[Last Week in .NET #94] – The Summer of .NET

@foone on twitter takes you de-compiling Skifree in an epic twitter thread. If you’re bored at work (or work is just boring) give this a read, it’s worth it.

---

Pluralsight Flow’s tries to quantify producitvity. Since we all know that’s a fool’s errand, there’s a twitter thread on what to use instead.

---

The 780th Military Intelligence Brigade (Cyber) links to a Microsoft Research paper about BlackCat. The research paper is actually interesting and linkable on its own but I’m not above making fun of the fact that in 2022, we still refer to the Internet as “Cyber”, and that there’s an Army Unit out there that are literally known as Cyber Warriors non-ironically.

---

Microsoft promises to be all-in on ARM Development. Contrary to their promises of UWP, WPF, XNA, and Linq2SQL, they’re going to keep it this time. And in all seriousness, ARM isn’t going away; and it’s the future, so I do believe they’re going to keep this promise. Still, if I’m wrong, [we can always reference this blog post about ARM Development on Windows](https://devblogs.microsoft.com/visualstudio/arm64-visual-studio/ as evidence.

---

I get flak at times for being persistent in holding Microsoft to account. “If you don’t have something positive to say, don’t say anything at all” and all that. But, the lack of forthright discussion about Microsoft’s flaws is what got us into the mess where Azure’s Security team talks less than a cop under criminal investigation. If you think I’m being facetious, just remember that we still don’t have a full accounting of the ChaosDB incident, and the little they have said leaves a lot to be desired in the disclosure space. What concerns me is that this week’s newsletter is going to have more words in it than their supposed accounting of this incident.

What would solve this?

• A deep dive into the technical part of how this was allowed to happen in the first place.
• The extent of their security and logging practices that leaves them confident that this vulnerability didn’t go further than they say it did
• Hiring someone who speaks like a frigging human when they write and doesn’t sound like they went to Harvard Law School, graduated with honors and then was accepted into the Washington State Bar, where they practiced and honed their craft of saying absolutely nothing that may have a detrimental effect on their legal liability or accidentally sound like they care about their customers.

Put simply, it appears to the outsiders that Microsoft’s Legal department has to OK all their communications, and their legal department airs on the side of extreme caution, to the point that it makes Microsoft seem less trustworthy because you know you’re not getting the full story.

Also, any time a company releases a blog post with the word “update” in it, the news is bad.

---

David Fowler takes you through Microsoft Orleans; a project that seeks to make Distributed Computing look like Monolithic Computing. I love this dive, even if I’m on the fence about Orleans itself].

---

Microsoft’s Windows Diagnostic Tool had a Vulnerability and a patch released for it, under the CVE categorization of CVE-2022-30190.

---

Barry Dorrans (he’s the Beans Guy) reminds you there are sometimes non-apparent reasons to update your .NET SDK, like a nuget publishing vulnerability being patched.

---

Scott Holden takes you through running .NET 7 ASP.NET Core Minimal APIs with top-level statements in a scratch container, with AOT enabled. It’s a beautiful thing, even if we’re still hoping for our killer app.

---

Microsoft Security Research Center’s Barry Dorrans (Again, he’s the beans guy) reminds us that it’s up to the Product Groups to do their jobs, and it’s not MSRC’s fault if the product groups don’t do their jobs (also, see above).

---

Ory puts the “security” in enterprise cloud security, and apparently it’s easy to use. I raise awareness for this; not because I think Ory solves that problem (I honestly don’t know), but because until we get more eyeballs on these things, we won’t know what actually solves the problem. The problem? Enterprise Identity is still a mess. An unmitigated mess.

---

Incidentally, I stopped writing Last Week in .NET in part because I needed time to calm down about the issue of Microsoft once again retreating into closed source territory with .NET. You see, once you proclaim to the world that you love open source, you’re going to have a bad time any time you go against the open source world’s interpretation of that statement. Microsoft could have meant “We love to use Open Source, and we love that people think we’re in love with making our stuff open source”, and that is indistinguishable from their current actions.

For developer tooling, being Open Source is critical to having acceptance. Every single step that Microsoft takes in the other direction is a step that harms the already fragile .NET ecosystem.

As an aside, I had my suspicions about why Miguel De Icaza left Microsoft, and this tweet all but confirmed his reasons for leaving: Microsoft is reneging on its open source promises with the Debugger Licensing issues, Hot Reload, and now this.

Because words are free, I also gave my two cents on reasons for these issues at Microsoft in twitter thread form.

---

Microsoft Terminal is now integrated with Visual Studio, increasing the number of shells that you can access in Visual Studio to 6. You’d think at some point they’d consolidate, but I’m guessing there are 6 different teams who would be very upset if that happened.

There’s the Package Manager Console, the Visual Studios Tools Command Prompt, the Command Window, the Developer Powershell Window, the Developer Command Prompt, and now the Terminal. There’s also the Immediate Window that is terminal-like.

---

In .NET 7, error messages are getting better. More of this please.

---

Cloudflare owns a wall full of LavaLamps that they use to generate randomness. The Computer industry holds up the lava lamp industry.

---

SQL Server Management Studio 18.12.1 has been released Honestly SQL Server Management Studio should have been folded into Visual Studio a long time ago. Let’s just go ahead and do that and not pretend they’re different SKUs.

---

Rick Sthrahl takes you through how to render ASP.NET Core Razor Views to string.

---

There’s an ACL visualizer for Active Directory that looks pretty interesting. I’m not in this part of Windows, but if you are, give it a try and let me know how you like it?

---

.NET Conf “Focus on MAUI” is August 9th.

---

Finding some middle-ground between Old School .NET Framework apps and Self Contained Deployments. I hope this gets legs.

---

Dave Glick wrote a piece for Twilio on Razor Templating. If you know Dave Glick you know it’s good, and if you don’t know Dave Glick you should read it anyway. He’s also the guy behind Wyam.

---

Speaking of Microsoft breaking promises, OneNote’s web version is getting updates, but not their UWP version. Update it or Sunset it… Or Merge it?

---

Switching Git Branches in Visual Studio is getting faster, which is welcome (although being the old that I am I’ll probably always stick to the git-bash command line because you really can’t get faster on Windows than a linux based shell. Don’t believe me? Try to delete your bin and obj folders in Explorer or using cmd.exe vs an rm -rf in git bash).

---

No, C# is not dying, but no language lives forever. Perl would like a word.

---

And that’s mostly it for what happened since the last time I published Last Week in .NET. I am rethinking whether to continue this newsletter, if I’m being honest. There are plenty of .NET link dropping newsletters, and while I like to think I’m offering something different, if it’s not what people want then I should spend my time doing something else. How can I prove this is what people want? More newsletter subscribers. So use the share URL at the bottom, and let your .NET Team know on slack that this is around. If they like it and I get subscribers, that’s a sign I should keep doing it.