Author: geostock

I think quite a bit about “Best Practices”. Partly it’s me reacting to the aversion I have for that phrase, best practices, and partly it’s me trying to figure out a better way to say what we mean when we say “Best practices”.

What are we trying to convey when we say “Best Practices” anyway?

At least part of the time (though I suspect more of the time than we care to admit) we use that phrase as a way to shut down dissension or as an ‘appeal to authority’. I don’t think it’s done maliciously; but there is an element of ourselves that gets tied to a course of action, and even if it may objectively be wrong for our context, the ego is the ego, and the appeal to authority, well… feels good. It almost feels righteous.

Another part of the time it’s as a protection in case something goes wrong. If we’re doing it, and other people do it, it can’t be wrong, right? We can’t be held responsible for doing what is considered a ‘best practice’.

And for some situations, a context free ‘best practice’, may actually be a best practice and we use the term because the stars happen to line up and it’s an actual best practice.

I think this is far less common in practice than we judge it to be.

Too much of what we do when we build software is context-sensitive, that is, the particular circumstances and facts surrounding the why and the what are as important (if not more so) than the “typical” means we employ to build software.

Or put another way, we have far fewer immutable laws when building software than when engineers are designing and building roads or bridges. Gravity or inertia will not suddenly change on the bridge engineers, but our circumstances — our context can change on a dime.

I don’t know how far this thought extends, but I like to think that when I’m designing software, the context I’m designing on is front and center. It is the most important part, because it’ll define the rules by which we operate. So instead of using best practices, I use context-sensitive practices. Maybe that’ll keep my hubris at bay?

I’ve gotten some feedback on the whole idea that software should have a soul, and I’d like to share it with you.

Daily Email List reader Chris (shared with permission) said:

I’ve always seen it as “relational” … the software has to make a connection to the users either with its other sets of users (or the developer …. it depends). It has to evolve and feel like it to its users…. in my mind, you as the developer care enough (about the relationship) to improve it. But it also takes time either in the beginning (or later but probably earlier) to properly build an experience for the user (e.g. UX) that they just feel less friction. It just feels “right” – like you said about the Notes app (which I know nothing about … not a Mac guy) vs any sort of writing app. MS Word simply sucks at offering a zillion features but making the usability of them such a horrific pain (especially that well-hated “ribbon” concept). 

Chris, from the Email List

I had MS Word in mind when I was writing the email; along with lots of other pieces of software. And Chris’s feedback introduces an interesting thought: at some point, features actively harm the soul (if one is present to begin with). When Microsoft Word came out; it felt like a joke against Wordperfect (which absolutely had a soul), and then after a little bit, it became the best thing around, but then it lost its purpose and became a box filled with every feature you can imagine, and started piling UI on top of UI, until now it’s Frankenstein’s monster from a UX perspective. Chris is spot on.

Jason Karns on twitter also said:

A key aspect that always bothers me when missing: consistency with its environment. Mac apps need to behave like Mac apps. (System shortcuts, text controls, etc) same with websites (which is one reason I hate most SPAs) they have features but they’re posing and have no soul

@jasonkarns, Twitter

And that brings up my dislike of SPAs, but before Jason mentioned them in this context, I hadn’t realized my dislike was directly attached to the fact that SPAs completely disrupt and eschew the power of the web for some semblance of a ‘rich’ experience. SPAs are a thing that acts contrary to itself.

Everyone, everything, even software, has a purpose. Once you get away from that purpose and into the blind alley of adding features to capture market share, or because someone said they wanted it, then you run the very real risk of your software becoming a thing contrary to itself — and just like in humans, that damages its soul.

I’m still stuck on the “Software needs a soul” thought. I’ll probably write about it more in depth at another time, but for today, for right now, I want to share one implication of that thought.

If having a soul is what makes us us, then it’s not the physical features of a human being that make us human, it’s the soul.

For software, features are necessary — maybe less necessary than we think they are; but they aren’t sufficient.

How many times have you seen the ‘feature checklist’? Where the software lists all of its features, as if that makes up for its lack of purpose. Lack of… soul? I have a working theory that if the software we build had a soul, we wouldn’t need to put so many features into it.

As I said, I can’t shake this thought, and I’ll spend some more time on it later, but today I’ll leave you with that one thought: If we were to cut features and focus on giving the software we work on a purpose for its users, and hone the software to excel at that purpose, would we build better or worse software than we do right now?

I have never said or heard — except colloquially, that someone is described as a human with a soul.

It goes without saying, right? Humans have souls. Now we have said there are humans without souls, but that is very much the exception.

Intrinsically, we know two things:

1. Humans are more than the sum of our parts.
2. The ineffable quality that is a soul defines who a person is.

I’ve been stuck in a train of thought for a while now on the quality of the software we use and build. Why is software — on the whole — worse than it should be? What makes ”good” software? why does any of this matter?

I’m not sure about the rest but I can answer the last question.

Software quality matters because software is meant to make our lives better. I don’t mean code quality, or process quality, or delivery quality. The closest defined term for what I mean is the User Experience. But it’s more than what we traditionally consider. It starts with how software makes us feel. It ends with whether that software has truly made our lives better. But it’s more than that. At least in part it’s whether that software feels human.

Whether that software has a soul. I can list lots of software that feels souless. But the software that truly makes me feel good is software that I could swear has a soul.

One example, because it’s not an easy thing to define. WordPress is a well written piece of software, but I am typing this up on an iPhone in a mobile web browser and it’s clear no one ever anticipated someone typing on an iPhone. All of the affordances the iPhone is renown for — autocorrect, auto-capitalization, response speed, enter doing the right thing, the screen acting correctly are gone or severely hobbled.

And yet, if I were to type the same words into the Notes App, it would have been a butter smooth experience. It would have not felt frustrating, to say the least.

WordPress is a collection of features ostensibly geared to helping you write, but the Notes App really helps you write.

Between the two, I would describe the Notes App as having a soul. I wouldn’t say the same about WordPress.

Software should have a soul. I can’t get that thought out of my head.

Starting out this week a little differently, Sarah Dresner, @sarah_edo on twitter comments on the Batman movies, and it’s shockingly relevant to software we create:

When they make Batman movies, they say “ah yes, this has all the ingredients of a good movie” The trouble is, you don’t eat ingredients, you eat a meal. (Source)

She has an entire thread just on the problem with (primarily) DC movies, but it’s definitely relevant to our work, and it reminds me of our approach to business applications (and a bit broader; large companies that rhyme with smike-ro-croft approach to building software). We build software with features, (ingredients) but we generally forget the soul of software; that part of it that makes it relatable to the user. Features are not a soul, though a feature can be implemented with a soul. Software that we love and software we merely tolerate (at best) are separated by whether or not it has a soul. 👻

---

John Papa takes us through the early history of JavaScript and why jQuery saved JavaScript. We look at these technologies with derision today, “Oh, you’re still coding in jQuery? How can you?” but everything that is old and busted was once new and wonderful. ✨

---

Aaron Stannard asks, “Why does it seem like Microsoft deprecates all of their Azure SDK NuGet packages and replaces them with an entirely new one every 18 months?”. That’s a great question, and the comments on the tweet offer possible explanations, but no one is speaking up in an official capacity. ❓

---

The people inside Microsoft using Windows Containers are talking about the cool stuff they can do. If you’re one of the five outside of Microsoft using Windows Containers voluntarily, you’ll enjoy this as well. Also, if you’re not a part of Microsoft and you’re using Windows Containers because you want to please drop me an email. It’s george at georgestocker dot com. 5️⃣

---

dotMorten shows you have to add OAuth to your WinUI application with one line of code using WinUiEx (Windows UI Extensions). 👍

---

Windows App SDK 1.1 Preview 3 is out and it includes Mica and Background Acrylic; which are two UI styles in Windows 10. 📢

---

Apparently Windows 11 Cumulative Preview KB5012643 breaks .NET 3.5 (in Windows Server 2022 as well) so watch out. ⌚

---

Microsoft 3D MovieMaker was released into opensource and the amazing part is that the software was built last. The entire manual and documentation was created first. That’s astonishing. 📚

---

.NET 5.0 is out of support, so if you haven’t updated to .NET 6, now is the time. Literally. ⏳

---

This old tweet by Scott Hanselman came up again on what should be included in a Windows Developer Checklist and I maintain that GNU Utils is a requirement. I also want a native Perl Runtime, but you can’t have it all. 🔍

---

Jimmy Bogard writes You Probably Don’t Need to Worry about MediatR which itself is a response to this post that says, You probably don’t need MediatR as someone who has never used MediatR, they’re both right.

But what I want to bring up here is this mentality in software where we find these castles we believe in, live in those castles, and then eschew all the other castles we see. We build moats around ours, and see others as inferior. We tie the software we use and create to our identity. We defend it.

I also want to point out that Jimmy does a great job of not doing that in his post. He gives a reasoned rebuttal without it crossing any lines into attacks. ⚔

---

Not an Internet Of Sh*t joke but “This toilet installation is connected to Microsoft Azure IoT Central”. I just can’t with this. 💩

---

Power Platform Conference in September in Orlando, FL is looking for speakers. Submissions are due by May 16th. 🤼

---

Jeffrey Snover talks about the time he was demoted and made a corporate pariah for five years for inventing Powershell. There’s an accompanying talk on it. Sometimes I get asked, “why do you hit Microsoft so hard when they do <something I think is wrong>”, and stuff like this is the reason. There’s an inertia present in all businesses towards the present. Not towards innovation or getting better, but for extracting as much from the cash cow as possible. Microsoft is not only not immune to this, but there are many recent examples of this happening (Hot Reload, to name just one). The ‘new Microsoft’ has not gotten away from this inertia, and if we just stay silent, there won’t be any external forces helping them to see they are just relying on inertia. As much as I dump on Powershell, it was revolutionary for Windows administrators, and it deserves more accolades. In the replies another Microsoftie talks about the fact that BitLocker was also one of these anti-inertia projects. 🐚

---

And that’s it for what happened Last Week in .NET.

It’s an abbreviated (and rather late) Last Week in .NET this week, due to a convention and a golf fundraiser on Monday. Mea culpa, even though I’m really not sorry having a vacation day.

With that behind us, let’s get into what happened Last Week in .NET.

Windows Dev Docs reminds developers about what they need to know for developing Windows Desktop Applications, and in a completely not-self-aware moment they don’t realize that the sheer need of this document means their strategy is not going to work. It’s slightly better than a flowchart; but gives off the same vibes: If your desktop development strategy, for a stack you own, is this complicated, how can you actually expect people to be able to follow it? How can you expect them to want to develop for your platform? The mind boggles. 🧠

---

Jeff McJunkin says “Your threat model has to allow for attackers gaining local admin-rights” to which I reply that none of the alternatives are any better for the developers. There are no ‘fully cloud’ based development and integration setups that keeps legal from screaming in latin, while also keeping developers happy enough not to leave your company. Local Admin rights has been a staple of the developer experience for as long as there’s been a Windows Operating System (heh. Does that make the current state of affairs Microsoft’s fault?), and VDI or ‘thin clients’ are terrible for the developer experience. 🕵️‍♀️

---

One of the great things about #aspnetcore is that it’s really easy to run different frameworks side-by-side now if only Microsoft would stop eating its young, we might have different web frameworks to run side-by-side. 🤷‍♀️

---

Microsoft Build is May 24-26, 2022 and Registration is open. There is some irony here that people ‘have to go back to the office’ to have spontaneous collaboration but the conferences are still virtual. 🤔

---

Did you know HTML has the ‘inert’ attribute? If you’re building your site to be ‘accessible’, then you need to know about this element. 💤

---

Remote Working has Changed the Rules of the Workplace, so Watch Out There’s one part to this that makes me happy: Maybe this will be the straw that kills notifications as a viable means to alert people to what’s going on. 📢

---

CVE-2022-27774 and CVE-2022-27776 existed in curl release code for 8603 days. I will wait patiently while someone explains to me that open-source means that given enough eyeballs, all bugs are shallow. 🐛

---

Template Studio is now supported in Visual Studio 2022. Template studio ‘accelerates the creation of new Apps using a Wizard-based experience’. This looks interesting, but I’ll need to dive into it to see if it’s more than demo-ware. 🏃‍♀️

---

Hillel Wayne explains the genesis of the Microsoft book, “Mommy, Why is there a Server in the House” and for those of you that missed my 40th Birthday, I’ll happily take a copy of this book. 📚

---

And that’s all I found last week in .NET. If you’ve got something to share, you can @ me on twitter @gortok, or email me at George at GeorgeStocker dot com. We still do this to defeat the bots, right? Right?

It’s been a while, and I appreciate all the well-wishes I received from you all. Unfortunately my FIL is still in the hospital (he’s been in the hospital for 105 days, which is itself a shocking number), but as they say, the show must go on.

I’ll spend this time catching you (and let’s be real, me too) up on what happened in the world of .NET since we last talked.

🙈 Microsoft is caught testing ads in Windows 11 File Explorer and then once chastised, said it was ‘not intended to be published externally’](https://www.theverge.com/2022/3/15/22979251/microsoft-file-explorer-ads-windows-11-testing).

I’m grateful Microsoft didn’t try to lie, but I almost would have preferred a lie over the eventuality that Ads are going to be in my operating system.

---

🙋‍♀️ Nadine Dorries, Britain’s Big Tech Slayer asks Microsoft “When are you getting rid of the algorithms?” I don’t know if it’s better or worse that Microsoft’s business decisions have been made by humans to this point. All kidding aside, as an industry we rely on the almighty algorithm as God and it thankfully is backfiring. Sure, it’s easier to rely on a computer than it is to make humans make decisions, but in true Computer Science form we are only, at best, adding another layer of indirection. Or, as the saying about using a regex goes, now you have two problems.

---

1️⃣Uno Platform v4.2 has been released. This includes .NET 6 Mobile RC1 (what is .NET 6 Mobile? I’ve been gone far too long) and support for Visual Studio 2022 17.2 Preview 4. Apparently it also includes support for using OpenGL to render the UI chrome. This feels important but UI programming has long been a convuluted mess for me to understand. I’m not proud of it but it took me over a decade to understand what the “X Window Server” even did.

---

🥚🥚Okta had a security incident, followed by a mea culpa, followed by a blog post that says, “Secure your .NET 6 Web API [with Okta]“. I could not read the blog post because the author’s cojones were blocking the screen.

---

💸Tim Cochran and Carl Nygard write a rather extensive article on MartinFowler’s website about tech debt. I like the article, though I take issue with branding accidents, mistakes, and inexperience as technical debt.

---

😎How do we remove the ‘not cool’ label from .NET? Do you want to be cool? or do you want to be successful? Which one really matters?

---

👍The null parameter checking feature x!! has been removed from C# 11. I’ve been banging the drum against syntax explosion for years and while I have no doubt that I’ve had no effect at all on anyone about this, I’m still happy to put a point up on the “please stop” board. C# is a wonderful language, but the more baggage you add to it, the harder it becomes to maintain, and someone has to go through the years of legacy code and remember the ‘old ways’ (that were considered ‘new’ as of 2018). You know what happens when you just add syntax on a whim? Perl happens.

---

📃Matt Zorich says you should use Azure AD Password Protection on-prem if you are licensed for it. Azure AD Password protection sets up global lists of ‘bad passwords’ to keep people from using them. They’ve got the money, why not just buy LastPass and integrate it into the OS? Why this half-step?

---

‼Security Alert: Attack Campaign involving stolen OAuth user tokens issued to two third-party integrators. On April 12th, Github Security uncovered that attackers were using OAuth app tokens to download data from their customers. It appears that either Heroku or Travis-CI (Or both) had a breach, and the attacker used the OAuth Tokens to get into the github repositories. Heroku’s take on this incident is linked previously, but Travis-CI has been mum on this topic as far as I can tell.

Security breaches are bad. Not saying anything when another comnpany accuses you of having a security breach is worse. You understand how it’s worse, right TravisCI?

---

📹MalwareTech takes you through how to reverse engineer an RPC vulnerability in windows (specifically CVE-2022-26809 This is a must watch video.

---

📐Mysteries of the Registry I preferred the old days of file based configurations, since File-based backups are as old as computers themselves. But despite that, the registry is still an interesting thing to read about.

---

🗄Speaking of which, you can download File Manager from Windows 3.1 for Windows 11. This is about where we peaked, if I’m being honest.

---

🏠New Security Features for Windows 11 will help protect hybrid work, I too also know a cheaper and easier way to protect hybrid work: Don’t go into an office. Work Remote 100% of the time. If your house gets broken into you have more pressing issues.

---

🤵Kenney Myers releases a demo-app built in .NET 6 and using Server-side blazor. The Jury is still out on blazor. It’s adoption rate is dismally low. Why aren’t you using blazor? Hit reply and let me know.

---

🌭The Software Development industry is a sausage fest. 91.67% (The .67% is just adding insult to injury) of the industry identifies as a dude. Not coincidentally, diverse eco-systems have better survival rates than non-diverse ecosystems.

---

💪Azure Virtual Machines support ARM. No snark, just cool.

---

🍪Will DockerTools ever support .NET Hot Reload? If you give a mouse a cookie, they’re gonna want a glass of milk.

---

🎉Windows App SDK 1.1 Preview is out Also turns out in the intervening time they also released 1.1 Preview 2.

---

💀.NET 5 End of Life is May 8th, 2022 followed by .NET Core 3.1 on December 3rd, and tomorrow.. Yes, tomorrow, .NET 4.5.2 through 4.6.1 are End of Life’d.

I wish they’d just go ahead and EOL everything before .NET 4.7.2 — that’s when the “.NET Standard 2.0” is more or less guaranteed to work with .NET Framework.

🥊Miguel de Icaza brings up an old beef with .NET bindings and Unity It’s a tale as old as tech: Platform A writes hooks into Platform B. Platform B gets upset, fearing a bridge is being built over its moat, and kills the hooks. Who loses? We do. We all do.

---

🎉NET 7.0 Preview 3 has been released. As usual he EF Core team operates at a frentic pace.

---

🎉.NET 6.0.4 has been released with “non security fixes and performance improvements”, and you can click through to learn more depending on what you use.

---

🎉 And .NET 5.0.16 is out also with those same sorts of non-security updates and performance improvements. Interestingly Microsoft is making .NET Core updates available via Microsoft Update on an opt-in basis. Does Microsoft Update support Linux Server OSes? Probably not.

---

🎉 Finally, .NET 3.1.24 was released, along with the others, with the same sort of updates. I’m gonna go ahead and say it, if you’re still using .NET Core 3.1, it’s way past time to adopt .NET 6. Way past time.

And that’s what’s happened since the last time you and I talked about .NET. I hope you are well, and I’ll see you next week.

Another lite week. It’s been almost a month since the last set of releases for .NET (Core), and while that isn’t a long time, it just feels like a long time.

However, there’s still (mostly good) stuff to share this week, so let’s get to it.

Microsoft was able to detect and mitigate Russian Cyber attacks on Ukraine within hours of them launching prior to the invasion. I give Microsoft a lot of crap when they aren’t doing the right thing, so it’s only fair to call out how they were able to mitigate a novel cyber attack within hours of it being launched. That really is impressive and a credit to the security engineers at Microsoft. 👏

---

Design Systems are for user interfaces Design Systems are like onions. They have layers. What about Cakes? Cakes have layers. Parfait. Everyone loves parfait. 🎂

---

The F# Foundation Strongly condemns the Russian Invasion of Ukraine. There really isn’t much anyone can do outside of condemn or boycott. It’s like that old joke, where does an elephant sit? Wherever it wants. 🐘

---

Miguel De Icaza is leaving Microsoft I can’t speak to why Miguel is leaving Microsoft and the timing may be coincidental with the recent fallout over the DevDiv President and the Hot Reload issue that would have assuredly gone against MDI’s viewpoint on how that should have been handled, but either way Microsoft is losing a visionary on how to attract the open-source world to Microsoft’s efforts in OSS. 👋

---

How to share code between ASP.NET and ASP.NET Core More people have to do this than we’d all like, and I’m glad this sort of view is out there. It’ll be another 10 years before Webforms is dead dead, and that’s if we’re lucky. 🚛

---

Microsoft extends termination date for employee so they can attend to a family emergency This is a wonderful happy-ending story of Microsoft using its abilities to ensure a departing H1-B visa employee can fly back to their native country to care for a family member, which normally would have terminated their visa on their termination date. This was a good move on Microsoft’s part, although an indictment of our current H-1B Visa program. 💳

---

And that’s it for what happened last week in .NET, as always, if you have interesting content you think I should know about, you can @ me on twitter @gortok, or you can email me at george@georgestocker.com. Yes, that is a very creative email address. Thank you for noticing. 💙

.NET is humming along, MAUI is coming at some point, and all the C# 9 Records in your project should be in one file, says a .NET team member.

Introducing the .NET 6 Runtime for AWS Lambda Congrats, you can now spend even less on your lambda functions by using the power of .NET 6. I just had a thought: As runtimes get faster, costs to run lambda functions will necessarily drop. So if Amazon writes their own cloud native programming language, would they be incentivized to make it slow? 🌧

---

Create a .NET MAUI Windows MSIX to Sideload Or Publish to the Microsoft Store This video is how to use a thing that is not generally available yet to do a thing that no one wants to do yet. 😶

---

Technically this one is for next week, but David Fowler woke up and chose violence:

With records in C#, a type per file feels like a waste of space. How have you been organizing your code with records.

I don’t advocate internet dog-piling but this is just beyond the pale. With the ratio (79 replies, 14 Retweets and 6 Quote Tweets) it’s clear you all agree with me on this. Seriously though, I like Records, but I don’t see a reason to get away from the one-class-per-file, especially when the alternative is worse.

Think about it, would you rather have a file named records.cs that contains 50 class/records that represent all of the data-types in your application, or 50 files named what the record is? employee.cs for example? Would you rather fight one horse-sized duck or 100 duck-sized horses? 🦆

---

Last Week was light. Like, really light. Part of it was me (I have toned down my twitter consumption), and part of it was that everyone’s attention is focused on Russia invading Ukraine. As of this writing, it appears public sentiment is against Russia, but that doesn’t mean much to the civilians and soldiers in Ukraine fighting for their lives and homes.

If you’d like me to keep this newsletter going, reply and let me know what you like about it.