Episode 79 - Greenfield and Brownfield in .NET with Harry Bellamy (part two)
Embedded Player
The .NET Core Podcast
Episode 79 - Greenfield and Brownfield in .NET with Harry Bellamy (part two)
Supporting The Show
If this episode was interesting or useful to you, please consider supporting the show with one of the above options.
Episode Transcription
Hello everyone and welcome to THE .NET Core Podcast. A podcast where we reach into the core of the .NET technology stack and, with the help of the .NET community, present you with the information that you need in order to grok the many moving parts of one of the biggest cross-platform, multi-application frameworks on the planet.
I am your host, Jamie “GaProgMan” Taylor, and in this episode I talked to Harry Bellamy about supporting enterprise applications and how fast .NET is actually moving. This is the second part in a discussion with Harry about .NET; f you missed part one, I’d recommend going back to that before continuing, the conversation is pretty much stand-alone but there are some things that we refer to which we covered in part one.
This is actually part one of our discussion, and a second part with more of a discussion on the enterprise and how fast .NET is moving is coming very soon. So keep an eye out for that episode.
The following is a machine transcription, as such there may be subtle errors. If you would like to help to fix this transcription, please see this GitHub repository
Jamie
It’s a little scary, I think for enterprise folks. Because they going to be like, “What do you mean, I’ve got to upgrade?” Going from - and I’m sure we will understand this Harry and anyone else who’s done .NET Framework stuff - “Wait, I’ve got to upgrade my runtime and the version number of my app every two years, which means I got to retest it from the ground up, because I don’t know whether changing it from .NET 3 to .NET Five will cause issues. And then I got to go from .NET Five to .NET Six, because .NET Five as a short term support. And then I got to go from .NET Six to .NET Eight?! We’re going to skip a version, because I’m going to leave until the last minute because I’m in the Entierprise? What the heck!” Right? And I bring that up just because in the Framework days, if you were jumping from two to three or two to 3.5, you have to separate some time to upgrade and then fix what was broken.
Harry
Oh those. I think, for me, it was yes you have to fix things which were broken, but I think the biggest thing for me back in those days was the implications around how you would install the software on the client machines. So you go right, “okay, we’re going from 3.5 to 4.5. Let’s say for the sake of argument, we need the new functionality. Oh dear. It’s going to break in all your Windows XP machines for start because Windows XP stopped support at framework 3.5, I think. And those people running Windows Vista and later,” which I think Windows Vista Anyway, let’s assume it did support .NET Core four point, sorry .NET Framework 4.5. I’m getting my Frameworks mixed up with Core. My .NETs mized up here. Come on.
Jamie
The only problem with the naming convention is it’s so easy to mix them up.
Harry
It’s a problem with this topic, isn’t it?
But anyway, no, but the fear was, “we’re gonna have to upgrade all these client machines, and we don’t know whether they’re gonna work or not. And we also have to set aside a load of time to get people to manually click through all these installers,” Windows Installer, InstallShield
Jamie
Yeah
Harry
You know, those were the days and, “they’re gonna have to click through them, we’re gonna have to see that it all works. And who knows, it might work,” Works on my machine. But this is a dev machine. So it’s got all the software on it. So it’s probably gonna work anyway. And I’ve only tested it inside Visual Studio, but I’m sure it will.
Jamie
And then, and then of course, there’s no, “you can uninstall version, say 4.5 for .NET Framework. But you don’t know whether that back out strategy actually works.”
Harry
Yes. Oh.
Jamie
Not until you’ve done it.
Harry
Because you’ve written a Windows Installer yourself. And you know that uninstalling your own Windows Installer is a pretty bad idea. Because you haven’t written you clean up scripts properly.
Jamie
Absolutely.
Harry
So why would Microsoft bother?
Jamie
Exactly. But then on top of that, you know, if you’ve got a data centre somewhere, - let’s talk data centre, right - you’ve got a server in a data centre somewhere, and it’s running a version of Windows, and it has .NETramework 3.5 installed, because all of the apps that are being served by that one server that you control, are running 3.5. And then one of your apps is upgraded to 4.1. But the other 12 are still on 3.5. Right? You don’t know without testing it on that machine, that installing .NET [Framework] 4.1 doesn’t break anything that 3.5 used. Now, remember what I said earlier on about, “every time an update came out, they had to test as many scenarios that they knew about.” Right. And this is why they had like the private close betas, and then the public betas, and then the release candidates; because it makes sense to get people to, “just run your app on this and just make sure it works. Right. Don’t put it on your production server, but try on another server first.” Because you didn’t know whether the other 12 or the other 14 apps on your machine that were running the different version of Framework. They were running 3.5 your new one running 4.1. You don’t know whether they’re actually going to boot again, until you install it. And then because it’s a core component of Windows, reboot the machine.
Harry
Oh, yes. Yeah, it was, yeah, maybe developers of our vintage maybe this is why we like containerization so much. Because we’ve we’ve suffered this pain of getting multiple I’m still paranoid about about installing different SDKs for different languages and different frameworks on my machine, because I’m worried it’s going to maybe this is it’s maybe this is unfounded and things Manage better these days in later versions of Windows and better written software. But I’m paranoid that I’m going to break something by having multiple things installed. So let’s run, you know, let’s build the React apps and run them inside a container, rather than having it run natively on the machine, just to try and get rid of the possibility of, oh, I’ve installed react and no, angular doesn’t work. It probably wouldn’t. But yeah, sorry. I’ve been burned just like,
Jamie
yeah. Well, you can get around that by, like he was saying, by using the containers, I’ve seen some work done. I was an old video, I want to say it was around the blazers, 0.3 0.4 days. So really early in do blazers, evolution, Alan Underwood from the Kodi box group, they got together, he sat there at his computer and do a live stream of I’m going to do some blazer application development without installing dotnet core. Now, it was difficult to do, because he still needed to scaffold the app, and he couldn’t run it locally. But what he did was he pulled up Docker, and built a Docker image for it and just did Docker build, and then dealt with the the compiler issues that happened. And then Docker run, and then dealt with those issues. And that was super early into the into the development. But now that is, is kind of now part of Visual Studio. So you can do interactive debugging inside of a Docker container with Visual Studio for dotnet core slash five, slash six slash seven slash all the numbers in the universe. And that means that you can be you hit f5, it will compile your app. Or rather, you hit f5. or move your copy or source code into a Docker container, build it inside the Docker container, run it inside the Docker container, expose it through some kind of Port Forwarding, and then expose the debugger or symbols as well. So you hit a breakpoint in your source code running in Visual Studio and have bi directional debugging going into the container, which is wonderful, because then you don’t technically need to instal any of the tools. Because if Visual Studio which gives you all the tools, but that’s not the by
Harry
Yeah, true, but I mean, if you can get that working with Visual Studio, can you get that working with Visual Studio code? Suddenly possible? I’ve
Jamie
never tried it. But yeah, it’s
Harry
possible if it supports the same debugging, debugging symbols and others.
Jamie
Yeah, assuming
Harry
that I was implemented then console, why not? Yeah.
Jamie
I mean, it’s how Visual Studio live share works. Have you seen this? This
Unknown Speaker
is one of your live shows.
Jamie
Yeah, what’s it like Harry and I could be working on the same code. Harry sends me a special link, I click the link, because I don’t care about security. Visual Studio starts on my computer. And then it sets up a shushtar SSH tunnel, a secure tunnel to Harry’s computer, I can see the code that he has loaded is not on my machine, I can move around the source tree and look at other files in the in in areas projects, make changes, run them. Or rather, I hit build on my machine, he does the build on Harry’s machine sends the debugs and samples down to my machine and I run it from there. But at the same time Harry can hit build on his machine doesn’t conflict.
Harry
So much genius, genius. But I think the main takeaway from this is that if I send you a link, please, please don’t click it.
Jamie
Not unless you are sending me a link to some kind of cat GIF.
Harry
You never know what will be embedded in that though, would you?
Jamie
Oh, my goodness. But what? So we’re talking about how it gets easier, the closer to now you get? It gets easier. But then legacy isn’t now is it? Well, legacy is that if we
Harry
if we go back to my initial definition, or sorry, the initial definition, I shouldn’t be claiming that definition because it’s not mine. It’s not mine, everybody. If we go back to that initial definition, it’s not just code that was written 20 years ago, is it? It’s going to be code that was written last week by by anybody, you know, could have been it could have been, you know, you could have taken it somebody could have you could have could have taken a shortcut and decided, you know what, I’m not going to TDD this up because I don’t have time. And then it comes back to bite you A week later when you go Oh, no, there’s a bug in it.
Jamie
And then you do get blame and it comes back to your name.
Harry
Yeah, and then you go there I am that which I said I would never be yes.
Jamie
That’s it. So then, what’s the is there a difference? There must be a difference. We’ve just spent ages complaining. About framework, right? Rather about supporting applications that were written in frame are not very maciza. But what is the difference? If there is a difference, indeed, between supporting apps on framework and supporting apps on core? And five? I mean, you said earlier, we haven’t touched five, but it’s the same tooling. Right? Yeah, I
Harry
mean, I think, I think the main thing, my main takeaway is the is the, the sort of the CI, ci CD experiences easier, and it’s built more around testing, thinking wrong, you can definitely do it if it’s been written in a relatively recent version of Visual Studio and relatively recently, even if not, you could probably convert it. But core set out from the outset to have these things as first class citizens, you know, as doing, you know, unit testing is a is a first class citizen in the core ecosystem, it certainly isn’t important work. You know, it feels like it’s an afterthought. dependency injection is, is a first class citizen. And even you could argue, I’d say that web servers are a first class citizen, and when I don’t really feel that they are in, in framework, okay, you could argue MVC is is, is a big stride towards that, but it still doesn’t feel as slick as the experience you have, with. With framework that sorry, with core, one thing I haven’t, didn’t discuss, which I think is quite a big difference actually, is the configuration system in dotnet, core versus dotnet framework, because the, the configuration system in dotnet core is absolutely fantastic. In my opinion, I think the way that you can load bits of conflict over the sort of on top of each other, and they kind of merge together into a, you know, a hole, which then becomes you can extract these, you know, pieces of configuration out in a structured fashion, you know, they become, you know, you’re not just getting strings out of, you know, you’re not using key value pairs anymore. You’re going right, okay, let’s, let’s extract this I options, you know, muy poco. Or, you know, why don’t we, you know, or you can get the configuration out and let’s walk, uh, you can stick an interface on your, on your configurations class and start injecting it that way. And then you put it into your dependency injection through through that it’s, it’s so much more integrated into into it. And if you’ve ever, if you’ve ever used as your Key Vault with it, Ah, it’s so great using akiu as your Key Vault. And if, you know, if you ever think well, I really can’t I don’t know how not to embed my, my application keys inside my you know, inside my repo, key vaults are pretty good start to stop you do that keyboard is great if you’re in a job. And you can just add it, you know, you can there’s, I believe there’s a configuration setting, which is add add as your keyboard, and you pass it some keys, pass it some parameters, you can get it to use managed identity as well. So you can get it to talk directly from an app service to the as your Key Vault. And as long as you’ve granted the permissions and it’s got the necessary permissions it needs. Bang, there you go. It appears in your room. In your configuration as if it was written in a JSON file underneath. I actually trying to this was a, you know, one of those, I can’t get this to work properly. So I might do something totally ridiculous. You know, when you go full mad scientist? Yes. Trying to solve some problem, I
Jamie
thought, well, well,
Harry
I need to write dynamic configuration files on the fly. I shouldn’t admit to this, actually. Because this is this is pretty disgusting in some ways. But I’m going to tell it anyway, just for fun. It’s like, well, I could write I want to try and write a dynamic configuration file as part of my pipeline. So that I can you know, I can pass some things in and, you know, part of dotnet will pick it up. And I thought, well, I don’t really want to bother writing, doing some Jason D serialisation to build Jason. I don’t want to build Jason manually, because that feels too heavyweight. You know, it feels it feels a bit nasty trying to you know, match the brackets in blah, blah, blah, blah, blah. But there’s actually an INI file conflict provider built into dotnet. So any files, if you’ve never seen them are incredibly, incredibly simple. So you can just write out some, you know, you can use PowerShell to write out all the strings into a file, save it, we’re done. dot ini. exe extension. And then you can write your app so that it checks for an INI file with a particular name. Don’t do that kids, please don’t do it. But you can do it and that’s what counts.
Jamie
But I think I think that’s, that’s the biggest difference. We’ve talked about a lot of stuff so far. But I think the biggest difference between framework and core is like the ease of use. Like you were saying, then about, Oh, I just need to add a cup. I’m extrapolating, and I’m not quoting you directly. But I just need to add a few lines ago to my app, and I’ve got as your keyboard. And I have to do it again, right. And like you said, then it stops you from committing your secrets into source source control, which is, I think, if you go to GitHub and search for removing API, or Google search box, search for the phrase, removing API keys, and you get millions of commits for all loads of different for all the different repos where somebody is committing, removing an API key. Now, problem with that, of course, is what they’ve done is they’ve hard coded the API key into some config, or even it doesn’t go hit compile, it’s worked committed, brilliant, whoops, I’ve committed my API key, I shall remove it, that doesn’t revoke it at all, that doesn’t replace it in the Git history, you can still rewind. So before that, that git commit and get the API key. And so things like as your keyvault, there’s an AWS version, and a Google Compute version, as well. or, indeed, user secrets, which is wonderful for that is just making it easier to fall into the pit of success rather than pit of failure. And I’m not trying to say the dotnet framework will let you fall into the pit of failure, or it did almost any programming framework API library will let you fall into the pit of Valley if you really want to. But it felt, at least with a conflict for me, with Donaire framework apps, you had this huge XML file, that you had to figure out where your config bits went into. And if it went over a certain size, it just would not load. And then you had to figure out ways of extrapolating parts of it out to another file. So then the actual, the single file you’re supposed to read isn’t that big, but it knows to read the other file. And then if you wanted to swap out values, as you moved from, say, Dev to QA to release candidate to production, you had to have extra files, in your repository, with the production keys in it. So you’ve pulled the repository, you’re only going to run it locally, but you’ve got a file with the actual production keys to the castle in there. And so nothing is secret anymore. But with dotnet Yeah, I said on that, but we don’t record on a five. This is wonderful idea of user secrets. So you can assign a secret to your app, you can say, oh, I’ve got an API key for Twilio for Mongo, I’ve got a connection string or whatever, you can go into the command line or in Visual Studio, right click your project and go manage secrets, type it all in there. And what happens is, it’s wonderful, just like you said, hurry. When you look at the outcome, again, it loads an app settings dot JSON file, and populates all of that. And then it looks for an applications an app settings.my environment name here, dot JSON. And if that exists, he will load that too. And then replace the previously loaded values, which is amazing. And then it loads your user secrets and replaces any values that already says. And then it will look at Key Vault as well and do the same thing without a runtime. And it also does the command line. So you can if you really desperately want to do you can do dotnet run, and then put like, I think it’s environment or configuration, I think it’s environment and then your variable name. And then you can type the value in. And that gets replaced at runtime with all of the previous values. And that I believe is how one of the usual secret stores works as well. So it sort of intercepts you running your app and then replaces it. So then you never see it. He’s amazing. All of these wonderful ways to manage secrets and API keys just built in. Wonderful.
Harry
Yeah, absolutely. new framework will do it. As you said it was you wouldn’t be falling into the pit of success that would you really win.
Jamie
And then you’ve got with framework with your C ICD pipelines, you’ve likely got conflict transforms, which is a wonderfully difficult to grok, a form of XML that would look for certain words and features within your web config, or your app config, and replace whole sections of it. But the problem is, you wouldn’t know whether it works until it got to the server it was going to run on and then you ran it and then fell over.
Harry
Yes, that’s Yeah. Was that was that xS lt. That’s it. Yes. Lt.
Jamie
Yeah, do with variably with a bunch of convincing We’re fixing Xs, Lt. Fixing Xs l. d again, Okay, this one might work. Nope, this one might work. Nope, fix they finally, nope, that didn’t work. And then a bunch of expletives and then finally figured out XLS D is fixed. And then somebody changes the API key, and then you have to go all the way back around again. Or maybe that was just me.
Harry
No, no, I remember that. I remember pretty much exactly the same thing. Yeah, I’ve never been a fan of things, which you can’t test them before you sort of before they before you run them, if that makes sense.
Jamie
Yeah, you’ve got no proof that it’s going to work.
Harry
So one of the things I do have a problem with the current ecosystem, this is more about as your DevOps is, as your pipelines, sorry, the yamo pipelines. Because right now, unless somebody knows better than me, I don’t know of a way where you can where you can test those pipelines without throwing them at your as your pipelines. Yep. We’re actually we’re actually running it in in
Jamie
committed and then run it on as your and then it falls over. Yeah, yeah. Are you building
Harry
the rig? Exactly. There are ways around it, you could use something like, like nuke, which would have a bit more consistency there. I believe you can make nuke output is your pipeline scripts. I’m not massively experienced in nuke, but I have played with it. And I’ve know a few people that have also played with it. So yes, you can go to a towards getting a bit more consistency, maybe that way by using a build scripts, the scripts that you can run, you know, dotnet, scripting language, language or system that you can run locally. So new core is cake. Yeah,
Jamie
yep. If you’re using GitHub actions, there’s an own official repo for an NPM action that will let you run a pulls down a container. Again, you’re running a non code on your computer pulls down the container, that purports to be the tools or relevant tools that are similar to get homes, get our actions, and then we’ll run your GitHub action on a container on your local machine. But again, a you can’t see the container and be you don’t you’re running code that you can’t read. running code that isn’t visible to you.
Harry
I’d be very wary. I’m very wary of running containers that aren’t from a reputable and yes, you can debate debate what reputable means, of course, but you’re sort of, you know, you know, how these random you know, random container image? It’s legit honest guy. Yeah. I yeah, I’m always a bit wary of rolling that kind of stuff.
Jamie
I mean, you said earlier on, it’s the same problem, right? You certainly want? How do we know that the code I’m pulling from nougat is the code that came from the process, right? How do I know that the code I’m running in my data? So this question for another show. But how do I know the code in my container is actually the code that it purports to be in the image file? Or on GitHub? You don’t want? Yeah, until you actually inspect it.
Harry
Yeah, you’ve got you’ve got Yeah, I think you’ve got two options, really, for verification. And one of those is not verification at all. It’s basically you saying, Well, here’s here’s a set of sources I trust and everything else, I don’t one. Or the other option is to is to go through it line by line to see how it was built. Yeah, and then, you know, if it starts pulling down NPM packages, then as you say, you’ve got a chain of dependencies, you then have to check.
Jamie
So talk about framework and core and five and six. Just to go back to that a little bit. As we sort of wrap up, in your opinion, is it worth it? And should I and if I should, how do I move my app from core air from framework to court should I even bother? Right is working right? And then I could pay someone like you loads of money to keep it working, right?
Harry
Yes, I just got a nice big legacy hat. sombrero pay me lots of money to wear my legacy sombrero. And I think I would say the answer is it depends. However, however, I think if you send if you’re maybe a technical decision maker for want of a better phrase, which I came to respond, I keep saying for want of a better for A lot. So I need to, I need a better phrase, you
Jamie
want a better phrase? Yeah, I
Harry
do. Yeah, I’m still searching. If you’re one thing you have to take into account around framework and core is also, there’s going to get to a point where, and we may already be at that point where developers are going to say, they’re looking for new roles, or indeed, if they’re in an existing role, they may go, I don’t want to do framework anymore. Because that’s the past. You know? Okay. Yes, windows, you know, Microsoft says, it’s not the past, it’s, is the future, but it’s not where the new developments going, you’re not gonna be able to use the new and shiny, which, you know, another one of the reasons another reason to use core over framework is the new language features as well, which are not available if, correct me if I’m wrong, but I believe that newer language features are not available in framework.
Jamie
That’s right.
Harry
So if you want your, you know, your fancy, switch expressions,
Unknown Speaker
or
Harry
default interface implementations, you can’t have those in framework. So I think that’s one argument to say, perhaps we ought to be using, going towards framework can’t have everything driven by the developers, of course. But the fact that the the cadence of, of core is so much, so much higher, you don’t want to be waiting around for Microsoft to release a security update for framework. The fact that you that core can be released so much more quickly means that they can react to any potential security issues in the, in the framework much more quickly. Don’t get me, I can’t I can’t get Microsoft’s framework security model, because I don’t know what the problem is probably somewhere, but I don’t know it. But my guess is they would not be able to react as quickly with framework as they will be able to with core. And that means you can’t react as quickly. So what are you going to do in that situation? where might we know, there’s a vulnerability in framework? You know, I don’t know of anybody have any, you know, I’m putting it on, I’m not saying there are any, but if there were, it will be much harder to find it too, and much, much more time consuming, because you’re limited by Microsoft much more here. You know, the fact that the fact is, is that somebody could find and fix a vulnerability and call themselves because it’s all open source. You know, they could find that, you know, I’m gonna, you know, you say to them, you could create a PR to Microsoft, I find the security vulnerability, and here’s my fix for it. And they could accept that on the same day that you find it if you’ve written the fix already.
Jamie
Yep. And then, as soon as that build finishes, you could pull that version of the SDK version of the runtime, maybe it’s just a nougat package, you automatically get that fix for free for free immediately.
Harry
And it’s there, you like to say it’s all new get. So you know, if it’s not one of the core libraries, you pull it down from nougat, if you’re using it, and there it is. So I think that that’s, I think that’s a pretty strong argument for that, for that moving over to it. Any, any other benefits beyond security? And language features? and What? Why have you got to see it? Have you got a CI CD pipeline? If you have got one? Okay, maybe maybe things are okay. But what happens if you don’t have a CI ci CD pipeline? You’re gonna invest the money in creating a framework pipeline, when you know, that’s not the the you know, that’s, that’s not where the development is going. That’s not where the direction that’s being taken with that version of dotnet. You’re going to, or you’re going to think, well, if we if we’re going to overhaul this part of the development process, should we not, we not performed some upgrading at the same time. Because I think to to investigate whether an upgrade works, it’s probably not that expensive, might not work. But I think, you know, to copy code over. And I imagine there are a huge number of blog posts around this. Now another core has been around for a while you’re the expert here five years. Now, it’s been around for five years, there’s going to be, you know, a variety of blog posts that have been created. Some by Microsoft, I imagine, on this process, you know that it’s in their interest to do this as well as to get people to do this. And then, but it is going to open up potentially some opportunities to you as well. So let’s say you’re in a zoo, and you’re running in a VM, and you don’t know how to move that over. Well, if you move it over towards core, and you might be able to move towards app services, you might be able to move towards containers. You know, there’s so many benefits and don’t And then there’s also the performance improvements. There’s a big performance increase from three to five, isn’t there a noticeable one, let alone going from framework to, to five. You know, I imagine if you if you run the same be interesting to see what the benchmarks would be for somebody upgrading from framework four point x, framework four point x Web API application, for example, two, to net five. I don’t be I don’t know what the numbers would be. But I think that’d be pretty impressive. And all you would be doing is fixing those regression issues of it doesn’t work in you know, this, this API is no longer available, or you need to convert your, your web server bootstrapping from, you know, the old framework style to, to call. So I think you could depends how much experience of course, you’ve got, but I think it could be possible to do that in room? Well, it could be possible probably to do it in for small applications, maybe in a day. And then you’ve got you. Um, you know, if you’ve got, if you’ve got a free Friday afternoon, sometime, what do you give it, somebody could give it a go.
Jamie
I caution against anything that uses windows stuff, because windows specific stuff, whilst it is available in core is only available on Windows, right winforms, the BCF Windows Authentication, anything that uses windows only available on Windows, but if you’re only developing a Windows only going to devote the delivered on Windows, you should be able to get away with it. Yes, that’s
Harry
true. It’s a fair point, you know, I missed out there that, you know, the containerization piece and the may not be possible for certain, you know, for certain workloads for certain for certain project types. And something like web forms. I don’t believe that that the the migration path for web forms is can you migrate this to blazer, please? So,
Jamie
yeah, I think that is DAGs. Exactly the migration path is, hey, there’s this thing called blazer, or if you haven’t heard of it is called MVC. Right? That’s not to make fun of anyone who does webform stuff is just, there’s a slightly different way to do it now, which is a little bit going from web forms to MVC takes a better time to figure out, but I feel like it’s worth the invest or the investing that time. Because when you get to that point, it’s easy. It’s it’s easier to maintain, is simpler to maintain. It’s faster to run, because you don’t have the millions of callbacks going left runs to the to the server and back. And it becomes safer as work. So you don’t have it’s not required to use hidden fields in web forms. But it became almost a standard, hey, you want some information that needs to go back and forth to the server and the guide? Stick it in a hidden field? Don’t worry about it, because no one’s gonna see it. Right. Hidden fields. That’s technically a sea surf attack, cross bots, cross site request forgery attack are waiting to happen. So yeah,
Harry
yes, the Yes. So yeah, if you’re on web forms, yeah. You might have to re architect everything if you want to go to court. But But, you know, you said that about about, you know, winforms, you can do it, you can run it on dotnet core. And I think if you were to move over to dotnet core, you can maybe use something like, you could migrate to something like squirrel to do your application deployments. I’ve never used growl myself, but it’s so with application of data framework. I understand that I believe, believe slack use it.
Jamie
I can’t remember. Yes. So if you have some kind of desktop application, and you want it to handle auto updates, you can at that just grow worker, and every so often this grow worker, he can either pops up, so it will subscribe to being told when there was an update, or it can say hey, is there an update? And then it handles installing the update for you. It’s wonderful.
Harry
Yeah. So you could get on that rather than having to, you know, carry on with your clunky Windows Installer project. And then, you know, if you go down that route, then you know, you’ve got your ci CD pipelines, you can move away from having to create instal shield instal scripts, because I’ve no idea how you get those to work in a CI CD pipeline. And, and yeah, things become much easier, much easier to handle. We’ll make it sound quite easy here. You know, all you need to do is do use this, this and this. click a few buttons. And it’s all fine. I actually run a reason to do
Jamie
that to use that me My theory is draw the first circle, and then draw the rest of the out.
Harry
Yes, yes. The first circle is done.
Jamie
Yes, yes. I mean, it’s not it’s not easy. It’s a non trivial upgrade. And there are plenty of books and courses. And like I say, blog posts, YouTube videos on how to do it. And there will be parts that are difficult to do. And I think the official guidance from Microsoft so far has been extract what you can leave what can’t be moved, and wrap that in a service and call that so like, if your entire app uses Windows or Windows Authentication, take out what take out everything that isn’t actually doing is good application design, right? Take out everything that’s not doing the authentication, and have that as your core business app, and have it call an API which is exposed by something that’s running on dotnet framework to do the authentication and maybe return a token or return something some kind of identity thing like a Yeah, like a token or a capability or something that says you were allowed to do this or on behalf of the user? And then you’ll move that core difficult bet. That is performance required as performance related that is security related out somewhere that it can run perhaps on go perhaps survive. And then the other stuff, you can look at maybe migrating another time?
Harry
Yes, yeah. Yeah, yes, no, you use something like, like the strangler pattern, are you so you can take little stripes out, you know, that maybe that would be a more sensible way of doing it. So you look at using the strangler pattern to move things towards one or maybe more sensibly architected solution if you’ve got some monolithic web service or web app. And you know, you take your little stripes out. And you move those over into dotnet core services, like you suggest, and then before you know it, the whole thing’s running in dotnet. Core, and you’ve got all these, these beautiful pipelines set up.
And framework is a thing of the past. Or at least for exactly, at least for your application.
Jamie
Yeah. And I think I think that’s the way to go. I think that’s gonna happen for a lot of these enterprises, where they’re like, oh, gosh, we have this app that runs by Romo, to and media to be written. And then they go and moving piecemeal is easier. Rather than take this huge monolithic thing and move the whole button up move, like you said, a slice of it, take a tracer bullet, hit an API and follow it all the way to the database and back, taking that bit and move it over. Or rather take that back and copy it over, run the both in tandem, make sure they’re both talking to that same database, making the same database calls, changing the database in the same way, responding in a similar way, because you may be moving from cookie authentication to gdb to hell wouldn’t recommend changing, do many things, but make sure that it is responding in the same way. And that the entire path is the same. And you do that enough times, you’ve slowly migrated the app across, and maybe you can destroy the old version? Because you don’t need it. Who knows? Right?
Harry
Yeah, absolutely. And that’s, you know, that that can be a way to do sort of cloud migrations as well. You know, if you’ve got something monolithic running in your, in a data centre, take bits of it out into your and or into any of the cloud providers and, and then there it is.
Jamie
Absolutely. But I feel like that’s perhaps the discussion for another time. So moving into Cloud stuff.
Harry
Yes. Don’t literally don’t get me started.
Jamie
So just as a way of stopping us from going on another journey into into less complain of our framework, and let’s talk about how cool is brilliant slash five slash six slash seven, whatever. What about let’s let’s talk about you here. It was a great way for the for the listeners to catch up with you and figure out what you’re doing. hear about your rants and ravings and stuff like that. what’s what’s the best way?
Harry
Yep. V I’m on Twitter, moderately active. You know, my DMS are open if people want to chat to me about anything really, you know, doesn’t have to be tech related preferably tech related but you know, if you’ve got a question about you know, answer any question pretty much But no, let’s stick let’s stick to tech thing. Yeah, happy to, you know, always happy to to answer any questions that people want any advice or of you know, want to say actually, what you said on this podcast was wrong. Or any other podcast, you know, happy you know, you know, feel free to contact me. I’ve also been in the process of building a blog which hopefully by the by the time this is out, the blog will be live on how bellamy.com because I couldn’t think of a witty name for it. And I checked that that is available. So, so yep. So that that will, you know, I’m just just intending to write, you know, nothing that’s going to necessarily anything’s gonna change the world, but it’s just sort of going through my journey and development, you know, things that, you know, things that I come across any any problems that I’ve encountered that I’ve been, you know, things where and if there’s missing documentation or something was difficult, I managed to overcome it. You know, I want to share that so I can learn in public, so other people can basically not have the same pain that I’ve had, you know, great believer in learning and publican, you know, and, you know, being able to be able to share that with people.
Jamie
Oh, okay. Well, what I’ll do is I’ll make some links in the show notes for people who want to click through there is going to be a full transcription. It’s partially machine transcription. So there’ll be some words that doesn’t quite the the JSON JSON thing we talked about earlier on when I said sea surf, it’s gonna fall over. But for the most part, it’s, it’s, it’s correct. But yeah, at the bottom of that transcription will be a bunch of links to some stuff that Harry’s doing. When it comes closer to the time to release the episode. I’ll check with Harry to see if his websites up. If it’s not, then I’ll mildly yell at him.
Harry
Yes, you need to get your finger out. Yes. Sorry. I forgot to say that. Yeah. by Twitter handles up. h Bellamy. So you know, that’s, that’s why you could that’s the primary place you can reach me.
Jamie
Excellent. Okay. So I’ll put links to all of that in the show notes. And the last thing that I have to say is, thank you ever so much for being on the show. It’s been wonderful talking legacy stuff with you. And we’ve gone on for an hour and 20 odd minutes now. And there’s still loads to talk about, because we didn’t actually get to how in the heck do you manage? Talking? And sorry, how in the heck do you manage? supporting framework apps, with the millions of different framework versions required on a computer and it must be must be difficult?
Harry
Well, yeah, it sounds like we’ve got a lot of discussions for a lot of other times.
Jamie
Absolutely. Absolutely. You’re always welcome back. All right, thank you very long as this hasn’t scared you off.
Harry
In a while I like you said I did tabs and spaces. And that didn’t scare me away, did it. But tonight, I just want to say thanks a lot for having me on. Jay. It’s been absolute pleasure. And thanks a lot for running the podcast so diligently for all this time. It’s been it’s been a value to me. So I’m sure it’s been a value to to all the listeners out there. So I just want to say thanks so online in their behalf.
Jamie
No worries, no worries. If you’re interested as well. I’ll put a link to the episode of tabs and spaces that Harry was on into the shownotes he can click that and listen to that even more hairy guarded, because why not? Right. Why don’t you? Why not make you an internet superstar somehow that’s all well,
Harry
I’ve certainly got the face for a podcast. Yeah.
Jamie
Well, catch you next time.
The above is a machine transcription, as such there may be subtle errors. If you would like to help to fix this transcription, please see this GitHub repository
Wrapping Up
That was my interview with Harry Bellamy about the differences between supporting both Greenfield and Browfield applications in both .NET Core/Five and .NET Framework. Be sure to check out the show notes for a bunch of links to some of the stuff that we covered, and full transcription of the interview. The show notes, as always, can be found at dotnetcore.show, and there will be a link to them in your podcatcher.
And don’t forget to spread the word, leave a rating or review on your podcatcher of choice - head over to dotnetcore.show/subscribe for ways to do that - and to come back next time for more .NET Core goodness.
I will see you again real soon. See you later folks.