Building Async and Cloud Native organizations - Issue #20

GitHub SBOM creation, Actions in VS Code and the like or dislike of Sprint Goals.

Welcome to my weekly newsletter! Every week, I bring you the latest news, updates, and resources from the world of coding and architecture. I'm so glad you've decided to join me, and I can't wait to share my insights and expertise with you.

I hope you'll find this newsletter to be a valuable resource, and I welcome your feedback and suggestions. If there's something you'd like to see more of, or if you have any questions or comments, please don't hesitate to contact me.

Thank you for joining me, and happy reading!

REST and APIs

Even if you have a nicely documented API, did you include all the possible responses you can give to those annoying exceptions? You do have to deal with those as well, so read this article on how to be more expressive:

Contract testing is a useful way to validate it the defined contracts between parties are still valid. Why and when you can use this type of testing is described in the Nordic API article below:

Coding technicalities

Confused about .NET Standard, how it relates to .NET 7? Then have a look at this excellent article by Andrew Lock.

Time Series databases are a special kind of storage as existing solutions might not be suitable.

Accepting user input in your application is a red light and must always be sanitized. So what if that is not working as intended and a clever person can reverse engineering into the application? An insightful story on how to hack this .NET API.

GitHub related

Are you fighting with YAML in workflows, or want to troubleshoot why a build task failed? Then this new extension for VS Code can help you.

It was a community-driven extension before, which has now been adopted by GitHub. They added support for the official GH Actions schema, so you now have full intellisense in the IDE. Including syntax highlighting, code completion, as well as documentation.

You can also see all your workflows and dive right into the logs. Even triggering workflows to run is an option.

So if you have not tried it, read more on their blog, or download it from the marketplace.

Do you know that a large part of your application is not yours? You most likely consume a large number of components, like third party libraries, SDKs, and other frameworks.

It becomes more and more important to know what your application consist of as it allows you to assess the vulnerability and licenses of those components.

This is called a Software Bill of Materials (SBOM) and there are standards in the way you can model this information. By having this standard, you can either look at it yourself, share it easily or use tools to analyse.

As GitHub already knows about your dependencies, so there is now a button (under the Insights tab, Dependency graph option), to generate this export.

You also have the option to use the GH CLI or GitHub Actions to either generate or fill the SBOM yourself.

Another way to become more secure and compliant.

Computing in general

While working with a team on their Agile processes, I tried to guide them on Sprint Goals; a way to focus on a valuable outcome of the sprint. Of course, there is always some other work as well, so not all tasks will lead to that single goal. But it can help make decisions and priorities.

I found two articles in my list that offer perspectives on why you do need them and why they might not be that needed:

While Twitter is fighting a case against GitHub to release the name of the person responsible for leaking the full source code of Twitter, they are at the same time releasing a piece of the code as open source.

It breaks down what the algorithm looks at when determining which tweets to feature in the For You timeline and how it ranks and filters them. So if you are interested in why you get certain tweets shown, then dive into the code:

Do you want to get your error rate down? Then look at what Pulumi is doing and why it helped them reduce the on-call fatigue:

How can you model an architecture in such a way that everybody still understands the meaning? Using the right concepts in language, is the first step:

Helpers and utilities

A collection of absurd ideas for volume control. I hope they never got to be used for real.

If you are already a command line wizard, then these might be known to you, but I learned a couple of new ones:

Computer laws

Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it

Kernighan's Law

I hope you've enjoyed this week's issue of my newsletter. If you found it useful, I invite you to share it with your friends and colleagues. And if you're not already a subscriber, be sure to sign up to receive future issues.

Next week, I'll be back with more articles, tutorials, and resources to help you stay up-to-date on the latest developments in coding and architecture. In the meantime, keep learning and growing, and happy coding!

Best regards, Michiel

Reply

or to participate.