get a service up and running though you basically just need to load your xap and pick where you want to collect data in your app and point it at the web service. The fact that you don't need to re-compile your xap is just awesome. And from a ux standpoint getting this data really gives you insight into your application that you just couldn't get without writing alot of code up front.

If BI around usage of your application is important to you in building better Silverlight apps then this tool is worth the hassle of getting it setup. As a Silverlight 'guy' I would list this as a critical tool in your tool Silverlight toolbox.

So to be fair to the company they provide an endpoint that users can use and I'm told there is a codeplex project for helping you build an in house solution and put the results on a sharepoint web part. My only issue with that is having another company have my usage data which or course would be crazy. Certainly I would not want anyone having my data as I have virtually no trust in other companies and their network security... but alas others might be ok with that. and using sharepoint... well just say no ;) Sharepoint provides a great solution if you don't want to customize it too much... :)


  1. Nice post, it's great to see RI being used in Silverlight application. PreEmptive also offers a webservice end point to collect your data for you and provide it back to you either in raw file dumps, or via aggregated reports. So if you don't want to create the backend to collect and massage the data, you can use theirs.

    - Josh

  2. yes but the endpoint would not be controlled by me or my team which would make it completely unacceptable as a solution. But I added a note about it in any case as it is a fair point that should be pointed out.

  3. Spoiler alert - I am with PreEmptive - the makers of the Silverlight analytics technology covered in this post. I think David’s position on using a managed service touches on a much larger issue having nothing really to do with what our service does or does not provide. As background, the hosting facility we use for our managed service endpoint has far superior facility controls than we could justify maintaining on our own – and I think we are not unlike the majority of companies in that respect. In terms of authorized access, other than those required to administer the site, no one other than a client has access to a user's data. Wait… Before everyone jumps up and says how anything can be hacked - let me wholeheartedly agree. For those organizations with the skills, the facilities, the time/resources, and (last but not least) the business justification to maintain state-of-the-art operations, then using a managed service makes no sense whatsoever. Having said that, no one wants to be the cyber-equivalent to the poor soul who loses their life savings in a house fire because it was hidden “safely” in their mattress. Lastly, (as it relates to us) for those that do want to build their own vault in their basement, our endpoint software can be licensed and installed inside a firewall (we do not mandate the managed service – it is simply an option). Again, this too comes down to the build or buy question. If building the listening services, the data validation and reconciliation services, the content management, the reporting services, the RESTful API, etc. is either a competitive advantage for you (or, conversely, unnecessary), licensing our (or anyone else’s) endpoint would make no sense at all – but for many (I think most), this will not be their core business and (assuming reasonable fees) they would prefer to focus on their own core competencies. So, for those who are not as skilled and focused as David, I think managed services (not just the one we are discussing here) offer legitimate – perhaps even compelling – options. …besides, I find it hard to get a good night’s sleep with all that lumpy runtime data in my pillow case. Just my 2 cents… - Sebastian.

  4. It’s a fair point; it’s good that the service endpoint is provided. Just because I’m a paranoid hacker doesn’t mean the rest of the world is :) I think what my main point and why I was so interested is that this tool allows deep instrumentation without having to write a bunch of code into an already compiled xap. For usage studies and other metrics this is really really useful.