The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
Easy, browser engines don't have deep OS hooks like you can get through ActiveX and VBA.
But seriously, I disagree with your premise in principle.
If you've worked with Qt or WPF, you'll find that modern JS data binding/UI frameworks are not terribly different in concept. You use HTML templates and bind data and functionality called from services or factories to them declaratively. The JS can be coupled with the template in some frameworks (like Vue or React), or it might lean more towards the crappy WinForms code behind (like Angular or Backbone). In any case, you can easily have distinct business and UI layers, and in a complex enough application you'll likely also have a data layer to coordinate your models.
ES6 changed the game pretty fundamentally as well, making asynchronous promises, module imports, and polymorphism into first class JS citizens. As far as a UI binding engine goes, it's moved forwards by leaps and bounds in the last decade.
If your development experience with web tech "is like MSO VBA", you're likely doing something very, very wrong.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
Razor at least allows you to reduce JS dependency for which I am eternally grateful.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
In my opinion, the majority of all these new features really aren't new; they are just layers of abstraction to keep us out of the inner workings (I dont want to confuse with "Core").
I believe a lot of it is MS to protect us from ourselves; such as Hidden-Segments, Forbidden-Paths, and Request-Filtering. While these are all great on paper; they do present their own signatures which made it very easy to identify that you were running .Net on top of IIS.
But, I learned how to disable all of this "safety-ware" and along the way through the request pipeline not only did I figure out how to remove the Hi I'm on the Net framework, using MVC 3, and all of it on IIS, but also figured out to create my own redirect module.
And then there are the ORMs. Sure we can use Entity Framework to act as a liaison to our SQL server and not have to worry nearly as much about SQL Injection. And it truly bothers me that after 20+ years that people still write out out vulnerable code with apathetic excuses why it isn't a problem. But it would be nice if some of the tutorials or popular packages (eg IdentityServer) had a choice of ADO or EF.
Now I get to play with new projects on Net Core. And more things to protect ourselves from like GPDR- great in concept but try renaming the damn cookies so we aren't advertising our platform again. The pipeline is not what it was so now we get to play with this concept of MiddleWare which seems to have so much more potential but so far has been a disappointment in the flexibility department.
Really what is WebAPI besides a preconfigured MVC system?
Damn.. this belongs in the sandbox
Director of Transmogrification Services
Shinobi of Query Language
Master of Yoda Conditional
I completely understand your point I think the problem here is that Microsoft tries to build the framework and then we as Architects / Developers has to build what we want. MS is trying very had to not be prescriptive in anyway unlike what RubyOnRails did where they were very opinionated about how you should do things.
Saying this all the previous attempts by MS was really bad.
Coming from a Clipper '87 to C++, VB6 then C# Windows - I've ignored the whole Web Forms implementation completely and only started to do web stuff when MVC3 was released. Purely because of the craziness of Web Forms.
It does everything I want it to do and doesn't waste time on flashing or jiggling images or fading things in and out unnecessarily. It also has a minimal amount of large blank areas that do nothing; none actually.
- I would love to change the world, but they won’t give me the source code.
If you are using a tool (all languages, frameworks, API's etc. are just tools), learn to use it properly. Don't bitch and complain. Or, switch to a different tool.
Our industry suffers from the "Tower of Babel" syndrome. Too many languages, created by too many so called "engineers" who think they can build a better mouse trap. They can't.
On a different but related topic, someone should slap Bill Gates, and or Sataya Nadella, and tell them to slow down the pace of release to once every 3 years or so, and focus on making better tools instead.
I have been saying for many years that the ASP.NET WebForms model was the zenith of web development efficiency and ease-of-use.
True, it had its drawbacks but nothing to the extent that the quagmire of unreliable technologies that have grown up around the ASP.NET MVC paradigm have fostered on professional developers.
However, so many newer developers drank the Kool-Aid thinking that the new technologies and techniques were the way to go, though there was very little evidence to demonstrate the efficiencies of these new paradigms.
So what we have today is truly a complete mess in web development.
Had developers refused to make the move to MVC as Microsoft was encouraging them to do, Microsoft would have been forced to refine ASP.NET WebForms, which had been already doing up to a point.
To date, I have not read a single document explaining why any business organization should allow its IT group to move from WebForms to ASP.NET MVC and I have researched this area quite extensively.
So far, all I have found are reasons for developers to do so because it will make them feel more like high end technical personnel as a result of the substantial amount of complexity that has been added as a result of these newer technologies.
However, in terms of actually getting the job done, there has been no such document that has been able to show why MVC is better than WebForms beyond public relations drivel!
Sr. Software Engineer
Black Falcon Software, Inc.
Like it or not, the demand these days is for web dev. Just in the last few years the amount of time I spend on web projects now exceeds desktop stuff. Prior to 2015, the mix was more like 20% web projects.
At this point anyway, I'll stick to what I know and leave all those fancy frameworks/abstractions until I actually have a need for them.
IMHO, publishing an article describing the existence of an OS or App flaw is possibly (I say that cautiously) a legitimate thing to do. But to not only describe the flaw in explicit detail, but to demonstrate how to exploit it, is irresponsible. What's next? A bunch of hackers thrashing about trying to make hay with this information before the hole is plugged in who-knows-how-many targets? I think more responsibility ought to be placed on those who disseminate this kind of information, in cases where it ends up causing harm of any kind.
The term you're looking for is "responsible disclosure".
The Linux community is always quick to rail against Microsoft for taking its sweet time to implement fixes, so given that this particular problem already has a fix, I don't think it's unfair to have these details disclosed at this point in time.
What I personally don't appreciate is the fact that a lot of vulnerabilities are now well-known, and I have a bunch of Android-based devices that never get any security update, so I'm very much at risk if I wanted to use any of those devices to do any sort of semi-important transaction. My newest device is on Android 6. At the time I concluded I only have myself to blame if I keep buying hardware that never gets security fixes, so I figured that was going to be my last. At some point after that, Google made some sort of vague promise that all devices would get upgrades no matter how laggard an OEM is. Has the situation changed? Should I believe that and spend a couple more hundred bucks again? I'd feel pretty stupid if I did without any assurance...
Should I believe that and spend a couple more hundred bucks again?
No really needed
so I'm very much at risk if I wanted to use any of those devices to do any sort of semi-important transaction
I have never used a phone to make semi important transactions yet, and I think I will never do.
I have bought a new "smartphone" not long ago, but because my old one was having hardware problems (battery dying) and to fix it would have been more expensive (apple) than what I paid for the current phone (average Samsung)
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
Last Visit: 31-Dec-99 18:00 Last Update: 13-May-21 6:18