Welcome to Reading Notes #639, a curated selection of intriguing articles across programming, AI, cloud computing, and more. Dive into new productivity features in Visual Studio, the latest front-end development trends, .NET AI evaluations, and essential learning techniques.
What are Custom Integrations in .NET Aspire? (Kalle Marjokorpi) - This second post in a series shows how to configure the identity server name Curity. It's implemented in a .NET Aspire solution and looks very well structured.
5 Learning techniques you should know (Marco Siccardi) - Learning how to learn is a concept that in underrated. This post shares 5 accessible tips with big impact.
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
This week Reading Notes, covers various topics in programming and databases. Discover the latest ASP.NET Core release, the importance of clear error messages, and coding with voice commands. Learn about new features in Azure EasyAuth and Microsoft Entra Authentication for Azure PostgreSQL. We also bid farewell to Azure Data Studio as it moves to VS Code extensions.
The Importance of Good Error Messages (jdanton1) - I cannot agree more with the idea! How many of us have lost hours trying to figure out what was the error because the description wasn't clear!
Azure Data Studio Retirement | Microsoft Community Hub (carlosrobles) - I used in love Azure Data Studio and I'm a little bit sad to see it go away but I think it's for the best since all the functionality will be now available in vs code extension
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Each week, I read a myriad of topics that pique my curiosity and spark new ideas. From AI advancements and low-code solutions to tutorials on enhancing accessibility and performing database operations in .NET MAUI, this week's reading notes offer an eclectic mix of insights and practical knowledge.
Dive in and explore the fascinating links that kept me captivated over the past few days!
AI
AI mistakes are very different from human mistakes (Mark Downie) - Very interesting thoughts. Looking forward to seeing how we adapt and integrate new security practices to avoid those new potential mistakes
Using Tools (Safely) with LLMs (Mark Heath) - This is a nice C# tutorial that explains how to extend the capabilities of your AI without compromising security.
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
This edition of Readings Notes covers the synergies between C# and Rust, open-source software licensing challenges, and securing the software supply chain. It also feature a beginner’s guide to programming C# in Visual Studio Code. Finally, we delve into the evaluation process of AI models for GitHub Copilot.
Enjoy the read!
Programming
Why Every C# Developer Should Explore Rust (Chris Woodruff) - Even though I heard of Rust I don't think I ever wrote a single line. This post gives a brief list of ideas where we could make a combo c#-rust, and where to get started. Hmmm.
.NET OSS Projects: Better to Re-license or Die? (Aaron Stannard) - What are the options when a free OSS project changes its license? Nice post that provides an overview of a recent change like this.
How we evaluate AI models and LLMs for GitHub Copilot (Connor Adams, Klint Finley) - This is an interesting post that shares the methods used to test the different models before they can be included. Testing a model is different than testing a regular piece of code, what are they looking for, and what's important?
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
This edition of ReadingNotes covers new AI tools, WSL updates, .NET 9 features, and debugging tips with GitHub Copilot. Plus, insightful podcasts on .NET Aspire, productivity tools, and frontend engineering.
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Easier to fix async exceptions (Mark Downie) - Debugging Asynchronous code as been always more complicated, looking forward to seeing (and using) that new capability in .NET 9.
How to make your web page faster before it even loads (Salma Alam-Naylor) - To make sure our users have he best experience possible it important to fine-tune some little details. This post goes deep and explains them very well.
Welcome to this week’s edition of Reading Notes! In this roundup, we explore a variety of topics across cloud, programming, databases, and AI. From understanding Docker’s USER instruction to styling Blazor components with CSS, I’ve got you covered. Let’s dive in!
Suggestion of the week
Understanding the Docker USER Instruction (Jay Schmidt) - A great post to that explains really clearly the basic usage of user when building our container. After reading this post you should feel confident to follow this best practices.
Happy Canada Day! It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
You also read something you liked? Share it!
Cloud
Is .NET Aspire NuGet for Cloud Service Dependencies? (Phil Haack) - I like the comparison with NuGet. Using .NET Aspire in a project does indeed simplify a lot things. I'll be waiting for that follow up post.
Announcing TypeScript 5.5 - TypeScript (Daniel Rosenwasser) - Really good news for the JavaScript developers. This post shares all the new features like ECMAScript, Set Methods support, and the performance improvement included in this release candidate of Typescript.
Blazor Basics: Dealing with Complex State Scenarios (Claudio Bernasconi) - Interesting package Fluxor that help managing states. The post also explains different pros and cons of methods to maintain states.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Bringing the Aspire dashboard to ACA (Mark Downie) - One of the great tool that was released with Aspire is its dashboard as it shows traces across services. This post shares how to enable this amazing tool in Azure.
I used to hardcode my password in my demos and code samples. I know it's not a good practice, but it's just for demo purposes, it cannot be that dramatic, right? I know there are proper ways to manage sensitive information, but this is only temporary! And it must be complicated to remove all the passwords from a deployment... It turns out, IT IS NOT difficult at all, and that will prevent serious threats.
In this post, I will share how to remove all passwords from a docker-compose file using environment variables. It's quick to setup and easy to remember. For production deployment, it's better to use secrets, because environment variables will be visible in logs. That said, for demos and debugging and testing, it's nice to see those values. The code will be available on GitHub. This deployment was used for my talks during Azure Developers .NET Days: Auto-Generate and Host Data API Builder on Azure Static Web Apps and The most minimal API code of all... none
The Before Picture
For this deployment, I used a docker-compose file to deploy an SQL Server in a first container and Data API Builder (DAB) in a second one. When the database container starts, I run a script to create the database tables and populate them.
As we can see, the password is in clear text twice, in the configuration of the database container and in the parameter for sqlcmd when populating the database. Same thing for the DAB configuration file. Here the data-source node where the password is in clear text in the connection string.
The easiest password instance to remove was in the sqlcmd command. When defining the container, an environment variable was used... Why not use it! To refer to an environment variable in a docker-compose file, you use the syntax $$VAR_NAME. I used the name of the environment variable MSSQL_SA_PASSWORD to replace the hardcoded password.
/opt/mssql-tools/bin/sqlcmd -U sa -P $$MSSQL_SA_PASSWORD -d master -i /startrek.sql
Second Pass: .env File
That's great but the value is still hardcoded when we assign the environment variable. Here comes the environment file. They are text files that holds the values in key-value paired style. The file is not committed to the repository, and it's used to store sensitive information. The file is read by the docker-compose and the values are injected. Here is the final docker-compose file:
Note the env_file directive in the services definition. The file .env is the name of the file used. The ${SA_PWD} tells docker compose to look for SA_PWD in the .env file. Here is what the file looks like:
SA_PWD=This!s@very$trongP@ssw0rd
Conclusion
Simple and quick. There are no reasons to still have the password in clear text in the docker compose files anymore. Even for a quick demo! Of course for a production deployment there are stronger ways to manage sensitive information, but for a demo it's perfect and it's secure.
During Microsoft Build Keynote on day 2, Julia Liuson and John Lambert talked about how trade actors are not only looking for the big fishes, but also looking at simple demos and old pieces of code, looking for passwords, keys and sensitive information.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Think Faster, Talk Smarter with Matt Abrahams (Modern Mentor) - Interesting episode about how to become a better communicators in both formal and informal situations. Matt is the author a book on that topic.
DevOps Adoption for IT Managers (Chris Pietschmann) - Interesting post that shares the benefits of DevOps for your enterprise and how to approach it as a manager.
Cascadia Code 2404.23 (Christopher Nguyen) - I used to do ASCII art back on my C=64... Now that all those new fonts and symbols are added should I start again? Nice to have all the options available to be able to display everything we need|the console.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
What is an RDP Browser? (And How To Get One) (Peter) - A great alternative when you want to test on different browser or version of a browser, for gaming, And also for cyber security when investigating.
It's reading notes time! It is a habit I started a long time ago, close to 600 weeks ago in fact, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
If you think you may have interesting content, share it!
Is Your Container Image Really Distroless? (Laurent Goderre) - Nice post that explains a new way to improve security and more while building our container by going distroless.
Azure PowerShell Tips and Tricks (Paul Harrison) - PowerShell is a very interesting and useful script language.All those tips are pure wisdom!
DevOps
Beautiful .NET Test Reports Using GitHub Actions (Sean Killeen) - It's true that the unit test result in Azure DevOps looks amazing. Pretty nice adaptation in GitHub Action, could/ should it be native?
It is time to share new reading notes. It is a habit I started a long time ago where I share a list of all the articles, blog posts, and books that catch my interest during the week.
If you think you may have interesting content, share it!
Suggestion of the week
Getting Started with Blazor’s New Render Modes in .NET 8 (Jon Hilton) - Amazing post that covers the four rendering mode for Blazor in .NET 8.There just enough code to understand the concept and see the trade-offs and advantages of each options.
ai generated: melting snowman who love to read
Cloud
A Decade of Have I Been Pwned (Troy Hunt) - Congrats for this anniversary and what a journey it was.I remember reading with passion your tech blog describing the tech decision taken for the site.
Making Azure the Best Place to Observe Your Apps with OpenTelemetry (Matthew McCleary) - Looking back, tracking, monitoring, tracing are such important action when we think about application life cycle.I'm very happy to see Azure offers a great sets of tools to do it.
It is time to share new reading notes. It is a habit I started a long time ago where I share a list of all the articles, blog posts, and books that catch my interest during the week.
If you think you may have interesting content, share it!
It is time to share new reading notes. It is a habit I started a long time ago where I share a list of all the articles, blog posts, and books that catch my interest during the week.
If you think you may have interesting content, share it!
The suggestion of the week
How to use GitHub Copilot: Prompts, tips, and use cases (Rizel Scarlett, Michelle Mannering) - A very helpful post that helps thinking how to communicate efficiently with Copilot, by breaking down our instructions and being more specific.
It is time to share new reading notes. It is a habit I started a long time ago where I share a list of all the articles, blog posts, and books that catch my interest during the week.
If you think you may have interesting content, share it!
It is time to share new reading notes. It is a habit I started a long time ago where I share a list of all the articles, blog posts, podcast episodes, and books that catch my interest during the week.
If you think you may have interesting content, share it!
Programming
Web3 DevOps: The Series (Donovan Brown) - I'm just getting started with web3 there are so many tools.
How to Compare Two Json Objects Using C# (Code Maze) - Data is the core of most if not all applications and a common way to define the data is JSON. This post helps to understand how to compare a piece of information. Very useful.
Taking Comfortable Risks with Scott Galloway (A Bit of Optimism) - One thing he said that will stick with me I think, and that I need to now transform into my words: "There is nothing that will happen to you if you don't take some uncomfortable risks and talk to some people".
How to manage through a season of layoffs (Modern Mentor) - A season like those required more effort from everyone. It's hard and we all need to say nice and as much human as possible.
Get Started with GitHub Actions (Mandy Hubbard) - This is a great post to get started with CICD. GitHub is free and accessible, give it a try and then automate some tests or a deployment.
Why tuples in C# are not always a code smell (Dennis Frühauff) - I didn't use Turple yet but it's not hard to see the potential and how it could become ugly. This post shows and explains a few simple rules to stay clear.
Lazy and once-only C# async initialization (Ian Griffiths) - An amazing post that explains so much and that has all the code snippets to be clear about it. I will have to copy-paste those into some test applications to really try them, but it is clear what I should expect.
It's time to share my reading notes. Those are a curated list of all the articles and blog posts, that caught my interest during the week and that I found interesting. It's a mix of the actuality and what I consumed.
If you think you may have interesting content, share it!
Web Security 101 - Part 1: Secrets (Abbey Perini) - This is a nice post that lists places or methods to save our secrets and explains the pro and cons of each.
Fluent Insights EP4: Slots (Paul Gildea) - The new episode of Fluent UI Insights is out. This one talks about slots, JSX children, and triggers.
