The art of simplicity

In a recent leadership training, one practice stopped me in my tracks:  Leave room for the other voice. For every decision made during the training, the trainer always left room for the people who disagreed. Not to build consensus, but to be aware of what we have possibly missed and value different viewpoints. It sounds simple, almost obvious. But as I sat with it over the following days, I realized how I struggle putting this into practice —and how transformative it is when I do. The uncomfortable truth We love agreement. It feels good. It's efficient. When someone nods along with our ideas, it validates our thinking and makes us feel competent and heard. But here's what I'm learning: a room full of agreement is often a room full of danger. When everyone agrees with you, one of two things is happening. Either you've hired people who think exactly like you—which means you're missing perspectives, blindspots, and opportunities. Or you've created an enviro...

Yes! .NET 10 is out and not only does it come with a new SDK and runtime version, but it is accompanied by a new NuGet version. With this version, Microsoft has significantly strengthened NuGet's security capabilities to help build more secure applications. These enhancements focus on improved vulnerability detection, automated package management, and better tooling for managing your dependency tree. Let's explore what's new and how these features can help protect your projects. Transitive dependency auditing The change with probably the biggest impact is the NuGet Audit's default behavior. For projects targeting .NET 10 or higher, the NuGetAuditMode property now defaults to all instead of direct . This means that NuGet will automatically scan not just your direct package references, but also all transitive dependencies for known security vulnerabilities. That’s good news as a a majority of vulnerabilities are often found in indirect dependencies. In a typical...

GitHub Copilot is a powerful AI coding assistant and I couldn't miss it anymore. But there are times when you need to prevent it from accessing certain files or directories. Whether it's sensitive configuration files, proprietary code, or files that would add unnecessary noise to suggestions, exclusions help you maintain control over what Copilot sees. Why exclude content? You might want to exclude content from Copilot for several reasons: Security and privacy : Keep API keys, passwords, and other secrets away from AI processing Proprietary code : Protect sensitive business logic or algorithms Noise reduction : Exclude generated files, dependencies, or build artifacts that don't help with suggestions Performance : Reduce the context window size for faster suggestions Reasons enough to spend some time configuring your content exclusions. GitHub Copilot content exclusion settings Content exclusion is a Copilot Business or Enterprise feature and can...

I don’t do it on purpose but sometimes it can be so much fun to dive into an exception you’ve never seen before. You always come out with some new acquired wisdom. It all started with the following exception during the execution of our unit tests: System.InvalidOperationException : Operations that change non-concurrent collections must have exclusive access. A concurrent update was performed on this collection and corrupted its state. The collection's state is no longer correct. A look at the stacktrace brought us to the initialization system of our application where multiple modules are configured and initialized: at System.Collections.Generic.Dictionary`2.TryInsert(TKey key, TValue value, InsertionBehavior behavior) at System.Collections.Generic.Dictionary`2.set_Item(TKey key, TValue value) at SOFACore.EntityFramework.EntityFrameworkModule.Initialize(IServiceCollection services) in /_/SOFACore/SOFACore.EntityFramework/EntityFrameworkModule.cs:line 30 Inside this mo...

We stopped a long time signing our code of our backend applications however we still do it for the applications that are running on a local machine(desktop applications, console apps,...). This is because we whitelist what can be installed and executed on a local machine. Code signing remains a valuable security practice that validates the authenticity and integrity of your .NET Core applications. When you sign your code, you're essentially providing a digital certificate that proves the software comes from you and hasn't been tampered with since it was signed. Why sign your code? Before diving into the how, let's understand why code signing matters: Trust and Authenticity : Users can verify that your application comes from a legitimate source Integrity Verification : The signature ensures the code hasn't been modified after signing Windows SmartScreen : Signed applications are less likely to trigger security warnings Enterprise Requirements : Man...

This is a follow-up on an earlier post where I demonstrated how to build your own MCP server in C# and expose one or more MCP resources. Today we dive a little bit deeper and look at some more advanced features you can add to your MCP server implementation. Working with complex return types Resources can return various types. Here are some advanced examples: Return values from resource methods can be strings (for simple text), ReadResourceResult (for full control), or other types that the SDK automatically marshals into the appropriate format. Dependency injection Resources can use dependency injection to access services: We changed our implementation to use instance methods (not static). Now we need to register the class in Program.cs: Progress reporting For long-running operations, you can report progress: IProgress parameters accepting ProgressNotificationValue values enable progress reporting from resources to clients, with progress notifications propaga...