The trick with Microsoft is to very carefully separate the good parts from the bad ones.
Labeling all of Microsoft as banned is really constraining your technology options. This is a gigantic organization with a very diverse set of people in it.
There aren't many things like .NET, MSSQL and Visual Studio out there. The debugger experience in VS is the holy grail if you have super nasty real world technology situations. There's a reason every AAA game engine depends on it in some way.
Azure and Windows are where things start to get bad with Microsoft.
> There aren't many things like .NET, MSSQL and Visual Studio out there. The debugger experience in VS is the holy grail if you have super nasty real world technology situations. There's a reason every AAA game engine depends on it in some way.
The reason all the AAA games are on it is because they're on the Windows platform, and more importantly their customers are on the Windows platform.
If 95% of gamers ran MacOS instead of Windows, you'd see a very different tech stack among game developers.
Forgive me for being an idiot but i was under the impression dx12 was closer to vulkan architecturally which makes it easier to port to Linux display drivers (and thus why it has)
1) OpenGL is a (now legacy spec) and DirectX is an API on Windows. OpenGL spec is implemented by your GPU driver.
2) DirectX is a collection of multimedia APIs on Windows. OpenGL is just graphics. Direct3D is one of those APIs.
3) Thirdly OpenGL and Direct3D (before version 12) are pretty much the same in they can do. The code is pretty similar IIRC (though it been some time since I've done Direct3D programming).
4) Devs use DirectX because there is a full set of APIs for the target platform. Linux and Mac aren't typically targeted when making a game. Mac and Linux sales have been a very small percentage historically.
No, they're on Windows because it was the only viable gaming desktop environment during the 90's and 00's. Apple was all but dead and hardware was limited, Linux was in its infancy, Unix vendors didn't care about normal desktop users, etc...
In the early days of 3D gaming, there were studios that used OpenGL over DirectX on Windows. ID Software were the best known example of choosing OpenGL over DirectX.
Of course excellent OpenGL products exist (ID software is the worst example because they were... geniuses), but from the developer point of view, DirectX was the full package.
Has there been a game where vulkan performance has been better then dx12? Whenever they are side by side vulkan always performs worse in my experience.
If games run faster on linux with DX12 translated to Vulkan than they do on identical hardware running on Windows 11 then I can't imagine a particularly big performance difference.
Everything feeds everything else. If Apple had a stack and a business model that worked for game developers, you’d see a different stack.
Microsoft is where it is because they are viciously competitive at different layers of the stack. Apple wants a piece of every nickel, Microsoft wants a piece of every computer. They license windows for every Mac user in a company.
How do you separate the good from the bad? What do you do when Microsoft changes the good things into bad things?
My take is that Microsoft consistently makes bad things and makes "good" things into "bad" things; so, I don't have much expectation or faith that anything that I currently think is "good" will stay that way.
Services are bad - that is what the first part of the story is about.
However I do not think it is different for any online service. Any American company would have to cut off services to an individual (or organisation) subject to sanctions (the main example given). The same might apply to other countries for various reasons. There are various reasons a service might fail, or cut off a particular customer (lots of reasons, lots of examples in previous HN discussion).
What has changed is that the typical MS customer is a lot more dependent on MS services - MS 365, Python in Excel ONLY works in the cloud, people used hosted email instead of their own Exchange installation...... That means MS cutting off a customer would mean all their IT would cease working. They can just shut down any organisation with that level of dependency if they are ordered to, or decide to, do so.
I consider C# / .NET to be one of the best options for application development.
Many would consider both VSCode and Visual Code pretty good. There might be better alternatives, but generally I'd say they are more good then bad. Github is also a good product. Maybe not exactly a develop tool, but Power BI is also fairly good.
Borderline developer / enterprise solution: SQLServer is great to work with. Maybe not the best relational database server, but it's every bit as capable as MariaDB and I'd prefer it over Oracle.
Before Microsoft bought it you could still search it / codesbases without making an account. Alone for that additional pain I would argue they instantly made it worse.
Wrong about "inconsistent", the ribbon follows predictable patterns. Home tab always has basic formatting, Insert always has objects/media, etc. What changed is intelligent positioning based on context.
Office 95's menus were consistent in the worst way - consistently buried everything under nested submenus. Finding mail merge meant File→Tools→Mail Merge→Options→Setup. Now it's Mailings tab, right there.
It is a tool for people who write words. That is its prime purpose.
People write words for people to read the words. That is the prime purpose.
It is a tool for readers and writers.
I am both.
I can read a menu, and scan through submenus, about 10-20x faster than I can page through buttons on a tabbed bar. The replacement is dramatically inferior in legibility and so in efficiency.
That is 1 way it is worse.
A menu bar takes a single line of text. It works perfectly in a text-only display. A ribbon bar takes many lines of small intricate graphics. It is dramatically and measurably and demonstrably inferior in its use of screen space, its use of pixels, its adaptability to other displays, its functionality for those with restricted vision or restricted computer display abilities.
This is a 2nd way it is worse.
It is not re-orientable; I can't move it to one side to use a widescreen more efficiently. Because of its poor and fixed layout I can see less of my document, meaning it hinders the primary purpose of the tool.
This is a 3rd way it is worse.
It does not interoperate with other UI paradigms. Right now I am typing on an old Mac with macOS. Word is the only Office app on it. The oldest 64-bit version of Word I can find. It has to duplicate the entire UI both in the Mac's mandatory global menu bar and in the clumsy bolted-on Windows-centric ribbon. This demonstrates the inefficiency and poor design.
This is a 4th way it's worse, although for me, it means I can ignore the ribbon and use the menus.
I read fast. I cannot squint at tiny icons and try to guess their functions quickly. It's slow. The ribbon defeats muscle memory and defeats fast reading.
This is a 5th way it's worse.
The ribbon is context-sensitive. I can't just remember what is where under where relative to the first menu, because it changes depending on where the cursor is, what is selected, what tab I left it on last time. In a menu tree, if it's left open, I tap ESC once and I am at a known place and can start over. Not with the ribbon.
This is a 6th way it's worse.
I speedread and I have good colour vision. Some people can't see colours. Some can't see fine details. Some can't see at all. A screenreader can just read all of a menu, but it can't describe icons and it can't say "then there's a vertical line and in the next section, it starts..."
The ribbon fails at accessibility.
This is a 7th way it's worse.
Menus can be accessed and manipulated in a consistent way with keyboard controls. Up/down/left/right/enter. 5 keys and you have total control. You can use this with a mouth control if you have no use of any limbs. This is good for people with motor disabilities but it is also good for keyboard-centric users with no disabilities. This is good design: it's adaptable and it's flexible and it fits different needs. But also, you can use letters to leap faster through the menu bar, so power users and touch-typists can navigate faster. All blind people who can type are touch typists; they have no other option. So this feature that aids accessibility also aids power users.
None of this applies to the state-sensitive context-sensitive ribbon. That is an 8th way it's worse.
You are wrong, and what's more, you are wrong on multiple levels, some of which I have itemised. I could get to 10, I suspect, but I have a job to do and this is not it.
Stop defending bad design. Learn to look deeper at good design that lasted decades and learn to ask why things you don't like so much survive and are widespread and have not been replaced by novelties you like.
"There aren't many things like .NET, MSSQL and Visual Studio out there. The debugger experience in VS is the holy grail if you have super nasty real world technology situations. There's a reason every AAA game engine depends on it in some way."
I'm not interested in AAA games engines writing and nor is most of the world. If that is it, then you have damned MS with (very) faint praise.
To paint a picture: I’ve worked with Microsoft technologies almost exclusively for decades but recently I was forced to pick up some Node.js, Docker, and Linux tooling for a specific app.
I can’t express in words what a giant step backwards it is from ASP.NET and Visual Studio. It’s like bashing things with open source rocks after working in a rocket manufacturing facility festooned with Kuka robots.
It’s just… end-to-end bad. Everything from critical dependencies developed by one Russian kid that’s now getting shot at in Ukraine so “maintenance is paused” to everything being wired up with shell scripts that have fifty variants, no standards, and none of them work. I’ve spent more time just getting the builds and deployments to work (to an acceptable standard) for Node.js than I’ve spent developing entire .NET applications! [1]
I have had similar experiences every few years for decades. I touched PHP once and recoiled in horror. I tried to get a stable build going for some Python ML packages and learnt that they have a half-life measured in days or hours after which they become impossible to reproduce. Etc…
Keep on assuming “Microsoft is all bad” if you like. You’re tying both hands behind your back and poking the keyboard with your nose.
PS: The dotnet SDK is open source and works fine on Linux, and the IntelliJ Rider IDE is generally very good and cross-platform. You're not forced to use Windows.
[1] The effort required to get a NestJS app to have barely acceptable performance is significantly greater than the effort to rewrite it in .NET 9 which will immediately be faster and have a far bigger bag of performance tuning tools and technologies available if needed.
I have a lot of respect for organizations that get a lot done with Microsoft technologies. I think your perspective could be thought of as the benefits of vertical integration and vendor lock in. These do help people get things done!
In the academic and open source world those things are fought against because you don't want to be at the mercy of the software developer in the context of certain rights.
I think for every negative you mention on either side a positive could be found on either side. And like many things on the net, you're not wrong but not necessarily talking about the same kinds of things.
My remaining complaints about Microsoft are the inflexibility of their solutions that command abstractions that just don't work for many organizations, and the general viral nature of software sales in general of which they are one of many with similar issues, however Oracle is the worst of course.
Perfectly valid points. I've worked in academia, and their insistence on non-Microsoft technologies was helpful in certain fields where openness and long-term reproducibility is critical.
The downside is that this produces a microcosm of obscure technologies that can have... strange effects on industry. Some FAANG-like companies have a habit of hiring only recent graduates, so their entire staff is convinced that what they saw at their University is how everybody else does things.
It leads to Silicon Valley clique that has a fantastically distorted perspective of the rest of the world.
Some comments I've seen here on HN are downright hilarious to anyone from the "rest of the world", such as:
"Does anyone still use Windows Server!?" -- yes, at least 60% of all deployed servers world wide, and over 80% in many industries.
"Supports all popular directory servers such as OpenLDAP, ApacheDS, Kopano, ..."
-- hello!? Active Directory! Have you heard of it!? It's something like 95% of all deployed LDAP deployments no matter how you count it! The other 5% is Oracle Directory and/or Novell eDirectory and then all of the rest put together is a rounding error.
Thanks for writing this. I couldn't agree any more.
We've worked with .NET for decades and it really just works or lets you debug easily.
Then we've started working on projects with Angular, React and Docker and it's just a nightmare to get a stable version.
There was a study comparing the “half life” of code in different codebases as a measure of “churn”. Linux unsurprisingly is pretty stable. Meanwhile Angular is the worst with code lasting just months before it’s rewritten. Then again months later. And again. And again.
I tried developing an MS .NET app and it's indescribably bad. The deployment story is non-existent, monitoring, tracing, alarming is barely there. You have to work with MS libraries that are on life-support with glaring bugs still present.
Wrong! it is as simple as executing `dotnet publish`, zipping up the output folder and sending that package somewhere using whichever protocol and shell utility you like.
> monitoring, tracing, alarming is barely there
Also wrong. OpenTelemetry is fully supported by first-class packages and the dotnet runtime itself exposes a lot of counters. There are a lot of tools to monitor and collect traces of running dotnet processes [1]
> You have to work with MS libraries that are on life-support with glaring bugs still present
You don't have to. Every Microsoft.* library follows strict semantic versioning and is clearly labeled when it is deprecated. If you don't have a plan in place on how to manage your dependencies then this is on you.
> How do you compile and package those components up? Answer that and you have your answer for this scenario.
I have a Dockerfile that contains the build instructions? How would I do that with MSVS?
> I don't understand this. You can zip it.
Yes, and then my Linux machine that runs the server will happily run a Windows application. With all the dependencies, including the GPU toolkits.
But even if we stay _within_ the MS ecosystem, the "just copy it" deployment doesn't cover everything. E.g. it can't change the settings of the "App Service Logs" from within the app itself. Of course you can also use Terraform for the infra, but at this point you're way off the "just copy a folder".
MSVS also supports containers, but if you do that it just becomes a UI for their configuration, not really any different from JetBrains.
> I have a Dockerfile that contains the build instructions
So what's stopping you from doing this with dotnet? Going by your logic, no other programming language reaches your ideal "deployment story" the moment you reach for docker.
> Yes, and then my Linux machine that runs the server will happily run a Windows application. With all the dependencies, including the GPU toolkits.
Dotnet is cross platform. If you are targeting Linux then you can give that information using `dotnet build --os linux` and nuget packages that have platform-specific binaries would then supply the build with the correct binary.
> But even if we stay _within_ the MS ecosystem, the "just copy it" deployment doesn't cover everything. E.g. it can't change the settings of the "App Service Logs" from within the app itself. Of course you can also use Terraform for the infra, but at this point you're way off the "just copy a folder".
That's because it is not the job of any programming language compiler to make changes to cloud infrastructure. You know single responsibility and all that.
I feel you. Having done sane programming before I tried it all the .NET stuff didn't feel right. Like they made Java even more ugly and brought nothing new to the table that works outside of their weird ecosystem. (At least that was the state 10-15 years ago, coding .NET on/for Linux)
The first release that would run at all on Linux was 9 years ago and was essential a beta or maybe just a proof of concept.
The current .NET 9 version has trivialised my development projects to the point that I feel bad for taking the customer’s money.
The only problem I’ve had with .NET is that it doesn’t have the same breadth of third party libraries that Java has. If you need something really obscure it either exists in Java or nowhere else.
That sounds magical. What makes it so superior tho? You mean in terms of ready made libraries doing the heavy lifting? If so would nodejs or rails not be even easier?
Or do you mean specific on desktop applications? I have no idea about that field
As an example, just over the last few days, I hit all of these common issues with Node.js apps (that don't happen with ASP.NET):
1) Node apps are typically a "transpiled language on a language" because JavaScript is unusable for large-scale software development so everyone uses TypeScript compiled to JavaScript instead. But this is a hack! A clever, useful hack, but a hack nonetheless. You can't go two steps without finding the rough edges, such as "any" everywhere or the use of "monkeypatching" which makes static analysis impossible for either tools or humans. (This reminds me of the earliest days of C++ where compilers like Cfront transpiled C++ to C.)
2) It's single-threaded! Sure, this is simpler, right up until it's not. It means you need about one process per core. Which means that on typical hardware you get a max of 4-8 GB of memory per process, because that's what most hardware has per core. This means in-memory caching is generally too inefficient. (I finally understand why Redis is so popular!)
2b) Okay, let's take a look at Redis! What do you mean it doesn't properly support multiple databases per cluster!? It's single threaded too!? Wat!? Is this a database for children?
3) It takes minutes to start! I hope you never have an emergency update that needs to go out right now!. ASP.NET takes seconds at most. This is largely because it's precompiled and ships as a small number of large binary files instead of millions (literally!) of tiny files that are very slow on almost all server-grade storage. There's now ahead-of-time (AoT) compilation modes for ASP.NET that make it comparable to C++, Rust, or Go in startup performance!
4) I'm sure Node people have heard of certificates and HTTPS, but I'm fairly certain they think it's a fad and it'll just "go away" eventually.
5) NPM libraries are under constant churn. Just updating packages requires minutes of 100% computer power to resolve the dependency graph logic... which has changed. In a breaking way. Either way, it can be mathematically impossible to disentangle the mess before the heat death of the universe. I'm not kidding! It's possible to get into a situation where "error: timed out" doesn't quite do it justice.
6) In .NET land there's basically only two ORMs used: Entity Framework from Microsoft and Dapper from StackOverflow. They work fine. Someone at $dayjob picked "typeorm" for Node. Is it the best? Who knows! There's dozens to pick from! None of them work properly, of course. I do know that typeorm doesn't allow me to pick my own database driver. Why? Because they're too busy, according to the GitHub issue tickets. Entity Framework uses a pluggable interface with dozens of well-supported implementations. This is because the entire platform, all of its database support, and the ORM on top were written by one vendor in a coordinated way and is pluggable via interfaces in the standard library instead of a hodge-podge of random code thrown together by literal children. [2]
Etc, etc...
[1] Under-funded is the more generous reason.
[2] A very significant portion of NPM packages were written by people under the age of 18. This is either commendable or horrifying depending on your perspective. It's hard to prove though, because contributions are effectively anonymous.
That's really an insightful answer I enjoyed reading. Really brings me back!
I dislike nodejs for the same reasons. But do get the feeling that rust and go, maybe even something more exotic like elixir would be good alternatives as well for your use case.
I have barely anything to compare to your requirements tho. I personally would get panic attacks and couldn't sleep anymore if my dependencies aren't open source and I would depend on a company for any reason. But that's just me, it definitely sounds very mature
> I personally would get panic attacks and couldn't sleep anymore if my dependencies aren't open source and I would depend on a company for any reason. But that's just me, it definitely sounds very mature
Visual Studio's ASP.NET templates all have a literal checkbox for "Docker support" which is all it takes to have a hot-reload debugging/editing experience.
The dotnet runtime has very good Docker support, including automatic memory usage tuning to prevent it getting killed by Kubernetes or whatever.
The underlying "App Host" below ASP.NET has fantastic support for layered configuration, which by default supports environment variables, command line parameters, named environment configuration files, and "user secrets" in IDEs. All of it is strongly typed and supports runtime refresh instead of Linux style "restart the process and interrupt user file uploads to get a new config". There's plugins for Key Vault, AWS KMS, App Configuration, feature flags, and on-and-on.
The really fancy logging uses the high-performance ActivitySource APIs, which are used for lower-level tracing of dependencies and the like. Again, these are standardised throughout not just Microsoft libraries but most third-party packages too: https://learn.microsoft.com/en-us/dotnet/api/system.diagnost...
Aspire.NET can orchestrate multiple cloud emulators, multiple apps, Node.js front-end apps, and wire up the whole thing with Open Telemetry and a free local trace viewer (with span support) with zero config: https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals...
Windows GUI App deployments use standardised installer packages (MSI) that have simple devops pipeline tooling: https://github.com/wixtoolset Now... name the one package format that you can use to distribute client apps to all Linux distros!
When you run "dotnet build", the result is built, unlike Node.js where you end up with 150K tiny little files that need to be rebuilt again "in production" because oh-my-god it's a scripting language with C code blended in randomly, so it doesn't... actually... build. I just had the fun of trying to figure out why PM2 doesn't like musl or running under non-root user accounts, why starting a Node.js app takes frigging minutes whereas ASP.NET starts in milliseconds, and on and on.
All that, and finally, PowerShell, literary light years ahead of everything Linux has to offer. I have PTSD from bash and friends. It is so good, that I rarely even write C# nowadays for most of the critical government stuff and simply run smallish scripts as services, and change them on the server when intervention is needed in notepad, in a couple of minutes, while my colleagues still worm up their full-blown Visual Studio.
I love it like it is the hottest wife that have a great job, do the dishes and cooks like a grandma (I am bad at this :))
> change them on the server when intervention is needed in notepad
How is this any different than a Linux setup where you can just ssh into a box and edit your scripts in the shell using something like nano or vim if you're into that sort of thing?
It's not different. I am not talking about method, I talk about the language and ecosystem. Package manager for scripts? Yeah. Standardized names and params? Fuck yeah. Drop to dotNet on funky corners? Shut up and take my money.
Put pwsh on linux (I do, in all of them) and I will use ssh and vim no problem.
Yeah, that is a new thing, but honestly it existed a way back, its just that it is now officially supported.
But you are missing a point here. It's about the language, ecosystem and practicality. In shell, you need correct abstraction that lets you work in fast and efficient way and lets you interact fast when debug is needed. What is done using c# in 10 lines can be done in a single line in pwsh. In my book, lower amount of code, ideally no code, is the most important aspect of the development. Majority of things are not constrained by the performance, so pwsh is usually a good fit.
People used ruby, python etc. for infrastructure development long time ago and it was/is akward.
> What is done using c# in 10 lines can be done in a single line in pwsh
Mostly, yes. The problem is that the moment I need something more than what a single cmdlet or bash utility can provide, now I have to use an awkward looking scripting language (bash is the worst offender here). Almost every time I found myself having to write a somewhat long script file, I wish I could just do it with a C like language instead.
For simpler tasks, I fully agree. It is better to use something immediately available like an OS shell utility over coding one myself.
That script made noticeable difference in speed, quality and pleasure on our recent project (production tests on payment gateway for half of the country) as before I wrote it, devs did it by hand which took 10s of minutes every day with awkward tools (if they made an error, even more) and they complained about the chore. The script literarry replaces entire feature of the Sql Server Management Studio and I did it during the weekend.
Regarding syntax, not sure why would you consider that awkward. IMO, it can't be easier to read in any language, both configuration and code.
I think we are talking a bit past each other here. I don't contest the benefit of writing small helper utilities.
> Regarding syntax, not sure why would you consider that awkward
This is more true with Bash than Powershell. However, this is the same with programming languages in general. There are those who look at Julia's syntax and think it's absolutely beautiful and those who consider it to be absolutely bad and prefer Visual Basic.
And now add a small Python neural network to a .NET app. Just to do some mild AI stuff. Go on, I'll wait.
Oh, and I forgot: don't forget about data migrations. It's a freaking disaster in .NET deployments. Apparently, the best practice is to apply them manually?
There are several ways to manage migrations depending on the team structure and dev practices: SQL scripts, command line, bundles (single-file executables), and in-app. The team recommends SQL scripts since they can be reviewed, tuned, and managed by a DBA but take your pick. https://learn.microsoft.com/ef/core/managing-schemas/migrati...
What's with the "just copy it" thing? Nobody does that, we use NuGet packages, GitHub Actions, SDK supported containers, reproducible cross-platform builds from command line, etc.
edit: I'm sure some people use file/copy, but you sure don't have to. That stopped being a common thing 10+ years ago with cross-platform .NET.
I think you misunderstand- game engines are complex beasts and visual studio and/or .Net (in any of its incarnations) have the best debugging workflow I've seen.
It's been a few years since I've used Visual Studio, but for longest time its support for debugging multithreaded and GPU code was unmatched. This is one of the main reasons game developers loved VS. It also had good support for mixed language debugging which is very useful when your C# code calls a C++ library for example.
"I think you misunderstand- game engines are complex beasts and visual studio and/or .Net (in any of its incarnations) have the best debugging workflow I've seen."
I think you misunderstand: the market, ie the number of people who actually care about developing game engines, is tiny.
How many games developers do you know as a subset of the people you know of?
OP only managed to find a niche product area for MS to shine in and maintain traction - the moat thing. Nothing else apparently.
I for one would not miss MS one jot. I wasted so much time with things like autoexec.bat and config.sys back in the day. I got good at it - Novell gave me a T shirt on Cool Solutions for a boot floppy image that managed to try several popular NIC drivers (3c595, 3c905, 3c509, ne1000 and a few others) and get you to a network connection for imaging or whatever. Later on I get to ignore SFC /SCANNOW answers to searches. Do you remember WINS? What about the horror of time sync? The PDC emulator FSMO role is basically a NT domain controller. AD was a bodge from day one, tacked onto ...
Sorry, got carried away there.
Again, Typescript is cared about by whom and what on earth is ONNX?
Thanks for trying to expound on my expounding on the original. But, the response indicates they don't know and actively avoid learning. Thus, nothing would change their mind.
PS: to throw some shade- I'm surprised they didn't (mis)spell it M$- after all everything they mentioned is making me nostalgic for phpBB based tech forums in 2004.
ONNX is a format that allows you to run AI models without Python in any language that implements ONNX, there's even an ONNX implementation in Go, meaning you can churn out even more performance out of AI models and waste drastically less resources (Go, Rust, C++, Zig, C, D etc could be used to squeeze performance). Think of it how Java produces a JAR file, well an ONNX file is a file that could be run by any runtime built for it. Another reasonable analogy would be WebAssembly, but to a degree.
Microsoft, for all their warts, has the absolute best documentation for every public API in Windows. I'd go so far as to say it's better on average than manpages in Linux and BSD and light years better than the actively hostile bullshit from Apple.
Submitting a bug report though, you gotta know people or know where to ask.
The old documentation was the best. The new stuff is a mix of barely acceptable and absolute crap, and some of it is even AI-generated. Here's a recent funny:
> Microsoft, for all their warts, has the absolute best documentation for every public API in Windows.
That is true in some areas of MS's output, but far from all. Some of their documentation is concise but understandable, complete, and up-to-date. Some of it is auto-generated garbage that is only of use if you already know what you are doing and looking for a remainder of a detail.
Some of it is absolutely awful, I've run into numerous issues with Azure related documentation. This is in part because that side of things is rapidly evolving, but sometimes the new information isn't even there, and sometimes it is faff to identify it from information about the previous couple of iterations that are now deprecated. One recent example: installing some of their SQL Server and Azure storage access tooling on the latest Ubuntu LTS release (24.04, now over a year old). The repos are there, maintained, and supported, but the documentation doesn't mention anything beyond 22.04. Yes it is easy to work out what to change, mostly just substitute 24.04 for 22.04, but the docs should be updated. Also, instructions from different documents, all from MS, put their public keys for package signing in different places, which can cause confusion (not an issue for someone like me familiar with apt & related tooling, but I can imagine it being very frustrating to someone less experienced with those parts).
Some of the advanced stuff has great docs. E.g. SQL Server and its wire protocol. When you need to write client to a language that doesn't have one, the TDS doc from Microsoft is amazing. Compare that to e.g. Oracle and you know what I mean.
In general SQL Server is such a great product. If you cannot choose PostgreSQL for some reason, make sure your buying manager plays golf with the Microsoft sales people, not with Oracle.
Setting aside the debugger, visual studio has to be the worst IDE I've used. There are so many rough edges it is astounding.
On an ancient project, among other things I've been editing JavaScript code both in js files and inline script tags in aspx files. The indentation auto-formatting appears to choose new levels of indentation using a random number generator.
You can't add a new file to the project while it is running, or even create a file through the context menu, but it can detect when the files have changed externally and recommend restarting the project.
There's a thousand little things, but the indentation auto-formatting abomination is a constant burr under my saddle.
Azure has some things about it that I don't like (compared to AWS), but it wins over AWS for Azure App Services. Essentially, IIS (webserver) as a service (PaaS), with autoscaling, auto-deployment, hot swap slots, auto-recovery, backups, etc. At it's core, it's basically a managed Docker container (either Windows or Linux) with IIS, so you can customize it quite a bit like a familiar VM, but unlike a VM, updates and security is all managed for you.
Beanstalk is a joke compared to AAS, and I'm more than happy to stay far away from Docker/K8s until that complexity is actually required, which it usually isn't until an entire department handles your K8s clusters/EKS.
Maybe it's baby duck syndrome, but I've gone out of my way to use gdb over VS's debugger. A simple .gdbinit has more expressive scripting power than a GUI can ever allow.
I still find it hard to believe that so many people and companies are prepared to use Microsoft's online/cloud services.
Not ony is this a single point of failure but it's one they've no control over whatsoever. Same goes for Google/Youtube etc. It's as risky as flying a passenger jet with only one engine.
What are they thinking, why are they prepared to risk everything?
Most companies enter into a contract with Microsoft. That is infinitely better than using a 2 person startup that runs out of a garage. Contracts come with strict terms of service, SLAs, service expectations and such.
If you had a restaurant, would you source your produce from your trusty friend who grows vegetables as a hobby or from an established mega-farming-company?
Ironically appropriate example. Many of the most famous restaurants in the world, like Noma [1], are famous precisely for sourcing ingredients that bypass mega-farming. At Noma many of the dishes are based on the produce provided from local foraging.
And contrary to what you might expect from its presentation/reputation, the place itself is just a building surrounded by green houses and a guy growing and harvesting most of his own stuff. It's an extreme example, but the issue is fairly typical at nice restaurants.
Kind of a tangent, but a lot of brick and mortar business is far less profitable than most think. A McDonalds franchise owner is looking at ~$150k/year profit on average. And with lots of other fun stuff like the fact you don't even own the property, it's rented from McDonalds. And that's going to likely trend downward as McDonalds continues to put the squeeze on franchisees and labor costs continue to rise.
And far from passive income, there's a joke that buying a franchise is basically buying a job and not just any job - but a stressful, thankless job with terrible working hours. And the price tag for this new life of luxury starts at around a million dollars.
I like your argument, but McDonald's gets their ingredients from multiple suppliers, all selected for their specific specialism.
They also don't run the cash registers on software provided by their meat supplier.
In Dutch government (especially local), for example, almost everything runs on Microsoft. From e-mail to web sites to chat to internal software. And with AI coming up, Microsoft is effortlessly capturing that market too by including Copilot in existing contracts.
I'm not really sure this is true. Big companies find themselves with a big problem by the nature of their own weight. To simply exist they need to see revenue in the millions, if not billions of dollars. So everything rapidly becomes about money. That, in turn, equally rapidly leads to rent-seeking as a goal, which just generally turns everything into a dystopia from inception to production to launch.
> If you had a restaurant, would you source your produce from your trusty friend who grows vegetables as a hobby or from an established mega-farming-company?
You sure you like this analogy? Every ambitious restaurant (Michelin stars, World's 50 Best, that type) uses small farmers to try obtain higher quality produce.
It's chain restaurants and shitty family restaurants that use the large suppliers.
No, I'd never use a 2-person startup, that's silly and irresponsible. I'd keep my services in-house and use multiple companies to store backups as I've done for decades—as we all used to do before the renting/leasing software (ripoff) model.
Nor would I ever use software that lives on a remote server that I've no direct control over.
Let's hope Trump does more blocking, it's the only way to wake up a lazy sleepy world.
BTW, isn't 'infinitely' somewhat of an exaggeration?
Do you consider the same single point of failure to use AWS?
There's a pretty significant lower bound of size to where you can reasonably have multiple points of failure. And like oh well if you use this stack you could theoretically move at any time isn't really the same thing as being multi-homed. I've been at places where this has been a concern of the leadership but the economics of it have never really worked out compared to spending your time working on anything else related to the business.
people live paycheck to paycheck, they have limited ability to create food, they rarely have enough safety equipment nearby to survive a heart attack or a fire, and afaict this is all accelerating.
Also, if you're a small business without a dedicated tech team, what are your options that don't involve relying on a single big company?
Speaking for myself, running a bakery, I chose MS 365/Teams with regret but accepting that there's nothing else out there with the same value proposition except maybe Google workspace.
They have regional pricing so we get everything for the equivalent of $3.50 per user. Basically no other apps offer regional price - Slack alone would cost about $8 a user.
This includes chat, calls, messaging, 1tb of onedrive space per user, calendar, planner, emails, office, plus loads more.
Sure, it's janky but it basically works. The only thing I've found with a close value proposition (still slightly more expensive even if I limit to just a few gb of space per user) is self-hosted Nextcloud, which is about the same level of janky and requires a tech person or team to set up.
> The only thing I've found with a close value proposition (still slightly more expensive even if I limit to just a few gb of space per user) is self-hosted Nextcloud, which is about the same level of janky and requires a tech person or team to set up.
I would not imagine storage to be a major cost with something like Nextcloud. They major cost is going to be the tech person to set it up, and you do not need that many hours to do it. Mostly an initially one off cost will be high, and big upgrades might be a lot of work, but maintenance should not be
I've already set it up and we're running a test with 4 users since about a month now. I'm hosting it on Hetzner VPS with storage on Wasabi, backups on Backblaze. You're correct that storage is cheap. Compute and ram are the main costs, and I'm not sure how to quantify that until/if we run with the full team of 30 people. My current setup of 4 dedicated vcpus, 16gb ram is massive overkill for 4 people, hopefully it's enough for 30.
It's currently at around the break even point compared to MS Teams. I think maybe $5 a month more expensive all in for the VPS, storage, and backup.
It would be cheaper if I could run on Arm but unfortunately Hetzner doesn't have that in their Asia region yet.
> No reason to not just host email with any domain provider and manage the rest with a small NAS in the office.
Sounds like even more of a single point of failure, just on your domain provider (who's much more likely to go out of business) than Microsoft. And one with no chat, or phones, or conference calling, or shared calendars, or endpoint management, or SSO, etc, etc.
Just sticking all your data on a cheap NAS in the office works for a few people, although it becomes PITA to do granular permissions when you don't have any proper central authentication. But then it's also a massive single point of failure, so you need to implement a backup solution, and then a way to share files outside of the organisation, and then a VPN so that people can work remotely, and then some monitoring so that you know when a disk fails....and that's getting way beyond what a non-technical person can manage.
It's fine if you're just using it for your hobby. But building your business on top of something like is very likely to come back and bite you in the arse.
What do people consider as NAS? A Network Harddrive? If you buy a "normal" Synology Nas it comes with shared calenders, office, VPN control, several backup options including Aws and Azure and a lot more. Typical setup and forget setup, thanks to their high package quality.
And I am sure there are even better options than a household Synology.
But putting everything in a cloud and fully depending on a single provider that for the majority of people is in a foreign (and politically dangerous) country is definitely not the obviously better option.
Well yeah, that's what a NAS is. What you're talking about is just self-hosting a all-in-one server, like people used do with Windows Small Business Server, and all the problems and limitations that comes with.
And plenty of small businesses and hobbyists do that, and then after they "setup and forget" it they get compromised or lose their data a few years down the line.
Yes and no. I've been in companies with windows business servers that were a constant pain to manage. Whereas the modern NAS, Building on stable open source software mostly offers the 'just works' experience people are looking for + the business grad documentation.
Why would using a NAS (or small server) mean ignoring any basic logic (and business requirements) and not having off-site backups?
SBS server "just works" if you just set it up once and then ignore it, your requirements never change, and and don't do basic things like maintenance and installing updates as well.
People absolutely should be setting up offsite backups. And more importantly, testing them so that they can prove that they work. But if they have no technical team then neither of those things are going to happen.
I personally think Google workspace is better for small business. I think filesharing/permissions/synchronization is much easier and more intuitive across machines and employees and since everything runs in the cloud if you have say, iPads for the POS they can also use Google everything pretty easily.
Google Sheets is IMO also much nicer than Excel and for small business you don't really need to deal with Excel lock in.
Yeah, we were just starting out and really needing to keep every possible cost down when I chose MS. Looking back I definitely wish I'd paid a bit extra for Google Workspace though, it does look much better suited for a business at our size. Plus, I just cannot get people to use MS Office, they're constantly sharing Google sheets and docs around. Habits are hard to break!
Teams is much better suited for a company with 1000 staff and a tech department. Admin is massively overcomplicated. Oh well, hindsight is 20/20 I guess.
> That being said, the price you got seems unreal.
We're in Vietnam, and like I said, regional pricing. It is a good deal, but doesn't look quite as unreal from over here. Really wish more companies would do regional pricing, $8 a month for slack, $10 for notion and so on is basically a no go for a small business here.
It's a simple opportunity cost calculation. The service is there, provides value. Creating a replacement is not realistic. Paying for another replacement gives you potential headaches from using a less popular service. So when choosing between not doing a thing or doing a thing with the risk of spof, it's often a reasonable choice to go with those services.
> There was a recent incident where Microsoft somehow allegedly blocked a mailbox of a sanctioned individual. Any organization highly depending on MS products that might come into the crosshair should ask - can this happen to me? What would be the cost? How much I invest into prevention of this scenario? In this article I try to get the facts straight and use a return on security investment calculation to try and judge this situation in a rational way. Let’s grab our tinfoil hats and find out if it’ll be fine.
This applies to any company homed in the US. Not sure why Microsoft is singled out. Why Google, or Amazon, or Apple would oppose demands of the US government?
Maybe that's a good correction or follow up article to consider. These concerns aren't specific to Microsoft in any way. They apply to all tech companies that wish to operate within the United States.
It is a good point and a weaker spot of the article.
First of all, I now cover MS since this incident made headlines. If you are aware of any such incident from the other providers, I am interested.
Another argument is that more companies depend on MS more. Even in high-tech startups and scaleups you'll find traces of Win machines, AD and Office. On the other hand, there are plenty of companies that don't have AWS deployments at all.
Another thing worth noting is that out of GAFAM, Microsoft is the only one that really has vertical business integration that's worth anything, which is why they're the default for so many companies.
AWS is just a hyperscaler, they don't do the full business stack outside that. Google has a full business stack (read: office tools, email, hyperscaling) as an option, but the experience is miserable because Google constantly deprecates and changes things on a dime, which is why most people avoid them. Killedbygoogle stuff doesn't just apply to their non-paying customers, it applies to their paying customers as well. The moment you try to build anything outside of Gmail or Google Docs, you're subject to their whims and depreciation policies. (Case in point; Google has been sending me scare mails that they're going to kill an OAuth service I set up ages ago because it had no logins for 6 months. They just randomly decided it and gave me a month to deal with it. Their solution isn't just "hey, are you still active" - I am, that's easy to see - it's "just do a login and make sure you do a login every 6 months". If it was just a checkbox in their admin panel, I'd probably have done it without a second thought, but I really cba to figure out what the OAuth service was for, so I guess that OAuth service is gonna bite it now. Probably a selfhosted git forge or something that offered easy Google logins?)
Apple has everything except for hyperscaling, but it's all aimed at normal users, not corporations; I'm pretty sure they don't even have a business version of iCloud? The closest is that they offer MDM and bulk buying individual plans afaik. (Facebook isn't in this industry at all.)
Microsoft is the only one who offers a full kit and the promise that they won't pull the rug out under you. They're also the only one that really tries to take legal compliance and depreciation timelines/upgrade paths seriously. (AWS and Google just pass it off onto the customer with a "figure it out", while MS has loads of infrastructure for both of these.)
It's a hard business to replace if Microsoft goes bad with O365/Azure.
We (the EU) should have a reasonable response for monopolistic or significant market share suppliers that may fall under the control of foreign governments that could mitigate this issue. Else I noted:
(the EU) doesn't need to throw out the baby with the (US-controlled) bathwater. The EU should present Microsoft with an ultimatum similar to what China might: setup a non-controlled european licensee to own and manage all MS & Azure infrastructure in the region, or have some legislators force a similar structure on them. Complete control, full sourcecode, EU-only support/access - as a condition for corp HQ being allowed to have a monopolistic market share. Either way, nothing the US might decide to do should have any effect in "EU Microsoft", short of severing US Microsoft off completely, in which case EU MS just becomes fully autonomous and bye-bye US. Clearly, a US-controlled Microsoft without this structure is a deep security risk to europe now.
> Make your technology fungible and risks disappear.
Not wrong in principle, but the failure mode here is that the political winds have changed. Tech alone cannot help you if you do not hedge against that risk.
Some things go deep, true. However most businesses don't use most of Microsoft products - even the ones that do, the usage of the more complicated products is far more minuscule than imagined by e.g. CFOs, etc.
The real thing keeping many "in the fold" as it were would be authentication services.
Which are overcomplicated and probably easier to manage without...
Right, it’s stuff like Active Directory and how everything’s tied together. Once you’re using that for auth, it’s really tough to back out without a lot of effort.
We’ve looked into FreeIPA and similar options, but honestly, nothing really holds a candle to Active Directory yet.
AD and Domain Servers are like a cancer that will grow metastases around your org, costing user and client cals all over the place, even for every desk phone if you're not careful. The only winning move is never to play their game in the first place.
I'm in a situation where due to staff skillsets and ease of management then GPOs are required. Local GPOs would be insane to manage across thousands of PCs
InTune/MDMs are finally eating away at the need for GPOs for most use cases. Someone already familiar with AD & Group Policy should be able to easily transition to InTune Configuration Policies. MS even has a tool now to import your GPOs.
There's still a few that don't have direct equivalents, but the list is growing smaller and smaller.
InTune is part of Microsoft's strategy to make everyone dependent on their cloud. It's like switching from Heroin to Fentanyl because you want to get off of your addiction.
Yes and that is a very common case. Windows is designed so that you barely have a chance to deal with your case without Microsoft components all the way. You would need a company with enormous resources to play catch up with the highly integrated and proprietary connections between each component.
It's a rigged monopoly and has nothing to do with a market economy. Once you have been forced to use Windows, you are doomed.
> Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function either as an Active Directory Domain Controller or as a member server.
What's something that AD provides that this does not?
It certainly sounds like an (almost) drop-in replacement.
Samba4 covers core AD features like Kerberos, LDAP, and can act as a DC, but it’s not a full drop-in. GPO support is limited, management tools aren’t as robust (no full RSAT equivalent), and some advanced AD features (like DAC or ADCS) aren’t supported. Fine for smaller setups, but not 1:1 with enterprise AD.
It really depends on the size of the business. With smaller businesses it is easy to use alternatives. However any business beyond 1000 employees will give in to shareholder pressure and adopt distrust as its core value.
Microsoft Active Directory has excellent tooling for middle-management-heavy businesses. For better or for worse it provides the most integrated solution to reduce a desktop PC to a perfect thing for repetitive, boring, soul crushing office work. No other software solution comes close.
While I like Windows as a desktop platform, the reasons that it was designed as it is are very clear. To make cheapest laptops as dystopian as possible, you need systems that can run the same boring software for decades. Not for the good for the environment but for profits.
Windows provides all APIs to deeply integrate with Active Directory and MS Office. All engineering, accounting and finance software are deeply integrated with them. They literally run entire countries. I have seen engineering software that used Visio diagrams for designing factory pipelines. It is near impossible to pull the bigger businesses and governments out of this trap without completely upending entire sectors worth trillions. I think only very determined regimes like China can pull it off.
Massive. AD isn't just LDAP and Policies. There's somewhere around 14 services that are involved, even NetLogin still has it's tiny part to play. AD uses LDAP referrals, expects clients to follow them, and use the SRV records to find the DC in the same site (if one exists). AD as it is typically deployed is active/active multimaster with per-record tiebreaking based on edit time, client-based load balancing with proximity awareness, ACLs for every possible field and record, overridable at any point in the tree (389ds can do this, but openldap is a nightmare). There's a full automated PKI in there for managing certs for everything, and that's before we get into the KDC logic, the strange things SYSVOL can do, and various other things that integrate with AD.
Samba, krb5 &co can handle small cases, but it's architecture is still stuck in the nt4 days, and there's limited cohesive integration with LDAP and the other services.
Active Directory is not one single product. It is an ecosystem. Windows desktops, Windows servers, Microsoft Office, Azure, third party apps running on Windows using Windows APIs and Microsoft server products are all supporting it.
Here is a typical office use case in an engineering environment:
A user logs into their Windows laptop. It uses a Windows domain which is part of Active Directory system. It connects to the domain server to check the credentials. Those credentials are regularly cached into the Windows laptop. Moreover the company issues smartcards for sensitive access. The user can use the smartcard to login to the laptop too. Active Directory handles the certificates. The manufacturer's driver software integrates with Windows and the Active Directory system.
Group Policy is also stored by the domain server and depending on the user's credentials and the roles in the Active Directory system, the relevant engineering apps can be automatically installed on the user's laptop (let's say Altium or Autodesk). The engineering app then integrates with Active Directory to associate the license with the user's identity on Active Directory.
The user does their work and want to save a report from the engineering app (let's say a Bill of Materials report), it can be automatically saved to user's OneDrive account as an Excel file. The user can then take this report and share it on SharePoint which is OneDrive but more businessy and it supports creating web pages. So now the user can publish this as a web page in their department's SharePoint instance which they use as the main documentation portal. All of the other third party software like VPN logins, HR systems etc. are all also depend on Active Directory to get the credentials.
The scenario above is not just hypothetical. A majority of the biggest conglomerates and even smaller companies are completely locked in. Most of the Western governments too. The usual infrastructure roads, pipelines, power lines etc. were all designed and managed in Active Directory connected Windows PCs.
You cannot just replace Active Directory. You need to replace all the infrastructure around it. That includes not only Microsoft systems but also all the third party software that integrates with it. It is a multi-hundered billion dollar industry of proprietary apps all integrating with each other.
> Out of curiosity, how hard would it be to copy Active Directory in an open source project (like how Excel is copied by LibreOffice)?
>
> Like if orgs need this capability why is there no good open source solution?
Btw if you think LibreOffice Calc is anywhere close to being an alternative to Excel, you are very mistaken. Just in the basic set of functionality, Calc is 2 decades behind. Excel has a lot of integration with databases to automatically fetch data and update the fields accordingly. If you have a big spreadsheet, Calc struggles a lot while Excel can scale millions of rows quite easily.
Why there is no open-source solution? Because it requires a central entity to develop those elementary APIs combined with an operating system and office suite combo. The entity needs to convince all those multi-billion dollar companies to buy their product. Then it needs to send engineers to work with both clients and software vendors to handle all sorts of kinks and weird use cases.
Microsoft has been doing this since 90s. The entire corporate desktop ecosystem has developed around them and they ensured that Windows and Office would be a centerpiece of all those systems. A bazaar-style open source ecosystem will not be able to manage the scale. Without a central vision and strong product management, it is not possible to mesh multiple projects together. The current open-source systems cannot even agree on which GUI display protocol to use which is just microscopic compared to everything else.
Only a very determined government with virtually unlimited funds and very stable decision making (very likely to be authoritarian) can force all the companies to switch something else. China is that government and they are somewhat successful but not entirely.
And, you can couple all that with Microsoft 365 to enable cloud-first for everything that makes sense. Cloud Active Directory (a.k.a. Entra), Intune and Autopilot for devices that can be shipped directly from Dell and provisioned/set up through a M365 sign in by the end-user. IT never even has to be in the same zipcode as the new laptop or ever remotely connect to it to perform maintenance tasks.
Cloud AD also works seamlessly with on-prem AD, allowing things like online, self-service password reset for the domain, and in the reverse direction to use TPM-backed certificates/WebAuthn for securing web apps or anything behind MS-linked SSO. Of course, it also integrates tightly with Azure, so you can do RBAC for any VM/service in Azure, since they automatically get service identities in your AD.
That level of integration is so far above anything else on the market that it isn't even a discussion.
> IT never even has to be in the same zipcode as the new laptop or ever remotely connect to it to perform maintenance tasks.
That sounds nice, but that's not exactly a feature specific to AD.
All perfectly possible with a couple well placed scripts and some remote logins.
> TPM-backed certificates/WebAuthn for securing web apps or anything behind MS-linked SSO
Yeah this is the overengineered stuff that is therefore difficult to replicate. Certs and auth predate AD and Azure, the lock-in comes from the overcomplicated SAML style rickety tower of doom that just barely functions...
How are you having Dell ship a brand new laptop to a non-technical user and having that machine configured/software installed with a couple of scripts?
Autopilot locks Windows OOBE to your Intune instance based on the serial number. The user only has to know their email and a temp password if they're new, or existing login/otp if not. The device can be remotely wiped, and it will start back over at the OOBE (Windows install), ready for the next user.
You can't achieve that with scripts. That requires the ubiquity of Windows as an OS (so device manufacturers play ball). You may find that lock in distasteful, but if that's the world you're already in, it's a magical timesaver.
If your point is there is a heavy vendor presence, yeah, sure.
But yes, it is all scriptable. Someone has to provision the device, whether that's you or Dell, that's your choice as the customer, not some inherent superiority of one system over another.
That is the conclusion I've reached in the article. The biggest variable here is whether we start seeing more sanctions enforced by MS. If yes, the risk will become more unbearable.
Yeah, I skimmed the article too, but didn’t see much on Trump’s policies directly impacting Microsoft.
From what I gather, the bigger challenges for businesses are more about the tech ecosystem Microsoft has built. It's hard to just swap out core services like AD without huge disruptions.
Ah, that makes sense. I missed that detail on first read
Yeah, I can see how events like that raise real concerns for foreign governments relying on US-based infrastructure. Even if Microsoft isn’t directly doing anything aggressive, the potential for state pressure is enough to make countries want more control over their tech stack
Trump has been outrageously hostile to our supposed European allies, and is extremely petty, vindictive, and doesn’t give a damn about security or privacy. Furthermore, the checks that would normally provide counter this like congress or the Supreme Court are currently stacked such that he can do horrendous things without consequence. Our media and tech companies are also more than happy to avoid challenging him.
Other countries reliant on US based cloud giants are understandably alarmed at his behavior, and it is now a strong possibility that Trump will attempt to use their reliance on our tech companies to wring from them whatever he wants.
So the idea of escaping US tech monopolies has become very popular among those paying attention.
And the hardest part of it often ends up being "We can replace most of Microsoft's apps and services except one (and it's usually Excel) so we might as well just keep everything else."
Microsoft is king at "Good enough." It's rarely the best option of anything, but what they do put out is bundled aggressively and is generally "good enough."
So, you have a business where a large portion of the user base needs Excel. So you have licensing for that. Sure you can still use other services - you can use Okta instead of EntraID, some other MDM besides InTune, some other EDR besides Defender but once you have 1 product, why would you, when it's significantly cheaper (both in terms of actual cost per user per month and in terms of employing talent that can administer a MS ecosystem) to just go all in with Microsoft.
Because of the way Microsoft designed their suite of software and services, the only realistic choice is either all in on Microsoft, or no Microsoft at all, and to fix that we need antitrust action.
I don't think expected value is the right way to evaluate this. All insurance is negative expected value (that's how insurance companies make a profit), but businesses find it rational to buy insurance.
Also I'd say your risk of getting cut off is much more than 1 in 2 million, because there's nothing to say this can only be done to one company at a time. What if Trump adds e.g. a whole country to the sanction list, and tells Microsoft to cut that country off?
> That's the trick behind ROSI. You weight the expected cost without mitigation against the mitigated cost plus the cost of your solution.
Right but that's clearly not the right way to think about it; if you did that you'd never buy insurance (and probably never do any security work tbh, since very little of it can be justified in expected value terms). The impact of catastrophic damage is nonlinear.
Yes, at the end of the article I come to the conclusion that this method has flaws. But the general insurance can be modelled with ROSI.
Say you have a 300k USD car. Say that a crash will cost you the full cost. You expect one crash in five years. You then have a yearly expected cost of 60k. If you get an insurance that pays for it all, for 10k USD a year, your ROSI is 500% which sounds like this insurance product is great for you.
> Say you have a 300k USD car. Say that a crash will cost you the full cost. You expect one crash in five years. You then have a yearly expected cost of 60k. If you get an insurance that pays for it all, for 10k USD a year, your ROSI is 500% which sounds like this insurance product is great for you.
But in the real world those numbers are backwards - otherwise insurance companies would go bankrupt! Your insurance for that will cost, like, 70k/year, your ROSI will be 80%, and you'll still buy the insurance, and you'll be right to do so.
Sorry, I don't follow then. Of course insurance companies will try to make a profit. The core of the method can be used to compare insurances and technically anything above zero is a good investment. I will reply no further here.
Of course it was an oversimplified example. All I wanted to show that ROSI can make a compelling argument for buying insurance. Now you're arguing that insurance is too cheap.
> All I wanted to show that ROSI can make a compelling argument for buying insurance.
But it can't! In the real world, insurance will always be a bad idea in expected value terms (unless being sold by an insurance company with bad pricing that's about to go bankrupt). Your model doesn't work and the only way you can pretend it works is by making up unrealistic fake numbers.
That's like saying that you can make profit off credit card debt if rates are negative. It's not a real-world case and nobody is going to offer that, it's not an analysis of any insurance that actually happens.
In the era of globalization businesses expected to only follow a set of harmonized global laws set through treaty. TPP etc. Now globalization is reversing and business is expected to follow the law of the nation they're from wherever they're operating.
The expectation was that international trade courts would be placed above and overrule national courts. That's why the reaction to TPP was so negative.
I'd argue that the laws that must be obeyed form an odd superset of the laws of the nation from where the organization is operating and the laws where the users are located. Where those laws intersect nicely, the mode of operation is clearly defined, where they do not intersect, the mode of operation becomes very tricky. (As we've seen with privacy, cookie laws, etc.)
I think the current subtrends of things like a resurgence of interest in mechanical watches, fountain pens, steampunk, etc, are sort of a large excursion on a dampening social problem: that technology is too far beyond our comprehension.
Can you even even tell what network stack got you this packet?
How about the protocols that got it from the network to your screen?
How about the quantum mechanics of the phosphors that pushed out the photons?
There are certainly techno-luddites/visionaries who are running their own email servers, but it's a pretty hostile environment for personal email servers. Ignoring the spam, just getting the existing big boys to trust you can be humiliating exercise in futility.
Can I get by without Excel? Sure. Google Sheets? Sure. No spreadsheet at all? Gonna be hard.
A good business continutiy plan will accept that and any other risk with the compensating control of insurance. Yes, there is a statistic and probability of your entire business going out like a lightswitch, however if you have insurance to mitigate that risk, it isn't game over.
GitHub is also from them and brings the very same risks. The solution would be to build viable open source alternative but decentralized. GitLab Federation [1] or Forgejo (Codeberg) Federation [2] might be the answer.
I can't understand why people are still using proprietary software like Windows or OSX when superior free software exists. It's a testament to the hidden monopolizing forces which exists in our society.
Linux only just gained support for things like HDR, a decade after macOS or Windows, and the main desktop shipped by the main distributions doesn't even natively support tray icons.
I'm not sure it's superior. Although GNOMEs workspace implementation imho is vastly superior to both Windows and macOS
> and the main desktop shipped by the main distributions doesn't even natively support tray icons.
…while perhaps there's a distribution out there that I'm unaware of not having tray icons … I've had tray icons since the first time I used Linux, and I still do?
Then why is it that every person I know or even heard about who switched to Linux never went back to OSX or Windows?
The only thing which made them use OSX or Windows in the first place was their ignorance of alternatives. Clearly you've never used any consumer-grade Linux distro like Ubuntu.
Are you kidding? By the time you get through the first half of the requirements document of most windows customers, OSX and Linux alternatives have already been thoroughly ruled out.
It seems that both RHEL [1] and Ubuntu Pro have docs on FIPS, so it looks like the distribution vendors have thought about this problem, at least for paying customers. Might you be able to sketch out what the problem with FIPS compliance on Linux is?
Oh I know about this, but tell what’s simpler: Embed wolfssl per app / make it work with openssl as a module (for system wide usage) or turn a registry key to true?
OSX hasn't existed for five years and hasn't been publicly advertised as that for much longer, so your sampling may be biased.
> The only thing which made them use OSX or Windows in the first place was their ignorance of alternatives.
No, it's the availability of daily software that people use, like Excel, Word, Outlook, etc.
> Clearly you've never used any consumer-grade Linux distro like Ubuntu.
I daily drive a Linux distro. I don't pretend it's better for the average human than MacOS or Windows. The market reflects that. Clearly, you've never worked in an office where the only thing available is a Windows or Mac laptop because those are what IT provides and that's where your customers/users are.
If you take it directly on a Walmart scale, then I'll argue that you can't outcompete Microsoft. Note that you need to bring your own ID, Auth, Office, desktop system, etc.
If you have a smaller scale, then you've invested less resources into MS therefore you have a lesser budget to work with.
I wonder. Even Walmart is still not operating at the scale the hyperscalers do, and their systems will be far less varied, far more homogenous and under their own control. They are big enough for a lot of economies of scale to kick in.
> Note that you need to bring your own ID, Auth, Office, desktop system, etc.
Do Microsoft entirely manage all these systems for them? Otherwise they just swap managing one system for another. A quick search seems to show Walmart do hire sysadmins so the current cost on top of what they pay MS is not zero.
> The Trump politics are, for a lack of a better publishable word, unpredictable.
That's one of his most powerful weapons. Like with terrorism, nobody knows who or what is going to be next on the executioner's block, and thus nobody can safeguard against it except cut all ties with the U.S. if you're lucky enough to be outside.
"I was horrified to learn that there’s an Azure container behind every cell of a spreadsheet executing the python code instead of… you know, my PC doing the work."
Fundamentally it’s hard to pushback against an authoritarian government. There is very little to stop Trump from sending Doge into MS headquarters with Marines and demanding admin access so they can make the change. Thinking the dependency on Microsoft (or any company) is the risk then you haven’t been paying attention.
The trick with Microsoft is to very carefully separate the good parts from the bad ones.
Labeling all of Microsoft as banned is really constraining your technology options. This is a gigantic organization with a very diverse set of people in it.
There aren't many things like .NET, MSSQL and Visual Studio out there. The debugger experience in VS is the holy grail if you have super nasty real world technology situations. There's a reason every AAA game engine depends on it in some way.
Azure and Windows are where things start to get bad with Microsoft.
> There aren't many things like .NET, MSSQL and Visual Studio out there. The debugger experience in VS is the holy grail if you have super nasty real world technology situations. There's a reason every AAA game engine depends on it in some way.
The reason all the AAA games are on it is because they're on the Windows platform, and more importantly their customers are on the Windows platform.
If 95% of gamers ran MacOS instead of Windows, you'd see a very different tech stack among game developers.
Game customers are on Windows because DirectX has been superior to OpenGL - development wise - for what, 30 years?
> OpenGL
OpenGL is legacy tech, just as DirectX
Vulkan is the new shader thing, and has been for at least a decade by now.
DirectX12 is still much better to use than Vulkan.
Natively supports Xbox and PC. Can run on Linux with Proton. The Playstation API functionally resembles DX12.
Vulkan is extension management hell (but has gotten much better, I concede)
Forgive me for being an idiot but i was under the impression dx12 was closer to vulkan architecturally which makes it easier to port to Linux display drivers (and thus why it has)
> has been
I was talking about the past.
No
1) OpenGL is a (now legacy spec) and DirectX is an API on Windows. OpenGL spec is implemented by your GPU driver.
2) DirectX is a collection of multimedia APIs on Windows. OpenGL is just graphics. Direct3D is one of those APIs.
3) Thirdly OpenGL and Direct3D (before version 12) are pretty much the same in they can do. The code is pretty similar IIRC (though it been some time since I've done Direct3D programming).
4) Devs use DirectX because there is a full set of APIs for the target platform. Linux and Mac aren't typically targeted when making a game. Mac and Linux sales have been a very small percentage historically.
No, they're on Windows because it was the only viable gaming desktop environment during the 90's and 00's. Apple was all but dead and hardware was limited, Linux was in its infancy, Unix vendors didn't care about normal desktop users, etc...
In the early days of 3D gaming, there were studios that used OpenGL over DirectX on Windows. ID Software were the best known example of choosing OpenGL over DirectX.
Of course excellent OpenGL products exist (ID software is the worst example because they were... geniuses), but from the developer point of view, DirectX was the full package.
Yes, that's the essential reason. Even though that barrier has been lifted with Vulkan matching DX12 in many ways, the accumulated mass moves slowly.
Has there been a game where vulkan performance has been better then dx12? Whenever they are side by side vulkan always performs worse in my experience.
If games run faster on linux with DX12 translated to Vulkan than they do on identical hardware running on Windows 11 then I can't imagine a particularly big performance difference.
There have been cases like that, e.g., RDR2, but I think it mostly comes down to implementation quality.
Everything feeds everything else. If Apple had a stack and a business model that worked for game developers, you’d see a different stack.
Microsoft is where it is because they are viciously competitive at different layers of the stack. Apple wants a piece of every nickel, Microsoft wants a piece of every computer. They license windows for every Mac user in a company.
How do you separate the good from the bad? What do you do when Microsoft changes the good things into bad things?
My take is that Microsoft consistently makes bad things and makes "good" things into "bad" things; so, I don't have much expectation or faith that anything that I currently think is "good" will stay that way.
Services are bad - that is what the first part of the story is about.
However I do not think it is different for any online service. Any American company would have to cut off services to an individual (or organisation) subject to sanctions (the main example given). The same might apply to other countries for various reasons. There are various reasons a service might fail, or cut off a particular customer (lots of reasons, lots of examples in previous HN discussion).
What has changed is that the typical MS customer is a lot more dependent on MS services - MS 365, Python in Excel ONLY works in the cloud, people used hosted email instead of their own Exchange installation...... That means MS cutting off a customer would mean all their IT would cease working. They can just shut down any organisation with that level of dependency if they are ordered to, or decide to, do so.
> How do you separate the good from the bad?
Developer tools and enterprise stuff good (mostly). Consumer products bad.
For whom? Microsoft?
I don't know which of their developer tools I would consider good. Or less worse than the competition
I consider C# / .NET to be one of the best options for application development.
Many would consider both VSCode and Visual Code pretty good. There might be better alternatives, but generally I'd say they are more good then bad. Github is also a good product. Maybe not exactly a develop tool, but Power BI is also fairly good.
Borderline developer / enterprise solution: SQLServer is great to work with. Maybe not the best relational database server, but it's every bit as capable as MariaDB and I'd prefer it over Oracle.
Github was a great service well before Microsoft bought it.
The best thing about Microsoft’s stewardship has been that they haven’t fucked that up.
Before Microsoft bought it you could still search it / codesbases without making an account. Alone for that additional pain I would argue they instantly made it worse.
Only from personal experience: people in the Microsoft ecosystem absolutely love visual studio, and hate the idea of migrating
MS office is 30 years ahead of open office.
did you get those the wrong way round?
office 95 (without the ribbon) is more usable than office 365 (with the ribbon)
no. the ribbon is fully customizable with greater functionality than traditional menu.
> the ribbon is fully customizable
so was the one in office 95
> with greater functionality than traditional menu
you click a button and something happens?
except now the button isn't in a consistent place
a usability regression
Wrong about "inconsistent", the ribbon follows predictable patterns. Home tab always has basic formatting, Insert always has objects/media, etc. What changed is intelligent positioning based on context.
Office 95's menus were consistent in the worst way - consistently buried everything under nested submenus. Finding mail merge meant File→Tools→Mail Merge→Options→Setup. Now it's Mailings tab, right there.
Word is a word processor.
It is a tool for people who write words. That is its prime purpose.
People write words for people to read the words. That is the prime purpose.
It is a tool for readers and writers.
I am both.
I can read a menu, and scan through submenus, about 10-20x faster than I can page through buttons on a tabbed bar. The replacement is dramatically inferior in legibility and so in efficiency.
That is 1 way it is worse.
A menu bar takes a single line of text. It works perfectly in a text-only display. A ribbon bar takes many lines of small intricate graphics. It is dramatically and measurably and demonstrably inferior in its use of screen space, its use of pixels, its adaptability to other displays, its functionality for those with restricted vision or restricted computer display abilities.
This is a 2nd way it is worse.
It is not re-orientable; I can't move it to one side to use a widescreen more efficiently. Because of its poor and fixed layout I can see less of my document, meaning it hinders the primary purpose of the tool.
This is a 3rd way it is worse.
It does not interoperate with other UI paradigms. Right now I am typing on an old Mac with macOS. Word is the only Office app on it. The oldest 64-bit version of Word I can find. It has to duplicate the entire UI both in the Mac's mandatory global menu bar and in the clumsy bolted-on Windows-centric ribbon. This demonstrates the inefficiency and poor design.
This is a 4th way it's worse, although for me, it means I can ignore the ribbon and use the menus.
I read fast. I cannot squint at tiny icons and try to guess their functions quickly. It's slow. The ribbon defeats muscle memory and defeats fast reading.
This is a 5th way it's worse.
The ribbon is context-sensitive. I can't just remember what is where under where relative to the first menu, because it changes depending on where the cursor is, what is selected, what tab I left it on last time. In a menu tree, if it's left open, I tap ESC once and I am at a known place and can start over. Not with the ribbon.
This is a 6th way it's worse.
I speedread and I have good colour vision. Some people can't see colours. Some can't see fine details. Some can't see at all. A screenreader can just read all of a menu, but it can't describe icons and it can't say "then there's a vertical line and in the next section, it starts..."
The ribbon fails at accessibility.
This is a 7th way it's worse.
Menus can be accessed and manipulated in a consistent way with keyboard controls. Up/down/left/right/enter. 5 keys and you have total control. You can use this with a mouth control if you have no use of any limbs. This is good for people with motor disabilities but it is also good for keyboard-centric users with no disabilities. This is good design: it's adaptable and it's flexible and it fits different needs. But also, you can use letters to leap faster through the menu bar, so power users and touch-typists can navigate faster. All blind people who can type are touch typists; they have no other option. So this feature that aids accessibility also aids power users.
None of this applies to the state-sensitive context-sensitive ribbon. That is an 8th way it's worse.
You are wrong, and what's more, you are wrong on multiple levels, some of which I have itemised. I could get to 10, I suspect, but I have a job to do and this is not it.
Stop defending bad design. Learn to look deeper at good design that lasted decades and learn to ask why things you don't like so much survive and are widespread and have not been replaced by novelties you like.
"There aren't many things like .NET, MSSQL and Visual Studio out there. The debugger experience in VS is the holy grail if you have super nasty real world technology situations. There's a reason every AAA game engine depends on it in some way."
I'm not interested in AAA games engines writing and nor is most of the world. If that is it, then you have damned MS with (very) faint praise.
To paint a picture: I’ve worked with Microsoft technologies almost exclusively for decades but recently I was forced to pick up some Node.js, Docker, and Linux tooling for a specific app.
I can’t express in words what a giant step backwards it is from ASP.NET and Visual Studio. It’s like bashing things with open source rocks after working in a rocket manufacturing facility festooned with Kuka robots.
It’s just… end-to-end bad. Everything from critical dependencies developed by one Russian kid that’s now getting shot at in Ukraine so “maintenance is paused” to everything being wired up with shell scripts that have fifty variants, no standards, and none of them work. I’ve spent more time just getting the builds and deployments to work (to an acceptable standard) for Node.js than I’ve spent developing entire .NET applications! [1]
I have had similar experiences every few years for decades. I touched PHP once and recoiled in horror. I tried to get a stable build going for some Python ML packages and learnt that they have a half-life measured in days or hours after which they become impossible to reproduce. Etc…
Keep on assuming “Microsoft is all bad” if you like. You’re tying both hands behind your back and poking the keyboard with your nose.
PS: The dotnet SDK is open source and works fine on Linux, and the IntelliJ Rider IDE is generally very good and cross-platform. You're not forced to use Windows.
[1] The effort required to get a NestJS app to have barely acceptable performance is significantly greater than the effort to rewrite it in .NET 9 which will immediately be faster and have a far bigger bag of performance tuning tools and technologies available if needed.
I have a lot of respect for organizations that get a lot done with Microsoft technologies. I think your perspective could be thought of as the benefits of vertical integration and vendor lock in. These do help people get things done!
In the academic and open source world those things are fought against because you don't want to be at the mercy of the software developer in the context of certain rights.
I think for every negative you mention on either side a positive could be found on either side. And like many things on the net, you're not wrong but not necessarily talking about the same kinds of things.
My remaining complaints about Microsoft are the inflexibility of their solutions that command abstractions that just don't work for many organizations, and the general viral nature of software sales in general of which they are one of many with similar issues, however Oracle is the worst of course.
Perfectly valid points. I've worked in academia, and their insistence on non-Microsoft technologies was helpful in certain fields where openness and long-term reproducibility is critical.
The downside is that this produces a microcosm of obscure technologies that can have... strange effects on industry. Some FAANG-like companies have a habit of hiring only recent graduates, so their entire staff is convinced that what they saw at their University is how everybody else does things.
It leads to Silicon Valley clique that has a fantastically distorted perspective of the rest of the world.
Some comments I've seen here on HN are downright hilarious to anyone from the "rest of the world", such as:
"Does anyone still use Windows Server!?" -- yes, at least 60% of all deployed servers world wide, and over 80% in many industries.
"Supports all popular directory servers such as OpenLDAP, ApacheDS, Kopano, ..." -- hello!? Active Directory! Have you heard of it!? It's something like 95% of all deployed LDAP deployments no matter how you count it! The other 5% is Oracle Directory and/or Novell eDirectory and then all of the rest put together is a rounding error.
I agree with this, I see the AD as critical. Do you please have a source for these numbers? Would love to include it in the article.
Thanks for writing this. I couldn't agree any more. We've worked with .NET for decades and it really just works or lets you debug easily. Then we've started working on projects with Angular, React and Docker and it's just a nightmare to get a stable version.
Comparing .Net to Angular and Docker is comparing apples to oranges.
Now if you moved from .Net to say Linux and the Java ecosystem (Maven, Intellij, etc.) that would be something you can compare.
There was a study comparing the “half life” of code in different codebases as a measure of “churn”. Linux unsurprisingly is pretty stable. Meanwhile Angular is the worst with code lasting just months before it’s rewritten. Then again months later. And again. And again.
This is why it has so many breaking changes.
Everything you describe has more to do with the state of JavaScript development than MS vs. Linux tooling.
I wouldn't touch .NET for ideological reasons (and fear of a rug pull) but I also wouldn't touch any server side JS because I value my sanity.
I tried developing an MS .NET app and it's indescribably bad. The deployment story is non-existent, monitoring, tracing, alarming is barely there. You have to work with MS libraries that are on life-support with glaring bugs still present.
> The deployment story is non-existent
Wrong! it is as simple as executing `dotnet publish`, zipping up the output folder and sending that package somewhere using whichever protocol and shell utility you like.
> monitoring, tracing, alarming is barely there
Also wrong. OpenTelemetry is fully supported by first-class packages and the dotnet runtime itself exposes a lot of counters. There are a lot of tools to monitor and collect traces of running dotnet processes [1]
> You have to work with MS libraries that are on life-support with glaring bugs still present
You don't have to. Every Microsoft.* library follows strict semantic versioning and is clearly labeled when it is deprecated. If you don't have a plan in place on how to manage your dependencies then this is on you.
[1] https://learn.microsoft.com/en-us/dotnet/core/diagnostics/to...
> Wrong! it is as simple as executing `dotnet publish`
Yeah. And now add a C/C++ component there. Or maybe a neural network in Python?
In my case, it was a ray tracer that used a GPU.
"Just zip it", yea sure.
> Yeah. And now add a C/C++ component there. Or maybe a neural network in Python?
How do you compile and package those components up? Answer that and you have your answer for this scenario.
>"Just zip it", yea sure.
I don't understand this. You can zip it. You can XCopy it. You can RSync it. Doesn't matter. What's your objection to that statement?
> How do you compile and package those components up? Answer that and you have your answer for this scenario.
I have a Dockerfile that contains the build instructions? How would I do that with MSVS?
> I don't understand this. You can zip it.
Yes, and then my Linux machine that runs the server will happily run a Windows application. With all the dependencies, including the GPU toolkits.
But even if we stay _within_ the MS ecosystem, the "just copy it" deployment doesn't cover everything. E.g. it can't change the settings of the "App Service Logs" from within the app itself. Of course you can also use Terraform for the infra, but at this point you're way off the "just copy a folder".
MSVS also supports containers, but if you do that it just becomes a UI for their configuration, not really any different from JetBrains.
> I have a Dockerfile that contains the build instructions
So what's stopping you from doing this with dotnet? Going by your logic, no other programming language reaches your ideal "deployment story" the moment you reach for docker.
> Yes, and then my Linux machine that runs the server will happily run a Windows application. With all the dependencies, including the GPU toolkits.
Dotnet is cross platform. If you are targeting Linux then you can give that information using `dotnet build --os linux` and nuget packages that have platform-specific binaries would then supply the build with the correct binary.
> But even if we stay _within_ the MS ecosystem, the "just copy it" deployment doesn't cover everything. E.g. it can't change the settings of the "App Service Logs" from within the app itself. Of course you can also use Terraform for the infra, but at this point you're way off the "just copy a folder".
That's because it is not the job of any programming language compiler to make changes to cloud infrastructure. You know single responsibility and all that.
I feel you. Having done sane programming before I tried it all the .NET stuff didn't feel right. Like they made Java even more ugly and brought nothing new to the table that works outside of their weird ecosystem. (At least that was the state 10-15 years ago, coding .NET on/for Linux)
It’s wildly different now.
The first release that would run at all on Linux was 9 years ago and was essential a beta or maybe just a proof of concept.
The current .NET 9 version has trivialised my development projects to the point that I feel bad for taking the customer’s money.
The only problem I’ve had with .NET is that it doesn’t have the same breadth of third party libraries that Java has. If you need something really obscure it either exists in Java or nowhere else.
That sounds magical. What makes it so superior tho? You mean in terms of ready made libraries doing the heavy lifting? If so would nodejs or rails not be even easier?
Or do you mean specific on desktop applications? I have no idea about that field
ASP.NET Just Works and has Batteries Included.
As an example, just over the last few days, I hit all of these common issues with Node.js apps (that don't happen with ASP.NET):
1) Node apps are typically a "transpiled language on a language" because JavaScript is unusable for large-scale software development so everyone uses TypeScript compiled to JavaScript instead. But this is a hack! A clever, useful hack, but a hack nonetheless. You can't go two steps without finding the rough edges, such as "any" everywhere or the use of "monkeypatching" which makes static analysis impossible for either tools or humans. (This reminds me of the earliest days of C++ where compilers like Cfront transpiled C++ to C.)
2) It's single-threaded! Sure, this is simpler, right up until it's not. It means you need about one process per core. Which means that on typical hardware you get a max of 4-8 GB of memory per process, because that's what most hardware has per core. This means in-memory caching is generally too inefficient. (I finally understand why Redis is so popular!)
2b) Okay, let's take a look at Redis! What do you mean it doesn't properly support multiple databases per cluster!? It's single threaded too!? Wat!? Is this a database for children?
3) It takes minutes to start! I hope you never have an emergency update that needs to go out right now!. ASP.NET takes seconds at most. This is largely because it's precompiled and ships as a small number of large binary files instead of millions (literally!) of tiny files that are very slow on almost all server-grade storage. There's now ahead-of-time (AoT) compilation modes for ASP.NET that make it comparable to C++, Rust, or Go in startup performance!
4) I'm sure Node people have heard of certificates and HTTPS, but I'm fairly certain they think it's a fad and it'll just "go away" eventually.
5) NPM libraries are under constant churn. Just updating packages requires minutes of 100% computer power to resolve the dependency graph logic... which has changed. In a breaking way. Either way, it can be mathematically impossible to disentangle the mess before the heat death of the universe. I'm not kidding! It's possible to get into a situation where "error: timed out" doesn't quite do it justice.
6) In .NET land there's basically only two ORMs used: Entity Framework from Microsoft and Dapper from StackOverflow. They work fine. Someone at $dayjob picked "typeorm" for Node. Is it the best? Who knows! There's dozens to pick from! None of them work properly, of course. I do know that typeorm doesn't allow me to pick my own database driver. Why? Because they're too busy, according to the GitHub issue tickets. Entity Framework uses a pluggable interface with dozens of well-supported implementations. This is because the entire platform, all of its database support, and the ORM on top were written by one vendor in a coordinated way and is pluggable via interfaces in the standard library instead of a hodge-podge of random code thrown together by literal children. [2]
Etc, etc...
[1] Under-funded is the more generous reason.
[2] A very significant portion of NPM packages were written by people under the age of 18. This is either commendable or horrifying depending on your perspective. It's hard to prove though, because contributions are effectively anonymous.
That's really an insightful answer I enjoyed reading. Really brings me back!
I dislike nodejs for the same reasons. But do get the feeling that rust and go, maybe even something more exotic like elixir would be good alternatives as well for your use case.
I have barely anything to compare to your requirements tho. I personally would get panic attacks and couldn't sleep anymore if my dependencies aren't open source and I would depend on a company for any reason. But that's just me, it definitely sounds very mature
> I personally would get panic attacks and couldn't sleep anymore if my dependencies aren't open source and I would depend on a company for any reason. But that's just me, it definitely sounds very mature
.NET is open source.
Unless you found yourself in some bizarre dark corner of a huge ecosystem of products, that's just not true.
Deployments are just "file copy". You don't even need Docker, because Windows isn't Linux, it has stable user-land APIs so apps are portable.
Not to mention that the dotnet sdk can create container images directly without even needing Docker installed: https://learn.microsoft.com/en-us/dotnet/core/containers/sdk...
There are pre-built Linux and Windows ASP.NET base docker images: https://learn.microsoft.com/en-us/aspnet/core/host-and-deplo...
Visual Studio's ASP.NET templates all have a literal checkbox for "Docker support" which is all it takes to have a hot-reload debugging/editing experience.
The dotnet runtime has very good Docker support, including automatic memory usage tuning to prevent it getting killed by Kubernetes or whatever.
The underlying "App Host" below ASP.NET has fantastic support for layered configuration, which by default supports environment variables, command line parameters, named environment configuration files, and "user secrets" in IDEs. All of it is strongly typed and supports runtime refresh instead of Linux style "restart the process and interrupt user file uploads to get a new config". There's plugins for Key Vault, AWS KMS, App Configuration, feature flags, and on-and-on.
Open Telemetry is fully supported and now the default: https://learn.microsoft.com/en-us/dotnet/core/diagnostics/ob...
Everything in ASP.NET uses the standard built-in ILogger interface, so wiring up any kind of audit logging or custom observability is a piece of cake: https://learn.microsoft.com/en-us/dotnet/api/microsoft.exten...
The really fancy logging uses the high-performance ActivitySource APIs, which are used for lower-level tracing of dependencies and the like. Again, these are standardised throughout not just Microsoft libraries but most third-party packages too: https://learn.microsoft.com/en-us/dotnet/api/system.diagnost...
Aspire.NET can orchestrate multiple cloud emulators, multiple apps, Node.js front-end apps, and wire up the whole thing with Open Telemetry and a free local trace viewer (with span support) with zero config: https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals...
Windows GUI App deployments use standardised installer packages (MSI) that have simple devops pipeline tooling: https://github.com/wixtoolset Now... name the one package format that you can use to distribute client apps to all Linux distros!
When you run "dotnet build", the result is built, unlike Node.js where you end up with 150K tiny little files that need to be rebuilt again "in production" because oh-my-god it's a scripting language with C code blended in randomly, so it doesn't... actually... build. I just had the fun of trying to figure out why PM2 doesn't like musl or running under non-root user accounts, why starting a Node.js app takes frigging minutes whereas ASP.NET starts in milliseconds, and on and on.
All that, and finally, PowerShell, literary light years ahead of everything Linux has to offer. I have PTSD from bash and friends. It is so good, that I rarely even write C# nowadays for most of the critical government stuff and simply run smallish scripts as services, and change them on the server when intervention is needed in notepad, in a couple of minutes, while my colleagues still worm up their full-blown Visual Studio.
I love it like it is the hottest wife that have a great job, do the dishes and cooks like a grandma (I am bad at this :))
> change them on the server when intervention is needed in notepad
How is this any different than a Linux setup where you can just ssh into a box and edit your scripts in the shell using something like nano or vim if you're into that sort of thing?
It's not different. I am not talking about method, I talk about the language and ecosystem. Package manager for scripts? Yeah. Standardized names and params? Fuck yeah. Drop to dotNet on funky corners? Shut up and take my money.
Put pwsh on linux (I do, in all of them) and I will use ssh and vim no problem.
And now there is going to be support for `dotnet run app.cs` which, in my opinion, will replace most of my powershell scripts.
Yeah, that is a new thing, but honestly it existed a way back, its just that it is now officially supported.
But you are missing a point here. It's about the language, ecosystem and practicality. In shell, you need correct abstraction that lets you work in fast and efficient way and lets you interact fast when debug is needed. What is done using c# in 10 lines can be done in a single line in pwsh. In my book, lower amount of code, ideally no code, is the most important aspect of the development. Majority of things are not constrained by the performance, so pwsh is usually a good fit.
People used ruby, python etc. for infrastructure development long time ago and it was/is akward.
> What is done using c# in 10 lines can be done in a single line in pwsh
Mostly, yes. The problem is that the moment I need something more than what a single cmdlet or bash utility can provide, now I have to use an awkward looking scripting language (bash is the worst offender here). Almost every time I found myself having to write a somewhat long script file, I wish I could just do it with a C like language instead.
For simpler tasks, I fully agree. It is better to use something immediately available like an OS shell utility over coding one myself.
There are many simple tasks in a typical multiyear project. Most of my scripts are between 100 and 1000 lines of code.
Example: https://github.com/majkinetor/SSImport
That script made noticeable difference in speed, quality and pleasure on our recent project (production tests on payment gateway for half of the country) as before I wrote it, devs did it by hand which took 10s of minutes every day with awkward tools (if they made an error, even more) and they complained about the chore. The script literarry replaces entire feature of the Sql Server Management Studio and I did it during the weekend.
Regarding syntax, not sure why would you consider that awkward. IMO, it can't be easier to read in any language, both configuration and code.
I think we are talking a bit past each other here. I don't contest the benefit of writing small helper utilities.
> Regarding syntax, not sure why would you consider that awkward
This is more true with Bash than Powershell. However, this is the same with programming languages in general. There are those who look at Julia's syntax and think it's absolutely beautiful and those who consider it to be absolutely bad and prefer Visual Basic.
Your github link 404's, FYI.
Sorry, was private repo, now its public.
> with C code blended in randomly
And now add a small Python neural network to a .NET app. Just to do some mild AI stuff. Go on, I'll wait.
Oh, and I forgot: don't forget about data migrations. It's a freaking disaster in .NET deployments. Apparently, the best practice is to apply them manually?
CSnakes integrates Python into .NET apps - https://tonybaloney.github.io/CSnakes/
https://www.youtube.com/watch?v=DqoxHNH9Iwo shows adding an LLM
There are several ways to manage migrations depending on the team structure and dev practices: SQL scripts, command line, bundles (single-file executables), and in-app. The team recommends SQL scripts since they can be reviewed, tuned, and managed by a DBA but take your pick. https://learn.microsoft.com/ef/core/managing-schemas/migrati...
And how do you _build_ it? "It works on my machine", yeah? "Just copy it", ya?
dotnet build
https://tonybaloney.github.io/CSnakes/getting-started/#build...
What's with the "just copy it" thing? Nobody does that, we use NuGet packages, GitHub Actions, SDK supported containers, reproducible cross-platform builds from command line, etc.
edit: I'm sure some people use file/copy, but you sure don't have to. That stopped being a common thing 10+ years ago with cross-platform .NET.
Nope. Try again.
> Nobody does that
Read the parent post.
> we use NuGet packages, GitHub Actions, SDK supported containers, reproducible cross-platform builds from command line, etc.
So basically, "NPM but different". Got it.
My point was that "copy" is sufficient and works much more robustly than with NPM/Node, for example.
At $dayjob I use DevOps agents or App Service with pipelines. I'm not a savage.
> Deployments are just "file copy".
Ah yes how the "works on my machine" meme started!
Bah, leaving out .NET like this is ignorance, considering the amount of custom applications every company has written on it.
RAD was a game changer and I think you don't know the extent and penetration of .NET in the enterprise
Well. this is clearly just a example of a hard problem where MS tools are good for.
The MOST common developer that work on MS stack is in business apps and web, data, integration stuff.
There is much better fit for MS and there is NO good counterpart in OSX or Linux.
One of the major shocks I get when starting to work on OSX is how much less developed EVERYTHING is outside the ms stack.
The only good reason you have a life working in OSX and less in Linux is because the web lower the playing field.
But if this were a contest of "native" vs "native" is clear MS stack is ahead.
(Much more before, because of course the web change the equation so you can claim things FOR THE WEB are better on linux and even osx)
I think you misunderstand- game engines are complex beasts and visual studio and/or .Net (in any of its incarnations) have the best debugging workflow I've seen.
Typescript is also Microsoft. So is ONNX.
So are LSPs- which by now are everywhere, they're a huge leap forward over previous implementations in (n)vim and emacs imho.
What makes it better than say IntelliJ? Is there some feature which helps you more with debugging?
It's been a few years since I've used Visual Studio, but for longest time its support for debugging multithreaded and GPU code was unmatched. This is one of the main reasons game developers loved VS. It also had good support for mixed language debugging which is very useful when your C# code calls a C++ library for example.
"I think you misunderstand- game engines are complex beasts and visual studio and/or .Net (in any of its incarnations) have the best debugging workflow I've seen."
I think you misunderstand: the market, ie the number of people who actually care about developing game engines, is tiny.
How many games developers do you know as a subset of the people you know of?
OP only managed to find a niche product area for MS to shine in and maintain traction - the moat thing. Nothing else apparently.
I for one would not miss MS one jot. I wasted so much time with things like autoexec.bat and config.sys back in the day. I got good at it - Novell gave me a T shirt on Cool Solutions for a boot floppy image that managed to try several popular NIC drivers (3c595, 3c905, 3c509, ne1000 and a few others) and get you to a network connection for imaging or whatever. Later on I get to ignore SFC /SCANNOW answers to searches. Do you remember WINS? What about the horror of time sync? The PDC emulator FSMO role is basically a NT domain controller. AD was a bodge from day one, tacked onto ...
Sorry, got carried away there.
Again, Typescript is cared about by whom and what on earth is ONNX?
A game engine is often an example of a 'complex beast'.
No one is arguing that developing game engines specifically is common.
Thanks for trying to expound on my expounding on the original. But, the response indicates they don't know and actively avoid learning. Thus, nothing would change their mind.
PS: to throw some shade- I'm surprised they didn't (mis)spell it M$- after all everything they mentioned is making me nostalgic for phpBB based tech forums in 2004.
ONNX is a format that allows you to run AI models without Python in any language that implements ONNX, there's even an ONNX implementation in Go, meaning you can churn out even more performance out of AI models and waste drastically less resources (Go, Rust, C++, Zig, C, D etc could be used to squeeze performance). Think of it how Java produces a JAR file, well an ONNX file is a file that could be run by any runtime built for it. Another reasonable analogy would be WebAssembly, but to a degree.
Typescript is used by web developers over the world and ONNX for deploying deep neural networks. Two huge markets.
Microsoft, for all their warts, has the absolute best documentation for every public API in Windows. I'd go so far as to say it's better on average than manpages in Linux and BSD and light years better than the actively hostile bullshit from Apple.
Submitting a bug report though, you gotta know people or know where to ask.
The old documentation was the best. The new stuff is a mix of barely acceptable and absolute crap, and some of it is even AI-generated. Here's a recent funny:
https://learn.microsoft.com/en-us/windows-hardware/drivers/u...
"The characteristics of the endpoint determine the size of each packet is fixed and determined by the characteristics of the endpoint."
> Microsoft, for all their warts, has the absolute best documentation for every public API in Windows.
That is true in some areas of MS's output, but far from all. Some of their documentation is concise but understandable, complete, and up-to-date. Some of it is auto-generated garbage that is only of use if you already know what you are doing and looking for a remainder of a detail.
Some of it is absolutely awful, I've run into numerous issues with Azure related documentation. This is in part because that side of things is rapidly evolving, but sometimes the new information isn't even there, and sometimes it is faff to identify it from information about the previous couple of iterations that are now deprecated. One recent example: installing some of their SQL Server and Azure storage access tooling on the latest Ubuntu LTS release (24.04, now over a year old). The repos are there, maintained, and supported, but the documentation doesn't mention anything beyond 22.04. Yes it is easy to work out what to change, mostly just substitute 24.04 for 22.04, but the docs should be updated. Also, instructions from different documents, all from MS, put their public keys for package signing in different places, which can cause confusion (not an issue for someone like me familiar with apt & related tooling, but I can imagine it being very frustrating to someone less experienced with those parts).
That's why I said "windows" and not "microsoft." Azure is a dumpster fire.
It really depends how far you go. The basics - they're pretty good. But for the more complicated things they just ignore all context and pretty much restate the names of functions/arguments without explaining how/why things work. See for example https://learn.microsoft.com/en-us/windows/win32/api/tsvirtua... and https://learn.microsoft.com/en-us/windows/win32/api/tsvirtua... What does the terminal services renderer do? "It renders bitmaps you dummy, just look at those arguments!"
Some of the advanced stuff has great docs. E.g. SQL Server and its wire protocol. When you need to write client to a language that doesn't have one, the TDS doc from Microsoft is amazing. Compare that to e.g. Oracle and you know what I mean.
In general SQL Server is such a great product. If you cannot choose PostgreSQL for some reason, make sure your buying manager plays golf with the Microsoft sales people, not with Oracle.
This is peak documentation:
https://learn.microsoft.com/en-us/dotnet/api/microsoft.offic...
Setting aside the debugger, visual studio has to be the worst IDE I've used. There are so many rough edges it is astounding.
On an ancient project, among other things I've been editing JavaScript code both in js files and inline script tags in aspx files. The indentation auto-formatting appears to choose new levels of indentation using a random number generator.
You can't add a new file to the project while it is running, or even create a file through the context menu, but it can detect when the files have changed externally and recommend restarting the project.
There's a thousand little things, but the indentation auto-formatting abomination is a constant burr under my saddle.
Azure has some things about it that I don't like (compared to AWS), but it wins over AWS for Azure App Services. Essentially, IIS (webserver) as a service (PaaS), with autoscaling, auto-deployment, hot swap slots, auto-recovery, backups, etc. At it's core, it's basically a managed Docker container (either Windows or Linux) with IIS, so you can customize it quite a bit like a familiar VM, but unlike a VM, updates and security is all managed for you.
Beanstalk is a joke compared to AAS, and I'm more than happy to stay far away from Docker/K8s until that complexity is actually required, which it usually isn't until an entire department handles your K8s clusters/EKS.
This isn't a coincidence. Microsoft have spent a lot of money, including billions in acquisitions, to maintain some positive developer mindshare.
If you're not doing C++ gdb is pretty good, most people just don't know how to use it.
Maybe it's baby duck syndrome, but I've gone out of my way to use gdb over VS's debugger. A simple .gdbinit has more expressive scripting power than a GUI can ever allow.
[flagged]
I still find it hard to believe that so many people and companies are prepared to use Microsoft's online/cloud services.
Not ony is this a single point of failure but it's one they've no control over whatsoever. Same goes for Google/Youtube etc. It's as risky as flying a passenger jet with only one engine.
What are they thinking, why are they prepared to risk everything?
It boggles my mind.
Most companies enter into a contract with Microsoft. That is infinitely better than using a 2 person startup that runs out of a garage. Contracts come with strict terms of service, SLAs, service expectations and such.
If you had a restaurant, would you source your produce from your trusty friend who grows vegetables as a hobby or from an established mega-farming-company?
Ironically appropriate example. Many of the most famous restaurants in the world, like Noma [1], are famous precisely for sourcing ingredients that bypass mega-farming. At Noma many of the dishes are based on the produce provided from local foraging.
And contrary to what you might expect from its presentation/reputation, the place itself is just a building surrounded by green houses and a guy growing and harvesting most of his own stuff. It's an extreme example, but the issue is fairly typical at nice restaurants.
[1] - https://en.wikipedia.org/wiki/Noma_(restaurant)
Yeah, and many of these best restaurants in the world barely make a profit, compared to Olive Garden or McDonald's.
But yes, I'm with you here. I also like Noma way more than Olive Garden.
Kind of a tangent, but a lot of brick and mortar business is far less profitable than most think. A McDonalds franchise owner is looking at ~$150k/year profit on average. And with lots of other fun stuff like the fact you don't even own the property, it's rented from McDonalds. And that's going to likely trend downward as McDonalds continues to put the squeeze on franchisees and labor costs continue to rise.
And far from passive income, there's a joke that buying a franchise is basically buying a job and not just any job - but a stressful, thankless job with terrible working hours. And the price tag for this new life of luxury starts at around a million dollars.
I like your argument, but McDonald's gets their ingredients from multiple suppliers, all selected for their specific specialism.
They also don't run the cash registers on software provided by their meat supplier.
In Dutch government (especially local), for example, almost everything runs on Microsoft. From e-mail to web sites to chat to internal software. And with AI coming up, Microsoft is effortlessly capturing that market too by including Copilot in existing contracts.
I would sure want to dine in a restaurant were vegetables were grown out of love and not as a profit making machine above all else.
Software from big companies can be made with love too?
I'm not really sure this is true. Big companies find themselves with a big problem by the nature of their own weight. To simply exist they need to see revenue in the millions, if not billions of dollars. So everything rapidly becomes about money. That, in turn, equally rapidly leads to rent-seeking as a goal, which just generally turns everything into a dystopia from inception to production to launch.
but are they? on average? how do you measure this?
it's pretty easy to talk to a solo-dev or gardener
It's easy to talk to Microsoft employees too.
Not in my experience.
Example?
> That is infinitely better than using a 2 person startup that runs out of a garage.
The big advantages with the 2 person startup are
1. A small business a customer who matters to them, and you will get better service
2. You can get terms such as having control of backups, hosting of your choice, and access to systems so you can get someone else to maintain things
> Contracts come with strict terms of service, SLAs, service expectations and such.
How close do these come to covering the consequential losses of an extended outage?
> If you had a restaurant, would you source your produce from your trusty friend who grows vegetables as a hobby or from an established mega-farming-company?
You sure you like this analogy? Every ambitious restaurant (Michelin stars, World's 50 Best, that type) uses small farmers to try obtain higher quality produce.
It's chain restaurants and shitty family restaurants that use the large suppliers.
You go to those restaurants for a boutique experience. You can't run an enterprise based on whatever your suppliers have available on the day.
I was mostly pointing out it's a bad analogy.
That being said, maybe the "small supplier" side of IT is actually OSS + in-house engineers?
No, I'd never use a 2-person startup, that's silly and irresponsible. I'd keep my services in-house and use multiple companies to store backups as I've done for decades—as we all used to do before the renting/leasing software (ripoff) model.
Nor would I ever use software that lives on a remote server that I've no direct control over.
Let's hope Trump does more blocking, it's the only way to wake up a lazy sleepy world.
BTW, isn't 'infinitely' somewhat of an exaggeration?
Do you consider the same single point of failure to use AWS?
There's a pretty significant lower bound of size to where you can reasonably have multiple points of failure. And like oh well if you use this stack you could theoretically move at any time isn't really the same thing as being multi-homed. I've been at places where this has been a concern of the leadership but the economics of it have never really worked out compared to spending your time working on anything else related to the business.
If it's locked within AWS and you have no way of moving out fast I definitely would consider it a single point of failure.
But isn't that how civilization literally works?
people live paycheck to paycheck, they have limited ability to create food, they rarely have enough safety equipment nearby to survive a heart attack or a fire, and afaict this is all accelerating.
It's cheap and it works well. Also integrates into everything related you'd need.
Also, if you're a small business without a dedicated tech team, what are your options that don't involve relying on a single big company?
Speaking for myself, running a bakery, I chose MS 365/Teams with regret but accepting that there's nothing else out there with the same value proposition except maybe Google workspace.
They have regional pricing so we get everything for the equivalent of $3.50 per user. Basically no other apps offer regional price - Slack alone would cost about $8 a user.
This includes chat, calls, messaging, 1tb of onedrive space per user, calendar, planner, emails, office, plus loads more.
Sure, it's janky but it basically works. The only thing I've found with a close value proposition (still slightly more expensive even if I limit to just a few gb of space per user) is self-hosted Nextcloud, which is about the same level of janky and requires a tech person or team to set up.
> The only thing I've found with a close value proposition (still slightly more expensive even if I limit to just a few gb of space per user) is self-hosted Nextcloud, which is about the same level of janky and requires a tech person or team to set up.
I would not imagine storage to be a major cost with something like Nextcloud. They major cost is going to be the tech person to set it up, and you do not need that many hours to do it. Mostly an initially one off cost will be high, and big upgrades might be a lot of work, but maintenance should not be
I've already set it up and we're running a test with 4 users since about a month now. I'm hosting it on Hetzner VPS with storage on Wasabi, backups on Backblaze. You're correct that storage is cheap. Compute and ram are the main costs, and I'm not sure how to quantify that until/if we run with the full team of 30 people. My current setup of 4 dedicated vcpus, 16gb ram is massive overkill for 4 people, hopefully it's enough for 30.
It's currently at around the break even point compared to MS Teams. I think maybe $5 a month more expensive all in for the VPS, storage, and backup.
It would be cheaper if I could run on Arm but unfortunately Hetzner doesn't have that in their Asia region yet.
I am not sure if a company that doesn't need a technical team even needs that technical overhead?
No reason to not just host email with any domain provider and manage the rest with a small NAS in the office.
Not only cheaper and taking away the update obligations of Microsoft. Which I am sure kills more productivity than managing a Synology server.
> No reason to not just host email with any domain provider and manage the rest with a small NAS in the office.
Sounds like even more of a single point of failure, just on your domain provider (who's much more likely to go out of business) than Microsoft. And one with no chat, or phones, or conference calling, or shared calendars, or endpoint management, or SSO, etc, etc.
Just sticking all your data on a cheap NAS in the office works for a few people, although it becomes PITA to do granular permissions when you don't have any proper central authentication. But then it's also a massive single point of failure, so you need to implement a backup solution, and then a way to share files outside of the organisation, and then a VPN so that people can work remotely, and then some monitoring so that you know when a disk fails....and that's getting way beyond what a non-technical person can manage.
It's fine if you're just using it for your hobby. But building your business on top of something like is very likely to come back and bite you in the arse.
What do people consider as NAS? A Network Harddrive? If you buy a "normal" Synology Nas it comes with shared calenders, office, VPN control, several backup options including Aws and Azure and a lot more. Typical setup and forget setup, thanks to their high package quality.
And I am sure there are even better options than a household Synology.
But putting everything in a cloud and fully depending on a single provider that for the majority of people is in a foreign (and politically dangerous) country is definitely not the obviously better option.
Well yeah, that's what a NAS is. What you're talking about is just self-hosting a all-in-one server, like people used do with Windows Small Business Server, and all the problems and limitations that comes with.
And plenty of small businesses and hobbyists do that, and then after they "setup and forget" it they get compromised or lose their data a few years down the line.
Yes and no. I've been in companies with windows business servers that were a constant pain to manage. Whereas the modern NAS, Building on stable open source software mostly offers the 'just works' experience people are looking for + the business grad documentation.
Why would using a NAS (or small server) mean ignoring any basic logic (and business requirements) and not having off-site backups?
SBS server "just works" if you just set it up once and then ignore it, your requirements never change, and and don't do basic things like maintenance and installing updates as well.
People absolutely should be setting up offsite backups. And more importantly, testing them so that they can prove that they work. But if they have no technical team then neither of those things are going to happen.
Storage is far from the highest priority. I do store quite a bit of files for marketing but those only need to be accessed by a few people.
Also, much as I wish otherwise, very little happens via email in this business. It's all chat apps now.
The important part is cross platform real time communications, calendar, and office. Some kind of kanban board is a nice bonus.
Synology does all that, they even have some kind of office suite (haven't tried, I would just use libre and a central storage)
Synology is also setup and keep running for years usually.
It's just an example tho. I just don't see any need for a Microsoft cloud solution for a small company (or anyone really)
There's a demo on their website:
https://demo.synology.com/en-uk/dsm
I personally think Google workspace is better for small business. I think filesharing/permissions/synchronization is much easier and more intuitive across machines and employees and since everything runs in the cloud if you have say, iPads for the POS they can also use Google everything pretty easily.
Google Sheets is IMO also much nicer than Excel and for small business you don't really need to deal with Excel lock in.
That being said, the price you got seems unreal.
Yeah, we were just starting out and really needing to keep every possible cost down when I chose MS. Looking back I definitely wish I'd paid a bit extra for Google Workspace though, it does look much better suited for a business at our size. Plus, I just cannot get people to use MS Office, they're constantly sharing Google sheets and docs around. Habits are hard to break!
Teams is much better suited for a company with 1000 staff and a tech department. Admin is massively overcomplicated. Oh well, hindsight is 20/20 I guess.
> That being said, the price you got seems unreal.
We're in Vietnam, and like I said, regional pricing. It is a good deal, but doesn't look quite as unreal from over here. Really wish more companies would do regional pricing, $8 a month for slack, $10 for notion and so on is basically a no go for a small business here.
It's a simple opportunity cost calculation. The service is there, provides value. Creating a replacement is not realistic. Paying for another replacement gives you potential headaches from using a less popular service. So when choosing between not doing a thing or doing a thing with the risk of spof, it's often a reasonable choice to go with those services.
> There was a recent incident where Microsoft somehow allegedly blocked a mailbox of a sanctioned individual. Any organization highly depending on MS products that might come into the crosshair should ask - can this happen to me? What would be the cost? How much I invest into prevention of this scenario? In this article I try to get the facts straight and use a return on security investment calculation to try and judge this situation in a rational way. Let’s grab our tinfoil hats and find out if it’ll be fine.
for people who didn't RTA
This applies to any company homed in the US. Not sure why Microsoft is singled out. Why Google, or Amazon, or Apple would oppose demands of the US government?
I suspect it was prompted by the specific story about Microsoft blocking that mailbox. So, that is probably why they were “singled out.”
Hello, author here - yes exactly. And also I don't think companies depend that completely on e.g. AWS
Maybe that's a good correction or follow up article to consider. These concerns aren't specific to Microsoft in any way. They apply to all tech companies that wish to operate within the United States.
It is a good point and a weaker spot of the article.
First of all, I now cover MS since this incident made headlines. If you are aware of any such incident from the other providers, I am interested.
Another argument is that more companies depend on MS more. Even in high-tech startups and scaleups you'll find traces of Win machines, AD and Office. On the other hand, there are plenty of companies that don't have AWS deployments at all.
Another thing worth noting is that out of GAFAM, Microsoft is the only one that really has vertical business integration that's worth anything, which is why they're the default for so many companies.
AWS is just a hyperscaler, they don't do the full business stack outside that. Google has a full business stack (read: office tools, email, hyperscaling) as an option, but the experience is miserable because Google constantly deprecates and changes things on a dime, which is why most people avoid them. Killedbygoogle stuff doesn't just apply to their non-paying customers, it applies to their paying customers as well. The moment you try to build anything outside of Gmail or Google Docs, you're subject to their whims and depreciation policies. (Case in point; Google has been sending me scare mails that they're going to kill an OAuth service I set up ages ago because it had no logins for 6 months. They just randomly decided it and gave me a month to deal with it. Their solution isn't just "hey, are you still active" - I am, that's easy to see - it's "just do a login and make sure you do a login every 6 months". If it was just a checkbox in their admin panel, I'd probably have done it without a second thought, but I really cba to figure out what the OAuth service was for, so I guess that OAuth service is gonna bite it now. Probably a selfhosted git forge or something that offered easy Google logins?)
Apple has everything except for hyperscaling, but it's all aimed at normal users, not corporations; I'm pretty sure they don't even have a business version of iCloud? The closest is that they offer MDM and bulk buying individual plans afaik. (Facebook isn't in this industry at all.)
Microsoft is the only one who offers a full kit and the promise that they won't pull the rug out under you. They're also the only one that really tries to take legal compliance and depreciation timelines/upgrade paths seriously. (AWS and Google just pass it off onto the customer with a "figure it out", while MS has loads of infrastructure for both of these.)
It's a hard business to replace if Microsoft goes bad with O365/Azure.
The outlined risk is not solely a Microsoft risk. It’s a “contract out to another irreplaceable service” risk.
Make your technology fungible and risks disappear.
We (the EU) should have a reasonable response for monopolistic or significant market share suppliers that may fall under the control of foreign governments that could mitigate this issue. Else I noted:
(the EU) doesn't need to throw out the baby with the (US-controlled) bathwater. The EU should present Microsoft with an ultimatum similar to what China might: setup a non-controlled european licensee to own and manage all MS & Azure infrastructure in the region, or have some legislators force a similar structure on them. Complete control, full sourcecode, EU-only support/access - as a condition for corp HQ being allowed to have a monopolistic market share. Either way, nothing the US might decide to do should have any effect in "EU Microsoft", short of severing US Microsoft off completely, in which case EU MS just becomes fully autonomous and bye-bye US. Clearly, a US-controlled Microsoft without this structure is a deep security risk to europe now.
> Make your technology fungible and risks disappear.
Not wrong in principle, but the failure mode here is that the political winds have changed. Tech alone cannot help you if you do not hedge against that risk.
For most businesses, the cost and difficulty of shifting away from Microsoft outweigh the benefits
Maybe.
Some things go deep, true. However most businesses don't use most of Microsoft products - even the ones that do, the usage of the more complicated products is far more minuscule than imagined by e.g. CFOs, etc.
The real thing keeping many "in the fold" as it were would be authentication services.
Which are overcomplicated and probably easier to manage without...
Right, it’s stuff like Active Directory and how everything’s tied together. Once you’re using that for auth, it’s really tough to back out without a lot of effort.
We’ve looked into FreeIPA and similar options, but honestly, nothing really holds a candle to Active Directory yet.
AD and Domain Servers are like a cancer that will grow metastases around your org, costing user and client cals all over the place, even for every desk phone if you're not careful. The only winning move is never to play their game in the first place.
I'm in a situation where due to staff skillsets and ease of management then GPOs are required. Local GPOs would be insane to manage across thousands of PCs
InTune/MDMs are finally eating away at the need for GPOs for most use cases. Someone already familiar with AD & Group Policy should be able to easily transition to InTune Configuration Policies. MS even has a tool now to import your GPOs.
There's still a few that don't have direct equivalents, but the list is growing smaller and smaller.
InTune is part of Microsoft's strategy to make everyone dependent on their cloud. It's like switching from Heroin to Fentanyl because you want to get off of your addiction.
Yes and that is a very common case. Windows is designed so that you barely have a chance to deal with your case without Microsoft components all the way. You would need a company with enormous resources to play catch up with the highly integrated and proprietary connections between each component.
It's a rigged monopoly and has nothing to do with a market economy. Once you have been forced to use Windows, you are doomed.
genuinely interested, what are the alternatives ? i know ping/forgerock and some old ibm stuff.
what is state of the art today that compares to ActiveDirectory (not talking azureAd - or whatever they call it these days) ?
Samba4 is the closest you can get. It is not as nice as ActiveDirectory.
> Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function either as an Active Directory Domain Controller or as a member server.
What's something that AD provides that this does not?
It certainly sounds like an (almost) drop-in replacement.
Samba4 covers core AD features like Kerberos, LDAP, and can act as a DC, but it’s not a full drop-in. GPO support is limited, management tools aren’t as robust (no full RSAT equivalent), and some advanced AD features (like DAC or ADCS) aren’t supported. Fine for smaller setups, but not 1:1 with enterprise AD.
Why not Okta? I know a company that uses it and no AD. (But they are mostly Mac)
AD is one of the few good MS projects. But you can use it with Macs and Linux just fine!
Just keep a couple of Windows servers running AD, and migrate everything else.
Apple doesn't recommend joining Macs to AD -- their implementation is awful, along with their SMB implementation.
But it is technically possible.
The new way is local account with synced password and Kerberos.
It really depends on the size of the business. With smaller businesses it is easy to use alternatives. However any business beyond 1000 employees will give in to shareholder pressure and adopt distrust as its core value.
Microsoft Active Directory has excellent tooling for middle-management-heavy businesses. For better or for worse it provides the most integrated solution to reduce a desktop PC to a perfect thing for repetitive, boring, soul crushing office work. No other software solution comes close.
While I like Windows as a desktop platform, the reasons that it was designed as it is are very clear. To make cheapest laptops as dystopian as possible, you need systems that can run the same boring software for decades. Not for the good for the environment but for profits.
Windows provides all APIs to deeply integrate with Active Directory and MS Office. All engineering, accounting and finance software are deeply integrated with them. They literally run entire countries. I have seen engineering software that used Visio diagrams for designing factory pipelines. It is near impossible to pull the bigger businesses and governments out of this trap without completely upending entire sectors worth trillions. I think only very determined regimes like China can pull it off.
Out of curiosity, how hard would it be to copy Active Directory in an open source project (like how Excel is copied by LibreOffice)?
Like if orgs need this capability why is there no good open source solution?
Massive. AD isn't just LDAP and Policies. There's somewhere around 14 services that are involved, even NetLogin still has it's tiny part to play. AD uses LDAP referrals, expects clients to follow them, and use the SRV records to find the DC in the same site (if one exists). AD as it is typically deployed is active/active multimaster with per-record tiebreaking based on edit time, client-based load balancing with proximity awareness, ACLs for every possible field and record, overridable at any point in the tree (389ds can do this, but openldap is a nightmare). There's a full automated PKI in there for managing certs for everything, and that's before we get into the KDC logic, the strange things SYSVOL can do, and various other things that integrate with AD.
Samba, krb5 &co can handle small cases, but it's architecture is still stuck in the nt4 days, and there's limited cohesive integration with LDAP and the other services.
It’s been done for years. You can also always pirate windows if there’s a trade embargo.
The problem is that the modern approach is to run Entra directory in the cloud.
Active Directory is not one single product. It is an ecosystem. Windows desktops, Windows servers, Microsoft Office, Azure, third party apps running on Windows using Windows APIs and Microsoft server products are all supporting it.
Here is a typical office use case in an engineering environment:
A user logs into their Windows laptop. It uses a Windows domain which is part of Active Directory system. It connects to the domain server to check the credentials. Those credentials are regularly cached into the Windows laptop. Moreover the company issues smartcards for sensitive access. The user can use the smartcard to login to the laptop too. Active Directory handles the certificates. The manufacturer's driver software integrates with Windows and the Active Directory system.
Group Policy is also stored by the domain server and depending on the user's credentials and the roles in the Active Directory system, the relevant engineering apps can be automatically installed on the user's laptop (let's say Altium or Autodesk). The engineering app then integrates with Active Directory to associate the license with the user's identity on Active Directory.
The user does their work and want to save a report from the engineering app (let's say a Bill of Materials report), it can be automatically saved to user's OneDrive account as an Excel file. The user can then take this report and share it on SharePoint which is OneDrive but more businessy and it supports creating web pages. So now the user can publish this as a web page in their department's SharePoint instance which they use as the main documentation portal. All of the other third party software like VPN logins, HR systems etc. are all also depend on Active Directory to get the credentials.
The scenario above is not just hypothetical. A majority of the biggest conglomerates and even smaller companies are completely locked in. Most of the Western governments too. The usual infrastructure roads, pipelines, power lines etc. were all designed and managed in Active Directory connected Windows PCs.
You cannot just replace Active Directory. You need to replace all the infrastructure around it. That includes not only Microsoft systems but also all the third party software that integrates with it. It is a multi-hundered billion dollar industry of proprietary apps all integrating with each other.
> Out of curiosity, how hard would it be to copy Active Directory in an open source project (like how Excel is copied by LibreOffice)? > > Like if orgs need this capability why is there no good open source solution?
Btw if you think LibreOffice Calc is anywhere close to being an alternative to Excel, you are very mistaken. Just in the basic set of functionality, Calc is 2 decades behind. Excel has a lot of integration with databases to automatically fetch data and update the fields accordingly. If you have a big spreadsheet, Calc struggles a lot while Excel can scale millions of rows quite easily.
Why there is no open-source solution? Because it requires a central entity to develop those elementary APIs combined with an operating system and office suite combo. The entity needs to convince all those multi-billion dollar companies to buy their product. Then it needs to send engineers to work with both clients and software vendors to handle all sorts of kinks and weird use cases.
Microsoft has been doing this since 90s. The entire corporate desktop ecosystem has developed around them and they ensured that Windows and Office would be a centerpiece of all those systems. A bazaar-style open source ecosystem will not be able to manage the scale. Without a central vision and strong product management, it is not possible to mesh multiple projects together. The current open-source systems cannot even agree on which GUI display protocol to use which is just microscopic compared to everything else.
Only a very determined government with virtually unlimited funds and very stable decision making (very likely to be authoritarian) can force all the companies to switch something else. China is that government and they are somewhat successful but not entirely.
And, you can couple all that with Microsoft 365 to enable cloud-first for everything that makes sense. Cloud Active Directory (a.k.a. Entra), Intune and Autopilot for devices that can be shipped directly from Dell and provisioned/set up through a M365 sign in by the end-user. IT never even has to be in the same zipcode as the new laptop or ever remotely connect to it to perform maintenance tasks.
Cloud AD also works seamlessly with on-prem AD, allowing things like online, self-service password reset for the domain, and in the reverse direction to use TPM-backed certificates/WebAuthn for securing web apps or anything behind MS-linked SSO. Of course, it also integrates tightly with Azure, so you can do RBAC for any VM/service in Azure, since they automatically get service identities in your AD.
That level of integration is so far above anything else on the market that it isn't even a discussion.
> IT never even has to be in the same zipcode as the new laptop or ever remotely connect to it to perform maintenance tasks.
That sounds nice, but that's not exactly a feature specific to AD.
All perfectly possible with a couple well placed scripts and some remote logins.
> TPM-backed certificates/WebAuthn for securing web apps or anything behind MS-linked SSO
Yeah this is the overengineered stuff that is therefore difficult to replicate. Certs and auth predate AD and Azure, the lock-in comes from the overcomplicated SAML style rickety tower of doom that just barely functions...
How are you having Dell ship a brand new laptop to a non-technical user and having that machine configured/software installed with a couple of scripts?
Autopilot locks Windows OOBE to your Intune instance based on the serial number. The user only has to know their email and a temp password if they're new, or existing login/otp if not. The device can be remotely wiped, and it will start back over at the OOBE (Windows install), ready for the next user.
You can't achieve that with scripts. That requires the ubiquity of Windows as an OS (so device manufacturers play ball). You may find that lock in distasteful, but if that's the world you're already in, it's a magical timesaver.
> How are you having Dell ship a brand new laptop
Have the vendor ship your image?
Or provide your own bootstrap.
Probably something with netboots as well...
If your point is there is a heavy vendor presence, yeah, sure.
But yes, it is all scriptable. Someone has to provision the device, whether that's you or Dell, that's your choice as the customer, not some inherent superiority of one system over another.
Sure but Apple had that first. With MDM.
And Microsoft is not unique in following court orders. You have to switch to businesses without an American presence to get around sanctions.
That is the conclusion I've reached in the article. The biggest variable here is whether we start seeing more sanctions enforced by MS. If yes, the risk will become more unbearable.
[flagged]
I wasn't aware of any major Trump-era policies that significantly reduced Microsoft’s dominance. Curious what you're referencing?
I also haven't read the article but apparently reading the comments the article has to do with Trump-era policies affecting Microsoft
Yeah, I skimmed the article too, but didn’t see much on Trump’s policies directly impacting Microsoft.
From what I gather, the bigger challenges for businesses are more about the tech ecosystem Microsoft has built. It's hard to just swap out core services like AD without huge disruptions.
> Yeah, I skimmed the article too, but didn’t see much on Trump’s policies directly impacting Microsoft.
The first paragraph links to an article about how the International Criminal Court ’s chief prosecutor has lost access to his email.
This has caused some governments to worry. What if MS was ordered to block access to their software because the US wanted to apply pressure?
Ah, that makes sense. I missed that detail on first read
Yeah, I can see how events like that raise real concerns for foreign governments relying on US-based infrastructure. Even if Microsoft isn’t directly doing anything aggressive, the potential for state pressure is enough to make countries want more control over their tech stack
Trump has been outrageously hostile to our supposed European allies, and is extremely petty, vindictive, and doesn’t give a damn about security or privacy. Furthermore, the checks that would normally provide counter this like congress or the Supreme Court are currently stacked such that he can do horrendous things without consequence. Our media and tech companies are also more than happy to avoid challenging him.
Other countries reliant on US based cloud giants are understandably alarmed at his behavior, and it is now a strong possibility that Trump will attempt to use their reliance on our tech companies to wring from them whatever he wants.
So the idea of escaping US tech monopolies has become very popular among those paying attention.
Thanks for the context!
Still seems like, for most businesses, the biggest hurdle is how deeply Microsoft’s services are embedded rather than politics
And the hardest part of it often ends up being "We can replace most of Microsoft's apps and services except one (and it's usually Excel) so we might as well just keep everything else."
Microsoft is king at "Good enough." It's rarely the best option of anything, but what they do put out is bundled aggressively and is generally "good enough."
So, you have a business where a large portion of the user base needs Excel. So you have licensing for that. Sure you can still use other services - you can use Okta instead of EntraID, some other MDM besides InTune, some other EDR besides Defender but once you have 1 product, why would you, when it's significantly cheaper (both in terms of actual cost per user per month and in terms of employing talent that can administer a MS ecosystem) to just go all in with Microsoft.
Because of the way Microsoft designed their suite of software and services, the only realistic choice is either all in on Microsoft, or no Microsoft at all, and to fix that we need antitrust action.
Hello, author here. The main point is that it's not a financially rational decision to ditch Microsoft.
There's just no real alternative for businesses, as most use AD, Teams, Outlook/Exchange and couple others.
I don't think expected value is the right way to evaluate this. All insurance is negative expected value (that's how insurance companies make a profit), but businesses find it rational to buy insurance.
Also I'd say your risk of getting cut off is much more than 1 in 2 million, because there's nothing to say this can only be done to one company at a time. What if Trump adds e.g. a whole country to the sanction list, and tells Microsoft to cut that country off?
That's the trick behind ROSI. You weight the expected cost without mitigation against the mitigated cost plus the cost of your solution.
The risk of getting cut off is the most random variable on the list. I agree with your point, but I have no data to back it up with.
> That's the trick behind ROSI. You weight the expected cost without mitigation against the mitigated cost plus the cost of your solution.
Right but that's clearly not the right way to think about it; if you did that you'd never buy insurance (and probably never do any security work tbh, since very little of it can be justified in expected value terms). The impact of catastrophic damage is nonlinear.
Yes, at the end of the article I come to the conclusion that this method has flaws. But the general insurance can be modelled with ROSI.
Say you have a 300k USD car. Say that a crash will cost you the full cost. You expect one crash in five years. You then have a yearly expected cost of 60k. If you get an insurance that pays for it all, for 10k USD a year, your ROSI is 500% which sounds like this insurance product is great for you.
> Say you have a 300k USD car. Say that a crash will cost you the full cost. You expect one crash in five years. You then have a yearly expected cost of 60k. If you get an insurance that pays for it all, for 10k USD a year, your ROSI is 500% which sounds like this insurance product is great for you.
But in the real world those numbers are backwards - otherwise insurance companies would go bankrupt! Your insurance for that will cost, like, 70k/year, your ROSI will be 80%, and you'll still buy the insurance, and you'll be right to do so.
Sorry, I don't follow then. Of course insurance companies will try to make a profit. The core of the method can be used to compare insurances and technically anything above zero is a good investment. I will reply no further here.
Of course it was an oversimplified example. All I wanted to show that ROSI can make a compelling argument for buying insurance. Now you're arguing that insurance is too cheap.
> All I wanted to show that ROSI can make a compelling argument for buying insurance.
But it can't! In the real world, insurance will always be a bad idea in expected value terms (unless being sold by an insurance company with bad pricing that's about to go bankrupt). Your model doesn't work and the only way you can pretend it works is by making up unrealistic fake numbers.
That's like saying that you can make profit off credit card debt if rates are negative. It's not a real-world case and nobody is going to offer that, it's not an analysis of any insurance that actually happens.
In the era of globalization businesses expected to only follow a set of harmonized global laws set through treaty. TPP etc. Now globalization is reversing and business is expected to follow the law of the nation they're from wherever they're operating.
Such risks will have to be factored in now.
Businesses have never been exempt from the laws of the nation they're from.
The expectation was that international trade courts would be placed above and overrule national courts. That's why the reaction to TPP was so negative.
I'd argue that the laws that must be obeyed form an odd superset of the laws of the nation from where the organization is operating and the laws where the users are located. Where those laws intersect nicely, the mode of operation is clearly defined, where they do not intersect, the mode of operation becomes very tricky. (As we've seen with privacy, cookie laws, etc.)
I think the current subtrends of things like a resurgence of interest in mechanical watches, fountain pens, steampunk, etc, are sort of a large excursion on a dampening social problem: that technology is too far beyond our comprehension.
Can you even even tell what network stack got you this packet?
How about the protocols that got it from the network to your screen?
How about the quantum mechanics of the phosphors that pushed out the photons?
There are certainly techno-luddites/visionaries who are running their own email servers, but it's a pretty hostile environment for personal email servers. Ignoring the spam, just getting the existing big boys to trust you can be humiliating exercise in futility.
Can I get by without Excel? Sure. Google Sheets? Sure. No spreadsheet at all? Gonna be hard.
A good business continutiy plan will accept that and any other risk with the compensating control of insurance. Yes, there is a statistic and probability of your entire business going out like a lightswitch, however if you have insurance to mitigate that risk, it isn't game over.
Genuine question that sounds like trolling: can you get an insurance against critical service provider going poof for political reasons?
Here you are
https://www.insurancebusinessmag.com/us/guides/what-is-polit...
if there was a major "incident" I would have thought the odds of the insurer going bust are 100%
Thanks a lot!
GitHub is also from them and brings the very same risks. The solution would be to build viable open source alternative but decentralized. GitLab Federation [1] or Forgejo (Codeberg) Federation [2] might be the answer.
[1] https://gitlab.com/gitlab-org/gitlab/-/issues/6468
[2] https://codeberg.org/forgejo-contrib/federation/src/branch/m...
I can't understand why people are still using proprietary software like Windows or OSX when superior free software exists. It's a testament to the hidden monopolizing forces which exists in our society.
Linux only just gained support for things like HDR, a decade after macOS or Windows, and the main desktop shipped by the main distributions doesn't even natively support tray icons.
I'm not sure it's superior. Although GNOMEs workspace implementation imho is vastly superior to both Windows and macOS
> and the main desktop shipped by the main distributions doesn't even natively support tray icons.
…while perhaps there's a distribution out there that I'm unaware of not having tray icons … I've had tray icons since the first time I used Linux, and I still do?
Fedora.
Superior for who?
What you value is not what everyone values.
Also, I'd argue that the monopolizing forces are not so much hidden as targeted.
Because the free software isn't superior
Then why is it that every person I know or even heard about who switched to Linux never went back to OSX or Windows?
The only thing which made them use OSX or Windows in the first place was their ignorance of alternatives. Clearly you've never used any consumer-grade Linux distro like Ubuntu.
> Then why is it that every person I know or even heard about who switched to Linux never went back to OSX or Windows?
I used Linux on my main desktop for about 10 years, then went back to Windows. There, you've heard of one.
Are you kidding? By the time you get through the first half of the requirements document of most windows customers, OSX and Linux alternatives have already been thoroughly ruled out.
When it starts with the phrase “FIP-S compliant”, hardly anyone is wants to do that on Linux.
It seems that both RHEL [1] and Ubuntu Pro have docs on FIPS, so it looks like the distribution vendors have thought about this problem, at least for paying customers. Might you be able to sketch out what the problem with FIPS compliance on Linux is?
[1] https://access.redhat.com/compliance/fips [2] https://ubuntu.com/security/fips
You live in a parallel universe where wolfssl doesn't exist?
Oh I know about this, but tell what’s simpler: Embed wolfssl per app / make it work with openssl as a module (for system wide usage) or turn a registry key to true?
OSX hasn't existed for five years and hasn't been publicly advertised as that for much longer, so your sampling may be biased.
> The only thing which made them use OSX or Windows in the first place was their ignorance of alternatives.
No, it's the availability of daily software that people use, like Excel, Word, Outlook, etc.
> Clearly you've never used any consumer-grade Linux distro like Ubuntu.
I daily drive a Linux distro. I don't pretend it's better for the average human than MacOS or Windows. The market reflects that. Clearly, you've never worked in an office where the only thing available is a Windows or Mac laptop because those are what IT provides and that's where your customers/users are.
I honestly cannot tell if this is brilliant sarcasm or digital veganism. I hope the former, because it's perfect lol
You could say we've been "duped".
I am not convinced by the argument about cost, particularly "You’d still have to be more efficient than Microsoft though - that’s a challenge"
1. Most, even quite big organisations, do not have the complexities of operating at the scale of MS services.
2. I have no idea how efficient MS are. maybe they are highly efficient, but I know enough big businesses are inefficient that it is not a given.
Fair point.
If you take it directly on a Walmart scale, then I'll argue that you can't outcompete Microsoft. Note that you need to bring your own ID, Auth, Office, desktop system, etc.
If you have a smaller scale, then you've invested less resources into MS therefore you have a lesser budget to work with.
I wonder. Even Walmart is still not operating at the scale the hyperscalers do, and their systems will be far less varied, far more homogenous and under their own control. They are big enough for a lot of economies of scale to kick in.
> Note that you need to bring your own ID, Auth, Office, desktop system, etc.
Do Microsoft entirely manage all these systems for them? Otherwise they just swap managing one system for another. A quick search seems to show Walmart do hire sysadmins so the current cost on top of what they pay MS is not zero.
The article I've linked about Walmart talked about Azure costs. So I'd say that yes, MS mostly manages the systems for them.
Also, they need some of those hyperscale goodies as they need to work with load spikes e.g. on a Black Friday.
> The Trump politics are, for a lack of a better publishable word, unpredictable.
That's one of his most powerful weapons. Like with terrorism, nobody knows who or what is going to be next on the executioner's block, and thus nobody can safeguard against it except cut all ties with the U.S. if you're lucky enough to be outside.
I've never thought about the parallel with terrorism and now I can't unsee it.
"I was horrified to learn that there’s an Azure container behind every cell of a spreadsheet executing the python code instead of… you know, my PC doing the work."
Companies exist in jurisdictions. Jurisdictions have laws. Companies have to follow those laws.
Fundamentally it’s hard to pushback against an authoritarian government. There is very little to stop Trump from sending Doge into MS headquarters with Marines and demanding admin access so they can make the change. Thinking the dependency on Microsoft (or any company) is the risk then you haven’t been paying attention.
That’s the point of federation. If there’s no centralized target then the Marines have a much harder job.
The incident in question targeted someone outside of the US, where DOGE has no direct influence (yet).
Tell that to the ICC judges that have been sanctioned by Microsoft and Trump's administration.
Because you know, sanctioning judges in the International Crime Court in Den Hague is literally not their (the US's) jurisdiction.
DOGE’s influence is wherever the administration wants it to be.
[dead]