Giving up on ASP.Net

Ever get really, really, really excited about a new puzzle you got as a present, spend hours carefully trying to put the it together only to realise after you’ve glued the last piece in, that [ship, tower, submarine, UFO] you were so proud of a second ago now looks like a sex toy that you’d be embarrassed to show anyone?

This isn’t an easy realisation to have and frankly, it can make you a bit ill. It’s not really your fault, the puzzle is just a crappy design and no one at the company that makes it bothered to build the thing, take a step back and go “yup, that’s a dildo; let’s not sell it to children”.

I’ve had the very same realization at work after years of working with ASP.Net and recently, MVC.

For the past few months, I’ve been working on projects on my own for the first time in almost a year. No team, no consultants, no “UI experts”. Just me, a goal and a deadline. I’ve been delivering on time and everyone’s been happy, except me.

On each project I’ve delivered, I got the sinking feeling I’ve just sold the Titanic. It’s very pretty, usually humongous and it will fail as a product.

The problem isn’t the product itself, it’s the platform its built on, the dangerous climate and slow response at the wheelhouse. It will crumble a year from now with the changing tides and needs and we’ll be using some entirely new platform (probably smaller) to build again.

Let’s check out the MVC thing

It’s the latest and greatest “in” thing for ASP.Net, looks ostensibly very useful and shiny, therefore it must be good.

But it’s completely pointless.

You end up writing more code to accomplish the same things than, say PHP or Django with Python, and all the added functionality you create to make it more usable, just adds more bloat.

The overriding issue with most MS products are premature obsolescence, needless complexity and breaking changes (I left out security since this is a blog post and not War and Peace) and I’ve only manged to stay ahead by constantly keeping on top of changing frameworks, functionality, release updates and even breaking changes that drove everyone nuts. This is even more obvious when developing for the web.

I find myself adding more “stuff” just to make things easier for everyone, thereby having to teach this new “stuff” to the folks inheriting the project which in turn makes everything harder for everyone.

In the past couple of years, I’ve had to learn all I can about MVC 2 and 3, Razor, .Net 4.0 and I’m thinking to myself a lot of the problems I come across are…

Problems that shouldn’t exist

Developing in ASP.Net eventually leads to needless complexity and fragmentation.

There are magnificent projects built on the platform and I can’t help but wonder how even more fantastic (and maintainable) they would be if they had been built on something else.

I learned a lot about developing for the web while working alone. Developing with a team is often less productive, not more, and I caught the first hints of this as the economy shrank along with our team sizes. The best work I’ve seen anyone do was when they were at it alone, even with a ridiculous deadline.

The vast majority of ASP.Net development is geared toward the team, hence the fragmentation. There’s no real sense of why we need to split a project into different segments to work on other than the fact that’s just the way it’s always been done and that’s the end of it. The end result is that there’s a culture of adding or otherwise handing off functionality to third-party projects on features that you don’t need, shouldn’t need and should never need.

A small example of this dangerous interdependency was when MS killed AntiXSS (a product that is unnecessary if your app is well designed) with no warning and then it decided to hold you over the bonfire that was your project now that you were already shafted.

Unless you’re using a third-party project in its entirety (after vetting the thing for holes) you’re better off creating a simpler alternative from scratch a lot of the time. If the problem you’re trying to solve is complex, ask yourself, is it really the problem that’s complex or just the solution you created for it.

Methodology shouldn’t trump getin’ Sh!% done

You want it to work and make money.

That’s it… that’s the only reason anyone invests in a commercial product. So what’s the sense sticking to dogma when it comes to platform? Brand loyalty makes sense if it’s helpful and conducive to productivity, personal satisfaction and imagination. The last two are just as important as budget and timeline despite what your boss might say because that’s where the best solutions come from.

Just for the record, I’m not the only one who came to this realization as Milan Negovan also did before. I’m just a couple of years late.

Let’s set aside the complexity. Even the cost doesn’t warrant going with ASP.Net for the vast majority of the work I’ve done and this isn’t just about hosting and service availability. With more demand you will spend exponentially more on licensing and server resources. Microsoft hasn’t delivered a product that will allow you to do more with less with regard to cost when it comes to developing on the web.

What does it mean?

I can’t in good conscience recommend ASP.Net for new projects.

If you have heavy dependencies on Microsoft products, then chances are, you don’t have a choice in the matter. But if the project is brand new and you have no ball and chain, go with something else. I can’t force you to do this so if you insist on nothing else, I guess I’ll still use it (after all, I need cash to build my cabin).

Considering how much code I’ve posted on this blog pertaining to ASP.Net and C#, this may seem hypocritical, but you have to realize, sometimes you do need to take your time on the throne and finish that big dump to feel relief.

MS is now KOS

But that might be a good thing for Microsoft in the longer run…

Ever since the announcement of Windows 7, it seems a vast number of publications seem to be seething over the apparent abandonment of Vista. And MS has felt the wrath from the likes of Dvorak who goes as far as to call Microsoft the “Spandex Granny” in a PC World article.

Are they really abandoning Vista or are they more concerned with abandoning what ties Vista to XP and, by extension, Win2000?

I think it’s more toward the latter.

Microsoft must be aware that it’s not 1995 and that type of tech dream-team domination will never happen again. Then this new impetus must involve setting fire to some of the old-world baggage. Kill it all. While this will also, potentially, kill our application compatibility (even more than it has with Vista) it may not necessarily be outright evil if their final product is genuinly safe, stable, bloat free and, above all else, secure. Who knows, if the above criteria are met, there might even come about stable emulation tools that will still enable apps to function normally.

The gaping holes in Windows security is part Microsoft’s fault, and part the fault of application developers who open up their users’ systems to the Big Bad Wolf of the Net. Why huff and puff when all it takes to compromise a Windows system is a remote hole in an application?

This brings me to the MS apps…

It may be true that the train wreck known as Vista was probably rushed with all the best intentions, it’s a direction that’s new to Microsoft. They’ve made WPF such a big deal, perhaps, to dump what makes MS apps so vulnerable and be able to focus on the OS security itself. Maybe the added features and rendering capability was primarily to entice programmers so they can be better controlled and herded by the OS. It’s a lot easier to keep track of Betsy if she’s in her pen.

I think it’s fair to say, and many other programmers would agree, Microsoft has made programming for Windows so nonchalant, that they have actually encouraged writing shoddy code. This is partly due to the way MS has promoted their development tools, which tend to appeal to the novice programmer. And every Tom, Dick, and Harry has become a self-proclaimed MS application developer. I’m by no means encouraging user un-friendliness, but I am encouraging caution when designing developer apps where proper structure (and practical “best practices”) are emphasized.

There’s a reason why some dangerous roads atop mountains don’t have guard rails. It encourages safe driving. When you have that safety net, you don’t worry as much about being careful. When developer apps are designed with all-or-nothing excecution, where tools recognize potential for unstable behaviour or fail compilation on warning, sure it could be frustrating, but it ensures your app is stable. Though application security is an integral, but seperate topic, in many cases stability = security.

Then there’s the issue of documentation…

While MSDN does a very decent job of listing language capabilities, it isn’t complete. There are many commonly asked questions on developing methods, and sure there are many ways to accomplish the same task… but why are we repeating ourselves? Why not create example desktop applications that implement many of the “best practices” that MS itself seem to be promoting? MS already has an Open Source variant license called the MS Source Available License. Here’s a chance to set a precedent in application development by leading the way.

It’s easy to say don’t develops apps like “this”, do it like “that” instead, but actually seeing the source code implemented will help all novice programmers.

So are we abandoning the Windows we knew? If we’re getting something better in return, maybe it isn’t all that bad. Microsoft has a culture war within the organization to fight in addition to fighting hackers. Its culture of security through obscurity will not work for the foreseeable future as they might have already realized with the flood trojans out there. Hiding errors, obviously, doesn’t work. Maybe building it more securely from scratch will.

In this regard, the MS folks and app developers have a lot to learn from the OpenBSD community. Focus on correctness of code and keeping safe and secure will come more easily. Let’s stop calling the Find Exploit→Patch cycle and proactively ensure the OS and its apps are ready to hit the ground running. If it means killing off all if not most ties to the previous branches in the family, then so be it.

If Old Yeller can’t learn some new tricks or can’t shake loose the myriad of diseases it’s caught from within and without, then it might be time to put him down.