BKS WebSplitter 1.0.1

BKeeney Software Releases Version 1.0.1 of WebSplitter for Xojo

BKeeney Software is pleased to announce the release of version 1.0.1 of their WebSplitter for Xojo Web. The WebSplitter control is a browser-side draggable interface splitter for the Xojo Web platform. By leveraging the power of Javascript on the end user’s computer the BKeeney WebSplitter is faster and smoother than a server-side implementation.

This update introduces the ability to nest splitters (like the classic Apple Mail interface) and fixes a few minor bugs!

Version 1.0.1
* Nested splitters and example
* Fixes issues with multiple splitters on one page
* Fixes issue with resizing when stretching with the browser window
* Master container height is no longer calculated and made static
* Splitter color working when using the IDE color picker

A license for WebSplitter is $39.99 and comes with 100% unencrypted Xojo source code.

More information can be found at: http://www.bkeeney.com/allproducts/websplitter-for-xojo/
Purchase now at: http://sites.fastspring.com/bkeeney/product/bkswebsplitter

The Xojo Community is Awesome

Have I told you how much I love the Xojo community?  I’ve been part of it for fifteen years and I’ve met hundreds of Xojo developers at developers conferences and probably exchanged emails with thousands more.  I am amazed at how much this community helps each other and I wish there was a way to promote that as a key feature of the product.  It’s a big deal.  Really!

If you’re just starting out using Xojo know that there are a bunch of people, myself included, that are willing to help out, if we can, on your journey.  Programming is hard.  Well, I don’t think it’s hard because I’ve been doing it for so long, but it is complex at times and that makes it hard.  Just ask your question in the Xojo forums and you’ll almost always get an answer within hours.

Even Xojo pros, such as myself, have need of help.  Xojo covers Mac, Windows, Linux desktop, console, and web apps.  It does iOS apps for iPhone and iPad.  It now does Raspberry Pi for heavens sake!  It works with dozens of different databases.  There is simply no way any one person is going to know everything there is to know about Xojo.  It just can’t happen.  So yes, I go to the forums, all the time, and ask for help.

Just the other day I asked for some help with WooCommerce.  Not Xojo related, really, but certainly related to a project we’re working on for a client.  Within a few hours I had half a dozen developers private message me saying they might be able to help.  Subsequent contact narrowed that list down a bit but the point is that I have probably shaved off several days worth of work simply by asking for advice.

I am biased towards Xojo, naturally, as it’s been my primary development language for fifteen years.  I think I’d be hard pressed to find such a friendly community.  I call many on the forums my friends even though I’ve never physically met them.  The few that I’ve met in person have lived up to their forum reputations and are really friends for life.

So maybe this is my belated Thanksgiving post.  I am thankful that so many years ago I jumped both feet first into the tool.  I asked questions – many of the silly and redundant.  I became more proficient and then made another jump to start blogging about it, making products for other developers, and training the next generation of developers.

So if you are in need of a cross-platform development tool I highly recommend Xojo.  It ain’t perfect but no development tool is.  If you jump in I think you’ll love the community.  I know I do.

What say you fellow Xojo developers?

Xojo iOS without Android

I will be honest and say that I did not think that Xojo for web apps was going to amount to much of anything.  Granted, I said this as I was struggling with a beta of the very first release to do some actual production work.  Since then it’s gotten considerably better and more stable and it’s become an increasingly large portion of our consulting work.

I was asked the other day what I thought about Xojo for iOS.  I replied that it’s stable and the community seems to be coming up solutions at a much faster pace than Xojo for web.  But until it starts bringing income into my consulting business I’m hesitant to say much more about it.

Let’s talk about that aspect of it for a bit.  When web came out I immediately landed a few consulting projects which was an awesome (and horrifying) way to learn the new framework.  Here it is roughly six months after release and I’ve only had a few nibbles but no actual projects on Xojo for iOS projects.  This despite the ten plus hours of training video I’ve created for Xojo for iOS.

So it makes me wonder if Xojo for iOS is really going to take off.  Part of me wonders if Xojo misunderstood the market for mobile apps.  Sure, iOS is where the money seems to be, but Android has the marketshare and Windows mobile (whatever they call it these days) just keeps hanging around.  Xojo simply doesn’t address Android or Windows mobile.

I think one could reasonably argue that part of Xojo’s strength on desktop is that it makes decent apps that are cross platform and it doesn’t matter which platform you develop on.  You do have to spend extra time for a Xojo app to be 100% compliant on Mac OS X and Windows (I’ll leave Linux out of the mix since I don’t cater to that crowd) and I don’t think many people would argue that if you were going to make a Mac-only application you might want to stick with xCode and Swift or Visual Studio for making a Windows only application.

Apple and Microsoft will always have the best gadgets and goodies for those platforms.  That’s just a fact.  Xojo is often a compromise of the lowest common denominator between the platforms.  It’s RAD capabilities are important but I’m not sure that I’d give it THAT big of an advantage once you get past the learning curve of all the respective platforms and languages.

Xojo for iOS is nice and works well but I feel that without Android it’s not going to get much traction.  Xojo is known for cross-platform apps yet it only supports one mobile platform.  If you were going to go the trouble of developing for more than one mobile platform wouldn’t you go with a tool that supported more than just iOS?

I mean no disrespect to Xojo.  They’ve accomplished a pretty amazing thing.  They have an IDE that allows you to create iPhone and iPad apps without learning Swift or CocoaTouch.  However, you are limited to developing on Apple hardware (that’s Apple’s not Xojo’s fault) and to do any remote debugging you have to use the iOS Simulator that’s part of xCode.  Just that part eliminates a good chunk of Xojo’s potential market (the Windows and Linux users).

Xojo for iOS works well.  It has good developer community support.  I see no reason why developers wanting an easier mobile development environment wouldn’t choose Xojo except for one thing:  It’s iOS only.

So what do you think my fellow Xojo users?  What do you think of iOS for Xojo?  Is it anything without Android and Windows Phone or is it missing something else?

Xojo 2015 Release 2

Xojo Release 2 went public this week.  This release is a typical mishmash of new features and bug fixes.  So let’s dig into it!


The DatePicker was added to iOS.  This is a most welcome addition and let’s you switch between Time, Date, Date and Time, and Countdown Timer.  There’s still no generic data picker which is a shame.

The Launch Images and App Icons folders for iOS has now been replaced with an editor that allows you to drag and drop images into it.  If the image isn’t the appropriate size for the selected image a message appears saying what the dimensions of the image is and that it will be scaled to fit.

[Edit]   One thing I forgot (because I didn’t see them in the release notes) was that build times are much better in R2.  From comments I’ve seen it may be an order of magnitude faster.

Web Apps

If you are using the HandleSpecialURL or HandleURL the RequestHeaders now has a Secure property telling you if the request came in over a secure channel.  If you are using SSL Certificates they can be specified on the command line.  Another new web feature is the ability to set the HTTPOnly property attribute in the Session.Cookie.Set method.  This should work as a preventative measure against cross site scripting attacks against Xojo web apps.

New Framework

The new framework is making its way to more and more of the overall package.  The Xojo.Data, Xojo.Crypto, and Xojo.IO.Folderitem are now available for all targets and platforms.  The Xojo.Data namespace includes the ability to read/write JSON (no work on XML yet).  The Xojo.Crypto framework gives you access to MD5, RSAEncrypt/Decrypt, RSASign, RSASignVerify, SHA1, SHA256 and SHA512 hash methods.  Xojo.IO.Folderitem gives  you file handling.

Xojo.Net.HTTPSocket now works for all platforms (except Xojo Cloud).  It should be noted that HTTPSocket is now ONLY asynchronous.  No longer can you wait for the response but now you have to use the events from the socket.  This is really a better way of using the HTTPSocket but if you’ve been using it in the old framework synchronously you’ll need to adjust your code accordingly.

[Edit] The new HTTPSocket supports HTTP 1.1, automatically supports proxies on all platforms, and performs proper certificate validation.  It also no longer performs polling on the socket so it should be have significantly lower CPU usage.

The Xojo.Core.Timer now works properly on Mac OS X 10.7 and 10.8.  Apparently it didn’t work properly in older versions of Mac OS X.


For many, the recent addition of the Windows ICU DLL was a major setback as they were quite large.  You’ll be happy to know that they’re now statically linking them and removed the unused portion of the libraries so the built package is now considerably smaller.

The IDE receive a large number of bug fixes including a couple of memory leaks.  They also fixed how deleting items works and how the focus works when switching between tabs with the Code Editor displaying.

According to the release notes there are 147 total items that were changed in Release 2.  This number seems a little low in comparison to some previous releases.  Given the short period between the R1 release and XDC I think this makes sense and the engineers have a lot of work to do in getting ready for XDC.

I did not get as much of a chance to run the beta as I usually do but there hasn’t been a lot of chatter on the forums about issues either.  What little I did with the beta was solid and this looks to be a decent release.

Have any comments about this release?

Xojo Desktop vs Xojo Web App Development

The question comes up every now and then on what’s the best target to develop for:  desktop or web.  The answer is sometimes pretty straightforward but, in reality, the answer should be “it depends.”  You see, each target has some very good strengths and also some bad weaknesses that you need to evaluate before you start coding.  Let’s go over some of those issues.  Let’s start with desktop apps.

Xojo has been making desktop apps for it’s entire history.  Thus it is very stable and mature and there are a lot more 3rd party libraries and plugins available.  You get most, if not all, of the goodies that come along with the desktop environment and this can mean your desktop apps can have most of the buzzers and bells that modern users demand.

With desktop apps, if you need 10 more copies, it’s as simple as installing them on new machines.  These days there’s not a lot of issues deploying to Mac OS X and Windows and most versions of Linux, but still, you need to test on all supported platforms.

The major downside to desktop apps is deployment.  Each user has a copy of the software and depending on your needs/requirements you might need to ensure that everyone be on the same version.  Example:  You’ve created a desktop app for a veterinary clinic that handles everything from pet checkin to billing.  All of them connect to the same database so when you introduce a schema change in the database you need all the clients to use the newest version.    For a small organization this might not be so bad but scale that up to a corporation with several hundred copies of your software.  A good organization might have a good IT department and can deploy your software to everyone at once, but my experience says that most organizations don’t handle this well.  So your software has to be programmed to be cognizant of database versions and check at startup and complain if it’s not what it’s expecting.  From experience it’s a pain to deal with.

Desktop apps that are part of an n-tier system also need to be programmed differently.  You can program each client with all the logic it needs, but then you have to worry about record locking issues (i.e. who wins if two users are editing the same record at the same time).  You also have deployment issues, again, since you’re back to the issue of updating every client every time there’s a little change in logic.  The better solution is to have a middleware application that handles the business logic and is the go-between between the client apps and the server.  The middleware app does all of the business logic and handles the transactions between the database and the client apps.  It’s a fair bit of work and is not what I would consider a simple undertaking.  But at least you generally only have to update the middleware app most of the time and the clients can stay the same.

Web apps, on the other hand, have several advantages over desktop apps.  First, they are n-tier by design.  Each client has its own set of logic via Xojo WebSessions even though there is only one application running.  The user runs in a browser and everything is processed on the server.    So when you need to update your web app you shutdown the old one, replace the executable and the next time someone hits the URL the newer version is there and running.  Having only one instance to update is really nice (and quick).  Web apps eliminate many deployment challenges.

Web apps aren’t perfect though.  Since they are generally exposed to more random user interaction via the web you spend way more time dealing with security and making sure nefarious users don’t get into your system or abuse it.  All of your database operations should use PreparedStatements to make sure SQL injection attacks cannot happen.

Web apps run in a browser.  That’s both good and bad.  Users can access your app as long as they have internet access.  In some areas this is no big deal and for others it’s a huge deal.  Browsers also have a lot of built-in security to keep bad things from happening on your computer.  This security also limits what your browser can do in terms of file handling local.  Xojo does not currently support drag and drop operations with the browser.

Xojo web apps are also not as stable and mature as the desktop side simply because it’s younger.  That’s not the same as unsafe but it does mean there are not as many 3rd party options for Xojo web apps.  Some controls, in particular the listbox, are vastly inferior to their desktop counterparts in terms of capabilities and may not be good enough for your needs.  Web Containers go a long way towards solving this issue but it’s not ideal.

Not all web browsers are created equal.  Some perform better than others and all of them have gone through tremendous growth in the past ten years as the internet has become ubiquitous.  This means there are a lot of different browsers, and versions of those browsers, being used by the general public.  Testing the various browser type and version combinations is critical and despite all the efforts of Xojo to get it all right, the speed of new browser releases does mean issues pop up now and then.  Mobile browsers have their own set of issues that you might need to take into account as well.

Desktop apps have a huge advantage in that they don’t have to convert text to UI like web apps do.  For example loading 1,000 rows in a desktop listbox, while slow is blazingly fast compared to doing the same thing in a web app.  1,000 row list boxes in web apps are SLOW simply because the server has to create all that html data, send it through the internet to the browser, and then the browser has to reassemble it for the user to see.  To get around this most websites do data paging where they only show you 25 to 50 records at time.  Again, not hard to do but one more thing to develop.  Also keep in mind that mobile browsers try really hard to minimize data connections over cell connections so what seems fast on your desktop might be incredibly slow on a mobile phone.

Perhaps the biggest issue with web apps (not just those made with Xojo) is scaling.  Your app will react differently when accessed by 1000 simultaneous users than when it has 10.  The way around this is to do load sharing and balancing using NgInx and works well on Apache web servers.  Finding a good web server to host your web app can be challenging too.  Until Xojo releases their 64 bit support for web apps it will be increasingly difficult to find and install 32 bit compatibility libraries that work with Xojo web apps.

As you can see, there’s is no right answer.  Both desktop apps and web apps have their place in the world since they each have strengths and weaknesses.  Before you start development work you need to think through the implications of doing each.

Happy coding!  Was there anything I forgot to mention in the debate of desktop vs web apps?


For years we’ve been doing some basic checking in the WebSession.Open event of our Xojo web apps. First, we check to see how many open sessions we have and if it’s over a preset number.  The second check we do is to see how many open sessions we have for the current IP address. We set it to something low like 10 because when some joker decided a few years ago to prove that Xojo web apps suck. He opened up our training app, and then hit refresh 150 times and then complained about how unresponsive the app was (thus proving his point that Xojo web apps suck, I guess).

In our apps, if either of those conditions is met we use a ShowURL to redirect to one of the webpages on our regular website to show the user that the app is either too busy or something bad happened. It’s worked decent enough that I’ve never revisited it until this past weekend when several users alerted me to the redirect never clearing. Since I couldn’t login to my own app I restarted the server and everything was fine again.

I tend to use a log file on my web apps to track certain conditions and this morning I added more information so I could track this more. I just happened to be monitoring the app (in my browser) when my session count spiked to around 50 in just a few seconds. Looking at the new information in the log file the IP addresses were all over the place.  An attack?  I dunno but it sure seemed like it.

Unfortunately, the session count didn’t go down immediately like I expected it too and, in fact, it didn’t go down even up to an hour later. I had over a hundred open sessions before it stopped (did Xojo Cloud security close the port?).

When that happened I started looking at code. Some of this code I hadn’t looked at in a year or more. Basically the code did the two checks in the WebSession.Open even and if the function returned true I immediately tried to call WebSession.Quit.

Guess what happens when you do that? If you guessed nothing you’d be wrong. It generates a Nil Object Exception first with the following stack trace:

Function WebSession._WaitingForSync() as boolean


Sub _SessionShutdownThread.Event_Run()

And after that then it does nothing. The WebSession never quits – ever – until something kills the app.

My solution was to put a timer property into the Session and if I meets my quit conditions start the timer and in the action event (using AddHandler) quit the Session. Seems to work as expected now.

This is filed in Feedback <feedback://showreport?report_id=35794> and it appears that it’s been verified. There are some additional details on their response. They know why it’s happening at least. Let’s hope this one gets fixed sooner rather than later.

I’ve seen various people have issues with WebSession.Quit over the years. This might be the root cause of some of those.

New Web App Training Series

BKeeney Software is proud to announce a new 4 1/2 hour video training series for subscribers at http://xojo.bkeeney.com/XojoTraining/.  The new LinkShare Web App series takes budding Xojo developers from nothing, to a fully functional web application.  This eight part series is designed to familiarize the beginning and intermediate developer on how Xojo web applications are created and how to create the basic infrastructure required for most modern web applications.

Just a few of the topics covered:
• Project organization
• Database integration using ActiveRecord and ARGen
• Safe password handling, storage and login procedures
• Sending emails and how to communicate with the app via URL parameters
• Basic WebStyles
• Basic WebPage, WebDialog and UI layout and interaction
• Much, much more

The series comes with source code the Xojo developer can use in their own projects.

BKeeney Software has 183 separate videos, with over 52 hours of Xojo and Real Studio training video and source code at http://xojo.bkeeney.com/XojoTraining/.  The site is a Xojo web app and has served up over 7,750 hours of streaming video to thousands of developers since it went live.

More information at http://xojo.bkeeney.com/XojoTraining/ or contact Bob Keeney at support at bkeeney dot com.

Thoughts on Xojo Web Edition

When Web Edition for Xojo (then Real Studio) was released I can’t say I was overly impressed.  It was missing some features and was buggy (to put it mildly).  I was of the opinion that it just wouldn’t take off.

Since then the worst of the bugs were fixed and the worst of the framework problems were addressed and there’s been a steady improvement in the product in practically every release.  In my consulting business it’s went from being a ‘gee that’s a nice thing to have’ to being roughly half of our overall Xojo consulting business.

The fact that we had very little web development experience hasn’t stopped us from using Xojo for a lot of projects.  It’s great that a WebButton and a regular desktop Button and that a WebPage and Window act the same from a developer standpoint.  All the code experience that we learned over the course of a decade in desktop apps was, with a few notable exceptions (*cough* constructors *cough*), was immediately transferrable to web apps.  While there is a learning curve it’s not like we had to learn a completely new programming language to do some large and complex web apps.  In fact, we turned down work before Web Edition came out simply because we didn’t have the experience and in-house know how to do the work.

Our clients seem willing to forgo the numerous capabilities and power of a desktop app for the more limited capabilities of a browser based app.  I think the biggest reason being that web apps don’t have distribution issues.  There’s only one instance of the app sitting on a server somewhere.  Web apps also work in almost every desktop browser and even work with most mobile web browsers.  Heck, you can even configure the web app to look different based upon what device it’s being viewed on.

There are some disadvantages, of course, to Xojo web apps.  You can’t just put them up on any ol’ server.  You pretty much need a VPS or use the new Xojo Cloud (which is just a specially configured VPS).  Then you have to worry about 32-bit compatibility libraries but, honestly, once you get the first app running on a server the rest of them are pretty easy.  I’ve not had the pleasure of getting a Xojo web app working on IIS but I hear it’s not a pleasure, nor quick, experience.

Apps running in a web browser have a limited subset of capabilities. With Xojo web apps you can’t use drag and drop anywhere out of the box (I think you can do some of this with JQuery but I’ve not tried yet).  The controls, particularly the WebListBox, are lacking a lot of functionality, and there’s just not a wealth of 3rd party controls available for Web Edition yet.

Security-wise, Xojo web apps are compiled making it very hard to compromise an app even if a hacker gets into your server.  There’s still work to make your app secure from SQL injection attacks but that’s a relatively simple thing.  Much of the work is really securing your server so that it’s secure and that’s one thing that Xojo Cloud is doing well (perhaps too well based on my recent experience).

So the question, Dear Readers, is what are your biggest likes and dislikes about Xojo Web Edition?  What do you wish it did better or differently?

Training Day Video Online

We held a full day of training the day before the Xojo Developer Conference (where we couldn’t use the term Xojo yet) on April 23rd.  We had over a dozen people at the training day where we discussed what we knew about databases.  We did that for most of the day and then spent the rest of the day going over 3rd party plugins, controls, libraries, and utilities to help you get your Real Studio/Xojo apps going.

We recorded all of it and have rendered it all (except a 30 minute portion where the mic wasn’t on) and made it available for our Real Studio/Xojo subscribers (as well as attendees who got a year subscription for attending).  It is now available online at http://www.bkeeney.com/RealStudioTraining/realstudiotraining.cgi

Because it’s Friday and I don’t feel like doing any real work, I decided to pull some stats about our Real Studio training app:

It was originally written in a fairly popular web CMS framework.  It was re-written using Real Studio Web Edition (because we could) and went live in late 2011.

We have 39 hours 44 minutes of Real Studio training video available.  A little over 6 hours of it is available to non-subscribers.

We have served up over 4,800 hours of streaming video since we began tracking it.

We have a little under 1000 registered users on the web app with about 100 current subscribers.

Web Edition has been interesting.  The training area has been our test bed of new for new versions of Real Studio Web Edition and now for Xojo.  It continues to grow as Web Edition gets better.

Browser stats actually surprised me a bit.  FireFox is stronger than I anticipated and Chrome is much higher than I expected.

Likewise, platform usage surprised me a bit with Windows users at 41 percent.  I know very few Windows-only Real Studio/Xojo users so perhaps this just indicates that I travel with a Mac-centric crowd or a lot of Windows users are looking at Real Studio/Xojo and need some additional help.  When I get a chance I’ll have to see if I can figure out the stats of subscribers vs. non-subscribers.

Browser Usage




Xojo: Operation Lockdown

It’s always nice when a client gets to talk in the keynote address at Real World (now Xojo Developer Conference).  Brent Huston, CEO of Microsolved, was invited to speak during the Xojo keynote address last week.  Brent talked about the Operation Lockdown that his company, Real Software (Xojo, Inc.) and BKeeney Software are participating in.

Brent has been using Real Studio desktop applications for some of his security apps for a number of years with great success.  He’s now interested in Web Edition and wanted to see where the vulnerabilities were in the framework and what we could to do fix them.

We (BKeeney Software) came up with a simple Web Edition app that mimics what a typical web app would have in it (Login page, admin only pages, user pages, etc) and hardened it to the best of our ability.  Brent’s team then took the standalone web app and used their hundreds of hacking and infiltration tools to see if it would fail.  They also attempted manual penetration testing of the web app.

I’d love to say they found nothing but that’s not the case.  They found a few critical, a few minor, and a few false positive issues.  The good thing is that the critical issues have already been taken care of by Real Software and will be in Xojo Release 1.  Some of the minor issues and other requirements will be added later, according to Xojo, Inc.

The very good news is that the Web Edition framework is pretty stable.  The Session management, according to Brent, is very robust against all known forms of attack.  Using some very simple coding techniques Web Edition web apps proved to be immune to SQL injection attacks and other common vulnerabilities.

Brent recommended that when Xojo R1 is released all Web Edition developers re-release their web apps compiled with it since a number of items his team found are fixed in the upcoming version.

During a Friday session Brent shared, with a packed room, how bad guys (and certain nation states) view your web applications and data.  It was very, very scary stuff and I think everyone walked out of the room wondering not IF our personal/business data has been hacked but how long ago it was compromised.  Scary stuff.

Lot’s of things to think about but it was encouraging to hear that Web Edition was pretty secure.  Perhaps what’s even better is that I overheard a Xojo engineer saying something to the effect of, “That will be changed for R1 to prevent THAT issue from happening,” in reference to a “man in browser” vulnerability.  It’s nice to know they’re taking security seriously in Web Edition (though the irony of their website getting hacked did not go unnoticed by conference attendees).