Reading Notes #614

In this edition of Reading Notes, we delve into a diverse range of programming topics, from stream manipulation in C# to the latest updates in Docker Desktop. Whether you’re interested in adding AI to your .NET apps or understanding the implications of .NET 6 reaching end-of-support, we’ve got you covered. 

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

Programming

• How to Convert a Stream to a File in C# (Bozo Spoljaric) - Learn more about stream and file manipulation in this useful post.

• Add AI to Your .NET Apps Easily with Prompty (Bruno Capuano) - This is a nice tutorial to build an API using Semantic Kernel to communicate to Prompty and add AI to your project.

• .NET 6 will reach End of Support on November 12, 2024 (Rahul Bhandari) - NET 6 will be reaching end of support, okay but what does that means for you?This post covers it all.

• Disambiguating types with the same name with extern alias (Andrew Lock) - It's always a pleasure to read Andrew's post that goes deeper explains more complex scenarios.

• Docker Desktop 4.32: Beta Releases of Compose File Viewer, Terminal Shell Integration, and Volume Backups to Cloud Providers (Deanna Sparks) - Some great new features and improvement for this new update of Docker Desktop.

• How use a Blazor QuickGrid with GraphQL (Frank Boucher) - QuickGrid is an excellent component that came recently in Blazor. Optimized and compatible with tons of modern patterns to display,sort,filter our data.This post share a few o those things filling the grid with a GraphQL endpoint.

Miscellaneous

• What CrowdStrike teaches us about risks & resilience (Om Malik) - Nice post to learn more about that event,and understand the real risk.

~ Frank

Reading Notes #613

Good Monday! This week Reading Notes are more listening notes 😅 and we go from .NET Aspire and  containers, passing by communication with AI to camping!

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

Cloud

• Creating an Azure Static Web app (moving from WordPress, part 2) (Michael Eaton) - Yes indeed it is simple to get started with Azure Static WebApp.This post shares a user journey while migrating.

• Windows ARM installing Azure CLI (Jani Nevalainen) - Cool tips to make CLI works on ARM processor device,until the real version comes out.

Programming

• Docker Best Practices: Choosing Between RUN, CMD, and ENTRYPOINT (Jay Schmidt) - Nice post that explains really clearly the differences between those three and provides cheat sheet and examples.

Podcasts

• Introducing .NET Aspire with Damian Edwards (Hanselminutes with Scott Hanselman) - Nice episode where .NET Aspire is really well explained, but yes it's kind of hard to say in a few words what it is.

• 687: Getting Better at Internal Communication, with Roy Schwartz (Coaching for Leaders) - Nice episode that talk how AI can help or harm a good communication. Used smartly it can definitely help...

• Camping Tips for Your Next Adventure with Lestarya Molloy (Wild Ideas Worth Living) - I grow up camping every summer, but for many they didn't have that chance and it's hard to start... But there an App for that!

• CosmosDB and AI with Mark Brown (.NET Rocks!) - AI and data! AI and data! AI and data! It's not a typo, I wrote it 3 times... It's everywhere, evolving fast and you must look at it.

• 86. Power Platform, Blazor and beyond: Maintaining internal apps - with Sophie van den Akker (Betatalks the podcast) - Nice episode about how and where use Blazor, the limits of Power Platform and more.

~Frank

Reading Notes #612

In this week’s Reading Notes, we explore cloud debugging, .NET Aspire, and more. Join us for insights, workshops, and podcasts covering a range of exciting topics! 🚀

 
Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

 

Cloud

• GalaSoft Laurent Bugnion (Laurent Bugnion) - Nice post debugging investigating a bug, that cannot be reproduce locally only in the cloud.... But with the right tools it's much easier.

Programming

• Let's Learn .NET Aspire - Start your cloud-native journey live! - .NET Blog (James Montemagno) - The .NET Aspire workshop is been deliver in many languages and available online. To learn what it is, when should we use it and how it works, join a live session or watch it on demand.

• Exploring docker compose watch in Visual Studio Code (Julie Lerman) - That looks fantastic! And thanks to Julia we will avoid a few gotchas.

• Simplify Your .NET Aspire Caching With Metalama (Metalama Team) - 2 great tools in synergy make the result so much better. This nice post is good to get us started on caching.

• Join Us for .NET Aspire Developers Day – Elevate Your Cloud Native Skills! - .NET Blog (Mehul Harry) - July 23 - Check the date there will be a .NET Aspire event with more advanced stuff like building custom components and more.

• Why and How to Execute GraphQL Queries in .NET (Frank Boucher) - Shameless plug... Did you know GraphQL could improve the performance of your application by avoiding over fetching?

• Apprendre .NET Aspire en français (Frank Boucher) - Another shameless plug for French content this time. I did a 1h45 long video where I explain the basic of .NET Aspire by doing a workshop and providing details.

Podcasts

• Martin Hinshelwood: Migration Azure DevOps Server to the Cloud - Episode 302 (Azure DevOps Podcast) - Interesting episode about migrations and how to approach them. Because so many stories start by a migration.
• GitHub Evolving with Damian Brady (.NET Rocks!) - Great episode to learn all things GitHub... and these days that mean a lot.
• 416: Going Light + How Spatial Video Really Works (Merge Conflict) - Great episode. Is going with two phone is going light however? Hhmmmm...
• Episode 287: Why You As A Developer Must Care About Managing Your APIs (Web Rush) - The 1M questions episode! Answers are optional because the fun is about being curious... right?
• Mitch Denny: .NET Aspire Architecture - Episode 304 (Azure DevOps Podcast) - Learn more about .NET Aspire what it is, because yes it's hard to explain, and what's the road map.
• How to finally have that dreaded conversation (Modern Mentor) - Yes it's hard, but pause, and do those talks.

Miscellaneous

• What is platform engineering? (Julia Kulla-Mader, Chuck Lantz) - Platform engineering is gaining in popularity, but what ibis really. This article gives a good explanation to start our learning journey.

Reading Notes #611

Welcome to this week’s edition of Reading Notes! In this roundup, we explore a variety of topics across cloud, programming, databases, and AI. From understanding Docker’s USER instruction to styling Blazor components with CSS, I’ve got you covered. Let’s dive in!

Suggestion of the week

• Understanding the Docker USER Instruction (Jay Schmidt) - A great post to that explains really clearly the basic usage of user when building our container. After reading this post you should feel confident to follow this best practices.

Cloud

• Azure Static Web Apps–SWA CLI behind the scenes (Bart Wullems) - Cool post to that quickly explains how the CLIworks and a few different tools.

Programming

• Blazor Basics: Styling Blazor Components with CSS (Claudio Bernasconi) - That will solve an issue I was having... Blazor for the win!

• Is Your ASP.NET Core Application Running In A Container? (Adam Storr) - Very neat tip to know when the App is or not in a container.

• Setting up NGINX load balancer for .NET WebApi (Oskar Dudycz) - Very well done tutorial to set a reverse proxy.

Databases

• Automating SQL Deployments using GitHub Actions - Part 2 (Eduardo Pivaral) - That's pretty neat. Of course, there is a SQL option but I never thought about it. Excellent idea to keep everything in one place with versions.

AI

• Updated Documentation for Semantic Kernel (Sophia Lagerkrans-Pandey) - Nice update in the documentation, new content new look.

~frank

Reading Notes #610

Happy Canada Day!
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

You also read something you liked? Share it!

Cloud

• Is .NET Aspire NuGet for Cloud Service Dependencies? (Phil Haack) - I like the comparison with NuGet. Using .NET Aspire in a project does indeed simplify a lot things. I'll be waiting for that follow up post.

Programming

• Dev Home Preview v0.15 Release (Kayla Cinnamon) - Cools news updates in Dev home.

• Announcing TypeScript 5.5 - TypeScript (Daniel Rosenwasser) - Really good news for the JavaScript developers. This post shares all the new features like ECMAScript, Set Methods support, and the performance improvement included in this release candidate of Typescript.

• Refactor your code with default lambda parameters - .NET Blog (David Pine) - A really good post, last of a series of four about new features of C# 12. I really like that new way to declare defaults I think it's much clearer.

• Blazor Basics: Dealing with Complex State Scenarios (Claudio Bernasconi) - Interesting package Fluxor that help managing states. The post also explains different pros and cons of methods to maintain states.

Databases

• What is SQL Injection in Cybersecurity? How to Prevent SQLi Attacks (Jen Swisher) - This post explains what are SQL injections and how they could affect our website. When I shares how to prevent those attack the post focuses on CMS like WordPress.

AI

• Mistral Introduces AI Code Generation Model Codestral (Daniel Dominguez) - On nice! A new model that specializes into code, and many languages on top of that.

~frank

Reading Notes #609

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

You also read something you liked? Share it!

   

Cloud

• It's Finally Possible To Hibernate Azure VMs (Sam Cogan) - This new feature must be such a relief for all the VM users. Make sure to read this post to know the requirements of the VM tone able to hibernate it.

• Enhancing Performance in Azure Container Apps (Cary Chai) - This post gives us an history of the different algorithm used in ACA but also explains briefly how does one works.

Programming

• Visual Studio 2022 - 17.10 Performance Enhancements - Visual Studio Blog (Ashok Kamath) - Impressive improvement going up to 50% in specific cases! Congratulations to the team,event the smaller speed improvement will be feel.

• Setting up NGINX load balancer for .NET WebApi (Oskar Dudycz) - Very well done tutorial to set a reverse proxy.

• What's new for the Microsoft Fluent UI Blazor library 4.8 (Vincent Baaij) - awesome update just before summer! (well, in the north hemisphere).

AI

• Using Phi-3 & C# with ONNX for text and vision samples - .NET Blog (Bruno Capuano) - Nice post that shows that when using great tools it can be really simple todo amazing things.

• I Will Fucking Piledrive You If You Mention AI Again — Ludicity - ChatGPT and other tools have an impact and it disturb the flow. Some embraces the change other don't like the change. Interesting post where the author shares his concerns.

~frank

Reading Notes #608

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

You also read something you liked? Share it!

Cloud

• Running a Playwright scheduled job with Azure Container Apps (Anthony Chu) - A very nice post about recording test session using azure container app. Good idea!

Programming

• The .NET MAUI Extension for Visual Studio Code is now Generally Available - .NET Blog (Maddy Montaquila) - Wow,already GA! Looking forward to try it on my Linux PC. This post shares all the features packed in this release, and there videos too.

• Introducing collection expressions in C#12: Behind the scenes of collection expressions - Part 1 (Andrew Lock) - First post of a series that goes deeper into c# comparing expressions, initialization, and what the compiler does.

• Making C# Simple with Fluent Techniques (Niraj Ranasinghe) - Nice post. I didn't realise that Fluent path was used in so many places. It makes it so cleaner when we can use it.

AI

• Visual Studio Code AI Toolkit: Run LLMs locally (Shreyan Fernandes) - It goes so fast! It used to be complicated to get AI and now we can get one locally directly from vs code... Quick post to get us started.

• Announcing the official OpenAI library for .NET - .NET Blog (.NET Team) - Yay! New version of the SDK.

Podcast

• 84. Comparing Terraform, Pulumi and Bicep: Infrastructure as code - with Sam Cogan (Betatalks the podcast) - Create episode with Sam. Really interesting to listen about those three IaC.

• Dan Garfield: GitOps with Kubernetes - Episode 298 (Azure DevOps Podcast) - Interesting episode about containers and deploying platforms, tools and so much more.

• Episode 1900 with Scott Hanselman! (.NET Rocks!) - Three of my favorite people in the word in a single episode! It was such a pleasure to listen pleasure to listen talk about all those little stories. Long live to .NET Rocks (and HanselMinutes)

Miscellaneous

• What's new in the Windows Subsystem for Linux in May 2024 (Craig Loewen) - Tons of experimental features are being move to regular ones, and more are coming up to manage our distro, improve security and more.

• 8 Learning Paths for Beginners on GitHub (Cynthia Zanoni) - Wow! so many very cool learning Path to get started with anything you can think about it. I may do one or two just to refresh my knowledge.

~ Frank

Reading Notes #607

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

You also read something you liked? Share it!

Cloud

• Azure PostgreSQL, Entra ID Authentication and .NET | LINQ to Fail (Aaron Powell) - Great post! Of course using some identity provider is more complicated then a strait password, but it's way simpler that we may though.

• Bringing the Aspire dashboard to ACA (Mark Downie) - One of the great tool that was released with Aspire is its dashboard as it shows traces across services. This post shares how to enable this amazing tool in Azure.

• Microsoft Entra ID Tenant Starters Guide: Understanding Identity Management and Licensing (Gregor Wohlfarter) - Nice post to have an overview of this important piece of security.

Programming

• Refactor your code using alias any type - .NET Blog (David Pine) - Excellent series to learn more about recently to feature of C#.

• Blazor Basics: Child Routes & Optional Route Parameters (Claudio Bernasconi) - You know your route 101 and would like to learn more, this post is for you.

Databases

• A beginner's guide to mapping arrays in EF Core 8 - .NET Blog (Arthur Vickers) - An interesting post to that depending if your database supported features explains how EF Core could works and use arrays.

Podcasts

• The Definition of Success with author Neil Strauss (A Bit of Optimism) - For a conversation to be constructive and to learn from it not all participant needs to agree. Nice episode about success.

• 81. From APIs to natural language: The democratization of AI - with Henk Boelman (Betatalks the podcast) - Nice to listen to a colleague. Henk definitely knows the very well the topic and how to explains it clearly.

• Motivated by play (Friends) (The Changelog: Software Development, Open Source) - What a journey! Interesting episode, inspiring.

• Brady Gaster: .NET Cloud Native - Episode 295 (Azure DevOps Podcast) - Aspire, aspire, aspire, you will learn all about Aspire in this episode.

~frank

Reading Notes #606

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

You also read something you liked? Share it!

Cloud

Azure Developer CLI (azd) – Build 2024 Recap (Grace Kulin) - All developers should look at how it can really speedup and simplify your Azure deployment and ease the creation of your infrastructure as code file (bicep and terraform).

Programming

Catch Up on Microsoft Build 2024: Essential Sessions for .NET Developers (James Montemagno) - Perfect for . NET developers who would like to know what's new and what's coming

Avoiding interactivity with Blazor? (Jon Hilton) - Nice post that examines how some fancy checkbox or button interactivity works in Blazor.

Must-have resources for new .NET Aspire developers (Anthony Simmon) - This post contains a list of other posts and videos about aspired really interesting if you want to get started.

Microsoft Dev Box introduces new ready-to-code and enterprise management capabilities - Wonderful powerful device where and when you need it. This post shares the most recent new features.

Developing cloud-native apps with .NET Aspire and Visual Studio (Mark Downie) - Nice post that celebrates the general availability of .NET Aspire and shares many advantages of using it with Visual Studio.

It turns out, it's not difficult to remove all passwords from our Docker Compose files (Frank Boucher) - We all did it. Hardcoding password in code, because it's "just" a quick thing, or it's just for us, and we think it's okay... but is it? This post shares my learning while removing passwords from docker-compose file.

AI

Announcing the AI Toolkit for Visual Studio Code (John Lam) - Nice! The favorite editor of so many now have an AI extension! I missed the Microsoft Build sessions with the demos. Lucky me they are available on demand!

~frank

It turns out, it's not difficult to remove all passwords from our Docker Compose files

I used to hardcode my password in my demos and code samples. I know it's not a good practice, but it's just for demo purposes, it cannot be that dramatic, right? I know there are proper ways to manage sensitive information, but this is only temporary! And it must be complicated to remove all the passwords from a deployment... It turns out, IT IS NOT difficult at all, and that will prevent serious threats.

In this post, I will share how to remove all passwords from a docker-compose file using environment variables. It's quick to setup and easy to remember. For production deployment, it's better to use secrets, because environment variables will be visible in logs. That said, for demos and debugging and testing, it's nice to see those values. The code will be available on GitHub. This deployment was used for my talks during Azure Developers .NET Days: Auto-Generate and Host Data API Builder on Azure Static Web Apps and The most minimal API code of all... none

The Before Picture

For this deployment, I used a docker-compose file to deploy an SQL Server in a first container and Data API Builder (DAB) in a second one. When the database container starts, I run a script to create the database tables and populate them.

services:

  dab:
    image: "mcr.microsoft.com/azure-databases/data-api-builder:latest"
    container_name: trekapi
    restart: on-failure
    volumes:
      - "./startrek.json:/App/dab-config.json"
    ports:
      - "5000:5000"
    depends_on:
      - sqlDatabase

  sqlDatabase:
    image: mcr.microsoft.com/mssql/server
    container_name: trekdb
    hostname: sqltrek
    environment:
      ACCEPT_EULA: "Y"
      MSSQL_SA_PASSWORD: "1rootP@ssword"
    ports:
      - "1433:1433"
    volumes:
      - ./startrek.sql:/startrek.sql
    entrypoint:
      - /bin/bash
      - -c
      - |
        /opt/mssql/bin/sqlservr & sleep 30
        /opt/mssql-tools/bin/sqlcmd -U sa -P "1rootP@ssword" -d master -i /startrek.sql
        sleep infinity

As we can see, the password is in clear text twice, in the configuration of the database container and in the parameter for sqlcmd when populating the database. Same thing for the DAB configuration file. Here the data-source node where the password is in clear text in the connection string.

"data-source": {
 	"database-type": "mssql",
	"connection-string": "Server=localhost;Database=trek;User ID=sa;Password=myPassword!;",
	"options": {
		"set-session-context": false
	}
}

First Pass: Environment Variables

The easiest password instance to remove was in the sqlcmd command. When defining the container, an environment variable was used... Why not use it! To refer to an environment variable in a docker-compose file, you use the syntax $$VAR_NAME. I used the name of the environment variable MSSQL_SA_PASSWORD to replace the hardcoded password.

/opt/mssql-tools/bin/sqlcmd -U sa -P $$MSSQL_SA_PASSWORD -d master -i /startrek.sql

Second Pass: .env File

That's great but the value is still hardcoded when we assign the environment variable. Here comes the environment file. They are text files that holds the values in key-value paired style. The file is not committed to the repository, and it's used to store sensitive information. The file is read by the docker-compose and the values are injected. Here is the final docker-compose file:

services:

  dab:
    image: "mcr.microsoft.com/azure-databases/data-api-builder:latest"
    container_name: trekapi
    restart: on-failure
    env_file:
      - .env
    environment:
      MY_CONN_STRING: "Server=host.docker.internal;Initial Catalog=trek;User ID=sa;Password=${SA_PWD};TrustServerCertificate=True"
    volumes:
      - "./startrek.json:/App/dab-config.json"
    ports:
      - "5000:5000"
    depends_on:
      - sqlDatabase

  sqlDatabase:
    image: mcr.microsoft.com/mssql/server
    container_name: trekdb
    hostname: sqltrek
    environment:
      ACCEPT_EULA: "Y"
      MSSQL_SA_PASSWORD: ${SA_PWD}
    env_file:
      - .env
    ports:
      - "1433:1433"
    volumes:
      - ./startrek.sql:/startrek.sql
    entrypoint:
      - /bin/bash
      - -c
      - |
        /opt/mssql/bin/sqlservr & sleep 30
        /opt/mssql-tools/bin/sqlcmd -U sa -P $$MSSQL_SA_PASSWORD -d master -i /startrek.sql
        sleep infinity

Note the env_file directive in the services definition. The file .env is the name of the file used. The ${SA_PWD} tells docker compose to look for SA_PWD in the .env file. Here is what the file looks like:

SA_PWD=This!s@very$trongP@ssw0rd

Conclusion

Simple and quick. There are no reasons to still have the password in clear text in the docker compose files anymore. Even for a quick demo! Of course for a production deployment there are stronger ways to manage sensitive information, but for a demo it's perfect and it's secure.

During Microsoft Build Keynote on day 2, Julia Liuson and John Lambert talked about how trade actors are not only looking for the big fishes, but also looking at simple demos and old pieces of code, looking for passwords, keys and sensitive information.

Reading Notes #605

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

You also read something you liked? Share it!

Cloud

• Logic App Consumption: How to set an API connection to use Logic Apps Managed Identity inside Visual Studio 2019 (Sandro Pereira) - I love those true life story where the author shares how they solved a real-life problem.

• Use Azure DevOps Pipelines as a Serverless Compute Engine (Chris Pietschmann) - Do you know or use Azure DevOps Pipeline? They can read your code from most source repository and will execute tasks for you. Like CI-CD as explains in this post.

Programming

• Reimagining Pong Wars with C# and MVUX (Uno Team) - This is a very interesting post that details all the architecture and code of this game.

• How to Check Your Docker Installation: Docker Desktop vs. Docker Engine (Jay Schmidt) - A very instructive and useful post that list all details related to Docker Desktop and Docker Engine for Mac, Linux, and Windows platform.

• Empowering Developers at Microsoft Build: Docker Unveils Integrations and Sessions (Vanessa Fournier) - Nice post. You should definitely watched the Build session where they show how to target multiple platforms, and many new features

• Docker Compose Profiles, one the most useful and underrated features (Oskar Dudycz) - Woah! For now on, I shall have a profile in all my docker compose file. We'll probably not all, but I'm definitely using them. This post is the perfect place to get started and understand what are profile and how to use it.

• General Availability of .NET Aspire: Simplifying .NET Cloud-Native Development (Damian Edwards) - Fantastic news! It an amazing tools that simplify local development and give us the opportunity to see what is happening.

• 5 easy tips to improve your personal website performance ( Salma Alam-Naylor) - I accept the challenge, I will review my websites to see how I can improve the performance. Interesting post that shares many great ideas.

AI

• A Quick Guide to Containerizing Llamafile with Docker for AI Applications (Sophia Parafina, Marc Sherwood) - Great post tht goes over how to put our favorite AI model in a container to work locally.

~Frank