←back to thread

Microsoft Dependency Has Risks

(blog.miloslavhomer.cz)
152 points ArcHound | 3 comments | 25 Jun 25 20:08 UTC | HN request time: 0s | source
Show context
bob1029 ◴[25 Jun 25 21:41 UTC] No.44382065[source]
The trick with Microsoft is to very carefully separate the good parts from the bad ones.

Labeling all of Microsoft as banned is really constraining your technology options. This is a gigantic organization with a very diverse set of people in it.

There aren't many things like .NET, MSSQL and Visual Studio out there. The debugger experience in VS is the holy grail if you have super nasty real world technology situations. There's a reason every AAA game engine depends on it in some way.

Azure and Windows are where things start to get bad with Microsoft.

replies(9): >>44382293 #>>44382372 #>>44382784 #>>44383037 #>>44383467 #>>44385139 #>>44385191 #>>44385341 #>>44385567 #
gerdesj ◴[25 Jun 25 22:16 UTC] No.44382293[source]
"There aren't many things like .NET, MSSQL and Visual Studio out there. The debugger experience in VS is the holy grail if you have super nasty real world technology situations. There's a reason every AAA game engine depends on it in some way."

I'm not interested in AAA games engines writing and nor is most of the world. If that is it, then you have damned MS with (very) faint praise.

replies(4): >>44382385 #>>44382410 #>>44383208 #>>44384422 #
jiggawatts ◴[25 Jun 25 22:37 UTC] No.44382410[source]
To paint a picture: I’ve worked with Microsoft technologies almost exclusively for decades but recently I was forced to pick up some Node.js, Docker, and Linux tooling for a specific app.

I can’t express in words what a giant step backwards it is from ASP.NET and Visual Studio. It’s like bashing things with open source rocks after working in a rocket manufacturing facility festooned with Kuka robots.

It’s just… end-to-end bad. Everything from critical dependencies developed by one Russian kid that’s now getting shot at in Ukraine so “maintenance is paused” to everything being wired up with shell scripts that have fifty variants, no standards, and none of them work. I’ve spent more time just getting the builds and deployments to work (to an acceptable standard) for Node.js than I’ve spent developing entire .NET applications! [1]

I have had similar experiences every few years for decades. I touched PHP once and recoiled in horror. I tried to get a stable build going for some Python ML packages and learnt that they have a half-life measured in days or hours after which they become impossible to reproduce. Etc…

Keep on assuming “Microsoft is all bad” if you like. You’re tying both hands behind your back and poking the keyboard with your nose.

PS: The dotnet SDK is open source and works fine on Linux, and the IntelliJ Rider IDE is generally very good and cross-platform. You're not forced to use Windows.

[1] The effort required to get a NestJS app to have barely acceptable performance is significantly greater than the effort to rewrite it in .NET 9 which will immediately be faster and have a far bigger bag of performance tuning tools and technologies available if needed.

replies(4): >>44382506 #>>44382561 #>>44384745 #>>44384883 #
cyberax ◴[25 Jun 25 22:49 UTC] No.44382506[source]
I tried developing an MS .NET app and it's indescribably bad. The deployment story is non-existent, monitoring, tracing, alarming is barely there. You have to work with MS libraries that are on life-support with glaring bugs still present.
replies(3): >>44382601 #>>44385368 #>>44385426 #
herbst ◴[26 Jun 25 08:28 UTC] No.44385368[source]
I feel you. Having done sane programming before I tried it all the .NET stuff didn't feel right. Like they made Java even more ugly and brought nothing new to the table that works outside of their weird ecosystem. (At least that was the state 10-15 years ago, coding .NET on/for Linux)
replies(1): >>44385547 #
jiggawatts ◴[26 Jun 25 09:04 UTC] No.44385547[source]
It’s wildly different now.

The first release that would run at all on Linux was 9 years ago and was essential a beta or maybe just a proof of concept.

The current .NET 9 version has trivialised my development projects to the point that I feel bad for taking the customer’s money.

The only problem I’ve had with .NET is that it doesn’t have the same breadth of third party libraries that Java has. If you need something really obscure it either exists in Java or nowhere else.

replies(1): >>44385786 #
1. herbst ◴[26 Jun 25 09:53 UTC] No.44385786[source]
That sounds magical. What makes it so superior tho? You mean in terms of ready made libraries doing the heavy lifting? If so would nodejs or rails not be even easier?

Or do you mean specific on desktop applications? I have no idea about that field

replies(1): >>44386179 #
2. jiggawatts ◴[26 Jun 25 11:07 UTC] No.44386179[source]
ASP.NET Just Works and has Batteries Included.

As an example, just over the last few days, I hit all of these common issues with Node.js apps (that don't happen with ASP.NET):

1) Node apps are typically a "transpiled language on a language" because JavaScript is unusable for large-scale software development so everyone uses TypeScript compiled to JavaScript instead. But this is a hack! A clever, useful hack, but a hack nonetheless. You can't go two steps without finding the rough edges, such as "any" everywhere or the use of "monkeypatching" which makes static analysis impossible for either tools or humans. (This reminds me of the earliest days of C++ where compilers like Cfront transpiled C++ to C.)

2) It's single-threaded! Sure, this is simpler, right up until it's not. It means you need about one process per core. Which means that on typical hardware you get a max of 4-8 GB of memory per process, because that's what most hardware has per core. This means in-memory caching is generally too inefficient. (I finally understand why Redis is so popular!)

2b) Okay, let's take a look at Redis! What do you mean it doesn't properly support multiple databases per cluster!? It's single threaded too!? Wat!? Is this a database for children?

3) It takes minutes to start! I hope you never have an emergency update that needs to go out right now!. ASP.NET takes seconds at most. This is largely because it's precompiled and ships as a small number of large binary files instead of millions (literally!) of tiny files that are very slow on almost all server-grade storage. There's now ahead-of-time (AoT) compilation modes for ASP.NET that make it comparable to C++, Rust, or Go in startup performance!

4) I'm sure Node people have heard of certificates and HTTPS, but I'm fairly certain they think it's a fad and it'll just "go away" eventually.

5) NPM libraries are under constant churn. Just updating packages requires minutes of 100% computer power to resolve the dependency graph logic... which has changed. In a breaking way. Either way, it can be mathematically impossible to disentangle the mess before the heat death of the universe. I'm not kidding! It's possible to get into a situation where "error: timed out" doesn't quite do it justice.

6) In .NET land there's basically only two ORMs used: Entity Framework from Microsoft and Dapper from StackOverflow. They work fine. Someone at $dayjob picked "typeorm" for Node. Is it the best? Who knows! There's dozens to pick from! None of them work properly, of course. I do know that typeorm doesn't allow me to pick my own database driver. Why? Because they're too busy, according to the GitHub issue tickets. Entity Framework uses a pluggable interface with dozens of well-supported implementations. This is because the entire platform, all of its database support, and the ORM on top were written by one vendor in a coordinated way and is pluggable via interfaces in the standard library instead of a hodge-podge of random code thrown together by literal children. [2]

Etc, etc...

[1] Under-funded is the more generous reason.

[2] A very significant portion of NPM packages were written by people under the age of 18. This is either commendable or horrifying depending on your perspective. It's hard to prove though, because contributions are effectively anonymous.

replies(1): >>44386721 #
3. herbst ◴[26 Jun 25 12:22 UTC] No.44386721[source]
That's really an insightful answer I enjoyed reading. Really brings me back!

I dislike nodejs for the same reasons. But do get the feeling that rust and go, maybe even something more exotic like elixir would be good alternatives as well for your use case.

I have barely anything to compare to your requirements tho. I personally would get panic attacks and couldn't sleep anymore if my dependencies aren't open source and I would depend on a company for any reason. But that's just me, it definitely sounds very mature