Hacker News new | past | comments | ask | show | jobs | submit login

Say what you want about whether this is a good idea or not, it is clear at least part of MS is really serious about open source.

* TypeScript is under the Apache 2.0 license [1]

* Source is available via git on Codeplex [2]

* Installation is as easy as npm install -g typescript [3]

Extra bonus coolness: They've provided an online playground like jsfiddle! [4].





Also cool: in addition to the expected Visual Studio support, they've also provided support for Sublime Text, Emacs, and Vim.


Sourcing typescript.vim throws errors: http://pastebin.com/raw.php?i=HHDJDG7X

The error about ^M suggests it has DOS line endings. Try converting the line endings.

anything else would have been... revealing.

:e typescript.vim

:set ff=unix


fixes for me

I started doing C# development last year, coming from mostly a Unix/Perl platform, and I'm really glad about the timing because that's when Microsoft got serious about open development. I started doing web apps using ASP.NET MVC3, and this year MVC4 was released as an open-source project[1]. It seems that a bunch of 'young turks' have reached higher management positions in most of the key software development products within Microsoft and they're all pushing for this kind of open source approach.

[1] http://aspnet.codeplex.com/

Roughly the same story here. At the risk of sounding like a fanboy, I feel that while most tech BigCos (e.g. Google, Apple) have become more evil over time, MS has actually become less evil, to the point that using their tech (and some major tech at that) is relatively free of any lock-in risk.

TypeScript seems very much in line with this trend, and I love it. This is exactly what I wanted - JavaScript but with decent safety and IDE support. And no more than that. I really hope that non-MS-geeks will embrace it and that Eclipse plugins and JetBrains tools and the likes will follow.

That said, ASP.NET MVC is a misguided and overrated Rails ripoff, IMHO. Where's all that great refactoring support if everything is made `dynamic` and stringly typed? What's up with matching parameters to method argument names? (I mean, change an argument name and your code breaks? wtf?) Since when does Microsoft tech favour magic over clarity?

Given where MS started, "less evil" is damning with faint praise. The people in charge include people who were part of everything that was wrong with the company all along. As long as I have a reasonable alternative, I will never choose to trust Microsoft.

Then again I'm biased. Their desire to sell insecure software to the US government when that was against the law lead them to deliberately destroy the life of a friend of mine who they were afraid was going to turn whistleblower to such an extent that he died and left behind a widow and small kids. (Example incident. At one point he got hired at another company, and his manager to be received a call from Microsoft whose whole point was, "How much do we have to pay you to fire him before he starts?" Microsoft knew how to be evil.) I'm not forgetting Ed Curry. Nor do I have any desire to forgive Microsoft.

As long as people associated with the worst of their excesses remain involved and in control - people like Bill Gates and Steve Ballmer - I will always make the non-Microsoft choice.

I hadn't heard this story before, but time isn't kind to this particular conspiracy. The moment of clarity: Mr. Curry wanted to sue Microsoft but "couldn't find a lawyer willing to take on the case" -- in 1998. EVERYBODY was suing Microsoft in 1998, including multiple governments. If you couldn't find someone to sue them that year, I'm afraid you don't have much credibility.

And this made my head hurt:

"All computer security systems begin with the Intel processor itself," Curry said. "I helped Intel develop their processor, so I know how they work and how vulnerable they can be if left exposed." ... "In fact," he added, "Microsoft NT 4.0 is the least secure of all the NT versions... Processors on Windows NT Version 4.0 are insecure because they have been designed to automatically open the processor up to accept commands on start-up."

I love how everyone is an instant expert on the Internet, even if they have only heard of the issue minutes before. I'm not a random internet conspiracist. I'm an established member of this community reporting what happened to someone that I considered a friend at the time that it happened.

Here is the story as I remember it.

The private lawsuit that Ed Curry had standing to bring was a complex contract violation between himself and Microsoft. The fact that Microsoft was not carrying through with their obligations left Ed Curry with very poor personal finances. Therefore any lawyer who took the case on would be doing so on contingency. No matter how many other lawsuits may have been filed, it is not a particularly easy matter to find a lawyer who is willing to spend years in a private lawsuit against pockets as deep as Microsoft's in the hope that someday, maybe, you'll get a big enough settlement to justify it.

So what were Ed Curry's other options?

Well he was aware that Microsoft was breaking the law in a rather egregious way. Windows NT 3.5.0 service pack 3 had a C2 certification. Ed knew this, he is the person who had done that security evaluation. (Which he did on the very contract that Microsoft was breaking the terms on.)

However Microsoft was advertising that Windows NT 4.0 had a C2 clearance. And was selling that into government departments whose regulations required that clearance. Ed Curry was aware of the false advertising, and the lack of clearance, and was furthermore aware that major design decisions, such as putting third party graphics drivers into ring 0, made the attack surface against Windows NT 4.0 sufficiently large that it could not qualify for C2 certification. (Historical note, Windows NT 4.0 never got that certification. But many years later, on service pack 6, they got a British certification that they claimed was equivalent.)

But what could he do about that? Microsoft was clearly breaking the law. But as a private individual, Ed did not have standing to sue Microsoft for the false advertising. He's not the wronged party, you need someone like the attorney general to sue. But Microsoft was politically connected, and getting those people interested is difficult.

What Ed decided to do - in retrospect it was clearly a mistake - was to go public with Microsoft's lawbreaking in the hope that he could get the attention of someone sufficiently highly placed to force Microsoft to follow the law. That's when Microsoft went nuclear. They paid every one of his clients to go elsewhere. After his company went bankrupt, when he got a job they paid that company to preemptively fire him. After several months of this, he died of a heart attack.

Incidentally you may wonder why Microsoft broke their contract with him in the first place. The reason was simple. They came to him with NT 4.0, and said that they wanted C2 clearance. He came back and said that it would never pass, and explained why. They told him to lie so that they could get the certification. When he refused to lie, they decided that they would punish him for failing to cooperate, and decided to not live up to their side of the agreement, safe in the knowledge that he was not going to have a reasonable chance of successfully suing them for it.

That's what happened, and I don't much care whether you happen to believe it. I was there, you weren't, and people who are active on HN will make up their own minds about me.

I knew Ed Curry and worked with him at his home north of Austin for some reporting I did regarding bugs in the Cyrix CPUs. He was a friendly and kind-hearted person, was deeply devoted to both his religion and family. With respect, however, he did not have the best of business judgement. I spoke with him during the time he was setting up his NT certification business. I do not recall all the details, but even today I remember feeling uneasy that he was investing so heavily in creating a business for C2 certification before demand had proven itself. The alarms were going off in my head. I really think that Ed read a lot more into the relationship than he had a right to do.

I would not disagree with your evaluation.

It does not excuse Microsoft's behavior.

And here's where I flash pocket aces: I sat in a room with no windows and no computers, across from men with strong chins and short haircuts, reviewing Windows NT source code line by line. On friggin' paper.

Never heard of this guy. Never heard this story. It makes no sense, and I cannot even imagine what "automatically open the processor up to accept commands on start-up" means.

Mr. Curry eventually met with senior NSA/DoD officials, aired what he had -- while a major government lawsuit against Microsoft played out -- and nothing.

Also, Windows NT 4.0 very much did get C2 certification and had E3 (equivalent but not transferable) at the time. Which again doesn't help the story in hindsight.

I mean, seriously... read this nonsense (gcn.com). This stuff doesn't even qualify him for a Wikipedia entry. It's just the story of someone who cracked under the pressure of releasing a version of NT every year for four years straight. He certainly wasn't the only one.


Curry also gave Schaeffer an updated document pulled from Microsoft’s Web site. Under a section of frequently asked questions on security, the site answered the question: “Is Windows NT a secure enough platform for enterprise applications?” by stating that the company recently enhanced the security of NT Server 4.0 through a service pack.

“Windows NT Server was designed from the ground up with a sound, integrated and extensible security model,” the Microsoft Web site said as late as last week. “It has been certified at the C2 level by the U.S. government and the E3 level by the U.K. government.”

Hodson said the passage claiming C2 certification cited by Curry refers to NT 3.5 with Service Pack 3, which is the only version of NT to meet the NSA’s C2 level requirements to date. But because the passage earlier mentions NT 4.0, Hodson said, the meaning could be misconstrued.

Interesting. On Microsoft's own site they have http://support.microsoft.com/kb/93362 which does not list 4.0. But I found several references claiming that they did achieve C2 certification with service pack 6 in early 2000. My memory had that as a British certification that they claimed was equivalent, but Google is not turning up anything that supports my memory.

However that said, by the time they got that many service packs out, it was clearly no longer the same operating system that they were pushing in 1995. There will never be proof either way, but my belief is that the reason that it took 6 service packs before that certification happened is that there were real security flaws in early NT 4.0.

As articles like http://www.wired.com/science/discoveries/news/1998/05/12121 make clear, Ed Curry's claims were serious enough to be reported in the press at the time. And governments are large and diverse enough that there is no reason to believe that the opinions of people pursuing an anti-trust case about browsers would have much impact on people. This qualifies as a lot more than "nonsense".

As for your "pocket aces", I have absolutely zero clue who you are or whether you're telling the truth. I have no reason to doubt that people who would have been reviewing that code would find themselves on Hacker News. Obviously if you were working for the NSA, you wouldn't be likely to be inclined to leave a traceable trail all over the internet demonstrating that fact. However you wouldn't necessarily know everyone else involved. Nor after 17+ years can any of us claim perfect memory of everyone we might have worked with.

But I did know Ed somewhat. My impression of Ed, and the impression of many others we both interacted with, is that he was a credible witness. I never encountered any evidence that indicates that he was lying.

Interesting. On Microsoft's own site they have http://support.microsoft.com/kb/93362 which does not list 4.0.

I see 4.0 listed on the page. It's right at the bottom -- twice.

Yes, they list the advice in the article as applying to NT 4.0. And the advice on access controls does apply there.

But the only sentences stating that specific versions have actually received C2 type certifications are in the summary. And the statement there is that 3.5 was certified as of 1995 in the USA, and 3.5.1 was given a E3/F-C2 rating in the UK. Nowhere in that article does it say that any version of 4.0 ever received C2 certification.

If you think I'm missing something, please quote directly from the relevant section of the article.

There's no need to guess about any of this:

"SAIC's Center for Information Security Technology, an authorized TTAP Evaluation Facility, has performed the evaluation of Microsoft's claim that the security features and assurances provided by Windows NT 4.0 with Service Pack 6a and the C2 Update with networking meet the C2 requirements of the Department of Defense Trusted Computer System Evaluation Criteria (TCSEC) dated December 1985." [1]

Anyway isn't all of this missing the point that the TCSEC C* requirements didn't really amount to much anyway? It's a pity no general purpose operating systems were ever evaluated to A1 criteria, and that that the Common Criteria haven't lead to systems like EROS/Coyotos/Capros receiving more development attention.

[1] http://web.archive.org/web/20060503192159/http://www.radium....

I'm hardly a fanboy, I'm just lucky that MS' web stack became usable at the time I changed to a job where I needed to start using it. I don't think I could have transitioned from where I was to ASP.NET or the older stacks. I actually miss Apache/mod_perl which I found much simpler and more powerful, and I regret that I didn't get the chance to use Mojolicious professionally. But MVC3/4 haven't been so bad. I like the naming-convention-based approach because Rails and other frameworks use it, and I like having the ability to override it as-needed with attributes or route definitions. I like the dynamic type, given that I'm a die-hard Perl programmer, but I honestly haven't needed to use it in MVC so I'm not sure what you're referring too... maybe just the ViewBag object? I always used typed models for my views, and when I pass info through ViewBag I pull typed objects out of it at the top of my view so I have strongly typed variables in the rest of the view.

I don't think Microsoft tech has ever favored clarity...it's usually too java-esqe ivory-tower architeched enterprisey for my tastes. MVC is like that too, but the worst bits seem to be the ones inherited from ASP.NET. The new stuff is somewhat better, and you can now at least go look at the code to figure out how it works.

Um, you know how Rails binds, right?

Also: MVC2 runs under NET 3.5 which doesn't even have the dynamic keyword. (I don't use dynamic in MVC3 or MVC4 either...)

The "stringly typed" (magic string) stuff was always avoidable. Regardless, see the [CallerMemberName] annotation and others which solves it back to INotifyPropertyChanged.

Now that the backlog of Microsoft tools have shipped, the scaffolding makes a bit more sense. The MVC team released multiple versions (open sourced!) instead of waiting for VS11. Which actually lines up with your core argument.

> That said, ASP.NET MVC is a misguided and overrated Rails ripoff, IMHO.

I completely disagree. ASP MVC may be inspired by rails, and C# inspired by java, and MS may be loathe to admit ether of those sources of inspiration.

however, ASP MVC on C# is great. Maybe because MS stole from the best.


Magic strings can be avoided by always using a viewmodel ,using the lamda overloads on HtmlHelper (@Html.*) also T4MVC is a godsend strongly typing routes, url lookups, viewnames, filenames.

Most of these have been around since MVC 1.0.

Hope these pointers will keep you magic string free :)

Adding T4MVC is the first thing I do on a new project. It makes pretty much all the magic strings disappear.

Trust me when I say that if you use .NET, you're always going to be stuck with Microsoft. Mono, the only other somewhat viable implementation of the CLR, just doesn't really cut it in practice -- at least for ASP.NET.

hmm, mind sharing why? My limited Mono experience was that getting a simple ASP.NET application running on a Linux VPS was, without prior Mono experience, one hours' work. I was pretty impressed by this.

As meanguy pointed out, the Mono team lost Novell's backing -- arguably, they never had it in the first place. Xamarin is now focused entirely on mobile, to the detriment of the core CLR implementation and web.

Not that I blame them in the least. I've been a huge fan of Miguel for years, and they're doing great things in the mobile space. I just can't in good conscience invest heavily in Mono knowing that it's essentially at a dead end -- particularly when other much more attractive web technologies have been released since .NET's inception.

The reality is that Microsoft never really wanted to build a cross-platform CLR. They wanted a great Java-like runtime that only works on Windows. If that matches up with your goals, then by all means use .NET, but be prepared for a tough slog later on if you want to escape Windows.

Mono is now backed by Xamarin. They got something like 12M in VC funding this summer and appear to be on fire. From what I've seen, the future of cross platform .NET looks great.

Click the Xamarin Dev Center link. You'll see Android and iOS but no Linux. They're focusing on mobile client tools.

They never got the full stack running on the server and they punted most of the Windows-specific client stuff from the start.

They landed on a super smart subset and seem to be kicking ass with it. A C# compiler with some odd omissions and cool enhancements + native bindings to iOS and Android equals a damn useful tool. If you're building .NET or even Java backends it's certainly a very sane way to hook into them from Android phones and tablets in the enterprise.

But it's not a cross-platform .NET environment by any stretch and certainly isn't on the path to becoming one.

Xamarin is awesome, and what they're doing seems great. They've just entirely shifted their focus to mobile, which makes a lot of sense for them, but doesn't bode well for core Mono and their port of ASP.NET.

After losing the support of Novell they refocused (see xamarin.com). They really did an amazing job with what they had, though.

That said, Mono benchmarked about 4x slower on my web apps.

For me, better to use two Windows instances rather than deal with the ongoing Mono compatibility drama across 8 Linux machines.

How would you otherwise map GET and POST parameters to method parameters? Have you heard fo model binders? With them you can accept a class as a parameter.

Corporate ethic law:

How evil a company is is directly proportional to the percentage of marketshare it has.

I have to admit I'm impressed with MS here.

Contrast Dart and TS. Dart announced a year ago and they're only now dealing the JS interop issue, so to most people its still only really interesting as a play thing. TS announced and from the looks of if we choose to we can immediately start using it.

I know Dart is more ambitious and maybe long term their focus on issues other than interop will be proved to be correct, but I doubt it.

Comparing JS interop in Dart and TypeScript is apples and oranges. Dart has a native virtual machine with its own garbage collector and object representation. The language itself has an entirely different object model and set of collection types. For better or worse, even Dart's number types are different from JS. Doing JS interop in Dart is like trying to do interop between the JVM and CLR.

TypeScript doesn't have JS interop: it is JavaScript. TypeScript is basically JS linter with a type annotation syntax. (And a few additional local features like arrow functions and class syntax.)

That being said, we know on the Dart team that JS interop is hugely important. It's just much harder for us to do. We've just announced a big step in the right direction: http://www.dartlang.org/articles/js-dart-interop/

Apples and oranges are both fruits though, so when I am thinking about how to get my five a day I think its reasonable to compare them.

I do understand what you are saying, had read similiar on Dart forum in past. Just to be dear I am not in any way saying I think the interop would have been easy, I do think without it Dart was a dead end for most people. It will be interesting to see how things proceed, whether the interop story that is now available lets Dart finally take off a bit in terms of usage and mindshare.

Google deliberately opened up dart development early. I thing that was a good thing. They could have kept it closed and released it today, it's roughly as mature as type script seems to be. Would you have been happier with that?

> Would you have been happier with that?

Yes. Google (and others) need to stop releasing half-baked products.

You release something half-baked, even if it gets up to speed down the road, people will still have perceptions of it being half-baked. The above exchange is typical.

I heard a kid complaining about Java being slow yesterday. People remember their first experiences for a long, long time after they stop being true.

Well, Java is slow. The JVM startup times are what people notice.

You're assuming he was making a nuanced argument and not just flashing gang signs.

This kid had a slow experience with Java a long, long time ago?

He's 19 and been programming for one year.

Imagine if Linus Torvalds shared your point of view.

We'd have a rocking *BSD community now, with all that Linux mindshare going there. Nice.

Nah, we'd have another POSIX OS, only worse than Linux (probably). Plus they attract different kinds of mindshare.

Opening it early was maybe fine, opening it early with no coherent interop strategy and then taking a year to put one together seems like it could have been a mistake.

This looks excellent a nice restrained effort. Hasn't fallen into the trap that ActionScript3 did with too much ceremony, and its nice to see a syntactic super-setting approach rather than Dart's.

Now what I'd like to see in Javascripts evolution (non backwards compatible):

    * Subract: Removing parts of the language - let crockford free to rip out the bad parts.
    * Enhance: Bring in some more taste of Scheme.
    * Replace: New scoping for var etc, without introducing new keywords.

new scoping for `var`? Like the block-scoped `let`?


I'd prefer to change the semantics than introduce new keywords. Of course there are two schools of thought - I favour a small language over backwards compatibility. (And interim tools for migration).

Where I do favour extensions is for expressiveness or performance reasons.

What would more "taste of scheme" mean? Do you mean like lexically-shaped macros?

The online playground can do live syntax and type checking as well as provide function call hints. That's pretty cool.

and you can also see in realtime the typescript -> javascript compilation as you type your typescript code. pretty cool.


Microsoft is doing a lot of community trust building steps that I wish Oracle / Sun were doing, I wonder if people take it seriously and if Microsoft will be ever "Cool" again in the startup / hacker community, or is taken as PR attempts? I personally like it.

Only when it suits them. When it doesn't, they go after the companies using it with the threat of lawsuits.

I don't know when it happened but CodePlex got a makeover as well, it looks good.

Microsoft also has Github a account/accounts - I thought they were going use it for all their open-source projects, but they seem undecided now.

I believe a lot of the teams were jumping on Git for source control before Codeplex had Git support. A little awkward in that stuff is split, but still awesome to seem more stuff like this.


Worth noting that the Azure SDK [1] was released on GitHub over a year ago with the same attributes. The move to Codeplex is concerning.

[1] https://github.com/WindowsAzure/azure-sdk-for-node

Using their own platform instead of a commercial competitor that is also closed source is concerning?! Would it also be concerning if github hosted their open source projects on github instead of on codeplex?

> The move to Codeplex is concerning.

What's concerning about moving the location where Microsoft hosts their code?

Well, for one, their git integration is just bad. Looks like it only supports https password auth. Also I would really miss markdown integration after a while.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact