The art of simplicity

A feature I wasn’t aware of that it existed for NuGet is the concept of a lock file. This allows to lock the project dependency graph guaranteeing that the same packages are restored every time. I was thinking that NuGet guarantees this by default but there are some situations where NuGet will not come up with the same dependency graph on every restore . Some examples: nuget.config mismatch : Different package sources can be used in different nuget.config files resulting in different packages to be used Intermediate versions : A missing version of the package, matching PackageReference version requirements, is published Package deletion : Though nuget.org does not allow package deletions, not all package repositories have this constraint. Deletion of a package version results in NuGet finding the best match when it cannot resolve to the deleted version. Floating versions : When you use floating versions like <PackageReference Include

For my kids, the magic word is ‘please'. But what are the magic words for a leader? The answer is simple: I don't know. As a leader you can have the feeling that you need to have the answer to every question. Of course you don’t want to look bad in front of your peers and your team. But let’s face it, a leader can’t know everything. So don’t be afraid to use these magic words, they are essential in building psychological safety in your team. If you dare to admit you don’t have all the answers all the time, your team members will have it easier to use these magic words as well and ask for help when needed. This is far better than the alternative where they stay blocked or make poor decisions. Remark: Of course you need to use these magic words appropriately. A leader who doesn’t know anything isn’t useful either. So let it not be an excuse for being sloppy. So share your understanding of the context, explain the gaps in your knowledge, ask questions and most of

As more and more applications are deployed to the cloud, cost becomes a first class architectural driver when designing and developing applications. In this post I want to explain how you can use cost as an architecture fitness function. What are architecture fitness functions? I first encountered fitness functions in the Building Evolutionary Architectures book by Rebecca Parsons, Neal Ford and Patrick Kua. They describe how close an architecture is to achieving an architectural aim. Fitness functions introduces  continuous feedback on the architecture level and inform the development process as it happens, rather than after the fact(for example when doing an architecture review). They help to ensure that a system's architecture aligns with its intended goals, meets the desired quality attributes, and adheres to best practices. Some examples of architecture fitness functions I used in the past are: Latency Monitoring: Ensure that response times for critical services d

After installing the latest Visual Studio Build tools(17.7.2) on our build server, some of our (older) pipelines started to fail with the following error message: ##[error]The nuget command failed with exit code(1) and error (System.AggregateException: One or more errors occurred. ---> NuGet.CommandLine.CommandLineException: Error parsing solution file at D:\b\3\_work\154\s\Source\Example.sln: Exception has been thrown by the target of an invocation. NuGet Version: 4.1.0.2450 at NuGet.CommandLine.MsBuildUtility.GetAllProjectFileNamesWithMsBuild(String solutionFile, String msbuildPath) MSBuild auto-detection: using msbuild version '17.7.2.37605' from 'C:\Program Files (x86)\Microsoft Visual Studio\2022\BuildTools\MSBuild\Current\bin'. Use option -MSBuildVersion to force nuget to use a specific version of MSBuild. at NuGet.CommandLine.RestoreCommand.ProcessSolutionFile(String solutionFileFullPath, PackageRestoreInputs restoreInputs) at NuGet.CommandLine.

As a developer there are a lot of small tasks you need to do as part of your coding, debugging and testing activities.  DevToys is an offline windows app that tries to help you with these tasks. Instead of using different websites you get a fully offline experience offering help for a large list of tasks. Many tools are available. Here is the current list: Converters JSON <> YAML Timestamp Number Base Cron Parser Encoders / Decoders HTML URL Base64 Text & Image GZip JWT Decoder Formatters JSON SQL XML Generators Hash (MD5, SHA1, SHA256, SHA512) UUID 1 and 4 Lorem Ipsum Checksum Text Escape / Unescape Inspector & Case Converter Regex Tester Text Comparer XML Validator Markdown Preview Graphic Color B

Yesterday I worked in close collaboration with one of my clients to renew the certificates on their ADFS server. Of course this wouldn't be an interesting post if nothing went wrong and there was nothing to learn. Changing the certificate is quite easy. First upload the certificate to your ADFS instance through the ADFS Management UI: Open Server Manager Click on “Tools”. Select “AD FS Management” from the menu. Expand “Service” node and click on “Certificates”. Click on “Set Service Communication Certificate” on the right side. Now you can activate this certificate using the following command: Set-AdfsSslCertificate -Thumbprint {thumbprint} That’s the easy part. So where did we get into trouble? After changing the certificate, some of our .NET applications started to fail with the following error message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the Issu

Every Azure DevOps organisation can be linked to an Azure tenant. When you activate this link Azure DevOps relies on an Azure Tenant for authenticating users accessing the resources inside an instance of Azure DevOps. Azure DevOps users will be mapped to corresponding identities in Azure AD. Today I had a meeting with some colleagues from the Netherlands where I got the question of how many organisations are linked to our Azure tenant. This isn't a question I get every day so I didn't know immediatelly how to get the answer. Turns out it is not that hard to get this information: Go to the Organization settings Click on Azure Active Directory Hit the Download button on the Azure Active Directory page That’s all!

This title is an adaption of the quote from George Orwell's book Animal Farm: All animals are equal, but some are more equal than others So what is this post all about? During a code review I noticed the following code to create a random number in C#: This code will return an integer between -1 and 2147483647. There is nothing wrong with this code until you know the context where it is used. Using System.Random is a performant easy way to get random values, but this implementation is not truly random . System.Random uses a seed to generate values from. The same seed will produce the same order of values. And similar seeds will produce similar values. This could lead to vulnerabilities a bad actor can use. So we need a better solution… Luckily a cryptographic safe alternative is provided in the form of the RandomNumberGenerator class: In the example above a new byte array of length 16 is created that will contain 16 random bytes. You can convert this yourself to an

A feature that I’m really happy about it got introduced in Visual Studio 17.7 is copy and trim identation. One of the things that I do a lot as writer of blog posts, is copy/pasting code snippets from Visual Studio. Before Visual Studio 17.7 when I paste a code snippet in for example Github gists the indentation levels are inconsistent So far I always started to correct the indentation levels manually but of course that is a lot of work. Last year a Copy Nice extension was created to help solve this problem. But starting from Visual Studio 17.7 the built-in copy/paste got a lot smarter and this extension is now no longer necessary. This is what originally happened when you do a copy. Here is the selection: And here is the pasted result: You see that the indentation is wrong and should be fixed. If you try to do the same thing in Visual Studio 17.7, this is how the pasted code looks like: I love it! 

If you tried the Github Secure Code Game I blogged about before, you got a first introduction on code scanning with CodeQL. In this post I want to share some other resources that can help you to get a deeper understanding in what CodeQL is and how it can help you to find security vulnerabilities in your code. What is CodeQL? CodeQL is a static analysis tool that can scan your code for vulnerabilities. CodeQL lets you query code as though it were data. By writing queries you can find  variants of a vulnerability. Remark: CodeQL is free for research and open source. How to run CodeQL? The easiest way to try out CodeQL is by enabling the code scanning with CodeQL GitHub Action on a repository. Behind the scenes this will create a CodeQL database. This database is a relational representation of the code base, which contains information about the different source code elements, such as classes and functions, and puts each of those into a separate table of data. Each language

As we are still using SQL accounts to connect to our databases locally, I wanted to avoid accidently checking in the SQL account information. So instead of storing my connectionstring directly in the appsettings.json file I wanted to use the secrets.json file instead. Let us find out how to achieve this... When storing your connectionstring inside your appsettings.json you can use the GetConnectionString() method to fetch a connectionstring: The same technique also works when using the built-in secret manager tool and the corresponding secrets.json. By default user secrets are loaded when your environmentname is set to Development . You can explicitly enable this by adding the following code: User Secrets are stored in a separate secrets.json. You can edit the secrets using the Secret Manager tool (dotnet user-secrets) or directly in Visual Studio by right clicking on the web project and choosing ‘Manage User Secrets’ : Remark: You can find the secrets.json file here at %

Yes! A new edition of .NET Conf is coming this November. Over the course of the three days you get a wide selection of live sessions that feature speakers from the community and .NET team members. This year the release of .NET 8 will be celebrated during the event, so expect a lot of sessions about the great new stuff that is coming in .NET 8.   The main focus will be on the following .NET 8 themes: Cloud Native : Discover how to harness the full potential of .NET in cloud-native environments, unlocking scalability, performance, and resilience. Blazor Full Stack : Unleash the capabilities of Blazor and explore the seamless integration of client and server-side development. .NET MAUI : Dive into the world of multi-platform development with .NET MAUI, empowering you to create stunning applications for desktop, mobile, and beyond. Intelligent Apps with .NET : Explore the fascinating world of AI and machine learning, and learn how to integrate intelligence into your

Yesterday I talked about Mean time between failures(MTBF) and Mean time to repair(MTTR) and their importance in building robustness and recoverability into our systems. With these two metrics we still expect that a failure will cause an outage of our system that should be repaired. But what if we can build a system that can absorb failures? Systems where a failure actually makes the system stronger… Nassim Taleb calls such systems antifragile systems . From Wikipedia: Antifragility is a property of systems in which they increase in capability to thrive as a result of stressors, shocks, volatility, noise, mistakes, faults, attacks, or failures. The concept was developed by Nassim Nicholas Taleb in his book, Antifragile , and in technical papers As Taleb explains in his book, antifragility is fundamentally different from the concepts of resiliency (i.e. the ability to recover from failure) and robustness (that is, the ability to resist failure). The concept has been applied i

Focus on WHAT?!, not only on WHAT?! I have to admit that I have used more meaningful blog post titles in the past. Let me first start by explaining what MTTR and MTBF stands for. MTBF: Mean time between failures MTBF (mean time between failures) is the average time between repairable failures of a technology product or system. The metric is used to track both the availability and reliability. The higher the time between failures, the more reliable the system is. Remark: MTBF is a metric for failures in repairable systems . For failures that require system replacement, typically people use the term MTTF (mean time to failure). MTTR: Mean time to repair MTTR (mean time to repair) is the average time it takes to repair a system . It includes both the repair time, testing time and deployment time before the system is back operational. Why focus on MTTR? If I talk with system administrators, software architects and CTO’s, a lot of them are mostly focussed on the MTBF metric

With the release of ChatGPT, GitHub Copilot, Amazon Code Whisperer just to name a few, large language models are the (new?) cool kid in town and you see a lot of new applications pop up trying to claim a part of this space. If you are still in doubt if these tools can help improve your developer productivity, check out this survey executed and published by GitHub . 92% of developers already saying they use AI coding tools at work and in their personal time, which makes it clear AI is here to stay. 70% of the developers we surveyed say they already see significant benefits when using AI coding tools, and 81% of the developers we surveyed expect AI coding tools to make their teams more collaborative—which is a net benefit for companies looking to improve both developer velocity and the developer experience. The list of available tools is long and keeps growing every day. Here are some I’m aware of: GitHub Copilot Amazon CodeWhisperer Codeium CodeComplete R

In almost every application today you need to interact with REST api's typically using JSON as the serialisation format. During some code reviews I noticed the following boilerplate code coming back: Although there is nothing wrong with the code above, it is code that you don't have to write yourself. As this is such a common scenario, Microsoft created the System.Net.Http.Json NuGet package with the release of .NET 5.0. This package contains extension methods on the HttpClient object that take care of a variety of scenarios for you, including handling the content stream, validating the content media type and handling the deserialization. Using this package, you no longer need to write all this logic yourself and you can rewrite the code above to the following: Hope that helps!

Short post today as a reminder for myself if I ever get this error again... When trying to build and deploy an older .NET Core 3.1 app, the build server returned the following error message: :\Program Files\dotnet\sdk\5.0.100\Sdks\Microsoft.NET.Sdk\targets\Microsoft.PackageDependencyResolution.targets(241,5): Error NETSDK1005: Assets file 'D:\b\4\agent\_work\2\s\Loket\obj\project.assets.json' doesn't have a target for 'netcoreapp3.1'. Ensure that restore has run and that you have included 'netcoreapp3.1' in the TargetFrameworks for your project. Process 'msbuild.exe' exited with code '1'. We discovered that the issue was caused by a change in the .NET SDK starting from .NET 5.0. The project.assets.json mentioned in the error message above is created by NuGet in the obj\ folder. The .NET SDK uses it to get information about packages to pass into the compiler. In .NET 5, Nuget added a new field called TargetFrameworkAlias, and thus in

Yesterday I talked about lazy loading and how you can avoid the usage of proxy objects in NHibernate. Writing that post made me wonder if a similar thing is possible in Entity Framework Core. Let's find out! Remark: If you want to learn more about the concept of lazy loading check out my previous post first. Lazy loading in Entity Framework Lazy loading in Entity Framework works quite similar to NHibernate and also uses a proxy object by default. Therefore you need to install the Microsoft.EntityFrameworkCore.Proxies package and enabling it with a call to UseLazyLoadingProxies . Contrary to NHibernate you don’t need to make all your properties virtual but only those where lazy loading should be enabled: Lazy loading without a proxy Lazy loading without a proxy object in Entity Framework IS possible although it requires a bit more work than when using NHibernate. For Entity Framework you need to explicitly inject the ILazyLoader service and than use this service

Yes, it is 2023 and yes I'm still using NHibernate at some of my projects(sorry old habits die hard). One of the things that is really handy but can bite you in the foot as easily, is lazy loading. What is lazy loading? Lazy loading is used to delay the retrieval of related data from a database until it is actually accessed or requested by the application. ORM frameworks, like NHibernate or Entity Framework, map database tables to objects in your programming language, making it easier to work with relational data in an object-oriented manner. When an ORM employs lazy loading for related data, it means that the ORM does not fetch all the associated data immediately when you query for the main entity. Instead, it loads the related data from the database only when you explicitly access or request that data. This approach helps improve performance by reducing the initial amount of data fetched from the database and minimizing the number of database queries. Here's an exam

Today I want to talk about a small but useful feature that can save you some time when using Visual Studio: Build acceleration. It is a Visual Studio specific features that reduces the time required to build SDK-style .NET projects. It uses a "fast up-to-date check" ( FUTDC ) to avoid calling MSBuild unless needed. This FUTDC can quickly determine if anything has changed in the project that would cause a build to be required. The easiest way to enable this feature is by adding a Directory.Build.props file at the solution level(this setting will then be picked up by all your projects) with the following configuration: (I already had a Directory.Build.props file so I just updated that one) That’s all you need to do! Of course maybe you don’t believe me that it works or you want to check what is going on. In that case you can enable logging: Go to Tools –> Options –> Projects and Solutions –> SDK-Style projects Change the Logging Level in the Up-t

When trying to build an application using the Strawberry Shake GraphQL client on our build server, it failed with the following error message: IAM.Core -> D:\b\3\_work\210\s\IAM.Core\bin\Release\netstandard2.0\IAM.Core.dll ##[error]CSC(0,0): Error SS0006: Method not found: 'Void StrawberryShake.CodeGeneration.CSharp.CSharpGeneratorSettings.set_RequestStrategy(StrawberryShake.Tools.Configuration.RequestStrategy)'. CSC : error SS0006: Method not found: 'Void StrawberryShake.CodeGeneration.CSharp.CSharpGeneratorSettings.set_RequestStrategy(StrawberryShake.Tools.Configuration.RequestStrategy)'. [D:\b\3\_work\210\s\Mestbank.Core\Mestbank.Core.csproj] ##[error]Mestbank.Core\Repositories\IRD3Repository.cs(14,26): Error CS0246: The type or namespace name 'IIrd3Client' could not be found (are you missing a using directive or an assembly reference?) D:\b\3\_work\210\s\Mestbank.Core\Repositories\IRD3Repository.cs(14,26): error CS0246: The type or namesp

A bug I had a lot was adding a value to a dictionary with a key using specific casing and using different casing later on to check if the key exists in the dictionary. Typically I try to avoid this problem by always changing the key to lowercase (or uppercase) before calling the ContainsKey method, but of course this is not fool proof. Turns out there is a better way when using strings as keys. You can pass a StringComparer as a constructor argument when creating the dictionary: Now we can try different casing and all will return true:

Today I want to talk about a great feature in Visual Studio 2022; dev tunnels (originally called port tunneling/forwarding). It allows you to create an ad-hoc connection from your local machine to the internet. This means that an ASP.NET Core project (or Azure Function) running locally on localhost can be made accessible to any device with an internet connection. Some use cases: Developing an API that is consumed by Power Platform. Developing a web hook for an external service. Testing a web app on an external device. Let me show you how to start using this feature in Visual Studio. Create a Dev Tunnel Open Visual Studio 2022 Go to Views –> Other Windows –> Dev Tunnels. This will load the Dev Tunnels window. Click on the + sign to create a new Dev Tunnel. On the Create window, you need to specify the following Account: Choose the account that will be used to create the tunnel Name: This is the name that is used to show it in the