RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "So I've been focused on the code to cloud journey, I like to call it, for the template. And two years ago, my goal was to provide a solution that could take you from code to cloud in 45 minutes or less. So I wanted it to be "file new project" to deploy a solution on Azure—because that's where my main focus is—within 45 minutes."— Jason Taylor Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Jason Taylor (no relation) joined us to talk about his journey from Classic ASP to .NET and Azure. He also discusses clean architecture’s maintainability, and his open-source Clean Architecture Solution template for ASP .NET Core, along with strategies for learning new frameworks and dealing with complexity. "Right now the template supports PostgreSQL, SQLite, and SQL Server. If you want to support MySQL, it's relatively easy to do because there's already a Bicep module or a Terraform module that you can go in and use it. So I went from 45 minutes to now I can get things up and running in like, I don't know, two minutes of effort and 15 minutes of waiting around while I make my coffee"— Jason Taylor Along the way, we talk about some of the complexities involved with creating a template which supports multiple different frontend technologies and .NET Aspire (which was news to me when we recorded), all the while maintaining the goal of being the simplest approach for enterprise development with Clean Architecture. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/from-code-to-cloud-in-15-minutes-jason-taylors-expert-insights-and-the-clean-architecture-template/ Jason's Links: Jason's Clean Architecture repo on GitHub Jason's Northwind Traders with Clean Architecture repo on Github Connect with Jason Jason's RapidBlazor repo on GitHub Other Links: C# DevKit for Visual Studio Code Code, Coffee, and Clever Debugging: Leslie Richardson's Microsoft Journey and the C# Dev Kit in Visual Studio Code with Leslie Richardson dotnet scaffold devcontainers .NET Aspire Azure Developer CLI GitHub CLI Obsidian Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

Show Notes "If you talk to people that have been doing Terraform for many years, they're going to tell you that, "Terraform is the law and Terraform is the way to go." But like you said, there's different tools, I would say, or languages that you can use for infrastructure as code. And it really depends what you want to do, what your developers are used to or are comfortable with and what works with your organization as it should be with any tool in software development. You got to grab the one or use the one that is more appropriate for your use case, your scenario, your organization"— Sam Gomez Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Sam Gomez joined us to talk about Infrastructure as Code, why you might want to think about using something like Terraform and Bicep, and how they can help you to automate your deployments to the public cloud. Sam also talks about best practises for CI/CD and ways to test your Infrastructure as Code ahead of running it--something that we've all felt the pain of in the past, I'm sure. "Terraform has what's called validation for your parameters. So like I said, you can set up a validation that says, "the only values for the SKU for a SQL server are basic," for example. And if somebody tries to give a different value to that particular parameter, it'll stop automatically and say, "okay, this validation has failed. You know, the value allowed is this one." You can do the same thing with Bicep. So that's another added layer of protection against making these kind of mistakes and adding or configuring the wrong values in your deployments"— Sam Gomez Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Podcasthon 2025! One last thing before we start the episode: we're super happy to participate in the 3rd edition of Podcasthon For one week, more than a thousand podcasts will highlight a charity of their choice. And today, I have the pleasure of welcoming Andy's Man Club to the show. Throughout this episode, I'll interrupt the conversation a few times to talk about the importance of mental fitness. The reason that I've picked Andy's Man Club is because mental health support is very important to me. I've used their groups for almost two years and have had the honour of being asked to step up and help run one of those groups. If you'll forgive the name for now, Andy's Man Club is a UK-based charity which organises weekly, informal, peer-to-peer talking groups for anyone over the age of 18 who identifies as male. I'll talk more about Andy's Man Club later in the episode. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/deploying-with-confidence-sam-gomez-on-terraform-bicep-and-infrastructure-as-code/ Music Used In This Episode This contains some copyright free music during the interstitials. Each of the pieces of music (linked below) were created by YouTube user HoobeZa, and we thank them for making their work free to use. If you liked the music we used, check out links to the pieces below: "Lounge" "Mellow" "Golden" "Release" Podcasthon 2025 This episode of the podcast contains support for both Podcasthon, Andy's Man Club, and Capes on the Couch. Please feel free to check out both projects at the links below. Podcasthon! Andy's Man Club Capes on the Couch And please remember to check in on your own mental fitness from time to time. Useful Links Sam on LinkedIn Dad's in Tech The bus factor Terraform Registry Azure Verified Modules Bicep for VS Code Terraform extension for VS Code Terraform CNCF Hashicorp Developer Website Sam's MVP profile Sam on X Sam on BlueSky Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "And I think this is really the key factor in software development. I think it's really to keep complexity low, because in most projects, unless you are writing an operating system, a framework or rocket navigation you are not coding against hardware; like the hardware is not your bottleneck. You are coding against human brains, cognitive abilities of your team; like how many smart people your company is able to put on your team, this is your limiting factor so we need to keep complexity low and I think it's really the most important benefit."— Gael Fraiteur Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie is suffering with a throat infection. In this episode, Gael Fraiteur joined us to talk about Metaprogramming with Metalama. Gael is the original author of the wildly successful PostSharp and has been working with the aspect-oriented programming pattern for over 20 years. In this conversation we talk about how metaprogramming (regardless of whether you use Metalama to achieve that or not) can save on both the complexity and the number lines of code in your projects. "Well, there are studies that try to correlate the cost of software projects to the number of lines of code. And the conclusion is: it is more or less a linear dependency. A bit super linear. That means that if you have 15% fewer lines of code, you are going to get 15% lower development cost. So that's the easiest part"— Gael Fraiteur Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. My voice was created using Generative AI. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/metaprogramming-with-gael-fraiteur/ Gael's Links: Gael on LinkedIn PostSharp on LinkedIn Metalama: Metalama homepage Documentation Marketplace GitHub Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "I always believe, and this is taking my kind of Microsoft hat off, and I'm sharing my personal view here. I definitely believe regardless of the public cloud provider in question, they're all part of a bigger ecosystem. And I emphasize the word ecosystem. I believe security as, you know, a problem statement of our time, it's just so complex that it really can't be solved by a single company or by a single organization or a single individual. You really need to see like collaboration and cooperation taking place across different sectors, across different public cloud providers."— Bojan Magušić Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Bojan Magušić joined us to talk about both his new book "Azure Security" but also his work as part of the security team at Azure and his top tips for protecting your digital landscape (aka your apps and services) on the public cloud. Not only did Bojan and I talk about the security aspects of protecting your public cloud digital landscape, but we also talked about how all the public cloud providers actually work together to ensure that everyone is protected from CVEs and exploits when they are discovered. An application of the Infinite Game, if you will—if you're not sure what that is, we cover that in the episode, too. "So instead of at times you know thinking of it as a zero-sum game, I definitely believe there is opportunity to kind of expand the ecosystem and partner in meaningful ways where we can share information and share insights and guidance and even skill sets that are going to make us all as an industry and, you know, as clients more secure."— Bojan Magušić Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-infinite-game-meets-azure-security-with-bojan-magusic/ Useful Links Bojan on LinkedIn Azure Security OWASP ZAP—now owned by Checkmarx Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "This should be a mantra for anyone working on web applications or web APIs: you should validate any input of the application as much as possible. When you conceptualize it, all the malicious input into your application comes across in an HTTP request at some point. It's either in the URL or in the body. That's generally speaking, unless you have a supply chain attack, that's generally the vector by which your application will be attacked. Before you even start to kind of think about specific vulnerabilities, if you narrow down what is permissible input right out of the gate, then you kind of close the door on so many different vulnerabilities without even thinking about it."— Malcolm McDonald Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Malcolm McDonald joined us to talk about the importance of Application Security, knowing the basics of secure coding, and backing that all up with both "secure by default" designs, and subscribing to CVE notifications. "So what you find in your career is that if you set down kind of sensible default behaviour in your codebase earlier on, then everyone will follow that. You establish, kind of, best practices. It might take a little bit longer, but if you say, "this is the way we do this over here," then even yourself when you, kind of, come back to, will kind of, reproduce that path. So the initial, kind of, like first few check-ins to your source control are key to, like, establishing best practice"— Malcolm McDonald One note before we begin: some of Malcolm's audio is a little rough. Mark, our superstar editor, has done what he can, but there are parts that might be a little unclear. If you have trouble with the audio, please remember that there is a full transcription linked in the accompanying show notes. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/grokking-application-security-malcolm-mcdonald-on-securing-your-apps/ Useful Links Malcolm on LinkedIn Grokking Application Security Hacksplaining Hash function Don't Accept The Defaults Bcrypt Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "From the very first lesson of "Hello, World" they teach us to make insecure code. So the first thing with "Hello, World" is how to output to the screen. That is fine. But the second part of "Hello, World" is: you ask them their name, you take their name. you don't validate it, and then you say "Hello," and you reflect their name back onto the screen with no output encoding. And then you just made cross-site scripting. And right from the very first lesson, we teach everyone wrong in pretty much every language, and so as a result we end up with a lot of people doing code the wrong way. Like, universities are still teaching lots of things wrong. And so I'm hoping that this book will help."— Tanya Janca Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie's throat infection returned, making it tough for him to record this intro. In this episode, we welcomed Tanya Janca back to the show. This conversation marks her third appearance on the show, and a slight change in focus to Secure Coding. We talk about how developers are taught to write insecure code from day one (or "Hello, World!"), about how her new book "Alice and Bob Learn Secure Coding" could help with that, the many hours of free education and learning that Tanya has created alongside the book, and how both data scientists and academics approach software development differently to some of us developers. "There are so many amazing security features in .NET. There's so many. Like, because I... I wrote about eight different frameworks and .NET by far had the absolute most different security features. And part of it, some of them are from Windows. Some of them are from C... because I wrote about C# and .NET. And to be quite honest, audience, I mixed them up quite a bit because, "what is specifically C#, and what is specifically .NET," got a bit confused in my brain. But I'm like, all of it's good. Do all of it"— Tanya Janca Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. My voice was created using Generative AI. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-security-expert-speaks-tanya-janca-on-learning-to-code-securely/ Tanya's Previous Appearances: Episode 77 - Application Security with Tanya Janca Episode 105 - More Application Securuty with Tanya Janca Useful Links Tanya's books Tanya's newsletter Hello, World Don't Accept The Defaults Semgrep Okta Pushing Left, Like a Boss: Part 1 Owasp DAST (Dynamic Application Security Testing) SAST (Static Application Security Testing) Semgrep Academy (previously known as WeHackPurple Academy) Application Security Foundations Level 1 Owasp Juice Shop OwaspHeaders.Core Owasp Top Ten Content-Security-Policy Trusted Types Jason Haddix Retrieval-Augmented Generation (aka RAG) Posting Malicious Code as an Answer Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "So we're dealing with code bases that are getting bigger and bigger every day. You know, those million line code bases, two million line code bases is not unusual. We are being pushed to do more. I remember when I was working at Microsoft a couple of years ago, Satya Nadella, CEO, his favourite phrase was, "you have to do more with less." But yeah, so Satya was big on this idea of do more with less. And this has kind of resonated across the industry as a whole."— Jim Bennett Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie is suffering with a throat infection. In this episode, Jim Bennett returns to the show after a six-year absence. In his previous appearance, Jim introduced us to Xamarin, but in the time since that appearance, Xamarin has been sunsetted. So it felt natural to start our conversation about the wonderful outpouring of support over on X with the hashtag #XamarinGaveMe. The main topic of conversation is about Generative AI, Large Language Models, and how the new startup, Pieces, can help developers to keep the context of what they are working on at the front of their mind at all times; both when they are online and off. "If I said to you, "which character from the Pixar movie Up are you?" The answer is going to be, "Doug," we're all Doug. We're all like, "squirrel!" So if we have to go from our IDE to a browser to ask a question, we're reading email on the way. We are looking at chat tools on the way. Oh, we're in a browser. "Oh, I've got a notification on Blue Sky. I'm going to have a look at that." We are context switching. We are distracted. We are drinking coffee. We are losing our productivity"— Jim Bennett Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. My voice was created using Generative AI. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/unlocking-the-power-of-ai-jim-bennett-on-pieces-for-developers Jim's Links: Jim's linked on Link Tree Pieces Pieces Discord #XamarinGaveMe Xamarin in Action (AKA Jim's book on Xamarin) Jamie's Public NuGet Packages: OwaspHeaders.Core ClackMiddleware OnionArch.Mvc Useful Links Generative AI for .NET Developers with Amit Bahree Ollama OpenVino LLMs Mentioned: Llama Microsoft Phi Mistral Qwen-2.5 which Jamie mis-names as Quon. Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

Scott Harden, a neuroscientist and dentist turned tech expert, dives into the world of NuGet packaging. He explains the fundamentals of creating packages and introduces tools like NuGet Package Explorer. Scott shares his unique career transition, emphasizing the value of NuGet packages in .NET development. The conversation also highlights debugging best practices with SNUPKG files and the design impact of adding icons to packages. Lastly, he advocates for open-source contributions, urging listeners to engage with the tech community.

In this engaging discussion, Scott Harden, a neuroscientist and dentist turned software developer, shares his journey from healthcare to the open-source world. He dives into the complexities of licensing, monetization challenges, and the importance of digital legacies. Scott highlights personal experiences with NuGet packages and the necessity of clear agreements in open-source projects. He also reflects on the supportive community backing that sustains ad-free projects and the emotional impact of small gestures of support from users.

Scott Harden, a neuroscientist and dentist, dives into the spirit of open source, sharing insights from his journey in tech. He discusses his popular library, ScottPlot, which surprisingly gained a million and a half installs. Scott highlights how open source fosters skill development and emphasizes the importance of community engagement. He reflects on the challenges of maintaining open source projects, including mental health concerns, and illustrates the power of collaboration in addressing personal and communal coding challenges.