Building Async and Cloud Native organizations - Issue #30

Welcome to my weekly newsletter! Every week, I bring you the latest news, updates, and resources from the world of coding and architecture. Thank you for joining me, and happy reading!

REST and APIs

Wondering what kind of potential security risks you can face when developing APIs? This OWASP top 10 points you in the right direction. Some of those can be mitigated by using a gateway like Azure API Management, others you will need to handle in your code.

In a previous edition, I talked about Twitter, where the cost of accessing their API went to 42K per month!

Reddit is facing similar challenges, causing integrations to stop working as it becomes too expensive to continue to operate. A large number of Reddit communities will ‘close’ for a couple of days to protest against this price change.

Understandable that there needs to be some sort of business model, but this is a big leap from free access to something very expensive. Tools that are used to manage and moderate the Reddit communities, to applications that offer an alternative UI on top of Reddit will seize to exist.

Coding technicalities

The C# Dev Kit is a new tool designed to enhance C# productivity when working in Visual Studio Code (VS Code). It includes a set of VS Code extensions that provide a rich C# editing experience, AI-powered development, solution management, and integrated testing. The kit includes the C# extension, providing base language services support, and the IntelliCode for C# Dev Kit extension, bringing AI-powered development to the editor.

A significant feature of the C# Dev Kit is the new Solution Explorer view, which simplifies project management by providing a curated, structured view of your application. Test Explorer capabilities have also been expanded, allowing easier discovery and organization of tests for XUnit, NUnit, MSTest, and bUnit.

The C# Dev Kit builds upon the recently updated, open-source C# extension which is now powered by an open-source Language Server Protocol (LSP) host. This leads to significant performance improvements for tools such as IntelliSense, syntax highlighting, refactoring, and code formatting. In benchmark tests, the time to IntelliSense saw a 91% improvement, decreasing from 38 seconds to 3.5 seconds.

AI-powered C# development is also facilitated by the IntelliCode for C# Dev Kit extension, offering features like whole-line completions and starred suggestions for IntelliSense completion lists. The C# Dev Kit is compatible with Linux, macOS, Windows, and dev containers, as well as cloud-based environments like GitHub Codespaces.

The C# Dev Kit is free for individuals, academia, and open-source development under the same license model as Visual Studio Community. For organizations, it is included with Visual Studio Professional and Enterprise subscriptions and GitHub Codespaces.

When you use the middleware in ASP.NET, you already know this pattern, but it is good to see some examples:

I like managed identities, as it removes a lot of the complexity of managing credentials and is more secure. It looks like the connection to Application Insights will also get a managed identity option.

Exposing your instrumentation key might not seem that sensitive; it is vital to have good and correct logging and monitoring. If somebody else gets hold of your key, they can misuse it and overload your monitoring solution. This will not only incur extra costs but can also lead to incorrect monitoring data.

Want to be up to date on some new CosmosDB features; then have a look at this article. The hierarchical partition keys look interesting!

GitHub related

Did you start using GitHub but now have a large number of repositories? If you want to do some housekeeping, you might want to delete or archive all those repositories which are no longer needed. But how do you know if they are being used or not?

One way is to look if they become stale, so lacking any activity for a number of days. The GitHub blog describes a way to iterate over all repositories in your org and how to end up with an issue containing the details of stale repositories.

Of course, you still need to determine if the repo can be removed, but when items are untouched for a long time, they become a candidate for removal.

If you have a process step that requires approvals on pull requests, then be aware of these upcoming changes. This provides better protection for changes that are potentially not reviewed. There are some edge cases where merge commits can be used to alter contents which was different than what was available on the server.

Computing in general

Creating a good Definition of Done can be tricky. This FINISHED acronym can help you with the discussions.

Running a retrospective is not an easy task. Lack of actions, lack of involvement, lack of enthusiasm; all kinds of reasons not to run it, while it is an important part of scrum. The below article provides some great tips to get more out of a retro:

Next to my newsletter, I also try to blog. More as a reference to myself on how I solved certain things. It is not uncommon to end up on my own blog after googling for the same issue years later.

Julia Evans debunks several myths about blogging, and I cannot disagree with her.

Helpers and Utilities

An interesting collection of code samples that can come in handy:

Are you using a Mac, then this can come in handy; a list of shortcuts. What also helps is CheatSheet, a macOS app that shows a popup when you long press the command key and lists all the available shortcuts.

I hope you've enjoyed this week's issue of my newsletter. If you found it useful, I invite you to share it with your friends and colleagues. And if you're not already a subscriber, be sure to sign up to receive future issues.

Next week, I'll be back with more articles, tutorials, and resources to help you stay up-to-date on the latest developments in coding and architecture. In the meantime, keep learning and growing, and happy coding!

Best regards, Michiel