Reading Notes #610

Happy Canada Day!
It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

You also read something you liked? Share it!

Cloud

• Is .NET Aspire NuGet for Cloud Service Dependencies? (Phil Haack) - I like the comparison with NuGet. Using .NET Aspire in a project does indeed simplify a lot things. I'll be waiting for that follow up post.

Programming

• Dev Home Preview v0.15 Release (Kayla Cinnamon) - Cools news updates in Dev home.

• Announcing TypeScript 5.5 - TypeScript (Daniel Rosenwasser) - Really good news for the JavaScript developers. This post shares all the new features like ECMAScript, Set Methods support, and the performance improvement included in this release candidate of Typescript.

• Refactor your code with default lambda parameters - .NET Blog (David Pine) - A really good post, last of a series of four about new features of C# 12. I really like that new way to declare defaults I think it's much clearer.

• Blazor Basics: Dealing with Complex State Scenarios (Claudio Bernasconi) - Interesting package Fluxor that help managing states. The post also explains different pros and cons of methods to maintain states.

Databases

• What is SQL Injection in Cybersecurity? How to Prevent SQLi Attacks (Jen Swisher) - This post explains what are SQL injections and how they could affect our website. When I shares how to prevent those attack the post focuses on CMS like WordPress.

AI

• Mistral Introduces AI Code Generation Model Codestral (Daniel Dominguez) - On nice! A new model that specializes into code, and many languages on top of that.

~frank

Reading Notes #609

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

You also read something you liked? Share it!

   

Cloud

• It's Finally Possible To Hibernate Azure VMs (Sam Cogan) - This new feature must be such a relief for all the VM users. Make sure to read this post to know the requirements of the VM tone able to hibernate it.

• Enhancing Performance in Azure Container Apps (Cary Chai) - This post gives us an history of the different algorithm used in ACA but also explains briefly how does one works.

Programming

• Visual Studio 2022 - 17.10 Performance Enhancements - Visual Studio Blog (Ashok Kamath) - Impressive improvement going up to 50% in specific cases! Congratulations to the team,event the smaller speed improvement will be feel.

• Setting up NGINX load balancer for .NET WebApi (Oskar Dudycz) - Very well done tutorial to set a reverse proxy.

• What's new for the Microsoft Fluent UI Blazor library 4.8 (Vincent Baaij) - awesome update just before summer! (well, in the north hemisphere).

AI

• Using Phi-3 & C# with ONNX for text and vision samples - .NET Blog (Bruno Capuano) - Nice post that shows that when using great tools it can be really simple todo amazing things.

• I Will Fucking Piledrive You If You Mention AI Again — Ludicity - ChatGPT and other tools have an impact and it disturb the flow. Some embraces the change other don't like the change. Interesting post where the author shares his concerns.

~frank

Reading Notes #608

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

You also read something you liked? Share it!

Cloud

• Running a Playwright scheduled job with Azure Container Apps (Anthony Chu) - A very nice post about recording test session using azure container app. Good idea!

Programming

• The .NET MAUI Extension for Visual Studio Code is now Generally Available - .NET Blog (Maddy Montaquila) - Wow,already GA! Looking forward to try it on my Linux PC. This post shares all the features packed in this release, and there videos too.

• Introducing collection expressions in C#12: Behind the scenes of collection expressions - Part 1 (Andrew Lock) - First post of a series that goes deeper into c# comparing expressions, initialization, and what the compiler does.

• Making C# Simple with Fluent Techniques (Niraj Ranasinghe) - Nice post. I didn't realise that Fluent path was used in so many places. It makes it so cleaner when we can use it.

AI

• Visual Studio Code AI Toolkit: Run LLMs locally (Shreyan Fernandes) - It goes so fast! It used to be complicated to get AI and now we can get one locally directly from vs code... Quick post to get us started.

• Announcing the official OpenAI library for .NET - .NET Blog (.NET Team) - Yay! New version of the SDK.

Podcast

• 84. Comparing Terraform, Pulumi and Bicep: Infrastructure as code - with Sam Cogan (Betatalks the podcast) - Create episode with Sam. Really interesting to listen about those three IaC.

• Dan Garfield: GitOps with Kubernetes - Episode 298 (Azure DevOps Podcast) - Interesting episode about containers and deploying platforms, tools and so much more.

• Episode 1900 with Scott Hanselman! (.NET Rocks!) - Three of my favorite people in the word in a single episode! It was such a pleasure to listen pleasure to listen talk about all those little stories. Long live to .NET Rocks (and HanselMinutes)

Miscellaneous

• What's new in the Windows Subsystem for Linux in May 2024 (Craig Loewen) - Tons of experimental features are being move to regular ones, and more are coming up to manage our distro, improve security and more.

• 8 Learning Paths for Beginners on GitHub (Cynthia Zanoni) - Wow! so many very cool learning Path to get started with anything you can think about it. I may do one or two just to refresh my knowledge.

~ Frank

Reading Notes #607

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

You also read something you liked? Share it!

Cloud

• Azure PostgreSQL, Entra ID Authentication and .NET | LINQ to Fail (Aaron Powell) - Great post! Of course using some identity provider is more complicated then a strait password, but it's way simpler that we may though.

• Bringing the Aspire dashboard to ACA (Mark Downie) - One of the great tool that was released with Aspire is its dashboard as it shows traces across services. This post shares how to enable this amazing tool in Azure.

• Microsoft Entra ID Tenant Starters Guide: Understanding Identity Management and Licensing (Gregor Wohlfarter) - Nice post to have an overview of this important piece of security.

Programming

• Refactor your code using alias any type - .NET Blog (David Pine) - Excellent series to learn more about recently to feature of C#.

• Blazor Basics: Child Routes & Optional Route Parameters (Claudio Bernasconi) - You know your route 101 and would like to learn more, this post is for you.

Databases

• A beginner's guide to mapping arrays in EF Core 8 - .NET Blog (Arthur Vickers) - An interesting post to that depending if your database supported features explains how EF Core could works and use arrays.

Podcasts

• The Definition of Success with author Neil Strauss (A Bit of Optimism) - For a conversation to be constructive and to learn from it not all participant needs to agree. Nice episode about success.

• 81. From APIs to natural language: The democratization of AI - with Henk Boelman (Betatalks the podcast) - Nice to listen to a colleague. Henk definitely knows the very well the topic and how to explains it clearly.

• Motivated by play (Friends) (The Changelog: Software Development, Open Source) - What a journey! Interesting episode, inspiring.

• Brady Gaster: .NET Cloud Native - Episode 295 (Azure DevOps Podcast) - Aspire, aspire, aspire, you will learn all about Aspire in this episode.

~frank

Reading Notes #606

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

You also read something you liked? Share it!

Cloud

Azure Developer CLI (azd) – Build 2024 Recap (Grace Kulin) - All developers should look at how it can really speedup and simplify your Azure deployment and ease the creation of your infrastructure as code file (bicep and terraform).

Programming

Catch Up on Microsoft Build 2024: Essential Sessions for .NET Developers (James Montemagno) - Perfect for . NET developers who would like to know what's new and what's coming

Avoiding interactivity with Blazor? (Jon Hilton) - Nice post that examines how some fancy checkbox or button interactivity works in Blazor.

Must-have resources for new .NET Aspire developers (Anthony Simmon) - This post contains a list of other posts and videos about aspired really interesting if you want to get started.

Microsoft Dev Box introduces new ready-to-code and enterprise management capabilities - Wonderful powerful device where and when you need it. This post shares the most recent new features.

Developing cloud-native apps with .NET Aspire and Visual Studio (Mark Downie) - Nice post that celebrates the general availability of .NET Aspire and shares many advantages of using it with Visual Studio.

It turns out, it's not difficult to remove all passwords from our Docker Compose files (Frank Boucher) - We all did it. Hardcoding password in code, because it's "just" a quick thing, or it's just for us, and we think it's okay... but is it? This post shares my learning while removing passwords from docker-compose file.

AI

Announcing the AI Toolkit for Visual Studio Code (John Lam) - Nice! The favorite editor of so many now have an AI extension! I missed the Microsoft Build sessions with the demos. Lucky me they are available on demand!

~frank

It turns out, it's not difficult to remove all passwords from our Docker Compose files

I used to hardcode my password in my demos and code samples. I know it's not a good practice, but it's just for demo purposes, it cannot be that dramatic, right? I know there are proper ways to manage sensitive information, but this is only temporary! And it must be complicated to remove all the passwords from a deployment... It turns out, IT IS NOT difficult at all, and that will prevent serious threats.

In this post, I will share how to remove all passwords from a docker-compose file using environment variables. It's quick to setup and easy to remember. For production deployment, it's better to use secrets, because environment variables will be visible in logs. That said, for demos and debugging and testing, it's nice to see those values. The code will be available on GitHub. This deployment was used for my talks during Azure Developers .NET Days: Auto-Generate and Host Data API Builder on Azure Static Web Apps and The most minimal API code of all... none

The Before Picture

For this deployment, I used a docker-compose file to deploy an SQL Server in a first container and Data API Builder (DAB) in a second one. When the database container starts, I run a script to create the database tables and populate them.

services:

  dab:
    image: "mcr.microsoft.com/azure-databases/data-api-builder:latest"
    container_name: trekapi
    restart: on-failure
    volumes:
      - "./startrek.json:/App/dab-config.json"
    ports:
      - "5000:5000"
    depends_on:
      - sqlDatabase

  sqlDatabase:
    image: mcr.microsoft.com/mssql/server
    container_name: trekdb
    hostname: sqltrek
    environment:
      ACCEPT_EULA: "Y"
      MSSQL_SA_PASSWORD: "1rootP@ssword"
    ports:
      - "1433:1433"
    volumes:
      - ./startrek.sql:/startrek.sql
    entrypoint:
      - /bin/bash
      - -c
      - |
        /opt/mssql/bin/sqlservr & sleep 30
        /opt/mssql-tools/bin/sqlcmd -U sa -P "1rootP@ssword" -d master -i /startrek.sql
        sleep infinity

As we can see, the password is in clear text twice, in the configuration of the database container and in the parameter for sqlcmd when populating the database. Same thing for the DAB configuration file. Here the data-source node where the password is in clear text in the connection string.

"data-source": {
 	"database-type": "mssql",
	"connection-string": "Server=localhost;Database=trek;User ID=sa;Password=myPassword!;",
	"options": {
		"set-session-context": false
	}
}

First Pass: Environment Variables

The easiest password instance to remove was in the sqlcmd command. When defining the container, an environment variable was used... Why not use it! To refer to an environment variable in a docker-compose file, you use the syntax $$VAR_NAME. I used the name of the environment variable MSSQL_SA_PASSWORD to replace the hardcoded password.

/opt/mssql-tools/bin/sqlcmd -U sa -P $$MSSQL_SA_PASSWORD -d master -i /startrek.sql

Second Pass: .env File

That's great but the value is still hardcoded when we assign the environment variable. Here comes the environment file. They are text files that holds the values in key-value paired style. The file is not committed to the repository, and it's used to store sensitive information. The file is read by the docker-compose and the values are injected. Here is the final docker-compose file:

services:

  dab:
    image: "mcr.microsoft.com/azure-databases/data-api-builder:latest"
    container_name: trekapi
    restart: on-failure
    env_file:
      - .env
    environment:
      MY_CONN_STRING: "Server=host.docker.internal;Initial Catalog=trek;User ID=sa;Password=${SA_PWD};TrustServerCertificate=True"
    volumes:
      - "./startrek.json:/App/dab-config.json"
    ports:
      - "5000:5000"
    depends_on:
      - sqlDatabase

  sqlDatabase:
    image: mcr.microsoft.com/mssql/server
    container_name: trekdb
    hostname: sqltrek
    environment:
      ACCEPT_EULA: "Y"
      MSSQL_SA_PASSWORD: ${SA_PWD}
    env_file:
      - .env
    ports:
      - "1433:1433"
    volumes:
      - ./startrek.sql:/startrek.sql
    entrypoint:
      - /bin/bash
      - -c
      - |
        /opt/mssql/bin/sqlservr & sleep 30
        /opt/mssql-tools/bin/sqlcmd -U sa -P $$MSSQL_SA_PASSWORD -d master -i /startrek.sql
        sleep infinity

Note the env_file directive in the services definition. The file .env is the name of the file used. The ${SA_PWD} tells docker compose to look for SA_PWD in the .env file. Here is what the file looks like:

SA_PWD=This!s@very$trongP@ssw0rd

Conclusion

Simple and quick. There are no reasons to still have the password in clear text in the docker compose files anymore. Even for a quick demo! Of course for a production deployment there are stronger ways to manage sensitive information, but for a demo it's perfect and it's secure.

During Microsoft Build Keynote on day 2, Julia Liuson and John Lambert talked about how trade actors are not only looking for the big fishes, but also looking at simple demos and old pieces of code, looking for passwords, keys and sensitive information.

Reading Notes #605

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

You also read something you liked? Share it!

Cloud

• Logic App Consumption: How to set an API connection to use Logic Apps Managed Identity inside Visual Studio 2019 (Sandro Pereira) - I love those true life story where the author shares how they solved a real-life problem.

• Use Azure DevOps Pipelines as a Serverless Compute Engine (Chris Pietschmann) - Do you know or use Azure DevOps Pipeline? They can read your code from most source repository and will execute tasks for you. Like CI-CD as explains in this post.

Programming

• Reimagining Pong Wars with C# and MVUX (Uno Team) - This is a very interesting post that details all the architecture and code of this game.

• How to Check Your Docker Installation: Docker Desktop vs. Docker Engine (Jay Schmidt) - A very instructive and useful post that list all details related to Docker Desktop and Docker Engine for Mac, Linux, and Windows platform.

• Empowering Developers at Microsoft Build: Docker Unveils Integrations and Sessions (Vanessa Fournier) - Nice post. You should definitely watched the Build session where they show how to target multiple platforms, and many new features

• Docker Compose Profiles, one the most useful and underrated features (Oskar Dudycz) - Woah! For now on, I shall have a profile in all my docker compose file. We'll probably not all, but I'm definitely using them. This post is the perfect place to get started and understand what are profile and how to use it.

• General Availability of .NET Aspire: Simplifying .NET Cloud-Native Development (Damian Edwards) - Fantastic news! It an amazing tools that simplify local development and give us the opportunity to see what is happening.

• 5 easy tips to improve your personal website performance ( Salma Alam-Naylor) - I accept the challenge, I will review my websites to see how I can improve the performance. Interesting post that shares many great ideas.

AI

• A Quick Guide to Containerizing Llamafile with Docker for AI Applications (Sophia Parafina, Marc Sherwood) - Great post tht goes over how to put our favorite AI model in a container to work locally.

~Frank

Reading Notes #604

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

You also read something you liked? Share it!

 

Cloud

• Azure Communication Services May 2024 Feature Updates (Daysha Carter) - Wow many great new features in this update.

• Logic App Consumption: How to set an API connection to use Logic Apps Managed Identity inside Visual Studio 2019 – SANDRO PEREIRA BIZTALK BLOG (Sandro Pereira) - I love those true life story where the author shares how they solved a real-life problems.

Programming

• Blazor Basics: 9 Best Practices for Building Blazor Web Apps (Claudio Bernasconi) - This post shares best practices. They are simple to follow but very impactful.

• Performant, Secure, and Versatile Containers (Savannah Ostrowski,Sohan Maheshwar) - Cool! It's time to try it, only one switch to flip..

• An introduction to primary constructors in C#12 (Andrew Lock) - Wow! This post dig into what can and cannot do the new constructors in C#. Example by example trying more complex scenarios, fascinating!

DevOps

• Use Azure DevOps Pipelines as a Serverless Compute Engine (Chris Pietschmann) - Do you know or use Azure DevOps Pipeline? They can read your code from most source repository and will execute tasks for you. Like CI-CD as explains in this post.

Miscellaneous

• Introducing Plans on Microsoft Learn (Kaberi Bell) - Would it be to be a data engineer, AI specialist, app builder there's a plan for you and that's a very cool new feature on learn have a look this blog post explain all of it

• How Do You Measure Developer Experience? (Jennifer Riggins) - An interesting article about what and how measure performance. I didn't know so many system and details concepts were that detailed.

• Windows Terminal Preview 1.21 Release (Christopher Nguyen) - Tons of new features again and I love| seeing all those community contributions.

~Frank

Reading Notes #603

It's reading notes time! It is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

Having interesting content? Share it!

Cloud

• Logic App Consumption: How to set an API connection to use Logic Apps Managed Identity inside Visual Studio 2019 (Sandro Pereira) - I love those true life story where the author shares how they solved a real life problem.

• Using keyless authentication with Azure OpenAI (Pamela Fox) - Great post to improve the security and best practices in our code.

Programming

• Refactor your code with C# collection expressions (David Pine) - Nice post about best practices but also to really understand how things works.

• Secure your container build and publish with .NET 8 (Richard Lander) - Nice post that shows that it's easier than you probably think to improve the security in your containers.

• 🚨 7 Most Common Mistakes in C# Programming 🙅‍♂️ (Konstantin Fedorov) - Good tips to keep our code efficient and stable.

Podcasts

• Glenn Condron: .NET Web Development - Episode 293 (Azure DevOps Podcast) - Nice episode about evolution of .NET, it's open source side today, Azure Developer CLI, the new Aspire and so much more.
• Think Faster, Talk Smarter with Matt Abrahams (Modern Mentor) - Interesting episode about how to become a better communicators in both formal and informal situations. Matt is the author a book on that topic.
• Portainer for Kubernetes, Docker, Swarm, Edge, and IoT (DevOps and Docker Talk: Cloud Native Interviews and Tooling) - Great episode about Portainer a tool that most (if not all) of us should use.

Miscellaneous

• DevOps Adoption for IT Managers (Chris Pietschmann) - Interesting post that shares the benefits of DevOps for your enterprise and how to approach it as a manager.

• Cascadia Code 2404.23 (Christopher Nguyen) - I used to do ASCII art back on my C=64... Now that all those new fonts and symbols are added should I start again? Nice to have all the options available to be able to display everything we need|the console.

~Frank