--- This is the second part on the VirtualGuard Protector series which focuses on the virtualizat| mrT4ntr4's Blog
--- This part focuses more on the basic obfuscation techniques used in .Net samples such as Contr| mrT4ntr4's Blog
| mrT4ntr4's Blog
| mrT4ntr4's Blog
We want CI/CD to inject the production connection string into a .NET Framework app.config during deployment. In source control, we only want test/staging DB connection strings. Developers should still be able to debug locally with test/staging DBs. At deployment, the CI/CD pipeline should replace the connection string with the production one (stored in GitHub Secrets). Question: What’s the recommended way to update or override app.config connection strings in a GitHub Actions workflow for a...| Recent Questions - Software Engineering Stack Exchange
Some identity providers use the EdDSA / ED25519 algorithm to sign and issue tokens. This post shows how to validate the tokens using the Nuget package from ScottBrady and ASP.NET Core. Using the default OpenID Connect setup, the keys are not read and the tokens cannot be validated. The error message could return something like […]| Software Engineering
This post shows how to issue and verify identities (verifiable credentials) using the Swiss Digital identity and trust infrastructure, (swiyu), ASP.NET Core and .NET Aspire. The swiyu infrastructur…| Software Engineering
A beginner-friendly tutorial on analyzing .NET malware teaches you how to use common tools, recognize techniques and understand infection chains. The post A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode appeared first on Unit 42.| Unit 42
Unlock Linux's power with Amazon Q Developer's transformation capabilities for .NET porting – effortlessly modernize .NET applications from Windows to cross-platform .NET in your familiar IDE.| Amazon Web Services
To continue a consistent theme about how Wolverine is becoming the antidote to high ceremony Clean/Onion Architecture approaches, Wolverine 4.8 added some significant improvements to its declarative persistence support (partially after seeing how a recent JasperFx Software client was encountering a little bit of repetitive code). A pattern I try to encourage — and many … Continue reading Improved Declarative Persistence in Wolverine→| The Shade Tree Developer
As we kick off the AWS re:Invent 2024 conference, we’re thrilled to introduce two major developer observability and live debugging advancements that bring even greater power and flexibility to developers and engineering teams everywhere. These new product capabilities — the Lightrun Visual Studio Extension and Lightrun Dynamic Traces — are designed to elevate customers’ observability […] The post Lightrun Unveils Game-Changing Visual Studio Extension and Dynamic Traces at AWS ReInve...| Lightrun
Discover the simple yet powerful technique of using bitwise shift operator in C# Enums, and how it can improve the readability and maintainability of your code.| MALTSEV.SPACE
Aprende cómo desplegar Jenkins sobre Azure Kubernetes Service utilizando instancias Spot para maximizar el ahorro sin perder rendimiento. Una guía práctica, 100% CLI, que combina automatización eficiente, resiliencia cloud-native y troubleshooting real en producción.| JMFLORESZAZO
Ejemplo| JMFLORESZAZO
An uncomfortable precedent that should not be repeated - even for CVEs.| aaronstannard.com
This post looks at implementing an OpenID Connect client in ASP.NET Core and require a level of authentication (LoA) implemented using Keycloak. The applications are hosted using Aspire. The LoA is…| Software Engineering
Cuando sabes que tu aplicación va a ir a producción en Kubernetes desde el minuto cero, lo último que quieres es mantener un docker-compose.yml, un .aspire.app, un conjunto de manifiestos k8s/, y encima repetir la configuración en CI/CD. La tentación de crear “entornos de desarrollo paralelos” es alta, pero el coste a medio plazo también lo es.| JMFLORESZAZO
En sistemas distribuidos que usan bases de datos relacionales como SQL Server, es común que múltiples hilos o procesos intenten leer y modificar simultáneamente la misma entidad. Este fenómeno se llama concurrencia y, lejos de ser un bug, es una consecuencia natural de los entornos altamente paralelos y asincrónicos.| JMFLORESZAZO
En arquitecturas distribuidas con Service Bus (como Azure Service Bus, RabbitMQ o NServiceBus), es común recibir mensajes que provocan cambios en nuestro modelo de dominio. Pero… ¿qué ocurre cuando ese modelo ya fue modificado por otro proceso? Este artículo te guía sobre cómo actuar ante errores de concurrencia al reprocesar mensajes, especialmente cuando sigues prácticas de Domain-Driven Design (DDD) y usas concurrencia optimista con una base de datos relacional.| JMFLORESZAZO
¿Qué es NewSQL y por qué importa?| JMFLORESZAZO
Railway Programming is an idea that came out of the F# community as a way to develop for “sad path” exception cases without having to resort to throwing .NET Exceptions as a way of doing flow control. Railway Programming works by chaining together functions with a standardized response in such a way that it’s relatively easy to abort … Continue reading Low Ceremony Railway Programming with Wolverine→| The Shade Tree Developer
It’s a pretty big “Critter Stack” community release day today, as: Marten has its 8.0 release Wolverine got a 4.0 release Lamar, the spiritual successor to StructureMap, had a cor…| The Shade Tree Developer
This post looks at an alternative way of implementing a native app authentication and authorization. At present, a web browser is used to implement authentication of native applications when using OAuth and OpenID Connect. The alternative approach implemented in the post is based on the OAuth 2.0 for First-Party Applications draft and adapted to be […]| Software Engineering
ASP.NET Core provides great extension points for handling OpenID Connect error events. This blog looks at implementing error handling in an ASP.NET Core application implemented using ASP.NET Core I…| Software Engineering
Durante años, hemos soñado con herramientas que entiendan lo que queremos y lo hagan por nosotros. Primero fue el no-code, luego el low-code, y ahora estamos viendo algo mucho más potente. ¿Quieres saber más?...| JMFLORESZAZO
Scale your real-time .NET SignalR apps with Redis and sticky sessions on Heroku for stable connections across multiple servers. Perfect for chat & more!| Heroku
Uni is taking too much of my time, and so I cannot work much on Project Reality and lxmonika.| My Reality Blog
This blog looks at implementing a strong Content Security Policy (CSP) in web applications implemented using Blazor and ASP.NET Core. When implementing CSP, I always recommend using a CSP nonce or at least CSP hashes. If a technical stack does not support CSP nonces, you should probably avoid using this solution when implementing secure and […]| Software Engineering
This blog looks at implementing client assertions for the client credentials flow using OAuth 2.0 Demonstration of Proof-of-Possession (DPoP). The client credentials flow is an OAuth 2.0 authorizat…| Software Engineering
While full Pact specification v3 support is still a while off, you can now verify pacts that use multiple provider states and provider state params from the v3 compliant implementations (eg. JVM and Rust)| Pact Docs Blog
I don’t know what happened but somehow I succeeded to miss the latest .NET Conf Focus edition. And this time, it was all about a topic that ...| bartwullems.blogspot.com
Introducción| JMFLORESZAZO
Github action runs can have these nice generated summaries, like the one for my winget package index. But how do you set them? And can you do that with C#? Read on to see how you can do that as well. Winget index job summary Github Action summaries Back in 2022 Github released Github Actions job summaries. Which is a nice feature that allows you to not only write stuff to the console, but also to write stuff to the build summary.| Coding Stephan
This blog implements client assertions using an OAuth client credential flow in ASP.NET Core. Client assertions provide a secure way for client authentication without sharing a secret, enhancing th…| Software Engineering
Yak-Shaver's Delight| aaronstannard.com
When I went to find the iconic books to learn the .NET stack I came to a shocking realization. There are too many books! 53 books; 30,656 pages; over 757 hours.| Kerrick Long's Blog - Articles about programming, learning, code, books, and ...
Featuring Major Enhancements to The Diagram Tool Eiffel Software is excited to announce the release of EiffelStudio 25.02, the latest version of the powerful software engineering environment. This update introduces significant improvements to the Diagram Tool, along with new features and enhancements across the platform to streamline software development workflows. Key Highlights of EiffelStudio 25.02: [...] The post EiffelStudio 25.02 appeared first on Eiffel Software - The Home of EiffelStu...| Eiffel Software – The Home of EiffelStudio
EiffelStudio 24.05 brings significant .NET Core advancements (net8.0, PDB, debugging), improved graphical environment with new editor commands, and updated libraries. Learn more about this powerful release.| Eiffel Software - The Home of EiffelStudio
It’s just time for an update from my last post on Critter Stack Roadmap Update for February as the work has progressed in the past weeks and we have more clarity on what’s going to chan…| The Shade Tree Developer
This blog shows how to implement a delegated Microsoft On-Behalf-Of flow in ASP.NET Core, and has a focus on access token management. The solution uses Microsoft.Identity.Web to implement the diffe…| Software Engineering
In this blog, I’ll demonstrate how to harness .NET MAUI’s capabilities by building a Google Maps app. I’ll walk you through how to set up your environment and how to integrate native services like the Google Maps Android SDK—all within the modern, unified framework that .NET MAUI provides.| Keyhole Software
In this article, we discuss the tools and TTPs used in the SideWinder APT's attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.| securelist.com
This post shows how to implement phone (SMS) verification and two-factor authentication (2FA) using ASP.NET Core Identity. The solution integrates phone-based verification and 2FA mechanisms. The i…| Software Engineering
Client assertions is a method of client authentication which can be used in OpenID Connect. This provides an alternative to client secrets. This approach enhances security by using signed tokens (J…| Software Engineering
Are you developing an AI-powered application but unsure whether Flutter or .NET MAUI is the right framework for your project? The decision you make can| Keyhole Software
LINQ (which stands for Language Integrated Query) is a library of collection manipulation methods that makes organizing and picking data out of collections much easier. LINQ can save a lot of time that would otherwise be spent writing complicated for or foreach loops. As with the nature of collections in programming, sometimes you will be working with gargantuan data sets and other times with smaller yet complicated collections.| Keyhole Software
En el desarrollo de software, dos principios fundamentales que a menudo se discuten son DRY (Don’t Repeat Yourself) y DAMP (Descriptive and Meaningful Phrases). Ambos buscan mejorar la calidad del código, pero lo hacen de maneras diferentes y, en ocasiones, pueden parecer contradictorios. Sin embargo, al comprender cómo y cuándo aplicarlos, podemos lograr un código limpio, mantenible y fácil de entender.| JMFLORESZAZO
OpenFeature Contributor Spotlight| OpenFeature Blog
Announcing the 2.0 Release of the OpenFeature SDK for .NET| OpenFeature Blog
This blog shows how to implement a delegated OAuth 2.0 Token Exchange RFC 8693 flow in ASP.NET Core, and has a focus on access token management. It looks at how the OAuth Token Exchange can be impl…| Software Engineering
Background| Performance is a Feature!
Over the last few years, I’ve come across more and more research papers based, in some way, on the ‘Common Language Runtime’ (CLR).| Performance is a Feature!
As the saying goes:| Performance is a Feature!
Who doesn’t like a nice bit of ‘ASCII Art’? I know I certainly do!| Performance is a Feature!
I’m a massive fan of everything Fabien Sanglard does, I love his blog and I’ve read both his books cover-to-cover (for more info on his books, check out the recent Hansleminutes podcast).| Performance is a Feature!
What is ‘stack walking’, well as always the ‘Book of the Runtime’ (BotR) helps us, from the relevant page:| Performance is a Feature!
It seems like this time of year anyone with a blog is doing some sort of ‘advent calendar’, i.e. 24 posts leading up to Christmas. For instance there’s a F# one which inspired a C# one (C# copying from F#, that never happens 😉)| Performance is a Feature!
A little over 4 years ago Microsoft announced that they were open sourcing large parts of the .NET framework and as this slide from New Features in .NET Core and ASP.NET Core 2.1 shows, the community has been contributing in a significant way:| Performance is a Feature!
Recently I was fortunate enough to chat with Chris Bacon who wrote DotNetAnywhere (an alternative .NET Runtime) and I quipped with him:| Performance is a Feature!
I recently came across the excellent ‘Fuzzlyn’ project, created as part of the ‘Language-Based Security’ course at Aarhus University. As per the project description Fuzzlyn is a:| Performance is a Feature!
.NET is a managed runtime, which means that it provides high-level features that ‘manage’ your program for you, from Introduction to the Common Language Runtime (CLR) (written in 2007):| Performance is a Feature!
I’m constantly surprised at just how popular resources related to ‘.NET Internals’ are, for instance take this tweet and the thread that followed:| Performance is a Feature!
I’ve been digging into .NET Internals for a while now, but never really looked closely at how the ‘Just-in-Time’ (JIT) compiler works. In my mind, the interaction between the .NET Runtime and the JIT has always looked like this:| Performance is a Feature!
Whether you want to look at what your code is doing ‘under-the-hood’ or you’re trying to see what the ‘internals’ of the CLR look like, there is a whole range of tools that can help you out.| Performance is a Feature!
Firstly, what exactly is CoreRT? From its GitHub repo:| Performance is a Feature!
It turns out that the .NET Runtime has a technical standard (or specification), known by its full name ECMA-335 - Common Language Infrastructure (CLI) (not to be confused with ECMA-334 which is the ‘C# Language Specification’). The latest update is the 6th edition from June 2012.| Performance is a Feature!
I recently appeared on Herding Code and Stackify ‘Developer Things’ podcasts and in both cases, the first question asked was ‘how do you figure out the internals of the .NET runtime’?| Performance is a Feature!
Discuss this post on HackerNews and /r/programming| Performance is a Feature!
It all started with a tweet, which seemed to resonate with people:| Performance is a Feature!
A little over 3 years ago Microsoft announced that they were open sourcing large parts of the .NET framework and as Scott Hanselman said in his Connect 2016 keynote, the community has been contributing in a significant way:| Performance is a Feature!
The .NET runtime (CLR) has predominantly used a just-in-time (JIT) compiler to convert your executable into machine code (leaving aside ahead-of-time (AOT) scenarios for the time being), as the official Microsoft docs say:| Performance is a Feature!
Recently I was listening to the excellent DotNetRocks podcast and they had Steven Sanderson (of Knockout.js fame) talking about ‘WebAssembly and Blazor’.| Performance is a Feature!
It’s a fundamental part of .NET and can often happen without you knowing, but how does it actually work? What is the .NET Runtime doing to make boxing possible?| Performance is a Feature!
Have you ever wondered where and why the .NET Runtime (CLR) allocates memory? I don’t mean the ‘managed’ memory that your code allocates, e.g. via new MyClass(..) and the Garbage Collector (GC) then cleans up. I mean the memory that the CLR itself allocates, all the internal data structures that it needs to make is possible for your code to run.| Performance is a Feature!
It is something we take for granted every time we run a .NET program, but it turns out that loading a Type or class is a fairly complex process.| Performance is a Feature!
If you’re near London at the end of April, I’ll be speaking at ProgSCon 2017 on Microsoft and Open-Source – A ‘Brave New World’. ProgSCon is 1-day conference, with talks covering an eclectic range of topics, you’ll learn lots!!| Performance is a Feature!
Whilst writing a previous blog post I stumbled across the .NET Interpreter, tucked away in the source code. Although, it I’d made even the smallest amount of effort to look for it, I’d have easily found it via the GitHub ‘magic’ file search:| Performance is a Feature!
photo by Alan O’Rourke| Performance is a Feature!
Delegates are a fundamental part of the .NET runtime and whilst you rarely create them directly, they are there under-the-hood every time you use a lambda in LINQ (=>) or a Func<T>/Action<T> to make your code more functional. But how do they actually work and what’s going in the CLR when you use them?| Performance is a Feature!
According to the NASA ‘Near Earth Object Program’ asteroid ‘101955 Bennu (1999 RQ36)’ has a Cumulative Impact Probability of 3.7e-04, i.e. there is a 1 in 2,700 (0.0370%) chance of Earth impact, but more reassuringly there is a 99.9630% chance the asteroid will miss the Earth completely!| Performance is a Feature!
It’s common knowledge that reflection in .NET is slow, but why is that the case? This post aims to figure that out by looking at what reflection does under-the-hood.| Performance is a Feature!
This post is completely inspired by (or ‘copied from’ depending on your point of view) a recent post titled JAVA PAPERS (also see the HackerNews discussion). However, instead of looking at Java and the JVM, I’ll be looking at references to research papers in the .NET language, runtime and compiler source code.| Performance is a Feature!
A little over 2 years ago Microsoft announced that they were open sourcing large parts of the .NET framework and as Scott Hanselman said in his recent Connect keynote, the community has been contributing in a significant way:| Performance is a Feature!
In the previous post I looked at the community involvement in the year since Microsoft open-sourced large parts of the .NET framework.| Performance is a Feature!
A little over a year ago Microsoft announced that they were open sourcing large parts of the .NET framework. At the time Scott Hanselman did a nice analysis of the source, using Microsoft Power BI. Inspired by this and now that a year has passed, I wanted to try and answer the question:| Performance is a Feature!
.NET is a versatile and powerful software development environment. It was created by Microsoft. It provides developers with tools to create, deploy, and manage a variety of applications. It covers everything from desktop to web and mobile applications. It’s making .NET a versatile choice for development. Its flexibility and scalability make it a great choice […]| Collabnix
I'm a big fan of the Central Package Management feature of NuGet. This allows to manage your NuGet package versions centrally instead of at ...| bartwullems.blogspot.com
En el desarrollo con C#, una de las decisiones más importantes al modelar objetos es elegir entre clases mutables e inmutables. Este artículo explora sus características, ventajas, desafíos y ejemplos prácticos. En este artículo, utilizaremos las nuevas características de .NET 9.| JMFLORESZAZO
Fluent Assertions, formerly an open source project under the Apache 2.0 license, now requires a paid license for […]| DEVCLASS
JetBrains has published its 2025 plans for Rider, its cross-platform .NET IDE, including mixed mode debugging for .NET […]| DEVCLASS
Just for fun, here’s what I wrote as the My Technical Plans and Aspirations for 2024 detailing what I had hoped to accomplish this year. While there’s still just a handful of technical …| The Shade Tree Developer
Retrieval-augmented regeneration, also known as RAG, is an NLP technique that can help improve the quality of large language models (LLMs). ...| bartwullems.blogspot.com
As part of updating NtApiDotNet to v1.1.28 I added support for Kerberos authentication tokens. To support this I needed to write the parsing code for Tickets. The majority of the Kerberos protocol uses ASN.1 encoding, however some Microsoft specific parts such as the Privileged Attribute Certificate (PAC) uses Network Data Representation (NDR). This is due to these parts of the protocol being derived from the older NetLogon protocol which uses MSRPC, which in turn uses NDR.| Tyranid's Lair
It's been a long time since I wrote a blog post about my old .NET vulnerabilities. I was playing around with some .NET code and found an issue when serializing delegates inside a CAS sandbox, I got a SerializationException thrown with the following text:| Tyranid's Lair
Découvrez les nouveautés de .NET 9 et C# 13 : amélioration du mot-clé params, type Lock, GUID avec des exemples pratiques.| Le blog de Cellenza
Mistakes so insane and destructive that they require experience to make.| aaronstannard.com
Behavior-Driven Development (BDD) is an Agile approach that mixes requirement gathering, documentation and acceptance testing. You write human-readable sentences describing the features of your application and how they should work. Then you implement this behavior using a tool that produces automated acceptance tests to verify that the feature is implemented correctly. Open source .NET BDD tools like SpecFlow are used to store the requirements as live documentation and to perform functional o...| Software Testing Magazine
This post explores the implementation of dotnet.exe, specifically focusing on how the hostfxr library is resolved and loaded.| Steve Gordon - Code with Steve
