Yes, many people instinctively stay away from anything microsoft (except github, typescript and npm). But the stack is solid. I’m always reminded of Stack Overflow and how they built on asp.net and like 7 servers and it scaled very well for years.
Everyone has what they like and what they’re familiar with, and for better or worse, especially for startups it’s rarely .net. But I couldn’t imagine e.g. using js instead on the back end, but that’s just me.
They are aligning more closely with the Rust 2024 model for unsafety, which requires inner annotations at the point of unsafety in addition to notation of the function (unless it is the safe-unsafe boundary) plus it imposes a requirement for a SAFETY doc notation for describing the specific invariants the caller must enforce to uphold the safety guarantees. Not terribly onerous in my opinion. I maintain a few native library wrappers on nuget, so I will have to do some updates around IntPtr usage, but this doesn’t seem like it will be terribly painful in my case. Thankfully I don’t do much marshalling. Plus you get a nifty badge on nuget for making your library safe.
The blurb toward the end about Rent/return makes me a bit nervous though. They say they’re not going full borrow checker, but rent at least sounds an awful lot like borrow to me. Details were basically non-existent though.
I guess I wonder what the end game is here though. The more they make C# like Rust with a GC, the less incentive people have to use C# except maybe to support legacy work. I am still far more comfortable in C# than Rust, and I believe C# is superior for e.g. web, but over time this advantage could be lessened quite a bit as the Rust ecosystem continues to grow.
> The blurb toward the end about Rent/return makes me a bit nervous though. They say they’re not going full borrow checker, but rent at least sounds an awful lot like borrow to me. Details were basically non-existent though.
Since they state outright that they're not going for a borrow checker, I would assume they're going for "second class references": the borrow checker is both powerful and complicated because references are first-class types: you can pass a reference as parameter, you can return a reference, and you can store a reference.
You can get a lot of the benefits (though also lose a fair amount of expressive power) if you drop the last two and only allow borrows downwards, and that is way easier to track.
Although the rent/return case doesn't even seem like a references concern, instead it's affine types which is orthogonal: after you `Return` an array to the pool, you want the array to become inaccessible to the caller (you could make the value linear, but as the text explains missing a `Return` is a safe leak it doesn't look like that's in scope). Rust mutable references are affine but you don't need references to do this...
C# already has second-class references; this is essentially what the ref keyword does. It's actually a bit more expressive than what Hoare suggests he'd have done (you can return ref structs and you can store them in other ref structs), but it doesn't have full-blown Rust-style lifetime annotations.
It's been over for years. Google scares companies into bidding against each other just to be seen. It's a complete farce & a racket. It's the pay to play web.
OS Development has halted in 1970 at this point. I know everybody loves Unix, but it has the same problem as Windows- namely that anything you run under your user context has access to your whole user context. And it will continue to be a scourge until/if we ever figure out how to make capabilities ergonomic. I've been racking my brain for 30 years to try and do it, but they just make certain things very painful.
Look at Plan 9, if you haven't. I can open a window, add/remove things from its environment (via mounting and unmounting files into that window's namespace) seal that environment to prevent changes, then launch a program.
The program can only see what is available to it via the file system. If it has no /net folder then it can't talk to the network. At all. If it has a truncated /env then it can only see a subset of the environment variables available to me, the user.
EVERYTHING being a file is ... weird. Unix has that, but Plan 9 takes about as far as it can go, which is pretty far. But that makes permissions to things quite easy, because file permissions are easy.
The other thing that Plan 9 does is that everything is a file, including your environment, mounting and unmounting things from/to your environment is how you gain/deny access to yourself and to programs.
If this permissions model was common, ransomware would have never been possible. No virus could infect your system, only its own environment (with caveats).
If you already know all of this, I apologize. If you don't, then you owe it to yourself to have a look at Plan 9. It's very weird, but once you wrap your head around it, you start seeing why some people really rave about it.
There's a channel on YouTube called "adventuresin9"[0] which has TONS of content about Plan9.
They still prioritize developers, look at .NET Core, Typescript, NPM, Github (lol), but the problem is that they're not Windows exclusive enclaves anymore. In fact, I'd bet most people now deploy (and probably develop) .NET Core on non-Windows machines.
I share the sentiment unless you're working in an area where Python's library ecosystem is simply the better choice.
When I vibe, it's C# all the way. Not a popular opinion on HN, but the LLMs are trained heavily on the language and are very, very good at it, plus with the 1-file-per-class organization, it can stay pretty clean. I mean, v10 LTS was just released, with all kinds of new language features, EFCore is still the best ORM I've ever used, with full support for SQLite, Postgres, MySql, etc. It just makes writing and reviewing code a pleasure. And the LLMs don't f*ck it up.
You would think that, but PDF is not really a format for text. It's a format that describes typography and graphics layout & formatting. It's not uncommon for a text pdf to not contain all of the text it renders (due to ligatures).
This flurry of activity is certainly going to have people be more apprehensive about unproven software that may be of dubious prominence. My question amid all of this is who else knew about these long-standing vulnerabilities?
at the same time, I've never had any faith in that software.
maybe because of it's association with really cheap, buggy hosts i explored in my teenage years. maybe because of their largely unnecessary complications (except enterprise maybe). maybe because of the tendency of large bloated depressing organizations to use these even in places they shouldn't.
not that many software have faith in are faring any better in this cve-storm.
I think you misunderstood. My comment was meant to imply that people would be extra careful about all new software for a while. I know cpanel isn't unproven. It's been around forever.
Everyone has what they like and what they’re familiar with, and for better or worse, especially for startups it’s rarely .net. But I couldn’t imagine e.g. using js instead on the back end, but that’s just me.
reply