MindByte Issue #34: Maximizing DevEx, GitHub Deceptions, and Azure's Latest Innovations

Boosting Business Transformation with DevEx, Unmasking the Intricate Cybersecurity Threats Lurking in GitHub Repositories, and Unlocking Efficiency with Azure's Innovative Bicep Deployment Stacks

Introduction

Welcome to MindByte Issue #34! As we continue our exploration of the latest developments in the tech landscape, I'm excited to bring you this issue packed with insightful GitHub updates, Azure insights, and .NET advancements.

I must also share that this is our last issue before I embark on a much-needed holiday. But fret not, MindByte will be back, refreshed and reinvigorated, at the beginning of August.

Let's dive into what the tech world has to offer this week. Stay curious!

Pulse of the week

In this dynamic week, we've seen a malicious scam using deceptive GitHub repositories, highlighting the need for caution in code use, while GitHub's focus on 'First Time to Commit' signifies its commitment to enhancing the developer experience.

Azure's new Bicep Deployment Stacks promise an innovative approach to large-scale resource management, while Twitter's API changes spark concern among third-party developers over bugs, unexpected changes, and outages.

GitHub Digest

Deceptive GitHub Repositories: The High Sierra Cyber Security Scam

A malicious actor has been creating fraudulent GitHub repositories purporting to offer exploits for popular software, including Chrome, Exchange, and Discord, among others. These repositories, set up under a fictitious company called High Sierra Cyber Security, have been carefully crafted to appear legitimate, even using headshots of real security researchers from established companies.

The repositories contain code that, once downloaded, executes a malicious binary. The threat actor has demonstrated a high level of sophistication, creating a network of fake profiles across GitHub and Twitter.

Security researchers are advised to exercise caution when downloading code from GitHub and to avoid using anything they do not fully understand. The attacker's motive and identity remain unclear.

First time to commit

Embarking on a software modernization journey with GitHub? The key to success might be simpler than you think. It's all about the First Time To Commit. Discover how focusing on the developer experience (DevEx) can transform your business by unlocking potential and fostering innovation.

Picture this: your new developers diving into the deep end of your projects within hours, not months, of their arrival. How? By smashing the roadblocks that delay their first commit. Outdated wikis, complex operating environments, and restrictive access controls are all hurdles that developers shouldn't have to leap. Imagine the productivity surge from a quick, seamless integration into your team.

Equally important is the role of innersource contributions. Break down silos, prevent code duplication, and create a collaborative culture where everyone is a contributor. This is the secret to maximizing your DevEx.

Coding Corner

Unleashing Efficiency with Azure's Bicep Deployment Stacks

Azure's Bicep Deployment Stacks, an innovative feature currently in private preview, are set to revolutionize resource lifecycle management at scale.

As a new Azure resource type, Deployment Stacks allow comprehensive operations on a collection of Azure resources. They streamline updates by consolidating resource management within the stack, replacing the 'complete mode' deployment method, and even facilitating access protection.

az stack

Modifications to resources are made simpler, with changes applied directly to the Deployment Stack rather than individual resources. Resources can also be detached or deleted altogether in an efficient manner.

Moreover, with the deny-delete parameter, resources can be secured against accidental deletion.

Overall, Deployment Stacks promise an intuitive, efficient, and safer way to handle large-scale Azure deployments.

Twitter's API Turmoil: High Prices and Poor Service Shatter Developer Trust

Twitter's new paid API subscription plans, which start at $100 per month and go up to $42,000 per month, have sparked outrage among third-party developers. These developers report that since the implementation of the new plans, the API has suffered from numerous bugs, unannounced changes to plans, and frequent outages. Even worse, developers claim that Twitter's customer support has been virtually non-existent.

These issues have had a significant impact on apps built on the Twitter platform. "Who Unfollowed Me," one of the oldest and most active third-party Twitter apps, was forced to rewrite all its API calls after Twitter's switch to Elon Musk's version of the API. However, when the app was ready to relaunch, Twitter removed essential endpoints, disabling the app's functionality. This lack of communication and abrupt changes have led many third-party developers to abandon Twitter's API, signalling a potential collapse of Twitter's once thriving third-party ecosystem.

Since the introduction of the new API plans in April, developers have frequently experienced their apps being mistakenly suspended or removed from the API platform. The frequent issues and the high cost of the new subscription plans have frustrated developers who feel the changes are implemented without regard for the developers paying for the API features.

This shift in Twitter's API policy began after Elon Musk's acquisition of the company, which saw the end of the generous free API offering. The exorbitant pricing model led to the shutdown of many Twitter-based apps that couldn't afford it. Developers are now considering seeking refunds for services not rendered.

Overall, the general sentiment is that Twitter's new API changes are damaging its ecosystem, particularly its third-party developer community.

CQRS pitfalls and patterns

Learn all about CQRS by Udi Dahan in this video about his talk at NDC Oslo.

The Chessboard of AI: Its Role in Software Development and the Challenge of Unclear Requirements

AI's significant advancements have sparked worries among software developers about the potential of being replaced. However, the difficulty in software development isn't the coding itself, but rather the requirements, which are still determined by humans.

One article goes in-depth about the challenges faced when determining requirements, highlighting a case where a misinterpretation between the client's demands and the software developers' understanding led to a bug in the system.

AI has proven successful in areas with clear rules and finite variables like chess, where it can calculate every possible move to achieve the ultimate goal – winning. However, when applied to self-driving cars with numerous, undefined variables and scenarios, AI struggles to maintain safety standards. This conundrum is akin to achieving five or six 9s of availability in technology. While reaching 99% isn't overly challenging, ensuring 99.999% or 99.9999% exponentially increases costs and effort.

Software development shares more parallels with the uncertainty of driving rather than the finite rules of chess. Similar to self-driving cars, software development has numerous variables and requires judgment calls. The demands often change, and specifications may be unclear or inconsistent. While AI might efficiently reproduce existing software in a more modern language, it struggles to decipher what should be built initially, especially when the instructions are vague.

Azure Updates & Insights

Introduction of Azure Container Instances (ACI) Spot containers

Spot containers allow users to run interruptible workloads in containerized form on unused Azure capacity, offering a cost reduction of up to 70% compared to regular-priority ACI containers. They present a cost-effective solution for customers needing to run non-critical tasks, with support for both Linux and Windows containers.

The simplicity of ACI is combined with the affordability of Spot VMs, providing a beneficial tool for scaling containerized workloads. However, it's crucial to be aware that Spot containers may be preempted when Azure has limited surplus capacity.

Currently, the service is in its preview stage and there are some unsupported features like the assignment of public IP endpoint, deployment behind a virtual network, Confidential SKU Support, and Availability Zone Pinning.

The advent of ACI Spot containers is a significant step as it provides customers with an affordable and scalable solution for running containerized workloads without compromising the versatility of operating system environments. However, its limitation of potential preemption and unsupported features should be kept in mind for use-cases requiring constant availability and specific configurations.

Azure Native New Relic Service

Azure takes a significant leap forward in full-stack observability with the introduction of Azure Native New Relic Service.

This service, now available in the Azure Marketplace, seamlessly integrates New Relic's robust monitoring capabilities with Azure's cloud platform. Users can now conveniently manage their New Relic accounts directly from the Azure portal.

The service also promises automatic monitoring of subscription activity, resource logs, and metrics. Importantly, billing is consolidated, offering users a single invoice for all Azure resources, including New Relic.

The new service is a testament to Azure's commitment to simplifying and optimizing cloud workload management.

.NET Nook

Overload Resolution in .NET

Do you know what the compiler will use when you execute the function M in the code below?

bool flag = SomeMethod();

M(flag ? 1 : 2);

void M(long number) => Console.WriteLine("long");
void M(short number) => Console.WriteLine("short");

Steven Giesel gives you the answer and explains how overload resolution works with some interesting examples.

TinyHelpers

An interesting collection of helper extensions. Conversions, checks, working with threads or json; try not to reinvent the same code, but use this helper library.

Closing Thoughts

Thank you for joining me on this whirlwind exploration of the dynamic world of tech in this week's MindByte. I trust that the insights shared will empower you in your ongoing journey, and I look forward to engaging with you again in August. Remember, there's always more to discover and learn.

Your feedback and engagement is what keeps this initiative going, so feel free to share this newsletter with your network or even invite them to subscribe.

There's plenty of room in our community for anyone with a mind for tech. See you in August!

Reply

or to participate.