[Last Week in .NET #39] – Microsoft’s MVP Program has a new requirement: Shilling

Not much in the way of releases last week, but lots of shenanigans. I spelled that word on the first try which matters not a whit to anyone else but I’m proud of myself. The shenanigans themselves are an age old story: Big Corporation finds feeble consumers, and exploits them.

πŸ€‘Microsoft pushes MVP Influencers to spruik Azure in Lead up to AWS: Reinvent. That’s the headline, here’s the story: Microsoft wants the community MVPs to shill for SQL Server on Azure and claim it’s cheaper and better, when the fact that SQL Server is more expensive on AWS is due to Microsoft’s own licensing model. When an MVP called this out as the bad behavior it is, Microsoft removed them from the MVP Program (for violating an NDA that conveniently hides terrible choices on Microsoft’s part)

Microsoft seems to want MVPs to shill for Microsoft, forgetting that any of the trust these MVPs have is because they don’t shill for Microsoft.

🚚Meet the .NET Upgrade Assistant, Your .NET 5 Moving Company In this blog post, Dave Brock from Telerik shows you what it takes to move from Framework to .NET 5 (Core), with the help of this Upgrade Assistant. Coffee not included.

🌊‘Agile’ F-35 fighter software dev techniques failed to speed up supersonic jet deliveries In other news, water is wet, and Government agency buys into marketing hype and complains when they were hoodwinked.

πŸ•ΉThere’s a series on building Tetris in Blazor A fun way to learn blazor, no doubt.

πŸ“’Visual Studio 2022 is announced and it includes making Visual Studio 64-bit. A lot can change in 10 years, especially when the world changes around you.

⬆Update existing projects to the latest release of Project Reunion. The latest stable release of Project Reunion is 0.5.5, and as it says on the tin this blog post shows you how to upgrade.

πŸ’°Octopus Deploy raises 172.5 Million in venture capital. The 500K on the end seems like an odd number, doesn’t it? I’m not saying the founder needs a little “I’ve been doing this for way too long without a bonus” money, but…

🏬Microsoft is building a new app store for Windows 10 in major revitalization effort. Microsoft is, at its heart, an enterprise software company. It’s the only way to explain why so many of their consumer efforts have failed. To have a successful app store, you have to give developers a compelling reason to write for it and for consumers to adopt it. As of yet, neither has happened with desktop App stores.

πŸ’ΈNetEscapades.AspNetCore.SecurityHeaders 0.14.0 has been released and it supports opting out of FLoC. FloC is a Google’s replacement for Third party cookies. You know Google, right? The Ad giant and owner of the web browser with 90% market share? Neither of those facts say that Google “has the best interests of its users at heart”.

🐧Windows now supports Linux GUI Apps. Somewhere the founder of Lindows is crying.

πŸ”šDavid Fowler shows off how small ASP.NET Endpoints will be in the future A svelte 7 lines to get an endpoint. Of course, there’s no Authentication, Authorization, or any of the database connection code, but still. 7. lines.

☁You can run and debug AWS Lambda from Jetbrain’s Rider. I have nothing snarky to say here. This is just cool.

🐣Intro to Uno Platform, Intelligent Virtual Agents and Cloudflare These three topics are brought to you by scattergories and the Cape Town MS Developer User Group.

πŸ’¨EF Core is now at 93.5% speed of Dapper. Dapper is well known enough for Microsoft to compare to, but not backed by enough money for Microsoft Legal to care enough to change the name of “Dapr” to something that doesn’t conflict.

[Last Week in .NET #38] – The NSA requests you patch your sh*t

Week ending 17 April 2021

🚨🚨🚨🚨Microsoft Exchange has four new vulnerabilities with patches. CVE-2021-28480, CVE-2021-28481, CVE-2021-28482 and CVE-2021-28483. For some things the cloud does not make sense, but for the “I really don’t want to deal with patching my own stuff”, the cloud makes sense. Maybe it’s time to migrate to O365, if you haven’t already?

By the way, this is so bad that the NSA is actually telling everyone about these flaws immediately.

πŸ˜†Schadenfreude is watching someone else try to set up Microsoft Teams​ @mcclure111 tries to set up Microsoft Teams to talk to a client, and all hell breaks loose. It’s a fun read if you define fun as “I’m glad that isn’t happening to me” and “Holy cow did Microsoft not think through their user experience?”

πŸ“†Jetbrains “.Net Days” is May 11-12th and it’s free. Scheduled talks include:

“C#, F#, GraphQL, Blazor, gRPC, Hedy, working with databases, and debugging. On top of that, we’ll discuss stereotypes around legacy code and demonstrate how to build a React app backed with Azure features.”

And Azure makes an appearance because of course Azure makes an appearance.

🎁Visual Studio 2019 16.10 Preview 2 is out with lots of .NET goodies included.

🎈Julia Evans releases her network debugging “Choose Your Own Adventure” game as an early draft. I played through this and it is wonderful. I highly recommend it.

🎁Visual Studio 2019 16.9.4 has been released It patches CVE-2021-27064, CVE-2021-28313, CVE-2021-28321, CVE-2021-28322, and patches several upvoted bugs present in Visual Studio.

🚌EventDriven.EventBus.Dapr 1.0.0 RC 1 has been released Your weekly note that we use the term “RC” because “Using Customers as our QA” has less zest to it.

πŸŽ₯The .NET foundation hosts a project spotlight on “Roslyn” which is also Microsoft owned. Would love a bit more outward focus but Roslyn is cool.

πŸ—£There’s a new C# Standard repo that helps to standardize the language used to describe C# I don’t understand it but perhaps I’m not meant to. This is about standardizing the language we use to describe the language we use?

🧡The next version of C# will support building interpolated strings with a… builder based approach What does this look like in practice? I have no idea because the authors are more concerned with the structure of the API than showing us what that API would mean with examples.

🚚Are you planning to migrate from UWP to WinUI 3 Desktop? These are some guidelines that Microsoft is writing. Also Microsoft promises that this is not another “Lucy with the football” moment.

πŸ§“Andrew Lock writes about Viewing overwritten configuration values in ASP.NET Core Environment variables are from 1979, and we still have not come up with a better to deal with this in 2021, but in true tech fashion “you can always write code for it!”

πŸ’©Instant Feedback Is Here: Introducing Hot Reload in .NET 6 Dave Brock from Telerik shows us what Hot Reload is, and how it works in .NET. And no, this is not an urban dictionary term.

πŸ€–There’s a Root Cause analysis out for CVE-2021-1647 That CVE, just in case you don’t have them memorized, was the Windows Defender CVE. This is a shorter read than the last one I linked to, but still has good information.

🀑Eric S. Raymond believes that it’s easier to tolerate a few jerks than it is to have rules regarding toxicity in a community reaffirming the adage that if you look around the table and can’t see the jerk, the jerk is you.

πŸ’₯The NSA and US Intelligence Community has affirmatively pinned the Solarwinds attack on Russia’s Foreign Intelligence Service, the SVR. When people said “The 80s are back in style” I didn’t think they meant the Cold War.

πŸ“’Announcing Windows 10 Insider Preview Build 21359 Several fixes, previews, and Apparently the Timeline is not going away. I have no idea what the Timeline is, but it’s not going away. Good news?

πŸ‘The Razor Compiler no longer produces a separate Views Assembly in .NET 6 Preview 3 If this affects you, here’s your notice.

πŸ’ΎGit is gitting (sorry) better in Visual Studio 16.10 Preview 2. I’ve started to try out Git in Visual Studio, and it’s not bad. I still prefer the command line, but that’s because I’m a snob.

πŸ…If you’ve made it this far you deserve a treat. Here’s the story as to why He-Man rides a tiger, and I guarantee it’ll take you to places you did not expect​

πŸ•³Microsoft keeps digging itself into a hole with its MVP Program “Astro Turf for SQL Server on Azure” is a helluva strategy.

🀡πŸ₯³Microsoft releases its Hybrid Work Strategy Program It’s only a decade behind the curve.

πŸ“šTurns out the Visual Studio logo has a backstory.

🎁SQL Server Management Studio 18.9 is out Lots of bug fixes and improvements, as always. I used to get on release notes people for writing “Bug fixes and PErformance improvements” but now I realize I can just link to the real release notes and get away with using that term, sooo.

πŸ™‹β€β™‚οΈShow dotnet: Build your own unit test platform? The true story of .NET nanoFramework. Sometimes I share things I’m interested in and this is that other time. I’m sure this is cool but I have no idea what it is.

πŸ‘ΆIf you have a Peloton be aware that it eats children. I don’t feel the need to go any deeper on that, except to say this is not a euphemism.

😒I want AppGet back. Almost a year ago Microsoft released Winget and people who loved AppGet wish they hadn’t. The rest of us are going to wait the requisite 5 years for WinGet to be usable for our day-to-day work.

🍬NPR talks about the Solarwinds Hack. Reese’s make an appearance as do razor blades. I won’t spoil the metaphor any more.

And that’s it for what happened Last Week in .NET.


This email goes out weekly at https://www.lastweekin.net, and there’s a podcast version at https://podcast.lastweekin.net. If you enjoyed this, Subscribe here.

[Last Week in .NET #37] … and I would deadlock 10,000 schemas…

This is a post from my weekly mailing list titled (creatively) Last Week in .NET. If this sort of thing interests you, you can sign up for the mailing list here. I also produce an audio version of the same which is available at https://podcast.lastweekin.net.

🎁.NET 5.0.5 has been released. This release fixes an issue where dotnet restore wouldn’t work on Linux.

πŸ’ΈJimmy Bogard takes you through local development on Azure Service Bus. Developers won’t pay $99 a year for a tool that saves them hundreds of hours, but will happily pay to develop software in the cloud.

πŸ•΄Leverage enterprise-scale reference implementations for your cloud adoption. I think Microsoft marketing is skimping on their KPIs: The title doesn’t have the word “Azure” in it.

πŸ™‹β€β™€οΈYour top .NET Microservices questions answered The link itself isn’t as interesting as the links available in the post. If you find yourself wanting to learn more about microservices and their structure and communication patterns, these links are a great place to start.

πŸ“’Announcing .NET 6 Preview 3 performance improvements, more platforms supported (iOS, Apple’s M1, and Android!), and plenty of bug fixes for ASP.NET Core, Entity Framework Core, and the runtime itself.

β˜ πŸ”’Tayrn Pratt, Stack Overflow’s DBA, writes about fighting with deadlocks in SQL Server when needing to generate 10,000 schemas (not a typo). Stack Overflow Teams uses an interesting mechanism for multi-tenancy: database schemas. It scales, but there are some issues. Taryn dives into those issues and how they fixed them.

πŸ•΅οΈβ€β™‚οΈExploiting Windows RPC to bypass CFG mitigation: analysis of CVE-2021-26411 in-the-wild sample Sometimes we get exploits with no code samples, and other times the author goes into a deep dive into how the CVE operates, with examples. This is the latter, and we’re all the better for it.

​ILSpy 7 RC1 is now available and the big news here is that you can now build ILSpy for .NET 5. Oh, and it has dark mode too.

Three Stories about The ‘Best’ Tool

My earlier blog post struck a nerve, specifically around the idea that there’s an objectively “best” thing to use to solve a problem, independent of the team and its context and its point in time. Sean Kileen also left a wonderful comment that links to a talk that says in a much better way what I’m saying.

There is a supposition at play: That independent of the knowledge I have and my team has, even taking into account our constraints (business, social, technical, financial, learning mode), there’s a better choice for us to solve a particular problem and we are hurting ourselves by not learning that choice.

And what I’m saying is this:

The team’s skill level and expertise on a toolset is probably the most important factor on whether they should choose a given tool — that all else being equal (business, social, technical, and financial constraints), that a team is better off choosing a tool they know better than a tool someone else says is better for them. Going further, I’m saying that objectively there is no best tool for the job.

There is, however, the best tool that the team feels the most confident wielding that fits into their business, social, technical, and financial constraints for the particular job they’re trying to do.

The point here is that all of these criteria are internal to a team, and you can safely disregard advice from anyone who does not have your full problem context and a full understanding of the constraints you’re under — most importantly the team’s existing knowledge and threshold for risk and learning.

The Best Framework for writing cross-platform mobile applications

When I was a VP of engineering for a startup that made a wearable; one of the earliest challenges was picking a cross-platform framework for creating mobile applications. This was a startup, and at the time, it was only me writing software. So my constraints were:

Least Time to implement
Good support for Bluetooth Low Energy
Works on Android and iOS
Good community support (in case I ran into a problem)
Good documentation
Easy finding answers on Google
Active open-source libraries
Low cost

At the time (2015), Ionic Framework fit that bill rather nicely (this was in the 1.0 days; it’s only gotten better!). Ionic had three things over your typical phonegap applications (for me):

  1. There was pluggable support for BLE that was maintained by the Ionic team (“ngCordova“)
  2. They had existing an entire cross-platform HTML and CSS based UI library that would allow for native Android and iOS
  3. It was written to be used in Angular 1.x; which at that time I had quite a bit of experience with.

Now I should point out that I had maybe 3 years of production JavaScript experience at that point, but I had 7 years of production experience with C#, and from a generic perspective, Xamarin would have been the better choice — except for me Xamarin didn’t have #2 above that was as easy to implement as HTML and CSS were, which I had over a decade of experience with by that point.

And so I picked Ionic. For me, for that particular context, Ionic was the best choice. But think of a team with better funding and people who knew native iOS and Android development? Well native development might have been better for them, but in my case, native development would have easily added 6 months to a year for each application, which would have been catastrophic.

Now if we had had the money, the even best choice would be to outsource the application for $500,000 and call it a day. But we did not.

At the point where we were starting to be able to hire help (due to me switching to Firmware), one of the very smart candidates that literally wrote the book on React Native asked, why aren’t you using React? From this candidate’s perspective, React Native was objectively the best choice. My answer (having done the research) was that the BLE “bridge” in React Native was at the time far more nascent than the requisite ngCordova library. But, that was a decision made from my perspective. There’s also a little bit of loss-aversion at play; if you have an app 50% done, you don’t want to spend the money to rewrite it, that’s wasteful, especially if you’re a cash-strapped startup. Decisions become context. Context becomes the constraint.

Python and Django for CMS enhancements

At a rather nice company I worked for, they had an existing third-party CMS that was probably 10-15 years old at that point, and it was terrible compared to modern CMSes. Since the lifeblood of the company was financial newsletters and content marketing to sell those financial newsletters, it become a business imperative to ‘own’ the means of production. The team made the choice to move to python and Django, and write a CMS using those tools. The head of that team had played around with Python and Django, but no one had ever produced production code with it. It was a gamble from the outside looking in, but from that team’s context, it made the most sense. However, from a cultural perspective, it represented a shift in the knowledge of the company from ASP.NET and C# based tech stack (With all the requisite scaffolding and tooling built around that) to a Python based tech stack, with all the change that entailed.

To this day I’m still somewhat surprised the move occurred, but it wasn’t too long before I was brought on to a new team to make enhancements to this CMS. At the time, I had *no* python experience, and no one else on the team had python or Django experience that could help (they all had their own work to do), so I was on my own learning Django forms and controls. This made the work much harder than it needed to be for me, and I spent many weeks feeling frustrated and unable to do what I would later realize were basic things (model based forms vs template based forms yay). Ultimately the project failed from a time and budget perspective, and my future at that company was limited because of this failure.

So, was Django and Python the best tool for the team to use to build the CMS? That decision had repercussions felt years later as now developers who were never trained on or hired for Django and Python had to learn it; but outside of that team, none of us are in a situation to say the team picked the ‘best’ or ‘worst’ option; only that team, at that particular point in time, is).

If you find yourself saying “Why didn’t they use WordPress? Or SiteCore? or DotNetNuke, or Drupal”, you’re making the same mistake: We don’t have the full context and constraints that team had, and so we can’t say what would have been the ‘best’ tool for that team. Only that team can answer that question.

Rewrite or Refactor?

The final story is just that, a story, but it’s representative of what we’re talking about today. A business had made the decision to attract a new market segment, and its current software was delivered in a manner ill-suited for that new market segment, even though what it delivered was the same across segments. The team and company made the decision to start from scratch for this new segment, as there was very little expertise on the current codebase, and it was very fragile (it was having numerous production regression bugs with each release that made it difficult to be ‘stable’). Since the company had current revenue coming in for the current product, they decided they should start from scratch — with an accelerated timeline; delivering the same functionality the current system had with 1/5th of the time it took to develop originally.

Was this the ‘best’ choice? For that moment in time, with the business, political, social, financial, and cultural constraints, it was the best choice for that team. In hindsight was it the best choice? Probably not, but there would have been no way to know that at the time. That would have required knowledge the team did not have.

Bottom line

We all want to be absolved of making choices — and that is what you tend to see when someone solicits advice on what tool, language or framework they should use to accomplish a given task. They want to be absolved from the responsibility of that choice, thinking that if other people are using X, then they’ll be successful using X as well.

We also see this in conference talks, even from the best industry thought leaders. The idea that if you just use the practice, framework, tool, or language others are using, you’ll be successful. But you won’t be, or if you are, you’ll either be successful in-spite of it, or because your context and constraints didn’t hinder you.

But always, always, always, look at your contexts (Business, social, cultural, political, financial, and technical) and understand how these contexts shape your decisions, and make the decision that’s right for your team, at this point in time, with what you know right now, that fits your context and constraints.

There is no ‘Best’ Tool

I wrote a provocative post about team language choice, and one of the best questions I’ve gotten in reply is from David:

How will a team ever know the best suited language, framework or tool to pick if they’ve never tried it out before? I would say it is extremely difficult to know the best thing to choose, other than the ones already in our comfort zone.

David Vujic, LinkedIn

This question is great because it illuminates a very common viewpoint in software development, one that hurts teams and software deliver-ability without us even realizing it.

This question puts the language’s needs before the team’s needs, or more correctly, the needs of a human being to grow and learn before the needs of the specific team or the business context that spawns the question of language choice.

This isn’t a value judgment, it’s only natural — human beings, as a truism, must feel a measure of growth or we would stagnate mentally and emotionally and wither away.

Put another way, the question asker is positing that there exists a better language or framework independent of the team’s knowledge, the business, social, and financial context, and that a team should choose that language over something that they already know.

Does that sound absurd to you? I mean, it does when I write it that way. The language and the framework is a tool. It is a means to express the idea of the software into reality.

The language and the framework should be subservient to the team. The language and framework doesn’t drive the goal of the software, nor should it! The team picks the language and framework they’re most familiar with that will solve the problem at hand. The ‘best’ choice for the team becomes an intersection of what they know and what their needs are.

There’s a related idea to this, that a team has a few ‘innovation tokens‘ to spend, and once spent the team should choose ‘boring technology’ that they already know. I argue that innovation tokens are really innovation anchors of an unknown size. They may either weigh you down or they may have no negative impact on development altogether, but you won’t know until you use them. Depending on your comfort with risk and your business’ risk tolerance, this may be an unacceptable risk, or it may be just another Tuesday.

The best suited language or framework does not exist independently of your team’s context. ‘best’ is an internal comparison for your team to make; not a worldwide Olympic ranking of software languages and frameworks. If you don’t know a language or framework, and your team doesn’t have a good understanding of a language or framework, then there’s no possible way it could ever be the best choice for your team — even if it’s the ‘best’ choice for another team that wrote about it on the internet!

To bring it back to the overall theme:

Software tools (like languages and frameworks) and processes are ‘best’ only internally to a team and a specific context. The tools and practices have to align to the team’s culture, its current skill level, the business needs, business culture, financial constraints, and technical and regulatory constraints of the development and deployment environments. There is no such thing as a ‘best’ tool or process that will apply to all teams, everywhere, always.