You’ve probably heard of the Pareto Principle, stating roughly that 80% of the outcomes come from 20% of the causes, or put another way: 80% of the value comes from 20% of the effort.
You probably believe it. Heck, I know I do.
Do you think that 80% of the value of your software “project” comes from 20% of the effort?
If not, why not?
I ranted a little bit yesterday on killing the word ‘project’, and and I was asked, “well, what should we use instead?”
Great question, I would love to tell you.
Projects give off an aura of “beginning, middle, and end”. At some point, this thing will be done. And that’s not true in software. There may be a point where we don’t use it any more (we ‘kill’ it), or it may fail at its purpose, but as long as we’re using it, it’s not done. It’s going to need security updates, framework updates, and at the very least bug fixes.
And so calling software a “project” is a bit like having a kid and calling it an accessory to your lifestyle.
Instead, software that isn’t meant to be a ‘product’ (that is, have the understanding going into it that there will be long term support and a budget) should be called an experiment. Because it is.
We’re not naive enough to believe this IT Modernization project (see, I just did it!) will succeed because we spent millions of dollars and tens of thousands of people hours on it. It’s an experiment. It’s an experiment because Sue in accounting who has been here for the last 25 years basically runs your entire payroll infrastructure even though her title is “Sue in accounting”. Your modernization project will fail if Sue in Accounting isn’t happy, regardless of how you dress up the project. So it’s not a project; it does not have a beginning, middle, or end. It has a beginning, Oh-god-I-hope-we-win-Sue-over, and then support. And if you don’t win Sue in accounting over, you’re going to have a bad day.
So call it an experiment, and don’t let anyone lie to you about the real nature of software: it only succeeds if we successfully sell it to the people who are going to use it.
This post originally appeared in my daily email list on January 13, 2023. I publish emails daily, and put them here when I remember to. If you want to stay up to date, join my mailing list. Details below.
One of the things I do in the realm of strategic architecture is help companies migrate their legacy systems. This can be referred to as ‘modernization’, and generally it means rewriting the application in a new stack that may get developers psyched to go to work again.
The current fad is to move .NET Framework to .NET Core/6+, and to migrate away from MVC/Webforms to a JavaScript SPA based front end. Now, there are several questionable decisions here; but I’m not going to focus on those (like that you should only use a SPA if your application needs to be a SPA. Most don’t. Especially, especially Line of Business applications). The questionable decision I want to focus on is the idea that this is a project.
As I said, these are typically termed as ‘projects’, which is detrimental to everyone involved; from the executive who got approval for this to the developers who will spend the next few years of their life on this ultimately doomed project.
There’s lots to say on this topic; but I want to focus on two parts:
1. software is only a project only if it never needs upkeep. That’s never true. Projects have a beginning, middle, and end. Software never ends. As long as that software exists, you must either pay to keep it running or you must pay to kill it. If you simply leave it alone and do nothing to invest in it strategically (or hell, tactically) the cost will be more expensive than you can ever imagine. For instance: you build a home-grown search application, and that sees use. Well, as that system sees more use (and it’s in ‘maintenance mode’ because we did it, we shipped the project!) the design of that system is stressed; or an unforseen bug comes to the surface. It doesn’t matter. Eventually that system’s usage will exceed its design, and years of neglect or leaving it in maintenance mode will come back to bite you.
As long as a system has users it is a living organism that needs to be fed, watered, and cared for, as often as you would your own pets.
2. You can both reduce the impact of a ‘modernization’ effort and keep the longevity of your working system going while you have time to rebuild it by instituting an event-driven architecture. In short, introduce events and queues into your present working system; let the system work as normal with those new primitives added in, and have your new system also act on those primitives; whether it’s storing the data from it or introducing new processing or replacing existing processing the old system does. The goal of a modernization shouldn’t be to turn the old system off, it should be that neglecting the old system no longer results in problems for your users.
Until next time,
George
This post originally appeared on my mailing list, if you want to get my emails as they’re sent, you’ll want to sign up for my mailing list below.
I would like .NET Development (Desktop, API, and Web) to be as easy as it is to launch a web application with Django or Rails. I would love for a productive .NET ecosystem that rewards non-Microsoft based products. We get to dive into a little bit of why those things are impossible right now, let’s get to it.
Did you know there’s a roadmap for WPF? They cover Winforms too, in a “The decor says 90s but we can’t bear tearing down the house” sort of way. 🗺
How to build a cloud native application with AWS and .NET is one of the talks at JetBrain’s .NET Days Online on October 26th, 2022. I appreciate the realization that with the marketshare disparity between AWS and Azure that they’re not trying to make Fetch happen here. 🐕
Announcing Windows 11 Insider Preview Build 25227 This preview build includes changes to the Widgets location as Microsoft’s windows product time tries to find the least terrible location for something that there is mixed data at best that people actually use them. 🗺
Microsoft blames security researcher for publicizing data breach, says it’s overstated and refuses to answers questions about the breadth of the breach in its support tickets I appreciate Corey Quinn’s take on this, and overall it’s embarassing to see this sort of response from Microsoft and most certainly an unforced error on their part. If you leave an API endpoint open and people take the data, you’re the problem, not anyone else. 🐑 🐟
Cory Doctorow writes a treatise (or a tweetise, or a twitter thread if you’re boring) on the problems with Tech today. Shorter Doctorow: It no longer seeks to make our lives better; it has the same problems as American Capitalism: Scale and eyeballs over function and humanity. 💸
The Azure Devops podcast talks about Windows SDK. I don’t think this podcast was originally named the Team Foundation Server podcast; but I’m willing to be wrong. Interestingly this does not look like a Microsoft property; I’m somewhat surprised the podcast host hasn’t been hit with a trademark infringement cease and desist letter. 🪟
Hillel Wayne shares the most controversial opinion he holds regarding software quality: Get a Good Night’s Sleep. At the tender age of 40 I spent all weekend volunteering from before dawn to dusk both days and am absolutely dragging even two days later. Sleep is super important (no shit, right?) 😴
As you read this, .NET Days Online is tomorrow. Better that than .NET Daze Online, amirite? Ok, that was a terrible joke. They can’t all be winners. 🎈
And that’s it for what happened Last Week in .NET.
Releases, CVEs, and a look into The Last Of Us’s Breathing System as a programming marvel. Let’s get into it.
.NET Core 3.1.30, .NET 6.0.10 and .NET 7 RC 2 are out. On the .NET 3.1 and .NET 6 side, they’re patching a privilege escalation CVE (CVE-2022-41032), interestingly enough this also affects NuGet. As security releases too often are, this one is mum on the details because there’s no way that showing users how vulnerabilities work is a good thing. It’s best if that’s kept to as few eyes as possible, because if people were to be educated, what would happen? Chaos. They also list a CVE fix for .NET 7 RC2, but they don’t list the same CVE, even though they copied and pasted the text from one release announcement to the other. Apparently that CVE for .NET 7 RC 2 that’s fixed is CVE-2022-38013 (though again, I wonder if that isn’t a transposition error). 🏴
The Breathing System in Last Of us shows off how programming is (as Jeff Atwood put it) getting millions of tiny details right. You never think of breathing being complicated, after all, you’re doing it right now. But try to program it, and suddenly a whole bunch of little details have to be figured out. This is a great thread showing the wonder of modern game programming. Don’t forget part 2. ✌
Marten and Friends Hopefully Big Future So Marten is a DocumentDB built on top of Postgresql; and Jasper (now rebranded as Wolverine) is a Message Bus for .NET. Long story short is that they’re working on commercializing and improving the story behind .NET CQRS/Event Sourcing/Distributed Frameworks; and I’m here for it. On the one side you have the extremely buttoned-up and corporate Orleans or Dapr, and on the other hand you have the people who make this an non-monolithic ecosystem. 🚧
With the new .NET 7 RC 2 release there were updates to ASP.NET Core including caching improvements and authentication diagnostics with Blazor and WebAssembly. 🆕
Terminal.Gui made the front page of the Orange Site, and it’s nice to see C# get some love. Special thanks to @ckindel for the mention. 👏
And finally, Jeremy Sinclair has a twitter thread on source generated Regex improvements (that’s a lot to type) in .NET 7 worthy your time to read. Do you want to make Regexes fast? Now you only have two problems. (Also, it’s pronounced regex, not regex). 🤷♀️
And that’s it for what I found last week in .NET. If you like internet shout-outs or sharing your favorite .NET (or let’s be real, Microsoft) content, send it my way @gortok on twitter, or if you’re getting this through email, hit reply. See you next week.
Roasts, Beefs, and CVEs. Let’s get into it.
Microsoft discontinued its iOS keyboard SwiftKey I would trade you a Microsoft Outlook and 4 Microsoft Teams for Swiftkey coming back. Microsoft needs a product arm of the company that isn’t affected by the whole 1990s-era synergy play that infects every action they take. Every time someone claims that Microsoft is a product company, in between fits of laughter I just want to point at things like this. To be fair, Microsoft is a product company, inasfar as it sells things that CIOs want. The only reason the games division at Microsoft is largely unaffected by this is that they haven’t figured out how to get the games folks in their synergy plays. 🎹
Preview channel release notes for the Windows App SDK (Version 1.2 Preview 2 (1.2.0-preview2) is available) I go back and forth between letting the subject write the title and choosing my own, and because I need something to smile at, I let the subject write the headline. The big news here is that Microsoft is dumping VS 2019 faster than they dumped customers feedback. It’s 2022 and if you aren’t on VS 2022, you’re screwed. 🔩
For Delightful Code Reviews, say Nice Things Who’s a good code review? who is it? I would say to say “kind” things, not “nice” things, but I’ve never been accused of being nice. 🐶
What we can learn from the sad tale of Java.util.date A little bit of programmer wisdom and schadenfreude all rolled into a single blog post. 🎻
A list of phrases you may not utter in New Zealand’s parliment take notes, there are some good ones here. Like “energy of a tired snail returning home from a funeral”. 💀
What the Hacker News Crowd wants Stack Overflow’s Architecture to look like vs what it actually looks like I am glad they called out the problems with having an in-process Job scheduler. And this may look different if you have lots of data-ingestion sources; but they don’t, and overall, it’s a picture of sanity. 🧱
Rachel Appel’s Annotated .NET Monthly for October is out It includes some sponsored content by Jetbrains (The company Rachel works for) which is to be expected. Still a good read. 📚
Hundreds of Microsoft SQL Server Systems backdoored with new malware It’s called maggie and it uses the extended stored procedure DLLs to do its magic. Of course you wouldn’t have this enabled, because your IT organization is forward thinking and doesn’t leave open decades old technology, right? right? ☎️
The NSA, CISA, and the FBI have published a joint advisory on Thursday with a list of the top 20 vulnerabilities exploited by Chinese state-sponsored threat groups. Not to be left out, Microsoft owns 4 of the top 19 spots, with Exchange making up all of the Microsoft CVEs. Please don’t run Exchange on-premise at this point. Embrace Azure, embrace blaming Azure. 🌨
Making laminated puff pastry is an example of chaotic behavior in dynamic system I am here for chaotic good croissants. (h/t to Deb Chachra on Twitter) 🥐
A once hopeful soul shares his thoughts on System.Text.Json vs Newtonsoft.Json You know me, and you know if I have beefs, I’m going to share them. This is a beef. Microsoft knew they wanted to have built in Json support. They had a library that ostensibly had the widest support for anything .NET, ever. We’re talking a library being used in the PS4, and they didn’t port it over as is. Not the API, not buying out the library, nothing. “Oh well we have different design constriants” horseshit. No you don’t, you have a problem with taking the timee to implement an API being used everywhere. this is as close to defacto standard as we get, and you have NIH syndrome. If you wanted to make it the standard, you could have. But you chose not to. Even if the internals were different, the public API is what gets people from point A to point B, and I haven’t yet seen a good example of why Newtonsoft.Json’s Public API couldn’t have been used. 🐄
Helix: A neovim inspired editor, written in Rust Because if someone’s using Rust they’re gonna tell you about it. 🤘
And that’s it for what happened Last Week in .NET. Reach out to me @gortok if you have something cool to share.
Yes, this is a day late. Luckily it’s free? (in all seriousness I beg your indulgence as our bathroom remodel is coming to its frenetic end).
TypeScript 4.9 beta is out. Yes it has new keywords and yes it has breaking changes. Those two things are pretty reliable in TypeScript land. I think the JavaScript disruption for disruption’s sake is a contagious virus. Of course, love is a virus, so maybe that’s not a bad thing? 🦟
[Microsoft Commerce’s .NET 6 Migration Journey](https://devblogs.microsoft.com/dotnet/microsoft-commerce-dotnet-6-journey/) This is a wonderful in-depth look at the Microsoft’s move from .NET Framework to ultimately .NET 6. The TL;DR? Faster, less expensive (in terms of CPU,Threads,Memory) and, yea. Linux comes out on top. One paragraph that bears repeating is on the “Windows Assumptions” their teams held previously:
As we moved services to .NET Core and then into Linux, we quickly found it important to remind teams that .NET Core and beyond does not mean that everything will “Work in Linux” out of the box. “Windows Assumptions” in your code can sneak in – or in your build, tooling, monitoring, troubleshooting, or other processes.
What are “Windows Assumptions”? These can be as simple as assumptions around folder slash direction (if not using Path.Combine), more complex such as relying on COM components, or even using an API which is only available on Windows. It also might be build process limitations, or tools that you use with your service that aren’t available. In all cases work is needed to identify these and replace these with platform-agnostic code where available. Testing your service end to end on multiple platforms early is key!🥇
A video of an engineering team hearing the outlandish promises sales is making to customers for the first time. It’s funny because it’s true, and if you haven’t ever been in this situation as a developer, I envy you. 🌠
Use .NET from any JavaScript app in .NET 7 Look. I get it. JavaScript is cool. You want to be cool and say you use JavaScript too but in reality it’s just .NET with JavaScript imports. I beg you to reconsider. Remember UpdatePanels? This is like that, only less cool. (h/t to @ddskier). 🥵
A little bit of history in how “Protect Mode” got into Windows And ultimately why I’m not typing this from Microsoft’s OS/12 Warp Corporate Edition. 📔
Windows Fonts are what the Chrome is Made of and I couldn’t have been more confusing about that title if I tried; but read it, and I promise you’ll be rewarded. 🏆
And that’s it for what I found last week in .NET. If you find anything interesting, send it my way @gortok on twitter, or via email at george at georgestocker.com
Lies Developers tell themselves include, “I can get this done in a week, including testing”. Ouch. 🙈
Dev from Twitter remarks unironically that one of the perks of working at Twitter is being able to turn off Ads. @Carnage4Life notes that that exact mindset is why Microsoft continually fails at Products. Dev deletes tweet. 🙊
Javiar is working on integrating .NET MAUI with Figma This looks neat. 🧠
Do you want to build apps for Microsoft Teams? Garry teaches you how. 👯♂️
Microsoft is looking for a Junior PM but they refuse to use the word Junior. Why?🐣
Maarten Balliauw writes about how to create an ASP.NET Core Rate Limiting Middleware in .NET 7 I have a similar approach; make all of your web service resources singletons. (I may have done this with a spell-checker when I was a junior developer, with disasterous effects). 💥
And that’s all I found last week in .NET. I did get to go camping and avoid civilization for a few days, so I’ll chalk the lightness up to that.
I don’t know if I told you this, but Khalid Abuakmeh is on a mission to change the name from .NET to dotnet.
I get it. I do. .NET is hard to search for, people end up typing .net or dot net or dotnet anyway, so why not just make the name what the people type?
I can see their point of view. It’s not like the .NET name means anything anyway, I mean, heck, even Microsoft couldn’t explain it.
But ultimately, rebranding efforts are hard enough with a company good at (what amounts to) consumer marketing. And that’s an area of growth for Microsoft.
With that aside, let’s get into what happened Last Week in .NET.
There were a flurry of releases last week (speaking of, what do you call multiple releases? Is it a flurry?) with .NET 7.0 RC 1, [.NET 6.0.9](https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.9/6.0.9.md and .NET 3.1.29 all getting version bumps. All of these releases address a CVE with the model binder under the CVE Number CVE-2022-38013.
I give it about 2 years until Microsoft dumps version numbers entirely and moves to CalVer. This is simply an unsustainable Pace of version numbers. 📅
Because we all need a little fun in our life; a joke design ended up making the N-Gage what it was. Also, if you’re of the demographic that doesn’t know the G-word in that article, I recommend… No, I strongly recommend… No, let me try again: DO NOT GOOGLE THAT WORD. There. I warned you. 🐐
The current work in progress to get Linux (?) controls working on MAUI. I want to believe. 🛸
The .NET foundation is removing its $100 membership fee. I’d rather they keep the $100 membership fee and act like an independent open source foundation instead of a mouthpiece for whatever antics Microsoft is up to in the .NET space. It’s not even subtle at this point. 💸
Entity Framework 7 RC 1 is out, and I’m glad they dropped the ‘core’ moniker because this isn’t just the essentials any more, this rivals the size of EF 6. 👣
Custom Dev Container Features for when you want to install development needs via Docker for VS Code. 🚢
Uber was hacked in part because the attacker told them he was hacking them and they thought it was a joke. I can’t add a punchline to that. 🙊
.NET 7 static AOT Initialization being demonstrated in drawing a circle, with … no code to compute the circle. I agree with Miguel on this one, that’s… impressive. 🤯
Geoff Huntley explains why it’s legally problematic to use VS code. I’m not saying I agree with the viewpoint, but I agree we need to look at these things more critically. 🤨
Sorry for the lateness on this one, I’m currently going through a surprise Bathroom Remodel.
We came off the tail end of a short week, so there are a few good things to read this week. Here’s what I found.
The Problem with Fighting Fires You’re likely a software developer if you read this newsletter, and so this blog should be at the top of your reading list for today. Or maybe tattoo it somewhere you can read it daily. 🔥
What are some unanswered questions you have about the WinAppSdk and WinUI Me: Why are they two separate things. Why wouldn’t someone who is building an App want a UI? ❓
Scott Hanselman says upgrade to .NET 6 and while in the abstract I agree with him, the sheer problems I’ve run into even trying to upgrade .NET Framework projects to use the new SDK style (which admittedly is the first step in the process) is nuts. Write new stuff in .NET 6. Upgrade as you’re able; but the list of things that cleanly upgrade is very small. EF doesn’t cleanly upgrade, ASP.NET Web API doesn’t cleanly upgrade, ASP.NET MVC doesn’t cleanly upgrade, and Webforms definitely doesn’t cleanly upgrade. About all that does are class libraries, and that’s if you were lucky enough to stay up to date with the changes along the way. 🤷♀️
Writing Windows Application Services for Kubernetes I’m sure this is a great article, but it lost me after this premise:
In a traditional .NET distributed application, application services (not to be confused with the Kubernetes ‘service’ object) would either be written as IIS hosted web applications or Windows Services.
Yea, in 2015 maybe. If you’re writing anything other than Windows Desktop applications today, I highly recommend using .NET 6 and Linux based server runtimes.
At least Mike’s advice about avoiding Windows Containers is spot on. ⚙
Mads Kristensen walks through what’s new in Visual Studio 2022. I had a recent update that completely screwed the ability of VS 2022 to find the .NET 6 SDK that is installed on my system and reachable from multiple command prompts (no there isn’t a global.json in the way). Sooo while it’s much better, there’s still the easy slipups in play. 🆕
Have you been following the ASP.NET Community standups? As always there are good tidbits in there. 🤼
Developing Error Handling Strategies with asynchronous messaging, which is not about how parents with young kids coordinate, but rather about distributed applications. 📤📥
How Microsoft releases the Azure SDKs The promise was much better than the result. Sorry, they can’t all be winners. 🤷♀️
WebAssembly for .NET Developers: Introducing the Spin .NET SDK. Why do I as a developer want to develop a WASM application? Tell me in your post. Tell me why this matters to me. What will this enable to me? What will be the non-software-building effect? ❓
Microsoft teams is a terrible product with an amazing social team behind it which is so true. Teams is a way for Corporate America to seem like they are cutting edge while reinforcing all of the worst traits of working. As long as it’s pitched to CIOs, it will forever be a step behind and kind of icky when you look closely enough. 🙃
Github Copilot is now available for teachers It bears repeating, but Copilot is code licensing money laundering. Use it on your codebase with that in mind. 💸
And that’s it for what happened last week in .NET.