Microsoft Dependency Has Risks

"There aren't many things like .NET, MSSQL and Visual Studio out there. The debugger experience in VS is the holy grail if you have super nasty real world technology situations. There's a reason every AAA game engine depends on it in some way."

I'm not interested in AAA games engines writing and nor is most of the world. If that is it, then you have damned MS with (very) faint praise.

I think you misunderstand- game engines are complex beasts and visual studio and/or .Net (in any of its incarnations) have the best debugging workflow I've seen.

Typescript is also Microsoft. So is ONNX.

To paint a picture: I’ve worked with Microsoft technologies almost exclusively for decades but recently I was forced to pick up some Node.js, Docker, and Linux tooling for a specific app.

I can’t express in words what a giant step backwards it is from ASP.NET and Visual Studio. It’s like bashing things with open source rocks after working in a rocket manufacturing facility festooned with Kuka robots.

It’s just… end-to-end bad. Everything from critical dependencies developed by one Russian kid that’s now getting shot at in Ukraine so “maintenance is paused” to everything being wired up with shell scripts that have fifty variants, no standards, and none of them work. I’ve spent more time just getting the builds and deployments to work (to an acceptable standard) for Node.js than I’ve spent developing entire .NET applications! [1]

I have had similar experiences every few years for decades. I touched PHP once and recoiled in horror. I tried to get a stable build going for some Python ML packages and learnt that they have a half-life measured in days or hours after which they become impossible to reproduce. Etc…

Keep on assuming “Microsoft is all bad” if you like. You’re tying both hands behind your back and poking the keyboard with your nose.

PS: The dotnet SDK is open source and works fine on Linux, and the IntelliJ Rider IDE is generally very good and cross-platform. You're not forced to use Windows.

[1] The effort required to get a NestJS app to have barely acceptable performance is significantly greater than the effort to rewrite it in .NET 9 which will immediately be faster and have a far bigger bag of performance tuning tools and technologies available if needed.

I tried developing an MS .NET app and it's indescribably bad. The deployment story is non-existent, monitoring, tracing, alarming is barely there. You have to work with MS libraries that are on life-support with glaring bugs still present.

"I think you misunderstand- game engines are complex beasts and visual studio and/or .Net (in any of its incarnations) have the best debugging workflow I've seen."

I think you misunderstand: the market, ie the number of people who actually care about developing game engines, is tiny.

How many games developers do you know as a subset of the people you know of?

OP only managed to find a niche product area for MS to shine in and maintain traction - the moat thing. Nothing else apparently.

I for one would not miss MS one jot. I wasted so much time with things like autoexec.bat and config.sys back in the day. I got good at it - Novell gave me a T shirt on Cool Solutions for a boot floppy image that managed to try several popular NIC drivers (3c595, 3c905, 3c509, ne1000 and a few others) and get you to a network connection for imaging or whatever. Later on I get to ignore SFC /SCANNOW answers to searches. Do you remember WINS? What about the horror of time sync? The PDC emulator FSMO role is basically a NT domain controller. AD was a bodge from day one, tacked onto ...

Sorry, got carried away there.

Again, Typescript is cared about by whom and what on earth is ONNX?

I have a lot of respect for organizations that get a lot done with Microsoft technologies. I think your perspective could be thought of as the benefits of vertical integration and vendor lock in. These do help people get things done!

In the academic and open source world those things are fought against because you don't want to be at the mercy of the software developer in the context of certain rights.

I think for every negative you mention on either side a positive could be found on either side. And like many things on the net, you're not wrong but not necessarily talking about the same kinds of things.

My remaining complaints about Microsoft are the inflexibility of their solutions that command abstractions that just don't work for many organizations, and the general viral nature of software sales in general of which they are one of many with similar issues, however Oracle is the worst of course.

Unless you found yourself in some bizarre dark corner of a huge ecosystem of products, that's just not true.

Deployments are just "file copy". You don't even need Docker, because Windows isn't Linux, it has stable user-land APIs so apps are portable.

Not to mention that the dotnet sdk can create container images directly without even needing Docker installed: https://learn.microsoft.com/en-us/dotnet/core/containers/sdk...

There are pre-built Linux and Windows ASP.NET base docker images: https://learn.microsoft.com/en-us/aspnet/core/host-and-deplo...

Visual Studio's ASP.NET templates all have a literal checkbox for "Docker support" which is all it takes to have a hot-reload debugging/editing experience.

The dotnet runtime has very good Docker support, including automatic memory usage tuning to prevent it getting killed by Kubernetes or whatever.

The underlying "App Host" below ASP.NET has fantastic support for layered configuration, which by default supports environment variables, command line parameters, named environment configuration files, and "user secrets" in IDEs. All of it is strongly typed and supports runtime refresh instead of Linux style "restart the process and interrupt user file uploads to get a new config". There's plugins for Key Vault, AWS KMS, App Configuration, feature flags, and on-and-on.

Open Telemetry is fully supported and now the default: https://learn.microsoft.com/en-us/dotnet/core/diagnostics/ob...

Everything in ASP.NET uses the standard built-in ILogger interface, so wiring up any kind of audit logging or custom observability is a piece of cake: https://learn.microsoft.com/en-us/dotnet/api/microsoft.exten...

The really fancy logging uses the high-performance ActivitySource APIs, which are used for lower-level tracing of dependencies and the like. Again, these are standardised throughout not just Microsoft libraries but most third-party packages too: https://learn.microsoft.com/en-us/dotnet/api/system.diagnost...

Aspire.NET can orchestrate multiple cloud emulators, multiple apps, Node.js front-end apps, and wire up the whole thing with Open Telemetry and a free local trace viewer (with span support) with zero config: https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals...

Windows GUI App deployments use standardised installer packages (MSI) that have simple devops pipeline tooling: https://github.com/wixtoolset Now... name the one package format that you can use to distribute client apps to all Linux distros!

When you run "dotnet build", the result is built, unlike Node.js where you end up with 150K tiny little files that need to be rebuilt again "in production" because oh-my-god it's a scripting language with C code blended in randomly, so it doesn't... actually... build. I just had the fun of trying to figure out why PM2 doesn't like musl or running under non-root user accounts, why starting a Node.js app takes frigging minutes whereas ASP.NET starts in milliseconds, and on and on.

A game engine is often an example of a 'complex beast'.

No one is arguing that developing game engines specifically is common.

Perfectly valid points. I've worked in academia, and their insistence on non-Microsoft technologies was helpful in certain fields where openness and long-term reproducibility is critical.

The downside is that this produces a microcosm of obscure technologies that can have... strange effects on industry. Some FAANG-like companies have a habit of hiring only recent graduates, so their entire staff is convinced that what they saw at their University is how everybody else does things.

It leads to Silicon Valley clique that has a fantastically distorted perspective of the rest of the world.

Some comments I've seen here on HN are downright hilarious to anyone from the "rest of the world", such as:

"Does anyone still use Windows Server!?" -- yes, at least 60% of all deployed servers world wide, and over 80% in many industries.

"Supports all popular directory servers such as OpenLDAP, ApacheDS, Kopano, ..." -- hello!? Active Directory! Have you heard of it!? It's something like 95% of all deployed LDAP deployments no matter how you count it! The other 5% is Oracle Directory and/or Novell eDirectory and then all of the rest put together is a rounding error.

Thanks for trying to expound on my expounding on the original. But, the response indicates they don't know and actively avoid learning. Thus, nothing would change their mind.

PS: to throw some shade- I'm surprised they didn't (mis)spell it M$- after all everything they mentioned is making me nostalgic for phpBB based tech forums in 2004.

Well. this is clearly just a example of a hard problem where MS tools are good for.

The MOST common developer that work on MS stack is in business apps and web, data, integration stuff.

There is much better fit for MS and there is NO good counterpart in OSX or Linux.

One of the major shocks I get when starting to work on OSX is how much less developed EVERYTHING is outside the ms stack.

The only good reason you have a life working in OSX and less in Linux is because the web lower the playing field.

But if this were a contest of "native" vs "native" is clear MS stack is ahead.

(Much more before, because of course the web change the equation so you can claim things FOR THE WEB are better on linux and even osx)

All that, and finally, PowerShell, literary light years ahead of everything Linux has to offer. I have PTSD from bash and friends. It is so good, that I rarely even write C# nowadays for most of the critical government stuff and simply run smallish scripts as services, and change them on the server when intervention is needed in notepad, in a couple of minutes, while my colleagues still worm up their full-blown Visual Studio.

I love it like it is the hottest wife that have a great job, do the dishes and cooks like a grandma (I am bad at this :))

Bah, leaving out .NET like this is ignorance, considering the amount of custom applications every company has written on it.

RAD was a game changer and I think you don't know the extent and penetration of .NET in the enterprise

ONNX is a format that allows you to run AI models without Python in any language that implements ONNX, there's even an ONNX implementation in Go, meaning you can churn out even more performance out of AI models and waste drastically less resources (Go, Rust, C++, Zig, C, D etc could be used to squeeze performance). Think of it how Java produces a JAR file, well an ONNX file is a file that could be run by any runtime built for it. Another reasonable analogy would be WebAssembly, but to a degree.

Typescript is used by web developers over the world and ONNX for deploying deep neural networks. Two huge markets.

> change them on the server when intervention is needed in notepad

How is this any different than a Linux setup where you can just ssh into a box and edit your scripts in the shell using something like nano or vim if you're into that sort of thing?

Everything you describe has more to do with the state of JavaScript development than MS vs. Linux tooling.

I wouldn't touch .NET for ideological reasons (and fear of a rug pull) but I also wouldn't touch any server side JS because I value my sanity.

Thanks for writing this. I couldn't agree any more. We've worked with .NET for decades and it really just works or lets you debug easily. Then we've started working on projects with Angular, React and Docker and it's just a nightmare to get a stable version.

What makes it better than say IntelliJ? Is there some feature which helps you more with debugging?

It's been a few years since I've used Visual Studio, but for longest time its support for debugging multithreaded and GPU code was unmatched. This is one of the main reasons game developers loved VS. It also had good support for mixed language debugging which is very useful when your C# code calls a C++ library for example.

I feel you. Having done sane programming before I tried it all the .NET stuff didn't feel right. Like they made Java even more ugly and brought nothing new to the table that works outside of their weird ecosystem. (At least that was the state 10-15 years ago, coding .NET on/for Linux)

There was a study comparing the “half life” of code in different codebases as a measure of “churn”. Linux unsurprisingly is pretty stable. Meanwhile Angular is the worst with code lasting just months before it’s rewritten. Then again months later. And again. And again.

This is why it has so many breaking changes.

> The deployment story is non-existent

Wrong! it is as simple as executing `dotnet publish`, zipping up the output folder and sending that package somewhere using whichever protocol and shell utility you like.

> monitoring, tracing, alarming is barely there

Also wrong. OpenTelemetry is fully supported by first-class packages and the dotnet runtime itself exposes a lot of counters. There are a lot of tools to monitor and collect traces of running dotnet processes [1]

> You have to work with MS libraries that are on life-support with glaring bugs still present

You don't have to. Every Microsoft.* library follows strict semantic versioning and is clearly labeled when it is deprecated. If you don't have a plan in place on how to manage your dependencies then this is on you.

[1] https://learn.microsoft.com/en-us/dotnet/core/diagnostics/to...

And now there is going to be support for `dotnet run app.cs` which, in my opinion, will replace most of my powershell scripts.

It’s wildly different now.

The first release that would run at all on Linux was 9 years ago and was essential a beta or maybe just a proof of concept.

The current .NET 9 version has trivialised my development projects to the point that I feel bad for taking the customer’s money.

The only problem I’ve had with .NET is that it doesn’t have the same breadth of third party libraries that Java has. If you need something really obscure it either exists in Java or nowhere else.

Yeah, that is a new thing, but honestly it existed a way back, its just that it is now officially supported.

But you are missing a point here. It's about the language, ecosystem and practicality. In shell, you need correct abstraction that lets you work in fast and efficient way and lets you interact fast when debug is needed. What is done using c# in 10 lines can be done in a single line in pwsh. In my book, lower amount of code, ideally no code, is the most important aspect of the development. Majority of things are not constrained by the performance, so pwsh is usually a good fit.

People used ruby, python etc. for infrastructure development long time ago and it was/is akward.

It's not different. I am not talking about method, I talk about the language and ecosystem. Package manager for scripts? Yeah. Standardized names and params? Fuck yeah. Drop to dotNet on funky corners? Shut up and take my money.

Put pwsh on linux (I do, in all of them) and I will use ssh and vim no problem.

That sounds magical. What makes it so superior tho? You mean in terms of ready made libraries doing the heavy lifting? If so would nodejs or rails not be even easier?

Or do you mean specific on desktop applications? I have no idea about that field

> Deployments are just "file copy".

Ah yes how the "works on my machine" meme started!

ASP.NET Just Works and has Batteries Included.

As an example, just over the last few days, I hit all of these common issues with Node.js apps (that don't happen with ASP.NET):

1) Node apps are typically a "transpiled language on a language" because JavaScript is unusable for large-scale software development so everyone uses TypeScript compiled to JavaScript instead. But this is a hack! A clever, useful hack, but a hack nonetheless. You can't go two steps without finding the rough edges, such as "any" everywhere or the use of "monkeypatching" which makes static analysis impossible for either tools or humans. (This reminds me of the earliest days of C++ where compilers like Cfront transpiled C++ to C.)

2) It's single-threaded! Sure, this is simpler, right up until it's not. It means you need about one process per core. Which means that on typical hardware you get a max of 4-8 GB of memory per process, because that's what most hardware has per core. This means in-memory caching is generally too inefficient. (I finally understand why Redis is so popular!)

2b) Okay, let's take a look at Redis! What do you mean it doesn't properly support multiple databases per cluster!? It's single threaded too!? Wat!? Is this a database for children?

3) It takes minutes to start! I hope you never have an emergency update that needs to go out right now!. ASP.NET takes seconds at most. This is largely because it's precompiled and ships as a small number of large binary files instead of millions (literally!) of tiny files that are very slow on almost all server-grade storage. There's now ahead-of-time (AoT) compilation modes for ASP.NET that make it comparable to C++, Rust, or Go in startup performance!

4) I'm sure Node people have heard of certificates and HTTPS, but I'm fairly certain they think it's a fad and it'll just "go away" eventually.

5) NPM libraries are under constant churn. Just updating packages requires minutes of 100% computer power to resolve the dependency graph logic... which has changed. In a breaking way. Either way, it can be mathematically impossible to disentangle the mess before the heat death of the universe. I'm not kidding! It's possible to get into a situation where "error: timed out" doesn't quite do it justice.

6) In .NET land there's basically only two ORMs used: Entity Framework from Microsoft and Dapper from StackOverflow. They work fine. Someone at $dayjob picked "typeorm" for Node. Is it the best? Who knows! There's dozens to pick from! None of them work properly, of course. I do know that typeorm doesn't allow me to pick my own database driver. Why? Because they're too busy, according to the GitHub issue tickets. Entity Framework uses a pluggable interface with dozens of well-supported implementations. This is because the entire platform, all of its database support, and the ORM on top were written by one vendor in a coordinated way and is pluggable via interfaces in the standard library instead of a hodge-podge of random code thrown together by literal children. [2]

Etc, etc...

[1] Under-funded is the more generous reason.

[2] A very significant portion of NPM packages were written by people under the age of 18. This is either commendable or horrifying depending on your perspective. It's hard to prove though, because contributions are effectively anonymous.

I agree with this, I see the AD as critical. Do you please have a source for these numbers? Would love to include it in the article.

That's really an insightful answer I enjoyed reading. Really brings me back!

I dislike nodejs for the same reasons. But do get the feeling that rust and go, maybe even something more exotic like elixir would be good alternatives as well for your use case.

I have barely anything to compare to your requirements tho. I personally would get panic attacks and couldn't sleep anymore if my dependencies aren't open source and I would depend on a company for any reason. But that's just me, it definitely sounds very mature

> What is done using c# in 10 lines can be done in a single line in pwsh

Mostly, yes. The problem is that the moment I need something more than what a single cmdlet or bash utility can provide, now I have to use an awkward looking scripting language (bash is the worst offender here). Almost every time I found myself having to write a somewhat long script file, I wish I could just do it with a C like language instead.

For simpler tasks, I fully agree. It is better to use something immediately available like an OS shell utility over coding one myself.

Comparing .Net to Angular and Docker is comparing apples to oranges.

Now if you moved from .Net to say Linux and the Java ecosystem (Maven, Intellij, etc.) that would be something you can compare.

So are LSPs- which by now are everywhere, they're a huge leap forward over previous implementations in (n)vim and emacs imho.

> with C code blended in randomly

And now add a small Python neural network to a .NET app. Just to do some mild AI stuff. Go on, I'll wait.

Oh, and I forgot: don't forget about data migrations. It's a freaking disaster in .NET deployments. Apparently, the best practice is to apply them manually?

> Wrong! it is as simple as executing `dotnet publish`

Yeah. And now add a C/C++ component there. Or maybe a neural network in Python?

In my case, it was a ray tracer that used a GPU.

"Just zip it", yea sure.

There are many simple tasks in a typical multiyear project. Most of my scripts are between 100 and 1000 lines of code.

Example: https://github.com/majkinetor/SSImport

That script made noticeable difference in speed, quality and pleasure on our recent project (production tests on payment gateway for half of the country) as before I wrote it, devs did it by hand which took 10s of minutes every day with awkward tools (if they made an error, even more) and they complained about the chore. The script literarry replaces entire feature of the Sql Server Management Studio and I did it during the weekend.

Regarding syntax, not sure why would you consider that awkward. IMO, it can't be easier to read in any language, both configuration and code.

CSnakes integrates Python into .NET apps - https://tonybaloney.github.io/CSnakes/

https://www.youtube.com/watch?v=DqoxHNH9Iwo shows adding an LLM

There are several ways to manage migrations depending on the team structure and dev practices: SQL scripts, command line, bundles (single-file executables), and in-app. The team recommends SQL scripts since they can be reviewed, tuned, and managed by a DBA but take your pick. https://learn.microsoft.com/ef/core/managing-schemas/migrati...

And how do you _build_ it? "It works on my machine", yeah? "Just copy it", ya?

dotnet build

https://tonybaloney.github.io/CSnakes/getting-started/#build...

What's with the "just copy it" thing? Nobody does that, we use NuGet packages, GitHub Actions, SDK supported containers, reproducible cross-platform builds from command line, etc.