MindByte Issue #44: GitHub's Knowledge Voyage
Embarking on a Journey of Certification, Unveiling Secrets of Secure Credential Management, and Navigating the Conveniences of .NET – Your Compass to This Week's Tech Discoveries
Welcome to another edition of the MindByte Weekly Pulse, your weekly dose of bytes and bits from the tech universe.
As the autumn leaves gently fall, so does the cascade of exciting updates from the realms of GitHub, Azure, and DotNet. Like a squirrel preparing for winter, I've foraged the digital woods to bring you some nutty (and nutritious) nuggets of information.
Gif by RobertEBlackmon on Giphy
Pulse of the week
The waves of knowledge sharing at GitHub continue to ripple with the introduction of their new Certifications program, hot on the heels of the previously unveiled Learning Pathways. It's crystal clear that GitHub is steadfast in fostering a culture of continuous learning and professional growth among its vast community of developers.
This new Certifications initiative is a shining beacon of GitHub's investment in nurturing expertise and ensuring that developers have credible avenues to validate and showcase their skills. It's a testament to GitHub's commitment to not just being a repository of code, but a repository of knowledge and a platform for learning, validation, and growth.
GitHub's Certifications: A Leap Towards Credible Skill Validation
GitHub's impending certification program, launching in 2024, is a strategic move to offer a concrete validation of developers' skills in GitHub Foundations, Actions, Advanced Security, and Administration.
For software developers, this program not only elevates professional credibility, but also fosters a culture of continuous learning and excellence.
Having personally secured Advanced Security and GitHub Actions certifications as a GitHub Partner, I can attest to the program's potential in propelling your technical expertise.
GitHub Unveils M1 macOS Runner: A Giant Leap in CI/CD Efficiency
GitHub has introduced a new Apple silicon powered M1 macOS larger runner for GitHub Actions, significantly enhancing performance with its GPU hardware acceleration.
This innovation leads to up to 80% reduced build times compared to the previous Intel runners, making continuous integration and deployment (CI/CD) much faster and efficient.
Especially beneficial for Apple developers, this update comes with a reduced price for macOS larger runners, aligning with GitHub's dedication to provide a superior and cost-effective developer experience.
Peering Into GitHub's Communication Code: Principles, Practices, and Tools
Delve into GitHub Engineering's unique communication ethos, honed over 15 years of remote collaboration. This glimpse reveals their "How we communicate" guidelines, aimed at fostering seamless internal coordination.
It's a rare peek behind the curtain, showcasing how GitHub navigates daily operations, planning, and discussions, even employing GitHub tools to manage AI projects.
This disclosure could serve as a valuable blueprint for organizations looking to refine their remote communication strategies and gain insights into managing complex, tech-centric projects like AI initiatives.
Harnessing GitHub Data: A Dive into Elasticsearch Integration
GitHub, a treasure trove of data generated through various interactions, unveils potential insights when integrated with Elasticsearch and Kibana.
The article, penned by a GitHub Expert Services engineer, highlights the challenges and limitations of traditional data retrieval via the GitHub API, and introduces webhooks as a scalable solution to capture real-time GitHub events.
With the aid of Docker, the author guides readers in setting up Elasticsearch and Kibana, creating a conduit for aggregating GitHub webhooks, and building dashboards to visualize and analyze the data.
This exploration unfolds an engaging avenue for GitHub users to derive actionable insights from their repositories, transcending simple use cases to foster informed development and business investment decisions.
Elevating Security: GitHub's Secret Scanning Validity Checks
GitHub's new feature, secret scanning validity checks for major cloud services like AWS, Microsoft, Google, and Slack, marks a significant stride in enhancing security.
This feature allows for the automatic verification of the activity status of tokens, aiding in swift remediation efforts by identifying inactive tokens, which is crucial in the prevention of credential leaks.
By extending validity checks beyond GitHub tokens, this update empowers organizations with a robust tool to ensure a secure and efficient operational environment.
Bridging Creative Worlds: GitHub Sponsors Partners with Patreon
GitHub Sponsors expands its horizons by partnering with Patreon, opening doors to extended funding opportunities for open source developers and projects.
This collaboration aims to bridge the gap between GitHub and Patreon communities, allowing sponsors to link their accounts on both platforms, thereby expanding the reach of potential sponsorship opportunities.
This initiative also marks GitHub Sponsors' expansion to 35 new regions globally, now supporting a total of 103 regions, thus broadening the spectrum of developers who can receive sponsorships.
On a lighter note, while I've enabled sponsorship on my open source repository, it seems like the "Sponsor" button is the loneliest button on my GitHub page. But with these new features, I'm hopeful it might get some love, or at least a friendly hover, in the near future!
This expansion not only underscores GitHub's commitment to fostering a sustainable open source ecosystem but also provides a new avenue for creators to build and maintain thriving communities while pursuing open source careers.
Unlocking Azure CLI's Potential: A Deep Dive into Performance Optimization
In a detailed investigation, Jesse Houwing, a colleague of mine, explores the performance issues encountered with Azure CLI (az-cli) on GitHub Actions and Azure Pipelines hosted runners, especially on Windows. Here are the key takeaways:
1. Case Sensitivity: The casing of commands in
az significantly affects the execution time. For instance,
az version executes much faster than
az Version due to case-sensitive command lookup, which triggers a command index rebuild in the latter case.
2. Authentication Methods: Various authentication methods were tested, revealing that using the
AZURE_DEVOPS_EXT_PAT environment variable should ideally be the fastest way to authenticate to Azure DevOps. However,
az devops login attempts to install python's
keyring package during the first run, slowing down the process. A pull request was initiated to force
keyring installation during image creation to address this issue.
3. Command Index Rebuild: The first run of
az on hosted runners triggers a command index rebuild, slowing down the process. This happens because the command index doesn't exist in the user profile of the user running the workflow. A pull request was made to move these folders to a persistent location, speeding up the performance substantially.
4. Python Compilation: The first run of
az on hosted runners causes python compilation since the
~/.azure-devops directories aren't available to the user running the workflow. Setting environment variables and warming up
az devops during image generation were proposed as solutions to mitigate this issue.
These insightful findings from the trenches not only shed light on the nuances of
az-cli performance but also contribute to the community by providing actionable solutions to enhance workflow efficiency on hosted runners.
Thanks Jesse for getting us faster pipelines!
Azure Updates & Insights
Azure SQL Database's Free Tier: An Inviting Start for Newcomers and Developers
Microsoft's public preview of Azure SQL Database free offer is a boon for new and existing users, offering a 32 GB General Purpose database with 100,000 vCore seconds of compute monthly, at no cost.
Especially tailored for those new to Azure or needing a development database for proof of concept, this initiative provides a cost-effective, manageable way to explore Azure SQL Database's capabilities while piloting projects. With easy setup via Azure portal and options to manage usage beyond free limits, it's a valuable offer for users to delve into Azure's database services.
Azure Arc & Key Vault: A New Horizon in Secure Credential Management
Managing secrets safely is pivotal in software development and deployment. A common misstep is embedding secrets in source code or configuration files, which can lead to unauthorized access.
Azure Key Vault is a remedy, but for on-premises applications, authentication was a hurdle. Now, with Azure Arc, on-premises servers can have an Azure managed identity, simplifying secure access to Azure Key Vault without storing credentials in code or configuration files.
This integration enhances security practices significantly, ensuring your organization's secrets remain well-protected.
Elevate Your Coding Experience with .NET's Convenience Spectrum
The .NET platform is continually evolving to enhance the ease and efficiency of coding endeavors. The recent blog post on the .NET Blog kickstarts a series discussing how .NET designers are working towards weaving convenience into common coding tasks, aiming to strike a balance between high-level utility APIs and lower-level APIs to cater to different needs.
The concept of a "convenience spectrum" is introduced, portraying a range from 'control' to 'convenience' that developers can traverse depending on their project requirements.
For instance, reading a text file can range from using `File.OpenHandle` + `RandomAccess.Read` for the most control, to `File.ReadAllText` + `string` for the utmost convenience. Similarly, for reading JSON text, options range from `Utf8JsonReader` + `Pipelines` or `Stream` to `JsonSerializer` + `string`.
This spectrum showcases .NET's versatility, enabling developers to choose their comfort level of control versus convenience, making the .NET platform a more adaptable and user-friendly environment for diverse coding needs.
As we wrap up this week's exploration, a hearty thank you for sailing through the digital waves with me in the MindByte Weekly Pulse.
If you haven’t already, do hit the subscribe button to stay in the loop with our weekly dispatches and do hit reply if you want to share or contact me.
Thank you once again, and here’s to many more journeys on the byte-sized waves of the tech ocean!
Warmest regards, Michiel