The art of simplicity

Yesterday I showed how to run STRIDE GPT, an AI based threat modelling tool, locally using docker. I demonstrated how I used a local language model through Ollama running on the same machine as Docker Desktop. To be able to access the Ollama endpoint from inside the docker container, I had to use the host.docker.internal as you can see in this .env file: A colleague asked me, what if you are using Podman instead of Docker? Will host.docker.internal still work? The short answer is no. Luckily this doesn’t have to be the end of this post as an alternative exists for podman. Instead of using host.docker.internal you need to use host.containers.internal .

As cyber threats are increasingly sophisticated and pervasive, securing software applications has never been more critical. This means that implementing a Secure Software Development Life Cycle(SDLC) is essential. A key part in this life cycle is threat modelling that allows us to identify and address potential vulnerabilities early in the Software Development Life Cycle (SDLC). In this blog post, we'll explore the significance of threat modelling within the SDLC and how STRIDE GPT , an AI-driven tool, can streamline this essential process. Why threat modelling is crucial in the SDLC Threat modelling is a structured approach to identifying, assessing, and mitigating security risks in software applications. It involves understanding the application's architecture, identifying potential threats, and implementing appropriate countermeasures. Here are some key reasons why threat modelling is crucial in the SDLC: Proactive Risk Management: By identifying threats ear...

I already talked about custom instructions in Github Copilot as a way to tweak Github Copilot. Today I want to show another way to extend the capabilities of your Copilot; Copilot Extensions, a set of third party tools, services, and data available (in preview) through the Copilot marketplace :     What are Copilot Extensions? Copilot extensions are third-party tools, services, and data integrations that enhance the functionality of GitHub Copilot. They allow you to leverage additional features and capabilities directly within your coding environment. Whether you need help with code quality, security, documentation, or project management, there's likely a Copilot extension that can assist you. At the moment of writing this post Copilot Extensions is still in preview and the list of available extension is still limited. Extension usage is not possible in every IDE. Here is the list of supported IDEs:   How to get started with Copilot Extensions Getting star...

Today I was reviewing an existing codebase and I had a hard time to get a good understanding about what was going on. I couldn't create a good mental picture in my head. But then I asked myself, maybe GitHub Copilot can help me out here and draw this picture for me. Let's give it a try... Note: As we were using the Azure DevOps wiki, I decided to try to generate the visualization using Mermaid as this is supported directly in Azure DevOps. Let me first shortly explain what Mermaid is before I dive into Copilot. Introduction to Mermaid Mermaid is a powerful JavaScript-based diagramming and charting tool that allows you to create and modify diagrams dynamically. It uses Markdown-inspired text definitions to render detailed diagrams and charts, making it easy to visualize complex information. Whether you're working on flowcharts, sequence diagrams, or Gantt charts, Mermaid has you covered. Mermaid uses a simple syntax to define charts. Here is an example of a basic ...

After updating WSL on one of the developer machines, Podman failed to work. When we took a look through Podman Desktop, we noticed that Podman had stopped running and returned the following error message: Error: Command execution failed with exit code 125 Here are the steps we tried to fix the issue: We started by running podman info to get some extra details on what could be wrong: >podman info OS: windows/amd64 provider: wsl version: 5.3.1 Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM Error: unable to connect to Podman socket: failed to connect: dial tcp 127.0.0.1:2655: connectex: No connection could be made because the target machine actively refused it. That makes sense as the podman VM was not running. Let’s check the VM: >podman machine list NAME         ...

One of the most precious gifts I got from my parents is a love for books and reading. It's a gift that keeps on giving, opening doors to new worlds, sparking my imagination, and the entry point to almost every learning journey I started. So, I'm really happy that I was able to pass this gift to my kids as well. But what if reading isn't always easy for you? Don't worry—I have great news! Microsoft has created an incredible tool called Reading Coach to help everyone improve their reading skills and rediscover the joy of reading. Meet Microsoft's Reading Coach Microsoft's Reading Coach is an AI-powered tool designed to provide personalized and engaging reading practice. It's available in 81 languages and can be used both at school and at home. Here are some of the amazing features that make Reading Coach a game-changer: AI-Powered Stories : Reading Coach uses AI to generate stories that match your abilities and interests, providing instant fee...

A  few weeks ago I got contacted by someone(Hi Chris!) who was trying to get my Semantic Kernel demo's up and running on his machine. Chris tried to get the application up and running but got some error messages. I used his input to improve the readme file and updated the main branch to simplify the getting started experience. However there was one specific error he shared that I want to talk about a little more. Here is the screenshot he shared with me:   The reason that he got this error is because ‘auto function calling’ was enabled in the code and the model he was using didn’t support this feature. Remark: I updated the code to disable auto function calling after I got his email. A good excuse to talk a little more about this feature… What is (auto) function calling in Semantic Kernel? With function calling, you give the LLM the option to interact with your existing code. You can do this quite explicit as I explained in my OllamaSharp post but with Semanti...

Yesterday I talked about how we used Docker Compose to build and run an node.js/PostgreSQL application locally.We were using the build section inside the docker compose file to build the container image when running docker compose avoiding the need to build the container image separately. However when using this approach we noticed that if we made changes to the code, those changes were not picked up by Docker Compose and we were running using an outdated image. This turned out not to be a bug but requires a better understanding of the different Docker Compose commands. Docker Compose commands Docker Compose provides multiple commands and flags and it is important to understand the nuances between each command. docker compose up The command that we used so far was docker compose up , This builds the container image if the images does not exist and starts the containers. This already explains the behavior I described above docker compose build Another option is docker ...

Docker Compose allows you to easily define and run multi-container applications. My team just 'inherited' a node.js with a PostgreSQL application. As this is not our main technology stack, debugging and running this through Docker Compose sounds like a perfect pit. We already had a DOCKERFILE created for the Node.js app so the only thing left to do was create our Docker Compose file: Nothing special. However, when we tried to start the containers through docker compose up , it failed with the following error message: >docker compose up [+] Building 0.0s (0/0) listing workers for Build: failed to list workers: Unavailable: connection error: desc = "transport: Error while dialing unable to upgrade to h2c, received 404" After some trial and error, we were able to pinpoint the issue to the 'build' part of the docker compose file: services:   app: build: . If we replaced the build context by a pre-created image instead everything worked....

A key element in building an RAG(Retrieval Augmented Generation) is the usage of a vector database. The list of vector databases is growing every day and even SQL Server now supports vectors. In this post I focus on Qdrant (pronounced as "quadrant") a vector similarity search engine and database written in Rust. It's specifically designed to handle vector embeddings and payload, making it perfect for modern machine learning applications. The goal of this post is not to make you a Qdrant expert(neither am I) but to provide you with enough information to start using it correctly. What is Qdrant? Qdrant is an AI-native vector database and semantic search engine designed to handle high-dimensional vectors. It provides a production-ready service with a convenient API to store, search, and manage vectors with additional payloads.  A vector database is designed to store and query high-dimensional vectors efficiently. Unlike traditional databases that organize data in rows a...

After announcing Phi-4 last month, it is now also available on Ollama to use locally. Phi-4 is a "small" language model that performs at the same level or even better than some of the larger language models. The latest incarnation in Microsoft's Phi series, took a big step forward in tasks requiring complex reasoning and problem solving, making it a good candidate to use in a (multi-)agent solution. One area where the model is particularly good is in math.It outperformed larger models in the November 2024 AMC competitions, proving its real-world application potential.   Time to download the model through Ollama and give it a try: ollama pull phi4 More information microsoft/phi-4 Ollama microsoft/phi-4 · Hugging Face microsoft/phi-4 Azure AI Foundry Introducing Phi-4: Microsoft’s Newest Small Language Model Specializing in Complex Reasoning | Microsoft Community Hub

Good news if you are using Github Copilot Free or Pro! You can now ask Github Copilot to search the web. This feature was already available for Github Business or Enterprise users but now it is in preview for everyone. To start using this feature, you first need to enable it in your Copilot settings: Before if you asked a question about data the model was not trained on, you get a response like this: If we now ask a question in Copilot Chat where the trained model has no information about, it can search on the web. Therefore include  @github in your query. Github Copilot will select an appropriate skill to help answering the question:   If the web search is not triggered automatically, you can explicitly trigger it by adding @github #web at the start of your query. Nice! More information Web search in GitHub Copilot Chat now available for Copilot Individual - GitHub Changelog GitHub Copilot · Your AI pair programmer Managing Copilot policies as an indiv...