RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "From the very first lesson of "Hello, World" they teach us to make insecure code. So the first thing with "Hello, World" is how to output to the screen. That is fine. But the second part of "Hello, World" is: you ask them their name, you take their name. you don't validate it, and then you say "Hello," and you reflect their name back onto the screen with no output encoding. And then you just made cross-site scripting. And right from the very first lesson, we teach everyone wrong in pretty much every language, and so as a result we end up with a lot of people doing code the wrong way. Like, universities are still teaching lots of things wrong. And so I'm hoping that this book will help."— Tanya Janca Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie's throat infection returned, making it tough for him to record this intro. In this episode, we welcomed Tanya Janca back to the show. This conversation marks her third appearance on the show, and a slight change in focus to Secure Coding. We talk about how developers are taught to write insecure code from day one (or "Hello, World!"), about how her new book "Alice and Bob Learn Secure Coding" could help with that, the many hours of free education and learning that Tanya has created alongside the book, and how both data scientists and academics approach software development differently to some of us developers. "There are so many amazing security features in .NET. There's so many. Like, because I... I wrote about eight different frameworks and .NET by far had the absolute most different security features. And part of it, some of them are from Windows. Some of them are from C... because I wrote about C# and .NET. And to be quite honest, audience, I mixed them up quite a bit because, "what is specifically C#, and what is specifically .NET," got a bit confused in my brain. But I'm like, all of it's good. Do all of it"— Tanya Janca Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. My voice was created using Generative AI. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-security-expert-speaks-tanya-janca-on-learning-to-code-securely/ Tanya's Previous Appearances: Episode 77 - Application Security with Tanya Janca Episode 105 - More Application Securuty with Tanya Janca Useful Links Tanya's books Tanya's newsletter Hello, World Don't Accept The Defaults Semgrep Okta Pushing Left, Like a Boss: Part 1 Owasp DAST (Dynamic Application Security Testing) SAST (Static Application Security Testing) Semgrep Academy (previously known as WeHackPurple Academy) Application Security Foundations Level 1 Owasp Juice Shop OwaspHeaders.Core Owasp Top Ten Content-Security-Policy Trusted Types Jason Haddix Retrieval-Augmented Generation (aka RAG) Posting Malicious Code as an Answer Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "So we're dealing with code bases that are getting bigger and bigger every day. You know, those million line code bases, two million line code bases is not unusual. We are being pushed to do more. I remember when I was working at Microsoft a couple of years ago, Satya Nadella, CEO, his favourite phrase was, "you have to do more with less." But yeah, so Satya was big on this idea of do more with less. And this has kind of resonated across the industry as a whole."— Jim Bennett Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie is suffering with a throat infection. In this episode, Jim Bennett returns to the show after a six-year absence. In his previous appearance, Jim introduced us to Xamarin, but in the time since that appearance, Xamarin has been sunsetted. So it felt natural to start our conversation about the wonderful outpouring of support over on X with the hashtag #XamarinGaveMe. The main topic of conversation is about Generative AI, Large Language Models, and how the new startup, Pieces, can help developers to keep the context of what they are working on at the front of their mind at all times; both when they are online and off. "If I said to you, "which character from the Pixar movie Up are you?" The answer is going to be, "Doug," we're all Doug. We're all like, "squirrel!" So if we have to go from our IDE to a browser to ask a question, we're reading email on the way. We are looking at chat tools on the way. Oh, we're in a browser. "Oh, I've got a notification on Blue Sky. I'm going to have a look at that." We are context switching. We are distracted. We are drinking coffee. We are losing our productivity"— Jim Bennett Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. My voice was created using Generative AI. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/unlocking-the-power-of-ai-jim-bennett-on-pieces-for-developers Jim's Links: Jim's linked on Link Tree Pieces Pieces Discord #XamarinGaveMe Xamarin in Action (AKA Jim's book on Xamarin) Jamie's Public NuGet Packages: OwaspHeaders.Core ClackMiddleware OnionArch.Mvc Useful Links Generative AI for .NET Developers with Amit Bahree Ollama OpenVino LLMs Mentioned: Llama Microsoft Phi Mistral Qwen-2.5 which Jamie mis-names as Quon. Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

Scott Harden, a neuroscientist and dentist turned tech expert, dives into the world of NuGet packaging. He explains the fundamentals of creating packages and introduces tools like NuGet Package Explorer. Scott shares his unique career transition, emphasizing the value of NuGet packages in .NET development. The conversation also highlights debugging best practices with SNUPKG files and the design impact of adding icons to packages. Lastly, he advocates for open-source contributions, urging listeners to engage with the tech community.

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "I don't want to go into the details right now, but for the listeners, I will say that we are right in the middle of an explosive situation right now with some WordPress drama. WordPress and WP Engine are experiencing a lot of the fallout, kind of related to what we talked about in the last episode, where you start out with some good intentions and then you get in a situation where both sides kind of feel burned. And I'm not going to say that there's a perfect solution out there, But I do think that this frequent check-ins and asking, you know, "is this good for me and what needs to change for this to be good for my life?" is important."— Scott Harden Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie is suffering with a throat infection. In this episode, Scott Harden joined us to talk more about open-source, software licensing, and a little on some of the most recent NuGet package updates that .NET developers should know about. It's important to note, Scott and Jamie talked about the WordPress controversy which was still unfolding as we recorded (which on October 19th, 2024). They brought it up not to make fun of WordPress or to add fuel to the flames, but to talk about the fact that it highlighted Scott's point about checking in with yourself regularly, as an open-source developer, about whether you're getting what you want from your public repos. Whilst talking about open-source development and licensing, Scott brought up a question on our collective and individual digital legacies. "And this is kind of a startling topic to bring up, but what if you just disappeared tomorrow? Because people just leave because they have some medical situation or some life situation, or they die. And this happens. This happens in software. We'll talk about some specific examples in a minute. But, you know, if you disappear tomorrow, it's interesting to think about kind of what your digital legacy would be. And, you know, you could have left this thing behind in a way that it could have been used by everyone or anyone."— Scott Harden This episode has a lot of resources in the accompanying show notes, so if you're listening along in a podcast player make sure to head to the website (there'll be a link). That way you don't miss out on all the wonderful things Scott and Jamie talked about. As a form of trigger warning, at around the 58 minute mark Scott talks about how his own journey with cancer brought the idea of his digital legacy to the forefront for him. Both Scott and Jamie also talk about the late Abel Wang and Pieter Hintjens. And they talk about other examples of developers who are very public with their health struggles: Jeremy Likness and (previous guest of the show) Jon Smith, who suffer with Alzheimer's disease and dementia respectively. We understand completely if you want to skip this entire section. But we also feel that there are very important points raised whilst talking about these, less cheery, matters. This conversation makes up the bulk for the final 10-15 minutes of the episode. Aside from a teaser for the next part (which is all about NuGet packages), you won't miss anything .NET specific if you choose to skip this part. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/open-source-and-our-digital-legacies-with-scott-harden/ Scott's Links: scottplot.net swharden.com GitHub LinkedIn Jamie's Public NuGet Packages: OwaspHeaders.Core ClackMiddleware OnionArch.Mvc Useful Links GNU Terry Pratchett OWASP Secure Headers Project GitHub sponsors Jamie on Coffee and Open Source with Isaac Levin The WordPress vs VP Engine drama, explained What we know about the xz Utils backdoor that almost infected the world .NET Foundation Finding Strength in Weakness by Jeremy Likness How to update a NuGet library once the author isn't available by Jon Smith Entity Framework Core with Jon Smith A protocol for dying Get Busy Living with Abel Wang ScottPlot.NET: GitHub NuGet scottplot.net The charts that Scott was referring to when talking about downloads per day, can be seen here Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "One of the projects that I work on right now that's probably one of my more successful ones, It's a scientific data visualization library for .NET. It's called ScottPlot. The name is silly. It's because when I made it, I thought I was the only person going to be using it. And then some other people started using it and that wasn't totally unexpected. But now it's about a million and a half installs on NuGet. I think it has like 5,000 stars on GitHub. It's really cool just to watch this thing grow."— Scott Harden Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am not your host: Jamie. I'm Delilah and I will be recording the intro for this episode because Jamie is suffering with a throat infection. In this episode, Scott Harden joined us for the first of three episodes on .NET, open source, and NuGet. This part of the conversation is all about what Scott calls "The Spirit of Open Source in a Modern .NET World." This is the background information on why Scott (and Jamie) believe that developers should look to creating open source works, putting them out there, and gathering feedback from people. Not only will it enhance your technical skill set (and very quickly), but it will also allow you to get experience at failing in a safe space: in public. "Now, humans evolved to like helping people in our in-group. And I think it means a lot that we treat anonymous strangers on the Internet, or we can treat them. Obviously, this can go wrong. But we can treat them as part of our in-group. Like, "hey, we are all in this technical world together. We are struggling. Let's figure this out together." And that bridge of trust and effort and you're sharing your knowledge with another person, it is such a positive experience all around the table"— Scott Harden This episode has a lot of resources in the accompanying show notes, so if you're listening along in a podcast player make sure to head to the website (there'll be a link). That way you don't miss out on all the wonderful things Scott and Jamie talked about. And remember, this is just part one. In the next two parts, Scott and I talk about creating NuGet packages, ensuring their safety and security, and how to be a good citizen of the open source community. Talk about a festive gift for you all. And definitely go ahead and check out Scott's work and writings. He's a really interesting person, an amazing open source contributor, and an all-round great person. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-spirit-of-open-source-in-a-modern-net-world-with-scott-harden/ Scott's Links: scottplot.net swharden.com GitHub LinkedIn Useful Links Job crafting Left-Pad incident The story behind colors.js and faker.js What we know about the xz Utils backdoor that almost infected the world Hello, Duende Double-precision floating-point format Dave Farley Sigstore Add support for sigstore as signing method for NuGet packages The Primeagen Coding Blocks Some episodes of this show focusing on App Security and dependency management The Risks of Third Party Code With Niels Tanis Application Security with Tanya Janca Building Secure Software: Unveiling the Hidden Dependencies with Niels Tanis Managing Dependencies with M. Scott Ford Breaking Up with Tech Debt: A Love Story with M. Scott Ford Books that Jamie gives to interns: The Life-Changing Magic of Tidying Up by Marie Kondo Start With Why by Simon Sinek Essentialism: The Disciplined Pursuit of Less by Greg McKeown ScottPlot.NET: GitHub NuGet scottplot.net The charts that Scott was referring to when talking about downloads per day, can be seen here Code Licenses mentioned (in order): MIT CC0 Apache 2 L-GPL v3 WTFPL Programming languages Jamie mentioned (in order) Go Odin Zig Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Podcasting Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "So part of what Resilient Programming is about and what the framework does is that it kind of like tries to provide a nice abstraction, a developer-friendly abstraction for implementing distributed systems."— Thomas Sylvest Welcome friends to The Modern .NET Show; the premier .NET podcast, focussing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Thomas Sylvest joined us to talk about both Resilient Programming and Cleipnir .NET - a framework that Thomas worked on to implement the concepts of Resilient Programming in .NET applications. Cleipnir, and Resilient Programming, are fantastic for supporting message-driven architectures; whether you've built a monolith, series of microservices, or anything in between. "But the idea is the same, kind of like that you try and remember the result of actions that you've done in a way that if you then start again, you won't... you kind of like you'll check in your little notebook if you already performed this action. If you did then you'll just return the result of the previous execution. If you look in your in your notebook and you can see, 'okay actually I haven't done this before' you will then perform the action"— Thomas Sylvest Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/cleipnir-and-beyond-on-resilient-development-practices-with-thomas-sylvest/ Useful Links Paxos Raft Polly .NET Hangfire Quartz Inbox and outbox pattern Idempotence Azure Durable Functions Mass Transit Rebus NServiceBus Thomas on LinkedIn Microsoft Open: Introduction to Cleipnir.Flows a tool to get resilient code Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

Metalama This episode of The Modern .NET Show is supported, in part, by Metalama, reduce your boilerplate code by up to 15% with Metalama's C#-to-C# template engine and reduce your code complexity today! Show Notes "Like the whole point is to learn a system of thinking, like to learn how to analyze; how to, like, pick out what's happening and identify your problem, and then to implement a solution that fits your needs."— Harrison Ferrone Welcome friends to The Modern .NET Show; the premier .NET podcast, focussing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Harrison Ferrone joined us to talk about his journey from being an English major to a self-taught programmer and instructional author focused on accessible tech education. Harrison also talks about his book, "Learning Design Patterns with Unity," which is designed as a practical guide for game development using well-known patterns while emphasizing the importance of quick wins in learning. "Like we do so much work in the later parts of each chapter with like pattern variations and customisations, because I want readers and students and learners to like, look at it, look at the first, you know, 70% and be like, "oh, but what, oh, oh, we're going to talk about what ifs. Fantastic. Cause I have a lot of what ifs.""— Harrison Ferrone Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/the-art-of-teaching-programming-using-unity-an-interview-with-harrison-ferrone/ Useful Links Learning Design Patterns with Unity Design Patterns (AKA "The Gang of Four") Game Programming Patterns by Robert Nystrom KonMari method Thinking in Systems by Donella Meadows Chaos Monkey Atomic Habits by James Clear Rosetta Stone Unity Learn Explore the Unity Editor - Unity Learn GitHub repo for the book Harrison on LinkedIn Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast.

In this discussion, Erik Jensen, a Microsoft MVP and maintainer of EF Core Power Tools, shares insights on streamlining database development. He highlights how EF Core Power Tools simplifies reverse engineering existing databases and empowers developers to manage database schemas with ease. Jensen emphasizes the importance of user-friendly interfaces and effective error reporting. He also touches on collaboration in open-source projects and the integration of static analysis tools that help enhance code quality and maintain schema integrity.

Adrian Mouat, a technical community advocate at Chainguard and author specializing in secure container images, dives into the evolving landscape of container security. He discusses the Docker init command, which simplifies project setup with best-practice Dockerfiles. Adrian emphasizes the importance of multilayered security strategies and the role of Software Bills of Materials (SBOM) for compliance. He also highlights how attestation can verify software integrity, shedding light on securing development pipelines and managing vulnerabilities effectively.

Dejan Miličić, Head of R&D at RavDB and a seasoned software consultant with 25 years of experience, discusses the essence of maintaining software systems over time. He emphasizes that developers spend 90% of their time on change requests rather than building new systems. Dejan dives into CQRS, exploring its benefits in system design, while addressing common misconceptions. He also warns against premature optimization and vendor lock-in, advocating for a deep understanding of historical programming practices to enhance modern development.