There are equivalents to low-level Silverlight elements. But we're still missing a real HTML5 framework like GWT or something. RIght now it's like going back to Silverlight 1. No .NET and just the primitives.
Firstly, where are the delays and what are the activities? If this is a carrier test delay, what are they testing? Their native apps on the phone? Why don't iPhone updates suffer the same delays (they are largely globally synchronized, looks like the carriers don't get a veto). Why are phone devices different to 3G enabled netbooks for example?
The answer is to emulate the iPhone model more than the Android model. Locking down the platform is the first step, but locking down for the users and not the handset OEMs and carriers misses the point - we still see the same delays with testing.
The best thing for the users is for Microsoft to use less OEM partners - we really shouldn't be cheering each time a new hardware partner is announced. The carriers and OEMs are not interested in updates, they want to sell more units. Will devices more than 18 months old ever get any attention from them, they would be spending money on encouraging their users not to buy new equipment or contracts.
The real answer is to move as much testing in-house at Microsoft as possible. Change the SLA with the carriers - move support to Microsoft. Lock down the API surface area.
Also, use the community. Roll out the update as an optional to all developer enabled handsets and let the community beta test it. With all this time to market should be something closer to Apple's rather than Google's.
I thought the comment about not including the DLR struck me as 'Not Invented Here'. The potential for integrating the standard web platform with the managed platform is huge. The investment in the CLR, garbage collecting, call-site optimizations could
all be leveraged. Microsoft should be pushing for features that are in Silverlight to become part of HTML.
Maybe I'm missing something here. Process isolation on modern OSes are for stability rather than security. Sure - they can run under different security contexts, but that wasn't the primary driver for the model.
If we were to architect a presentation technology executing foreign code in a sandbox, would we end up with this?