Building Async and Cloud Native organizations - Issue #27

Welcome to my weekly newsletter! Every week, I bring you the latest news, updates, and resources from the world of coding and architecture. I'm so glad you've decided to join me, and I can't wait to share my insights and expertise with you.

I hope you'll find this newsletter to be a valuable resource, and I welcome your feedback and suggestions. If there's something you'd like to see more of, or if you have any questions or comments, please don't hesitate to reach out to me.

Thank you for joining me, and happy reading!

REST and APIs

You know about the OWASP top 10, a list of security vulnerabilities like injection attacks, access control, and SSRF. Unfortunately, they are not just possibilities but actual threats, and the below article shows some real notorious hacks categorized under the OWASP top 10.

Link-Template proposal

In the era of dynamic web applications and services, the importance of flexible and adaptable data exchange methods cannot be overstated. One particular challenge developers have been grappling with is the rigidity of links in HTTP headers. Until now, these links have been static, essentially hardcoded, posing limitations in scenarios requiring more complex and dynamic linking strategies. The advent of a new proposed standard, the "Link-Template" HTTP header field, promises to change this scenario for the better.

Introduced as an extension to the existing Link header field, the "Link-Template" field harnesses the power of URI Templates. Instead of serving static links, URI templates provide a blueprint that, when populated with specific variable values, results in fully formed URIs. This provides a flexible method for generating links in HTTP message headers, which can change and adapt according to specific variable values.

Beyond this, the proposed standard takes it a step further with the introduction of the 'var-base' parameter. This feature allows for template variables to be globally identified, breaking away from the confines of the current context of use. The 'var-base' parameter provides a URI-reference that serves as a base URI for the variable names in the URI template, leading to greater flexibility and universality in link generation.

To illustrate, consider this example:

Link-Template: "/widgets/{widget_id}";
               rel="https://example.org/rel/widget";
               var-base="https://example.org/vars/"

This header field indicates that a resource with the relation type "https://example.org/rel/widget" can be found by expanding the "https://example.org/vars/widget_id" variable into the template given. This opens up a range of possibilities for more dynamic and context-sensitive linking strategies in web applications and services.

The introduction of the "Link-Template" HTTP header field is an important stride towards overcoming the limitation of static links in HTTP headers. It provides a robust method for enabling more complex and dynamic web communications, potentially revolutionizing how linking and routing logic are handled in web applications.

Curious to learn more about this promising new standard?

Coding technicalities

Getting confused by all the different .NET versions? Claudio Bernasconi made a guide listing all the versions of .NET.

What to use for a currency

Whenever I need to do something with money, I still need to look it up; what kind of data type is the best to use? It looks like there is a whole lot of information about what kind of type is the right one:

GitHub related

GitHub Copilot, the AI-based coding assistant launched in 2022, has been improving its contextual understanding to provide developers with more relevant coding suggestions. Leveraging large language models like OpenAI's Codex, Copilot is getting smarter at inferring the context from a developer's work.

Several key strategies are being used to enhance Copilot's capabilities:

1. Prompt Engineering: A technique that presents relevant data to the AI in the correct order to better understand the context of the developer's code.

2. Neighboring Tabs: Copilot can now process all open files in a developer's IDE, not just the active one, improving the relevance of its suggestions.

3. Fill-In-the-Middle (FIM) Paradigm: Copilot considers the code both before and after the cursor to provide better context-based code suggestions, boosting performance by 10%.

In addition, GitHub is experimenting with vector databases, capturing the semantics and intent of the code. This allows for a more customized coding experience, particularly for those working with private repositories or proprietary code.

With these improvements, research indicates that developers using GitHub Copilot can code up to 55% faster. GitHub continues to collaborate with Microsoft Azure AI-Platform for further enhancements.

And while we are talking about Copilot…GitHub also published a story about the history of this product. Engineers at GitHub were astounded by the capabilities of OpenAI's large language models (LLMs), inspiring the development of GitHub Copilot, an AI-driven code generation tool.

Initially, these AI models resolved about half of the posed problems, but rapidly improved to tackle over 90% of them. The tool became increasingly interactive and functional, with LLMs producing surprising and high-quality results.

While starting as a Python-only model, OpenAI's LLMs evolved to handle multiple languages, outdoing previous versions and continually surprising the GitHub team.

A game-changing enhancement was using the actual file name to determine the language type and potential content, a strategy that not only improved language recognition but also enhanced the quality of code suggestions.

Another significant breakthrough was the tool's ability to scan through open files in the IDE for similar text to what’s in the user's current cursor, resulting in a dramatic increase in code acceptance. These improvements, combined with the ever-evolving AI, promise a transformative future for the industry.

Combine GitHub and Slack

GitHub actions are powerful workflows that can react to almost anything. What if you combine this with a tool like Slack to stay up to date with what is happing in your repos?

The below article shows how to set up the Slack webhook and build a GitHub workflow to talk to a Slack channel.

It uses the Slack action to perform the actual API call, which has a lot of customization options out of the box.

Computing in general

Microsoft is expanding its investment in AI, introducing a new service, Code Optimizations, as part of its Application Insights platform. The AI-powered service will streamline .NET performance by analyzing applications and cloud services, identifying performance issues, and suggesting tailored improvements.

The service is expected to save developers time, enhance user experience, and reduce operational costs. This development underscores Microsoft's commitment to harnessing AI to drive performance and efficiency.

Google has announced a new set of Top Level Domains (TLD) including the .zip. According to Google, the .zip is a secure domain for tying things together or moving really fast. Hosting content on a .zip domain means speed. 

You might think this is a nice addition, but there is also a risk here. Take these two URLs and see which one returns an evil zip file.

https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.zip
https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.zip

Helpers and utilities

How green is your website? Do you know if your hosting provider is actually compensating or taking steps to reduce or offset the greenhouse gas emissions caused by using electricity to provide their services. 

Validate your site using the green web check:

I hope you've enjoyed this week's issue of my newsletter. If you found it useful, I invite you to share it with your friends and colleagues. And if you're not already a subscriber, be sure to sign up to receive future issues.

Next week, I'll be back with more articles, tutorials, and resources to help you stay up-to-date on the latest developments in coding and architecture. In the meantime, keep learning and growing, and happy coding!

Best regards, Michiel