The art of simplicity

I ran into an issue after accidently enabling HSTS for a website on localhost. This was not an issue for the original website that was running in IIS and had a certificate configured. But when I tried to run an Angular app a little bit later on http://localhost:4200 the browser redirected me immediately to https://localhost . Whoops! That was not what I wanted in this case. To fix it, you need to go the network settings of your browser, there are available at: chrome://net-internals/#hsts edge://net-internals/#hsts brave://net-internals/#hsts Enter ‘localhost’ in the domain textbox under the Delete domain security policies section and hit Delete . That should do the trick…

A metaphor that is used a lot to describe the software development process is that of a software factory. Wikipedia describes the concept of a software factory as follows: A software factory is a structured collection of related software assets that aids in producing computer software applications or software components according to specific, externally defined end-user requirements through an assembly process. A software factory applies manufacturing techniques and principles to software development to mimic the benefits of traditional manufacturing. This brings the following image on my mind:   On one end we put requirements in and on the other end working software comes out. This feeds the idea that software development is a manufacturing activity where human intervention could be minimized and most of the work can be automated.  But this idea is not correct; as Jack Reeves says in his essay What Is Software Design? coding is in fact an act of design not manufa...

After executing the build pipeline, I add a tag to the specific git commit to track the deployed code. This is something that is built-in the Azure DevOps pipeline functionality through the Tag Sources : Originally I used the $(build.buildNumber) variable to tag the code.  But I updated my project to use a VersionPrefix value inside my directory.build.props file: Of course this VersionPrefix value is not available as a variable inside my Azure DevOps pipeline. So the question is how can I create a new pipeline variable? I solved this by creating a small Powershell script that reads the value from the Directory.Build.props file and uses the task.setvariable macro to create a pipeline variable: More information: Set variables in scripts - Azure Pipelines | Microsoft Learn

The OWASP Dependency-Check tool is a free open-source Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. Yesterday I explained how to integrate the OWASP Dependency Check extension in your build pipeline and use to scan .NET applications; Today I want to show how to use it for Angular applications. For Angular applications dependencies can be found in the package.json or package-lock.json. I updated the build task scan path to check for these files: Important: before you run this tool for your Angular application, make sure you first have installed all dependencies using npm install otherwise the tool will not work. Here is an example HTML output for one of our applications:

The OWASP Dependency-Check tool is a free open-source Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. In this post I’ll show you how to integrate this in your Azure DevOps build pipeline using the OWASP Dependency Check task . After installing the OWASP Dependency Check extension in your Azure DevOps instance, you have a new task available: To use it with a C# project, set the scan path to your csproj folders: In the example above I configured multiple report output formats. Here is the HTML output I got after executing the build: It mentions one vulnerability. And indeed when I go to the Package Manager view in Visual Studio, I noticed that the used version was flagged: If you want to consume the results inside Azure DevOps, you have the option to output the results...

A colleague asked me for help with a specific Angular build error he got. Everything was working fine during development but when he tried to create a production build using ng build --configuration production --aot it failed with the following error message Index html generation failed. Let's have a look at the configuration in the angular.json : If we compare this configuration with the development version the biggest difference between the two is that for production the optimization setting was enabled. Let’s have a look inside the documentation to see what this setting does: This option enables various optimizations of the build output, including: Minification of scripts and styles Tree-shaking Dead-code elimination Inlining of critical CSS Fonts inlining Aha! I could guess where the problem appears. As we had removed the index.html from our Angular project (we are not using the default index.html but have an ASP.NET Core MVC page that is u...

Last month I had a few unfortunate experiences where deadlines were missed and a lot of extra work was spend on what was perceived as a simple and easy task. Of course it is never fun to miss a deadline and have to spend extra time (and money). But these things happen, it is and remains ‘just’ an estimate. There is always some uncertainty and risk at play. And don’t forget Hofstadter’s law: It always takes longer than you expect, even when you take into account Hofstadter's Law. So that an estimate is wrong doesn’t bother me too much and can be expected. Sidenote: Delays are part of life, if you are a regular user of the Belgian public transport system you should know.  What I didn’t like was that no communication was done and I only learned a few weeks later that we would miss our deadline. If the delay was communicated well ahead of time it wouldn’t be a big deal. At that time we could have discussed with business what to do. Could we push the deadline, involve extra...