Introduction

Welcome back to MindByte Issue #35! Refreshed from a wonderful holiday, I'm eager to dive back into the dynamic world of Azure, .NET, and GitHub with you all.

Pulse of the week

This week, GitHub has unveiled a series of promising improvements that are set to enhance user experience and security. Notably, the introduction of Passkeys adds an extra layer of security, allowing developers to authenticate actions without relying on passwords.

Meanwhile, the public beta launch of Copilot Chat takes coding collaboration to new heights, utilizing AI-powered assistance to guide users through code suggestions and problem-solving in real-time. These innovations underline GitHub’s commitment to a seamless and more secure coding environment, driving the future of development collaboration.

GitHub Digest

Embracing a Passwordless Future with GitHub's Passkey Authentication

Passwords have long been a weak link in digital security, accounting for over 80% of data breaches. GitHub's public beta of passkey authentication is a revolutionary step forward in mitigating this risk.

Unlike traditional security measures, passkeys offer a unique and robust security layer for each website. This eliminates the threat of cross-site tracking and enhances privacy. More importantly, it brings us closer to the vision of complete passwordless authentication aimed at eradicating password-based breaches altogether.

With the ability to sync across various devices, passkeys offer both security and convenience. They represent a fusion of strong account security without compromising user experience. This move by GitHub aligns with the growing trend towards a more secure and privacy-preserving digital landscape.

GitHub's commitment to passkeys signifies a noteworthy stride in digital security. By offering a more secure and easy-to-use method to protect accounts, the introduction of passkey authentication paves the way for a future without passwords.

So start using passkeys now to make your life more secure and easier!

Revolutionizing Compliance and Traceability: A Deep Dive into Streamlined Workflows

In the complex landscape of today's regulated industries, the words "compliance" and "traceability" often resonate with rigidity, burden, and extra costs. Yet, they are indispensable components of any robust system. What if I told you there's a way to weave these critical aspects into your organization's daily workflow without losing agility or increasing friction?

This comprehensive article takes you into the very heart of modern compliance practices, showcasing how using platforms like GitHub can make meeting regulatory demands not just easier but also more efficient. Explore how pull requests, a commonly used development tool, can become the centerpiece of your audit and traceability efforts.

Whether you're looking to simplify troubleshooting, efficiently track business impact, minimize audit costs, or enhance the overall developer experience, the insights in this article could revolutionize your approach to compliance. From detailed examples of major industry standards to a practical look at leveraging GitHub's capabilities, this guide illuminates a path towards a more transparent and streamlined process.

Now Public Available: GitHub's Merge Queue

Exciting news for developers and organizations: GitHub's new merge queue functionality is now publicly available!

This innovative feature streamlines the software delivery process by automating pull request merges, ensuring each one is tested for compatibility before merging.

It's a time-saving tool available on both private and public repos on the GitHub Enterprise Cloud plan, and all public repos owned by organizations.

Custom Secret Scanning Patterns

Secret scanning is an essential feature that aims to enhance the security of your projects by scanning the entire Git history across all branches present in your GitHub repository. This tool is designed to identify tokens, private keys, and other secrets that could be exploited if exposed.

By scanning for secrets, GitHub ensures that these sensitive pieces of information are not inadvertently checked into a repository, where unauthorized users might access them. It helps in protecting your privileges on external services by spotting potential vulnerabilities.

Secret scanning is offered in two forms, targeting different users and needs, including both partners and individual repository owners. It's a powerful tool that can be configured to meet specific organizational needs, and it operates automatically on public repositories and packages, providing a robust, user-friendly layer of protection.

For those interested in leveraging this technology, you can access a repository containing custom patterns that can be used for secret scanning. This will enable you to tailor the scanning process to your particular requirements and enhance the security of your codebase even further.

Discovering the Power of Conversational Coding with GitHub Copilot Chat

I recently had the opportunity to try out the limited beta of GitHub Copilot Chat, and I must say, it's a game-changer! This new feature, now available to all business users on Visual Studio and VS Code, turns GitHub Copilot into a context-aware conversational assistant right within the IDE.

What impressed me most was how it simplifies some of the most complex tasks. Whether you're building entire applications or debugging extensive code, Copilot Chat guides you through the process in mere minutes instead of days. And the real-time guidance, personalized assistance, and insightful code analysis make those weeks spent over unit tests and boilerplate code a thing of the past.

Copilot Chat is more than just a chat window; it's a powerful tool that understands the code you've typed, the challenges you're facing, and offers real-time solutions. This innovation is set to democratize software development and make development teams across the globe happier and more productive.

Enhancing Project Management with GitHub's Issue Metrics Action

GitHub Actions has taken another leap forward with the introduction of the Issue Metrics GitHub Action. This powerful new tool provides detailed metrics related to issues, pull requests, and discussions, enabling developers, maintainers, and teams to keep track of key aspects like time to first response, time to close, and more.

Whether you're a solo developer or part of a large organization, the insights provided by the Issue Metrics GitHub Action will help you gauge the health and progress of your projects. This invaluable addition to the GitHub toolkit empowers users to streamline workflows, optimize response times, and enhance collaboration across the board.

I enabled this on my open-source repository by adding the workflow file. I will now get monthly reports like the one below:

Read on to discover how to leverage this innovative feature to take your project management to the next level.

Board Swimlanes in GitHub Projects

Besides some other small improvements, GitHub also added the ability to have swimlanes in Projects. An interesting way to visualize different teams, workstreams, or any field you want.

New dashboard view for deployments

There is a new public beta of the deployments overview page. It will show you all the defined environments and what is deployed where, when and by whom.

This will provide a great overview on your deployments, which was before harder to get by.

Coding Corner

Why is SMTP so outdated but still so popular?

Ever wondered where the first email came from and who sent the first spam? Dylan Beattie has an exciting take on why SMTP is still around, with all its shortcomings but no real replacement.

Demystifying Code Coverage in .NET: A Guided Journey with Coverlet

In the ever-evolving world of software development, measuring the effectiveness of your code through various metrics has become essential. One such metric is code coverage, an intriguing concept that quantifies the degree to which your code is exercised by tests. This article delves into code coverage in .NET using Coverlet, leading you through creating a simple solution, setting up metrics, and interpreting different report formats.

But here's the catch: While code coverage can reveal trends, spark insights, and offer some assurance that your code is being tested, it should not be seen as a goal in itself or an absolute measure of quality. Having high coverage doesn't necessarily mean that your tests are probing the correct areas. It's a tool, not a silver bullet, and needs to be considered in the context of other testing techniques like Mutation Testing.

Azure Updates & Insights

Unit testing Bicep

Unit testing code should hopefully be natural for all of you, but do you also test your infrastructure as code? Although a bit more complex, it is possible to apply Asserts in your Bicep code and validate if your Bicep constructions are correct.

Azure's Deployment Stacks Now Public: Simplifying Resource Management with Enhanced Control & Efficiency

In a previous feature, I highlighted the then-upcoming functionality of Deployment Stacks in Azure. Now, it has been made publicly available, and it's worth revisiting why this is such an interesting new feature.

Deployment Stacks is a native solution that simplifies the complex and time-consuming management of resources across Azure's multiple scopes. It allows for managing a collection of resources as a single unit, facilitating quicker updates and deletions, and offering more granular controls to prevent unwanted changes.

Why is it Exciting?

1. 1-to-Many CRUD Operations: It supports 1-to-many create, update, delete operations across different scopes, such as Resource Group, Subscription, and Management Group.

2. Efficient Cleanup: Easily delete or update resources across scopes with a single call to the deployment stack resource.

3. Unwanted Changes Control: Block accidental changes to resources with deny settings capability of a deployment stack, offering specific control over who can write or delete resources.

4. Flexible Management: Whether you want to detach a resource, prevent deletion, or exclude specific principals or actions, Deployment Stacks provide a versatile way to manage resources.

Azure's Deployment Stacks is an innovative step towards more efficient and secure resource management. The ability to handle resources in a more coordinated and controlled manner makes it an appealing feature for developers and administrators alike.

.NET Nook

C#'s Record Keyword: Understanding the Pitfalls of the 'With' Keyword

The record keyword in C# 9 has introduced a new way to work with immutable data structures, but it can lead to some tricky and often overlooked issues, particularly when using the with keyword with reference types.

This article explores the complexities of copying records that contain reference types and presents solutions to avoid unexpected behavior. Two main approaches are highlighted: using property setters when copying, and implementing a “copy constructor.”

Khalid Abuhakmeh emphasizes the importance of understanding value and reference types when working with records, recommending the use of a copy constructor for intentional copying to prevent potential bugs.

It’s about time

Working with time in software development has long been a complex issue, but it seems it's about time that this comes to an end.

In .NET 8, Microsoft introduces new packages that simplify testing time-dependent logic, providing an abstraction for handling time and timers. The post delves into the features of Microsoft.Bcl.TimerProvider and its testing partner, Microsoft.Extensions.TimeProvider.Testing, which offer methods to control values for time and create Timer instances.

This newfound control over time, demonstrated through examples in the post, brings ease and precision to testing, allowing developers to "be a time lord" in their codebase.

Closing Thoughts

The past three weeks have been bustling with innovation, creativity, and new horizons in the world of software development. From significant strides by GitHub to the latest advancements in Bicep, .NET, and beyond, we are witnessing an exciting era of technological growth.

Thank you for accompanying me on this journey through your subscription to MindByte Weekly Pulse!

If you find these insights valuable, I encourage you to forward this email to fellow tech enthusiasts or invite them to subscribe if they haven't yet.

Together, let's continue to explore, learn, and embrace the future of development.