The art of simplicity

If you've been using EventCounters for instrumenting your .NET applications, it's time to consider migrating to the newer System.Diagnostics.Metrics API. Based on the OpenTelemetry specification, the Metrics API offers a more modern, flexible, and standardized approach to application instrumentation. Why migrate? The Metrics API provides several advantages over EventCounters: Industry Standard : Built on OpenTelemetry, ensuring compatibility with a wide ecosystem of monitoring tools Better Performance : More efficient with lower overhead Richer Functionality : Support for histograms, exemplars, and more sophisticated metric types Improved API Design : Cleaner, more intuitive interface for defining and recording metrics Better Tooling Support : Growing ecosystem support from APM vendors and monitoring solutions Microsoft has indicated that EventCounters are in maintenance mode, with new development focused on the Metrics API. So reasons enough to m...

In a recent leadership training, one practice stopped me in my tracks:  Leave room for the other voice. For every decision made during the training, the trainer always left room for the people who disagreed. Not to build consensus, but to be aware of what we have possibly missed and value different viewpoints. It sounds simple, almost obvious. But as I sat with it over the following days, I realized how I struggle putting this into practice —and how transformative it is when I do. The uncomfortable truth We love agreement. It feels good. It's efficient. When someone nods along with our ideas, it validates our thinking and makes us feel competent and heard. But here's what I'm learning: a room full of agreement is often a room full of danger. When everyone agrees with you, one of two things is happening. Either you've hired people who think exactly like you—which means you're missing perspectives, blindspots, and opportunities. Or you've created an enviro...

Yes! .NET 10 is out and not only does it come with a new SDK and runtime version, but it is accompanied by a new NuGet version. With this version, Microsoft has significantly strengthened NuGet's security capabilities to help build more secure applications. These enhancements focus on improved vulnerability detection, automated package management, and better tooling for managing your dependency tree. Let's explore what's new and how these features can help protect your projects. Transitive dependency auditing The change with probably the biggest impact is the NuGet Audit's default behavior. For projects targeting .NET 10 or higher, the NuGetAuditMode property now defaults to all instead of direct . This means that NuGet will automatically scan not just your direct package references, but also all transitive dependencies for known security vulnerabilities. That’s good news as a a majority of vulnerabilities are often found in indirect dependencies. In a typical...

GitHub Copilot is a powerful AI coding assistant and I couldn't miss it anymore. But there are times when you need to prevent it from accessing certain files or directories. Whether it's sensitive configuration files, proprietary code, or files that would add unnecessary noise to suggestions, exclusions help you maintain control over what Copilot sees. Why exclude content? You might want to exclude content from Copilot for several reasons: Security and privacy : Keep API keys, passwords, and other secrets away from AI processing Proprietary code : Protect sensitive business logic or algorithms Noise reduction : Exclude generated files, dependencies, or build artifacts that don't help with suggestions Performance : Reduce the context window size for faster suggestions Reasons enough to spend some time configuring your content exclusions. GitHub Copilot content exclusion settings Content exclusion is a Copilot Business or Enterprise feature and can...

I don’t do it on purpose but sometimes it can be so much fun to dive into an exception you’ve never seen before. You always come out with some new acquired wisdom. It all started with the following exception during the execution of our unit tests: System.InvalidOperationException : Operations that change non-concurrent collections must have exclusive access. A concurrent update was performed on this collection and corrupted its state. The collection's state is no longer correct. A look at the stacktrace brought us to the initialization system of our application where multiple modules are configured and initialized: at System.Collections.Generic.Dictionary`2.TryInsert(TKey key, TValue value, InsertionBehavior behavior) at System.Collections.Generic.Dictionary`2.set_Item(TKey key, TValue value) at SOFACore.EntityFramework.EntityFrameworkModule.Initialize(IServiceCollection services) in /_/SOFACore/SOFACore.EntityFramework/EntityFrameworkModule.cs:line 30 Inside this mo...

We stopped a long time signing our code of our backend applications however we still do it for the applications that are running on a local machine(desktop applications, console apps,...). This is because we whitelist what can be installed and executed on a local machine. Code signing remains a valuable security practice that validates the authenticity and integrity of your .NET Core applications. When you sign your code, you're essentially providing a digital certificate that proves the software comes from you and hasn't been tampered with since it was signed. Why sign your code? Before diving into the how, let's understand why code signing matters: Trust and Authenticity : Users can verify that your application comes from a legitimate source Integrity Verification : The signature ensures the code hasn't been modified after signing Windows SmartScreen : Signed applications are less likely to trigger security warnings Enterprise Requirements : Man...