The art of simplicity

A short post today; I’ll share an issue a encountered when trying to run a Dapr enabled application. This blog post wouldn’t add much value if I didn’t share a solution as well. Let me first start by refreshing your memory if you have no clue what Dapr is about. Feel free to skip this intro and move on to the next part if you already tried Dapr before. Introducing Dapr On their website, Dapr is described as: APIs for Building Secure and Reliable Microservices I don’t think that is the best description, but if you search deeper in the documentation, you find the following description: Dapr is a portable, event-driven runtime that makes it easy for any developer to build resilient, stateless, and stateful applications that run on the cloud and edge and embraces the diversity of languages and developer frameworks. That describes it perfectly! Want to know more? Check out this video: The issue… One of the nice features of Dapr is that you can use the Dapr C...

In this post I'll give a short introduction about the Polyglot Notebooks extension in VS Code and focus one specific element; how to update the NuGet dependencies inside your code cells when using this extension. Let’s dive in… Polyglot Notebooks in VS Code As opposed to traditional notebooks that are typically used with Python, the Polyglot Notebooks VS Code extension allows you to use multiple programming languages natively all in the same notebook . It supports languages like C#, F# but also SQL, JavaScript, Powershell and more. The Polyglot Notebooks extension is powered by .NET Interactive , an engine and API for running and editing code interactively. A notebook is a combination of code and documentation in the same file. After installing the extension, you can open a notebook(recognizable by the ipynb extension) and execute the coding blocks by clicking on ‘play’: Using NuGet packages inside your code blocks Inside a code block you are not limited to C# code i...

If you have never heard about Semantic Kernel before, don't worry. It is an open-source library developed by Microsoft that enables developers to integrate and utilize large language models (LLMs) like GPT-4 into their applications. . It is a highly extensible SDK, you can use Semantic Kernel with models from OpenAI , Azure OpenAI , Hugging Face , and more.  By combining your existing C#, Python, and Java code with these models, you can build agents that answer questions and automate processes. A good introduction into Semantic Kernel, is the Ready to cook with Semantic Kernel video series:   Remark: Be aware that the corresponding code is not updated to the latest Semantic Kernel version, so expect some issues if you try to use the code as-is with the latest Semantic Kernel release. I also can recommend the following learning resources: Create AI agents with Semantic Kernel | Microsoft Learn The free Semantic Kernel learning course on LinkedIN Learning ...

Yesterday I introduced you the OWASP Dependency check tool as a way to scan your projects against known vulnerabilities. I showed how to add the OWASP Dependency check to your Azure DevOps build pipeline. What I didn’t mention yesterday is that executing the OWASP Dependency Check can be really slow. This is because before it can start a scan, it needs to download a vulnerability database. The tool uses the National Vulnerability Database(NVD) provided by NIST. So the first time you run the task, it can happen that you get a timeout like below: The good news is that you can improve the download speed by requesting an API key from the NVD website. Therefore use the following link: https://nvd.nist.gov/developers/request-an-api-key . Once you have received your API key, you can update the OWASP Dependency Check task in your build pipeline to use it:

In today's software development landscape, security is a paramount concern. As developers, we often rely on third-party libraries and frameworks to speed up our work and leverage the functionality that others have built. However, this reliance on external code introduces a significant risk: supply-chain attacks. In this blog post, we will provide an overview of supply-chain attacks, their impact, and how to protect your projects by using OWASP Dependency Check, a powerful tool designed to mitigate these risks, Understanding Supply-Chain Attacks A supply-chain attack targets the less secure elements within the supply chain network to compromise the final product. In software development, these attacks often involve injecting malicious code into widely-used libraries or compromising the infrastructure used to distribute software. There are multiple types of Supply-Chain Attacks: Dependency Confusion : Attackers publish malicious packages with names similar to legitimate in...

Hello there! Would you be so kind to take another look at the Agile Manifesto ? For people who wants to avoid an extra click, I've added it below: We are uncovering better ways of developing software by doing it and helping others do it. Through this work we have come to value: Individuals and interactions over processes and tools Working software over comprehensive documentation Customer collaboration over contract negotiation Responding to change over following a plan That is, while there is value in the items on the right, we value the items on the left more. While most development teams claim to be agile, I always wonder if they really have read the manifesto above. Let’s start the conversation by talking about element in the list: Customer collaboration over contract negotiation In most projects I still see a lack of collaboration. Stakeholders are way to busy to talk to the development team so there is little to no user in...

While doing a code review, I discovered a feature in XUnit I didn't know it existed. Let me share what I discovered.  I've been used to specify data for my parameterised tests either using the [InlineData] attribute or through the [MemberData] or [ClassData] attributes. When using [MemberData] or [ClassData] , XUnit expects that you return an IEnumerable<object[]> as far I as I know. Here is an example: If I try to use a typed alternative, it results in a compiler error: However it turns out that there is a type safe alternative available through TheoryData<> . The TheoryData<> types provide a series of abstractions around the IEnumerable<object[]> required by theory tests. It consists of a TheoryData base class, and a number of generic derived classes TheoryData<> . It can be used in combination with both the [MemberData] or [ClassData] attributes while enforcing type safety. Here is our original example rewritten to use The...

Docker Hub is a container registry provided by Docker, Inc. It serves as a central repository for finding and sharing container images.  Although it is not the only place where docker images can be found it remains a popular container registry where developers and open source contributors can store, discover, and distribute container images. Pull through Docker Desktop To pull an image through Docker Desktop, you can use the following command: docker pull <image-name> For example, if I want to fetch the masstransit/rabbitmq image, I should execute the following command: docker pull masstransit/rabbitmq Pull through Podman Desktop What if I try to do the same thing through Podman Desktop: podman pull masstransit/rabbitmq This seems to work: However it is important to understand what is going on. If you don’t specify a registry name like we did here it look through the list of unqualified-search-registries. This list can be found inside the podman-machine at...

One of the cool features that Bicep has to offer is the 'what-if' operation. This allows you to preview the changes that will happen when applying your bicep template. Let’s see this operation in action: Open a command prompt Let’s first check if we have a version of the Azure CLI installed that supports the ‘what-if’ operation: az version The output should look like this: {   "azure-cli": "2.54.0",   "azure-cli-core": "2.54.0",   "azure-cli-telemetry": "1.1.0",   "extensions": {     "connectedk8s": "1.2.0",     "customlocation": "0.1.3",     "k8s-configuration": "1.1.1",      "k8s-extension": "1.0.4"   } } This should return at least CLI version 2.14.0. If not first install the latest version of the Azure CLI. Now we can run the command that w...

As a follow-up on the presentation I did at CloudBrew about Azure Static Web Apps I want to write a series of blog posts. Part I - Using the VS Code Extension Part II - Using the Astro Static Site Generator Part III  – Deploying to multiple environments Part IV – Password protect your environments Part V – Traffic splitting Part VI – Authentication using pre-configured providers Part VII – Application configuration using staticwebapp.config.json Part VIII – API Configuration Part IX – Injecting snippets Part X – Custom authentication Part XI – Authorization Part XII -  Assign roles through an Azure function Part XIII -  API integration Part XIV – Bring your own API Part XV – Pass authentication info to your linked API Part XVI – Distributed Functions Part XVII – Data API Builder Part XVIII(this post) -  Deploy using Bicep So far I’ve deployed our Azure Static Web App using Github Actions. Bu...

Reducing the carbon footprint and CO2 emission of our (cloud) workloads, is a responsibility of all of us. If you are running a Kubernetes cluster, have a look at Kube-Green . kube-green is a simple Kubernetes operator that automatically shuts down (some of) your pods when you don't need them. A single pod produces about 11 Kg CO2eq per year( here the calculation). Reason enough to give it a try! Installing kube-green in your cluster The easiest way to install the operator in your cluster is through kubectl. We first need to install a cert-manager: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.5/cert-manager.yaml Remark: Wait a minute before you continue as it can take some time before the cert-manager is up & running inside your cluster. Now we can install the kube-green operator: kubectl apply -f https://github.com/kube-green/kube-green/releases/latest/download/kube-green.yaml Now in the namespace where we want t...

After installing a new SonarQube version on one our Windows Server VM’s, I encountered some issues. Let me walk you through the problems I encountered and how I fixed them. Issue 1 -  java.lang.UnsupportedClassVersionError After I extracted the SonarQube binaries I opened the installation folder, went to the bin\windows-x86-64 folder and tried to run the startsonar.bat file. This failed with the following error message: D:\sonar\bin\windows-x86-64>startsonar Starting SonarQube... Error: LinkageError occurred while loading main class org.sonar.application.App         java.lang.UnsupportedClassVersionError: org/sonar/application/App has been compiled by a more recent version of the Java Runtime (class file version 61.0), this version of the Java Runtime only recognizes class file versions up to 55.0 The error above is related to the class file version. Each JDK release comes with its class file version. Class files are backward comp...

Running a local Kubernetes cluster is easy thanks to Podman Desktop and Kind . In this post I show you how to setup a kind environment from Podman Desktop. But first an introduction… What is Podman Desktop? Podman Desktop is an open source graphical tool enabling you to seamlessly work with containers and Kubernetes from your local environment. It offers similar functionality as Docker Desktop. Installing Podman Desktop(on Windows) is easy: Download the Windows installer . Start the Podman Desktop installer, open the downloaded file. Podman Desktop uses WSL2 to run a a Linux distribution in a virtual machine. It can be that a restart is required as the installer will try to enable/install WSL2 during the process. More information: Windows | Podman Desktop (podman-desktop.io) What is Kind? Kind is an open source project that allows to run Kubernetes clusters in a container engine (could be Docker or Podman or others). This is usually quite he...

Today when I tried to debug a .NET Core application, I got a browser warning that my localhost certificate was no longer valid. The good news is that renewing your localhost certficate when using Kestrel is easy. You can use the built-in dotnet dev-certs command to manage a self-signed certificate. We can first remove the existing outdated certificate by executing the following command: dotnet dev-certs https --clean Output: Cleaning HTTPS development certificates from the machine. A prompt might get displayed to confirm the removal of some of the certificates. HTTPS development certificates successfully removed from the machine. Now we can generate a new self-signed certificate using following command: dotnet dev-certs https –trust Output: Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate. Successfully created and truste...

When creating and maintaining (.NET Core) applications, it is always a good idea to keep the dependencies up-to-date. This helps to fix identified vulnerabilities but also keeps the upgrade path short as you closely stay to the latest package version. In this post I show you 3 ways to identify outdated packages and update them when necessary. Through the Visual Studio Package Manager When using Visual Studio, it is easy to find out whether newer versions of the NuGet packages used by your project is available, by using the NuGet Package Manager: Open your solution/project in Visual Studio Go to Tools -> NuGet Package Manager –> Manage NuGet Packages for Solution… Go to the Updates tab, check the Select all packages checkbox and click on Update Through the dotnet-outdated global tool A second option is to use the open source global .NET tool: dotnet-outdated . First install the tool using the following command: dotnet tool install --global dotnet-...

You carefully assembled a team of great developers, a top architect, UX designers, product owners, etc… You are confident that with this team you can tackle any challenge. However after 2 years working on the project, you have lost a lot of this confidence. The list of requested features keeps growing, existing functionality needs to be reworked because the business needs have evolved, and people work longer and longer days to still reach the predicted deadline. What started as workarounds to reach the end goal faster has evolved to just work. Workarounds are no longer the exception but became the rule. The solution becomes less and less stable and bugs are appearing everywhere. What is going on? Aha, we just discovered the biggest impact on code quality. It is not the skills of the team, neither the programming language or technologies they use, it is something else. The answer is ‘avoiding crunch mode’. Crunch mode , also known as crunch time , describes working extra...

As a follow-up on the presentation I did at CloudBrew about Azure Static Web Apps I want to write a series of blog posts. Part I - Using the VS Code Extension Part II - Using the Astro Static Site Generator Part III  – Deploying to multiple environments Part IV – Password protect your environments Part V – Traffic splitting Part VI – Authentication using pre-configured providers Part VII – Application configuration using staticwebapp.config.json Part VIII – API Configuration Part IX – Injecting snippets Part X – Custom authentication Part XI – Authorization Part XII -  Assign roles through an Azure function Part XIII -  API integration Part XIV – Bring your own API Part XV – Pass authentication info to your linked API Part XVI – Distributed Functions Part XVII(this post) – Data API Builder So far I have shown you 2 different possibilities to integrate an API inside your Azure Static Web App: You...