The art of simplicity

There's a question that comes up in nearly every leadership workshop, every team development session, every coaching conversation about authenticity: Should I be thinking about my professional values or my personal values? It's an understandable question. We've been conditioned to believe in compartmentalization—that we can be one person at work and another at home, that we can hold one set of principles in the boardroom and a different set at the dinner table. But here's what Brené Brown names so clearly in Dare to Lead : We have only one set of values. Me and the other me The idea that we might have separate value systems for different areas of our lives is appealing. It would make things so much easier, wouldn't it? We could be competitive at work but collaborative at home. We could prioritize results over relations in business but reverse that in our personal relationships. Except that's not how integrity works. That's not how we work. ...

The recent software supply chain attacks proof again that having insights in own project dependencies is crucial. This is where GitHub's dependency graph can help. It maps every direct and transitive dependency in your project, giving you the visibility you need to understand, secure, and manage your software supply chain. What is the Dependency Graph? The dependency graph is a summary of the manifest and lock files stored in a repository, showing which packages depend on what, helping you identify risks, prioritize security fixes, and keep track of your project's true footprint. For each repository, the dependency graph shows: Dependencies : The ecosystems and packages your project relies on Version information : What versions you're using License details : The licensing terms of your dependencies Vulnerability status : Whether any dependencies have known security issues Transitive paths : For ecosystems that support it, you can see the entire ch...

Have you ever wondered what powers the cloud services you use every day? From video calls to online banking, from remote work to social media, there's a massive physical infrastructure humming away behind the scenes. Microsoft has opened the curtains on this hidden world through their Azure Global Infrastructure Experience—a virtual datacenter tour that offers an unprecedented look inside the technology that powers our digital lives. What is the Azure Global Infrastructure experience? The Azure Global Infrastructure Experience is an immersive, interactive 3D virtual tour that allows anyone to explore the inner workings of Microsoft's datacenter operations. Rather than requiring physical visits to secure facilities, this digital experience brings the datacenter to you, accessible from any PC or mobile device. The tour showcases infrastructure spanning over 60 datacenter regions and more than 300 datacenters globally, giving visitors insight into the sheer scale of Microsof...

At GitHub Universe, GitHub announced that you can use OpenAI Codex with your existing GitHub Copilot Pro+ subscription. Therefore we first need to install the OpenAI Codex extension and sign in with GitHub Copilot. Installation & configuration You can directly install the extension from the extensions or through the Agent sessions view: After the installation has completed, you need to sign in. You can either use your ChatGPT account or your (existing) GitHub Copilot subscription. Once signed in, we have an extra chat window available: There are a few things we can configure here: Environment: Local workspace: The agent will interact with your local machine and VSCode workspace. Connect Codex Web: Send the chat to the ChatGPT web interface. Send to cloud: The agent will operate in a sandboxed cloud environment.   Chat Mode (called approval modes in OpenAI Codex): Chat: Regular chat, doesn’t do any changes directly. ...

The recent software supply-chain attacks proof once again that the npm ecosystem is a double-edged sword. With over 2 million packages available, developers can build applications faster than ever before. But this convenience comes with a significant security risk. When a single compromised package can affect thousands of downstream projects, we need better defenses. In this post, I'll show you how combining npm lock files with the --ignore-scripts flag creates a powerful security layer that can protect your projects from many common attack vectors. The growing threat of supply chain attacks Supply chain attacks in the npm ecosystem aren't theoretical—they're happening regularly. In recent years, we've seen high-profile incidents like the event-stream compromise, where a popular package was hijacked to steal Bitcoin wallets, and the ua-parser-js attack, where malicious code was injected to install cryptominers and password stealers. These attacks often follow a...

Have you ever wanted to see your project's Git history come to life? Gource is a fantastic tool that transforms your commit history into a mesmerizing animated visualization, showing how your codebase grows and evolves over time. It's like watching a time-lapse of your project's development, with files appearing, changing, and moving as contributors work on different parts of the code. But Gource is more than just eye candy. I like to use this tool to spot architectural patterns, identify hotspots where code changes frequently, understand how the team collaborates, and even detect potential coupling issues before they become problems. It's a powerful lens for understanding not just what a team has built, but how they've built it. In this post, I'll walk you through everything you need to know to create your first Gource visualization and use it to gain valuable insights into your codebase's architecture. What is Gource? Gource is an open-source vis...

Last week I was listening to Adam Grant's Rethink podcast. The guest was Daryl Davis, a black musician who has spent decades doing something most of us would find unthinkable: sitting down face-to-face with members of the Ku Klux Klan and neo-Nazis, listening to them, and through empathy and curiosity, helping many leave hate groups behind. What struck me wasn't just his extraordinary work. It was also his advice for the rest of us, the ones who can't imagine doing what he does. Not everyone belongs on the front line Daryl Davis and Jeff Schoep, who also joined the podcast, are what he calls "on the front lines"—directly engaging with people in hate groups. But Davis readily acknowledges that this isn't for everyone. "Some people, they can't do that," he explained. "They cannot bring themselves to sit down with a KKK member or a neo-Nazi. 'I can't sit with those people. I'm afraid of them. Or I'm afraid I might punch...

After enabling Aspire for your application, you get OpenTelemetry integration for free thanks to the included ServiceDefaults code.  This will setup OpenTelemetry using a set of defaults: Unfortunately this default configuration didn’t pick up any of the custom metrics I added. I first thought that this meant that I couldn’t use the service defaults anymore and configure the OpenTelemetry integration manually. But then I discovered that you can change/extend the default configuration in a specific project by using the ConfigureOpenTelemetryTracerProvider and/or ConfigureOpenTelemetryMeterProvider methods. Add your custom OpenTelemetry configuration after calling the Aspire builder.AddServiceDefaults() : Now our custom metrics appear nicely in the Aspire dashboard: More information Welcome to Aspire | Aspire Enabling .NET Aspire for an existing solution Replacing EventCounters with the new Metrics API

If you've been using EventCounters for instrumenting your .NET applications, it's time to consider migrating to the newer System.Diagnostics.Metrics API. Based on the OpenTelemetry specification, the Metrics API offers a more modern, flexible, and standardized approach to application instrumentation. Why migrate? The Metrics API provides several advantages over EventCounters: Industry Standard : Built on OpenTelemetry, ensuring compatibility with a wide ecosystem of monitoring tools Better Performance : More efficient with lower overhead Richer Functionality : Support for histograms, exemplars, and more sophisticated metric types Improved API Design : Cleaner, more intuitive interface for defining and recording metrics Better Tooling Support : Growing ecosystem support from APM vendors and monitoring solutions Microsoft has indicated that EventCounters are in maintenance mode, with new development focused on the Metrics API. So reasons enough to m...

In a recent leadership training, one practice stopped me in my tracks:  Leave room for the other voice. For every decision made during the training, the trainer always left room for the people who disagreed. Not to build consensus, but to be aware of what we have possibly missed and value different viewpoints. It sounds simple, almost obvious. But as I sat with it over the following days, I realized how I struggle putting this into practice —and how transformative it is when I do. The uncomfortable truth We love agreement. It feels good. It's efficient. When someone nods along with our ideas, it validates our thinking and makes us feel competent and heard. But here's what I'm learning: a room full of agreement is often a room full of danger. When everyone agrees with you, one of two things is happening. Either you've hired people who think exactly like you—which means you're missing perspectives, blindspots, and opportunities. Or you've created an enviro...

Yes! .NET 10 is out and not only does it come with a new SDK and runtime version, but it is accompanied by a new NuGet version. With this version, Microsoft has significantly strengthened NuGet's security capabilities to help build more secure applications. These enhancements focus on improved vulnerability detection, automated package management, and better tooling for managing your dependency tree. Let's explore what's new and how these features can help protect your projects. Transitive dependency auditing The change with probably the biggest impact is the NuGet Audit's default behavior. For projects targeting .NET 10 or higher, the NuGetAuditMode property now defaults to all instead of direct . This means that NuGet will automatically scan not just your direct package references, but also all transitive dependencies for known security vulnerabilities. That’s good news as a a majority of vulnerabilities are often found in indirect dependencies. In a typical...

GitHub Copilot is a powerful AI coding assistant and I couldn't miss it anymore. But there are times when you need to prevent it from accessing certain files or directories. Whether it's sensitive configuration files, proprietary code, or files that would add unnecessary noise to suggestions, exclusions help you maintain control over what Copilot sees. Why exclude content? You might want to exclude content from Copilot for several reasons: Security and privacy : Keep API keys, passwords, and other secrets away from AI processing Proprietary code : Protect sensitive business logic or algorithms Noise reduction : Exclude generated files, dependencies, or build artifacts that don't help with suggestions Performance : Reduce the context window size for faster suggestions Reasons enough to spend some time configuring your content exclusions. GitHub Copilot content exclusion settings Content exclusion is a Copilot Business or Enterprise feature and can...

I don’t do it on purpose but sometimes it can be so much fun to dive into an exception you’ve never seen before. You always come out with some new acquired wisdom. It all started with the following exception during the execution of our unit tests: System.InvalidOperationException : Operations that change non-concurrent collections must have exclusive access. A concurrent update was performed on this collection and corrupted its state. The collection's state is no longer correct. A look at the stacktrace brought us to the initialization system of our application where multiple modules are configured and initialized: at System.Collections.Generic.Dictionary`2.TryInsert(TKey key, TValue value, InsertionBehavior behavior) at System.Collections.Generic.Dictionary`2.set_Item(TKey key, TValue value) at SOFACore.EntityFramework.EntityFrameworkModule.Initialize(IServiceCollection services) in /_/SOFACore/SOFACore.EntityFramework/EntityFrameworkModule.cs:line 30 Inside this mo...