Reading Notes #662

From Docker's security practices to the latest in GPT-5 discussions, there's quite a mix of topics to dive into. I particularly enjoyed the thought-provoking piece about junior developers in the age of LLMs - it's a conversation we should all be having.

As always, grab your favorite beverage, and let's explore what caught my attention this week!

DevOps

• Practitioner's View: How Docker Enables Security by Default (Pedro Ignácio, Denis Cruz Rodrigues) - Improving the culture can be a challenge, but security is worth the effort. This post lists your first targets if you want to go that way, and explains why it's important.

AI

• Announcing the NuGet MCP Server Preview - .NET Blog (Jeff Kluge) - Oh! That's a cool one, looking forward to trying it and seeing if you can help me when I'm searching for a package but I don't know the name or don't remember the name

• Introducing MCP Support in AI Shell Preview 6 - PowerShell Team (Steven Bucher) - Cool way to have AI into your terminal; amazing good idea

• The GitHub Prompt Injection Data Heist | Docker (Ajeet Singh Raina) - Yes! This post talks about this injection story. But there is more! It shares how to prevent it, and all the things that we need to be aware of those dangers.

Podcasts

• Focus Friend by Hank Green is #1 in the App Store with Bria Sullivan (Hanselminutes with Scott Hanselman) - Cool episode about that very and new mobile App. They talk about how it started and some technical challenges. Very interesting.

• SPI 884: Personal Branding is More Important than Ever with Rory Vaden (The Smart Passive Income Online Business and Blogging Podcast) - Interesting discussion about the personal brand, and how to build it and how it could be use to help you.

• SPI 885: What's Working on Social Media Right Now (The Smart Passive Income Online Business and Blogging Podcast) - Social medias are evolving and this podcast episode talk about how we should adapt and change the way we do business with it.

• 476: GPT-5 Is Here, What's next? (Merge Conflict) - As much as I like the new GPT-5, they made me realized that I was thinking exactly like them! I won't spoil anything but it is a great episode where James is in fire! ;)

Miscellaneous

• The role of junior developers in the world of LLMs (Oren Eini) - This is a great question. AI is definitely affecting the job market. However, this interesting post denies the annihilation of junior roles. What do you think?

• Your Twitch live stream graphics don’t really matter, but they can help (Salma) - Good advice for those who want to start doing videos or streaming. The best advice to get started is still just start and go! But after a little while, here what you can do to improve your setup.

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

If you have interesting content, share it!

~frank

Reading Notes #661

This week post collects concise links and takeaways across .NET, AI, Docker, open source security, DevOps, and broader developer topics. From the .NET Conf call for content and Copilot prompts to Docker MCP tooling, container debugging tips, running .NET as WASM, and a fresh look at the 10x engineer idea.

Suggestion of the week

• .NET Conf 2025 - Announcing the Call for Content - .NET Blog (Jeffrey T. Fritz) - It's now open! .NET Conf has been one of my favourite conferences for years. The call for content is now starting get all the details in here.

AI

• 5 Copilot Chat Prompts .NET Devs Should Steal Today - .NET Blog (Wendy Breiding) - Five things that every developer should know; simple but very impactful

• How Docker MCP Toolkit Works with VS Code Copilot Agent Mode (Hamida Rebaï) - Learn more about this nice MCP tool that can be integrated and help you manage your code.

Open Source

• Levelling Up Security with the GitHub Secure Open Source Fund (Martin Costello) - Cool open source project program that definitely helps. Very happy for Poly

DevOps

• 5 Methods to Keep Docker Container Running for Debugging (James Walker) - A post that gives a lot of great tips to examine your container's health and find the cause of issue

Programming

• Running .NET in the browser without Blazor (Andrew Lock) - I never thought about it but it's true we can execute .NET code as WASM without Blazor. This tutorial shows you all the code.

Miscellaneous

• Are you chasing the 10x engineer dream — or building a 10x team? (Anastasija Uspenski) - The legendary 10x developer is it really the solution? This post shares why it's probably not

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week.

If you have interesting content, share it!

~frank

Reading Notes #660

This week’s notes cover GenAI vs agentic AI, fresh Docker and Aspire news, how to run WordPress in containers, and building apps with React and .NET. Plus a few podcasts worth a listen.

Enjoy!

AI

• GenAI vs. Agentic AI: What Developers Need to Know | Docker (Michael Irwin, Yiwen Xu) - Interesting post that compares the two recent AI types and how they can be used for development, and of course, with containers

Open Source

• Does it Make Sense to Run WordPress in Docker? (Lukas Mauser) - Looking at different options to run  WordPress? Check out this blog post. All the code to do it in a docker container is shared and also details the reasons why you should do it or not

Programming

• Building a Full-Stack App with React and Aspire: A Step-by-Step Guide - .NET Blog (Sayed Ibrahim Hashimi) - A great tutorial that goes into all the details, mixing .NET, React, and containers. It explains how to use Aspire to wrap this all in a simple solution

• Aspire 9.4 is here with a CLI and interactive dashboard features - .NET Blog (Maddy Montaquila) - You release of .NET aspire with many features (I love the externalURL), the great CLI is finally GA, and unfortunately it happens (the release) while David Fowler was in PTO 😉🤣

Podcasts

• Stop fixing wellness symptoms, fix the work (Modern Mentor) - Important wisdom, it's simple and impactful

• Is AI ready for DevOps? (Agentic DevOps) - Great new podcast about AI for DevOps, and it starts by asking if it's ready... What do you think? ;)

• My Favorite AI Terminal, Prompt Injection, and More (Agentic DevOps) - Interesting conversation about terminals and what it can become when AI is integrated. Nice evolution of Warp.

Miscellaneous

• Docker Unveils the Future of Agentic Apps at WeAreDevelopers (Michael Irwin) - Cool ideas and services that are now integrated with docker compose I'll have to try that

Get an AI assistant to do your research

Introducing Reka Research: Your AI Research Assistant

Meet Reka Research a powerful AI agent that can search the web and analyze your files to answer complex questions in minutes. Whether you're staying up to date with AI news, screening resumes, or researching technical topics, Reka Research does the heavy lifting for you.

What Makes Reka Research Special?

Reka Research stands out in four key areas:

• Top Performance: Best in class results on research benchmarks
• Fast Results: Get thorough answers in 1-3 minutes
• Full Transparency: See exactly how the AI reached its conclusions. All steps are visible.

Smart Web Search That Actually Works

Ever wished you could ask someone to research the latest AI developments while you focus on other work? That's exactly what Reka Research does.

Watch how it works:

In this demo, Jess and Sharath shows how Reka Research can automatically gather the most important AI news from the past week. The AI visits multiple websites, takes notes, and presents a clean summary with sources. You can even restrict searches to specific domains or set limits on how many sites to check.

File Search for Your Private Documents

Sometimes the information you need isn't on the web - it's in your company's documents, meeting notes, or file archives. Reka Research can search through thousands of private files to find exactly what you're looking for.

See it in action:  

In this example, ess and Sharath shows how HR teams can use Reka Research to quickly screen resumes. Instead of manually reviewing hundreds of applications, the AI finds candidates who meet specific requirements (like having a computer science degree and 3+ years of backend experience) in seconds!

Writing Better Prompts Gets Better Results

Like any AI tool, Reka Research works best when you know how to ask the right questions. The key is being specific about what you want and providing context.

Learn the techniques:

Jess and Yi shares practical tips for getting the most out of Reka Research. Instead of asking "summarize meeting minutes," try "summarize April meeting minutes about public participation." The more specific you are, the better your results will be.

Ready to Try Reka Research?

Reka Research is currently available for everyone! Try it via the playground, or using directly the API. Whether you're researching competitors, analyzing documents, or staying current with industry trends, it can save you hours of work.

Want to learn more and connect with other users? Join our Discord community where you can:

• Get tips from other Reka Research users
• Share your use cases and success stories
• Stay updated on new features and releases
• Ask questions directly to our team

Join our Discord Community

Ready to transform how you research? Visit reka.ai to learn more about Reka Research and our other AI tools.

Reading Notes #659

This week's reading notes cover a variety of insightful topics, from enhancing your development environment with dev containers on Windows to prioritizing open-source bugs effectively. You'll also find helpful posts on integrating MFA into your login process, exploring RavenDB's vector search capabilities, and understanding the differences between Ask Mode and Agent Mode in Visual Studio.

Happy reading!

A wild turkey in my driveway!?

Suggestion of the week

• Supercharge Your Dev Containers on Windows (Mike Evans-Larah) - A great simple tip that can improve your experience while developing.

Databases

• Using Vector Search for Posts Recommendations (Oren Eini) - Cool demo using Raven DB

Programming

• Why You Should Incorporate MFA into Your Login Process (Suzanne Scacca) - You think the answer is simple, think again. Nice post that explains the difference between 2FA and MFA and why you should or should not implement one of those

• Aspire Dashboard (Joseph Guadagno) - Great deep dive about the Aspire dashboard, learn all the features packed inside it

Open Source

• How I Prioritize OSS Bugs (jeremydmiller) - A very instructive post on a real-life issue. It's harder than people think to prioritize. And it may help you write better bug reports...

AI

• Ask Mode vs Agent Mode - Choosing the Right Copilot Experience for .NET ( Wendy Breiding) - Still not sure what mode to pick in VSCode? Here is a quick post to clarify the options.

• MCP server integration in Visual Studio (Mark Downie) - Great update! That security stuff is very important and a good example using get up to store your tokens love it

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

If you have interesting content, share it! 

~frank

Reading Notes #658

This week, we explore the latest insights on AI, Cloud, and software development to keep you informed and inspired.

Cloud

• Azure Durable Functions for .NET Architects: Advanced Patterns for Resilient Workflows (Sudhir Mangla) - Great post about different Azure functions. Great post to get started.

Programming

• Creating a Landing Page in Blazor (Héctor Pérez) - Nice tutorial. Not sure I would do the landing page at the root, but other than that, everything is great

Databases

• 10 Essential Things to Know Before Diving into Database DevOps (Graeme Lilly) - I started my career as a DBA I would say all the suggestions in those posts are really important points read it if you use a database

AI

• Building Your First MCP Server with .NET and Publishing to NuGet - .NET Blog (Jon , Joel , Jon) - Nice tutorial to create your MCP server and learn more about those great tools for .NET developers

• Throwing AI at Developers Won’t Fix Their Problems (Chris Westerhold, Ankit Jain) - Interesting thought about ai and if it really helps developer

• 5 ways to transform your workflow using GitHub Copilot and MCP (Klint Finley) - Interesting post that shares insight to adapt your flow and use Copilot

• 10 Insights from Integrating AI into My Coding Workflow (Dieter Randolph) - Not sure what to do with AI when coding? This post shares 10 good ideas to start using AI when you code

Miscellaneous

• Tech Nostalgia: Commodore is Back, and so is the C64! (Paul Thurrott) - My first computer! Hmmm. Should I pre-order that new version that's the question

• Why Women in Tech isn't enough (Salma Alam-Naylor) - Very inspiring post you must read it

Sharing my Reading Notes is a habit I started a long time ago, where I share a list of all the articles, blog posts, and books that catch my interest during the week. 

If you have interesting content, share it! 

~frank

Why Your .NET Code Coverage Badge is 'Unknown' in GitLab (And How to Fix It)

In a recent post, I shared how to set up a CI/CD pipeline for a .NET Aspire project on GitLab. The pipeline includes unit tests, security scanning, and secret detection, and if any of those fail, the pipeline would fail. Great, but what about code coverage for the unit tests? The pipeline included code coverage commands, but the coverage was not visible in the GitLab interface. Let's fix that.

(blog post en français ici)

The Problem

One thing I initially thought was that the regex used to extract the coverage was incorrect. The regex used in the pipeline was:

coverage: '/Total\s*\|\s*(\d+(?:\.\d+)?)%/'

That regex came directly from the GitLab documentation, so I thought it should work correctly. However, coverage still wasn't visible in the GitLab interface.

So with the help of GitHub Copilot, we wrote a few commands to validate:

• That the coverage.cobertura.xml was in a consistent location (instead of being in a folder with a GUID name)
• That the coverage.cobertura.xml file was in a valid format
• What exactly the regex was looking for

Everything checked out fine, so why was the coverage not visible?

The Solution

It turns out that the coverage command with the regex expression is scanning the console output and not the coverage.cobertura.xml file. Aha! One solution was to install dotnet-tools to changing where the the test results was persisted; to the console instead of the XML file, but I preferred keeping the .NET environment unchanged.

The solution I ended up implementing was executing a grep command to extract the coverage from the coverage.cobertura.xml file and then echoing it to the console. Here's what it looks like:

- COVERAGE=$(grep -o 'line-rate="[0-9.]*"' TestResults/coverage.cobertura.xml | head -1 | grep -o '[0-9.]*' | awk '{printf "%.1f", $1*100}')
- echo "Total | ${COVERAGE}%"

Results

And now when the pipeline runs, the coverage is visible in the GitLab pipeline!

And the badge is updated to show the coverage percentage.

Complete Configuration

Here's the complete test job configuration. Of course, the full .gitlab-ci.yml file is available in the GitLab repository.

test:
  stage: test
  image: mcr.microsoft.com/dotnet/sdk:9.0
  <<: *dotnet_cache
  dependencies:
    - build
  script:
    - dotnet test $SOLUTION_FILE --configuration Release --logger "junit;LogFilePath=$CI_PROJECT_DIR/TestResults/test-results.xml" --logger "console;verbosity=detailed" --collect:"XPlat Code Coverage" --results-directory $CI_PROJECT_DIR/TestResults
    - find TestResults -name "coverage.cobertura.xml" -exec cp {} TestResults/coverage.cobertura.xml \;
    - COVERAGE=$(grep -o 'line-rate="[0-9.]*"' TestResults/coverage.cobertura.xml | head -1 | grep -o '[0-9.]*' | awk '{printf "%.1f", $1*100}')
    - echo "Total | ${COVERAGE}%"
  artifacts:
    when: always
    reports:
      junit: "TestResults/test-results.xml"
      coverage_report:
        coverage_format: cobertura
        path: "TestResults/coverage.cobertura.xml"
    paths:
      - TestResults/
    expire_in: 1 week
  coverage: '/Total\s*\|\s*(\d+(?:\.\d+)?)%/'

Conclusion

I hope this helps others save time when setting up code coverage for their .NET projects on GitLab. The key insight is that GitLab's coverage regex works on console output, not on the files (XML or other formats).

If you have any questions or suggestions, feel free to reach out!

~frank

Reading Notes #657

This week's collection of interesting articles and resources covers AI development, DevOps practices, and open source tools. From GitHub Copilot customization to local AI deployments and containerization best practices, here are the highlights worth your attention.

AI

• Customize AI responses from GitHub Copilot (Matt Soucoup) - I talked many times about it, but now this is it, thanks Matt we have finally a blog post about instruction

• Pondering About Using AI for Coding (Shawn Wildermuth) - Interesting post about AI in our code editors.

• Top 5 MCP Server Best Practices (Ivan Pedrazas) - mCP server is a very hot topic, thinking about riding your own, here are five best practices to make sure you will be successful.

• Local AI + .NET = AltText Magic in One C# Script (Bruno Capuano) - A cool way to use AI locally and nice integration of the new C# feature!

• Containerize Your Apps with Ask Gordon (Steve Buchanan) - I already have Docker desktop on my Windows pc, I should definitely give Gordon a try more to come

DevOps

• Local Deploy with Bicep (Sam Cogan) - A perfect short story, I'll explain why the hell bicep can now deploy locally and how to do it

Open Source

• Introducing OpenCLI (Patrik Svensson) - A standard that describes CLI so both humans and agents can understand how it works. Love it!

~frank

How to Have GitLab CI/CD for a .NET Aspire Project

Getting a complete CI/CD pipeline for your .NET Aspire solution doesn't have to be complicated. I've created a template that gives you everything you need to get started in minutes.

(blog post en français ici)

Watch the Video

Part 1: The Ready-to-Use Template

I've built a .NET Aspire template that comes with everything configured and ready to go. Here's what you get:

What's Included

• A classic .NET Aspire Starter project (API and frontend)
• Unit tests using xUnit (easily adaptable to other testing frameworks)
• Complete .gitlab-ci.yml pipeline configuration
• Security scanning and secret detection
• All documentation you need

What the Pipeline Does

The pipeline runs two main jobs automatically:

1. Build: Compiles your code
2. Test: Runs all unit tests, scans for vulnerabilities, and checks for accidentally committed secrets (API keys, passwords, etc.)

You can see all test results directly in GitLab's interface, making it easy to track your project's health.

How to Get Started

It's simple:

1. Clone the template repository: cloud5mins/aspire-template
2. Replace the sample project with your own .NET Aspire code
3. Push to your GitLab repository
4. Watch your CI/CD pipeline run automatically

That's it! You immediately get automated builds, testing, and security scanning.

Pro Tip: The best time to set up CI/CD is when you're just starting your project because everything is still simple.

Part 2: Building the Template with GitLab Duo

Now let me share my experience creating this template using GitLab's AI assistant, GitLab Duo.

Starting Simple, Growing Smart

I didn't build this complex pipeline all at once. I started with something very basic and used GitLab Duo to gradually add features. The AI helped me:

• Add secret detection when I asked: "How can I scan for accidentally committed secrets?"
• Fix test execution issues when my unit tests weren't running properly
• Optimize the pipeline structure for better performance

Working with GitLab in VS Code

While you can edit .gitlab-ci.yml files directly in GitLab's web interface, I prefer VS Code. Here's my setup:

1. Install the official GitLab extension from the VS Code marketplace

Once you've signed in, this extension gives you:

• Direct access to GitLab issues and work items
• AI-powered chat with GitLab Duo

GitLab Duo in Action

GitLab Duo became my pair programming partner. Here's how I used it:

Understanding Code: I could type /explain and ask Duo to explain what any part of my pipeline configuration does by highlighting that section.

Solving Problems: When my solution didn't compile, I described the issue to Duo and got specific suggestions. For example, it helped me realize some projects weren't in .NET 9 because dotnet build required the Aspire workload. I could either keep my project in .NET 8 and add a before_script instruction to install the workload or upgrade to .NET 9; I picked the latest.

Adding Features: I started with just build and test, then incrementally asked Duo to help me add security scanning, secret detection, and better error handling.

Adding Context: Using /include to add the project file or the .gitlab-ci.yml file while asking questions helped Duo understand the context better.

Learn More with the Docs: During my journey, I knew Duo wasn't just making things up as it was referencing the documentation. I could continue my learning there and read more examples of how before_script is used in different contexts.

The AI-Assisted Development Experience

What impressed me most was how GitLab Duo helped me learn while building. Instead of just copying configurations from documentation, each conversation taught me something new about GitLab CI/CD best practices.

Conclusion

I think this template can be useful for anyone starting a .NET Aspire project. Ready to try it? Clone the template at cloud5mins/aspire-template and start building with confidence.

Whether you're new to .NET Aspire or CI/CD, this template gives you a good foundation. And if you want to customize it further, GitLab Duo is there to help you understand and modify the configuration.

If you think we should add more features or improve the template, feel free to open an issue in the repository. Your feedback is always welcome!

Thanks to ‪David Fowler‬ for his feedback!