This post gathers my recent reading notes on artificial intelligence, programming, and a few inspiring podcasts. It includes links to articles, tutorials, and fascinating discussions. Whether you're interested in the latest AI developments, .NET tools, or modern architectures, there's plenty here to spark your curiosity.
Vertical Slice Architecture with Jeremy Miller (.NET Rocks!) - This episode is about Vertical Slice Architecture, what it is, when it makes sense to use it, and some comparisons with the others that we know.
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
It's been already 2 years since I stopped working on the AzUrlShortener project. Not that I didn't like it, but I was busy with other projects. Recently, the opportunity to work on it again came up, and I jumped on it. So many things changed in two years, and I was excited to see how I could improve the solution's developer experience and modernize the user interface and architecture.
This post is the first of a series where I share a few interesting details, tips, and tricks I learned while working on this project.
AzUrlShortener is an Open source project that consists of a simple URL shortener. The goal was simple: having a budget-friendly solution to share short URLs that would be secure, easy to use, and where the data would stay ours. Each instance is hosted in Azure and used to consist of an API (Azure Function), a Blazor WebAssembly website (Azure Static Web App), and Data Storage (Azure Storage table).
Key Changes at a Glance
Migration from Azure Static Web Apps to Azure Container Apps
Upgrade to .NET 9.0 and integration with .NET Aspire
Enhanced security with separated API responsibilities
Simplified deployment using Azure Developer CLI (azd)
Modern UI with FluentUI Blazor
Upgrading SDKs and packages
As mentioned earlier, a lot changed in two years. The first thing I did was to upgrade the SDKs to .NET 9.0. That was a breeze; I changed the target framework in the project file then used dotnet-updated to list all the packages that needed to be updated. I then used dotnet outdated -u to update all the packages.
And while we were at it, since I started using .NET Aspire, I couldn't resist using it as much as possible. It simplifies the development cycle so much, and the code is much cleaner. So I added that to the mix. It added two more projects to the solution, but now the entire solution is defined in C# in the AppHost project (the Aspire orchestrator).
So now the solution looks like this:
src/
├── Cloud5mins.ShortenerTools.Api # Internal management API
├── Cloud5mins.ShortenerTools.AppHost # .NET Aspire orchestrator
├── Cloud5mins.ShortenerTools.Core # Shared business logic
├── Cloud5mins.ShortenerTools.FunctionsLight # Public redirect API
├── Cloud5mins.ShortenerTools.ServiceDefaults # Common service configurations
└── Cloud5mins.ShortenerTools.TinyBlazorAdmin # Frontend application
Changes to Improve Security
Security should come first, and I wanted to make sure that the solution was as secure as possible. I decided to split the API into two parts. The first part is the API that redirects the users, and it can only do that. The second part is the internal API to manage all the URLs and other data.
I decided to migrate the solution to use Azure Container Apps and have it running in two containers: the TinyBlazorAdmin and the Api. With Azure Container Apps, I can use Microsoft Entra, without any line of code, to secure TinyBlazorAdmin. The API will only be accessible from the TinyBlazorAdmin and won't be exposed to the Internet. As a bonus, since TinyBlazorAdmin and the API are now running inside containers, you could also decide to run them locally.
The storage access got also a security upgrade. Instead of using a connection string, I will be using a Managed Identity to access the Azure Storage Table. This is a much more secure way to access Azure resources, and thanks to .NET Aspire, it is also very easy to implement.
Architecture
The architecture is changing a little. The API is now split in two: FunctionsLight and API. The two APIs use services from Core to avoid code duplication. The TinyBlazorAdmin runs in a container and is secured by Microsoft Entra. API is also running in a container and is not exposed to the Internet. And Azure Storage Table is still our faithful data source.
Previous Architecture
Azure Function (API)
Azure Storage (Function Code)
Azure Static Web App (Blazor WebAssembly)
Azure Storage Table (Data)
Application Insights
New Architecture
Container registry (Docker images)
Container Apps Environment
Container App/ Function: FunctionsLight Public redirect-only API
Container App: Internal API Protected management interface
The Deployment is also changing. Instead of using a button from my GitHub repo, we will be using the Azure Developer CLI (azd) or a GitHub Action from your own repo (aka fork). The deployment will take ~10 minutes and will be done with one simple command azd up.
The entire solution will still have Infrastructure as Code (IaC) using Bicep, instead of ARM.
Here a video about it
Were there any challenges?
While working, there were a few challenges or "detours" that slowed the progress of the migration a little, but most of them were due to decisions made to improve the solution. Let's take a look at the first one in the next post: How to use Azure Storage Table with .NET Aspire and a Minimal API (soon).
Welcome to Reading Notes —a curated dive into the latest and greatest in programming, cloud, and AI. From mastering multithreading with Azure to exploring GitHub Copilot's productivity potential, this collection is brimming with knowledge. Let's unravel what's new, innovative, and worth your attention!
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
This week, ReadingNotes shares some insightful blog posts that caught my attention. From embracing a positive mindset and integrating local AI models with .NET Aspire, to leveraging Docker for cloud-native development and exploring AI-powered Blazor Kanban, there's plenty to dive into. Happy reading!
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Welcome to this week’s reading notes! In this post, you’ll find a curated selection of insightful articles and tutorials covering various topics in technology and programming. Whether you’re looking to enhance your testing skills with .NET Aspire, improve your code comprehension with GitHub Copilot, or explore the world of Docker for DevOps, there’s something here for everyone. Dive in and enjoy these valuable resources!
If you have interesting content, share it!
Suggestion of the week
Getting started with testing and .NET Aspire (Aaron Powell) - This is a great tutorial, with a video version if you prefer, to get us started with test when .NET Aspire is part obor solution.
Hosting a (DevOpsDays) Tech Conference (Dewan Ahmed) - I went to this even and you could feel it was prepared with patio and care. It very interesting to learn about the behind the scene and all the work put both before and after.DevOpsDay Halifax you won my heart.
It's Reading Notes time and this week we learn how to improve our experience and security while using AI and containers
a zip line spider?
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Avoid These 5 Common AI Project Mistakes for Success (Narcosa Admin) - AI is a great tool and with it's new easy accessibility more are integrating it into there services, This post shares tips to give you more chance of success.
7 Best Practices for Using GitHub Copilot (Visual Studio Code team) - AI is a great tool, but to enjoy it as much as possible there are a few things we can do, This post shares those tips that could make the differences.
In this edition of Reading Notes, we delve into a diverse range of programming topics, from stream manipulation in C# to the latest updates in Docker Desktop. Whether you’re interested in adding AI to your .NET apps or understanding the implications of .NET 6 reaching end-of-support, we’ve got you covered.
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Add AI to Your .NET Apps Easily with Prompty (Bruno Capuano) - This is a nice tutorial to build an API using Semantic Kernel to communicate to Prompty and add AI to your project.
How use a Blazor QuickGrid with GraphQL (Frank Boucher) - QuickGrid is an excellent component that came recently in Blazor. Optimized and compatible with tons of modern patterns to display,sort,filter our data.This post share a few o those things filling the grid with a GraphQL endpoint.
Good Monday! This week Reading Notes are more listening notes 😅 and we go from .NET Aspire and containers, passing by communication with AI to camping!
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Introducing .NET Aspire with Damian Edwards (Hanselminutes with Scott Hanselman) - Nice episode where .NET Aspire is really well explained, but yes it's kind of hard to say in a few words what it is.
CosmosDB and AI with Mark Brown (.NET Rocks!) - AI and data! AI and data! AI and data! It's not a typo, I wrote it 3 times... It's everywhere, evolving fast and you must look at it.
In this week’s Reading Notes, we explore cloud debugging, .NET Aspire, and more. Join us for insights, workshops, and podcasts covering a range of exciting topics! 🚀
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Cloud
GalaSoft Laurent Bugnion (Laurent Bugnion) - Nice post debugging investigating a bug, that cannot be reproduce locally only in the cloud.... But with the right tools it's much easier.
Apprendre .NET Aspire en français (Frank Boucher) - Another shameless plug for French content this time. I did a 1h45 long video where I explain the basic of .NET Aspire by doing a workshop and providing details.
What is platform engineering? (Julia Kulla-Mader, Chuck Lantz) - Platform engineering is gaining in popularity, but what ibis really. This article gives a good explanation to start our learning journey.
Welcome to this week’s edition of Reading Notes! In this roundup, we explore a variety of topics across cloud, programming, databases, and AI. From understanding Docker’s USER instruction to styling Blazor components with CSS, I’ve got you covered. Let’s dive in!
Suggestion of the week
Understanding the Docker USER Instruction (Jay Schmidt) - A great post to that explains really clearly the basic usage of user when building our container. After reading this post you should feel confident to follow this best practices.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
You also read something you liked? Share it!
Cloud
It's Finally Possible To Hibernate Azure VMs (Sam Cogan) - This new feature must be such a relief for all the VM users. Make sure to read this post to know the requirements of the VM tone able to hibernate it.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Making C# Simple with Fluent Techniques (Niraj Ranasinghe) - Nice post. I didn't realise that Fluent path was used in so many places. It makes it so cleaner when we can use it.
AI
Visual Studio Code AI Toolkit: Run LLMs locally (Shreyan Fernandes) - It goes so fast! It used to be complicated to get AI and now we can get one locally directly from vs code... Quick post to get us started.
Episode 1900 with Scott Hanselman! (.NET Rocks!) - Three of my favorite people in the word in a single episode! It was such a pleasure to listen pleasure to listen talk about all those little stories. Long live to .NET Rocks (and HanselMinutes)
8 Learning Paths for Beginners on GitHub (Cynthia Zanoni) - Wow! so many very cool learning Path to get started with anything you can think about it. I may do one or two just to refresh my knowledge.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
You also read something you liked? Share it!
Cloud
Azure Developer CLI (azd) – Build 2024 Recap (Grace Kulin) - All developers should look at how it can really speedup and simplify your Azure deployment and ease the creation of your infrastructure as code file (bicep and terraform).
Announcing the AI Toolkit for Visual Studio Code (John Lam) - Nice! The favorite editor of so many now have an AI extension! I missed the Microsoft Build sessions with the demos. Lucky me they are available on demand!
I used to hardcode my password in my demos and code samples. I know it's not a good practice, but it's just for demo purposes, it cannot be that dramatic, right? I know there are proper ways to manage sensitive information, but this is only temporary! And it must be complicated to remove all the passwords from a deployment... It turns out, IT IS NOT difficult at all, and that will prevent serious threats.
In this post, I will share how to remove all passwords from a docker-compose file using environment variables. It's quick to setup and easy to remember. For production deployment, it's better to use secrets, because environment variables will be visible in logs. That said, for demos and debugging and testing, it's nice to see those values. The code will be available on GitHub. This deployment was used for my talks during Azure Developers .NET Days: Auto-Generate and Host Data API Builder on Azure Static Web Apps and The most minimal API code of all... none
The Before Picture
For this deployment, I used a docker-compose file to deploy an SQL Server in a first container and Data API Builder (DAB) in a second one. When the database container starts, I run a script to create the database tables and populate them.
As we can see, the password is in clear text twice, in the configuration of the database container and in the parameter for sqlcmd when populating the database. Same thing for the DAB configuration file. Here the data-source node where the password is in clear text in the connection string.
The easiest password instance to remove was in the sqlcmd command. When defining the container, an environment variable was used... Why not use it! To refer to an environment variable in a docker-compose file, you use the syntax $$VAR_NAME. I used the name of the environment variable MSSQL_SA_PASSWORD to replace the hardcoded password.
/opt/mssql-tools/bin/sqlcmd -U sa -P $$MSSQL_SA_PASSWORD -d master -i /startrek.sql
Second Pass: .env File
That's great but the value is still hardcoded when we assign the environment variable. Here comes the environment file. They are text files that holds the values in key-value paired style. The file is not committed to the repository, and it's used to store sensitive information. The file is read by the docker-compose and the values are injected. Here is the final docker-compose file:
Note the env_file directive in the services definition. The file .env is the name of the file used. The ${SA_PWD} tells docker compose to look for SA_PWD in the .env file. Here is what the file looks like:
SA_PWD=This!s@very$trongP@ssw0rd
Conclusion
Simple and quick. There are no reasons to still have the password in clear text in the docker compose files anymore. Even for a quick demo! Of course for a production deployment there are stronger ways to manage sensitive information, but for a demo it's perfect and it's secure.
During Microsoft Build Keynote on day 2, Julia Liuson and John Lambert talked about how trade actors are not only looking for the big fishes, but also looking at simple demos and old pieces of code, looking for passwords, keys and sensitive information.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Use Azure DevOps Pipelines as a Serverless Compute Engine (Chris Pietschmann) - Do you know or use Azure DevOps Pipeline? They can read your code from most source repository and will execute tasks for you. Like CI-CD as explains in this post.
Docker Compose Profiles, one the most useful and underrated features (Oskar Dudycz) - Woah! For now on, I shall have a profile in all my docker compose file. We'll probably not all, but I'm definitely using them. This post is the perfect place to get started and understand what are profile and how to use it.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
An introduction to primary constructors in C#12 (Andrew Lock) - Wow! This post dig into what can and cannot do the new constructors in C#. Example by example trying more complex scenarios, fascinating!
DevOps
Use Azure DevOps Pipelines as a Serverless Compute Engine (Chris Pietschmann) - Do you know or use Azure DevOps Pipeline? They can read your code from most source repository and will execute tasks for you. Like CI-CD as explains in this post.
Miscellaneous
Introducing Plans on Microsoft Learn (Kaberi Bell) - Would it be to be a data engineer, AI specialist, app builder there's a plan for you and that's a very cool new feature on learn have a look this blog post explain all of it
How Do You Measure Developer Experience? (Jennifer Riggins) - An interesting article about what and how measure performance. I didn't know so many system and details concepts were that detailed.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
Think Faster, Talk Smarter with Matt Abrahams (Modern Mentor) - Interesting episode about how to become a better communicators in both formal and informal situations. Matt is the author a book on that topic.
DevOps Adoption for IT Managers (Chris Pietschmann) - Interesting post that shares the benefits of DevOps for your enterprise and how to approach it as a manager.
Cascadia Code 2404.23 (Christopher Nguyen) - I used to do ASCII art back on my C=64... Now that all those new fonts and symbols are added should I start again? Nice to have all the options available to be able to display everything we need|the console.
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.
What is an RDP Browser? (And How To Get One) (Peter) - A great alternative when you want to test on different browser or version of a browser, for gaming, And also for cyber security when investigating.
It is time to share new reading notes. It is a habit I started a long time ago where I share a list of all the articles, blog posts, and books that catch my interest during the week.
If you think you may have interesting content, share it!
Blazor WebAssembly Virtual File System Access (Michael Washington) - A nice tutorial the show us how to keep file (aka data) in the browser of the visitor. All the code is available.
It is time to share new reading notes. It is a habit I started a long time ago where I share a list of all the articles, blog posts, and books that catch my interest during the week.
If you think you may have interesting content, share it!
Blazor Basics: Advanced Blazor Form Validation (Claudio Bernasconi) - Having control on the validation and how we guide our users is a must. This post does a great job at explaining how to to it within Blazor with clear and simple code sample.
An Introduction to Mistral AI (https://www.freecodecamp.org/news/an-introduction-to-mistral-ai/) - An interesting alternative to GPT when text is involved.
