- MindByte Weekly Pulse: Quick GitHub, Azure, & .NET Updates
- Posts
- Weekly newsletter Building Async and Cloud Native organizations - Issue #1
Weekly newsletter Building Async and Cloud Native organizations - Issue #1
Hi, and welcome to this newsletter. Thanks for signing up and joining me on a journey touching all kinds of software and cloud related subjects!
REST and APIs
I have been working with Azure API Management a lot recently. So my top 3 resources I always refer to:
👉https://learn.microsoft.com/en-us/azure/api-management/api-management-policy-expressions for the syntax and support
👉https://learn.microsoft.com/en-us/azure/api-management/api-management-policies for all the policies available
👉https://github.com/Azure/api-management-policy-snippets/tree/master/examples a list of examples
Using webhooks can be a great solution to push data instead of polling. There are however authentication issue that need to be solved.
Ngrok did a very nice overview of all the different webhook validations by analyzing around 100 webhook providers:
ngrok is a globally distributed reverse proxy fronting your web services running in any cloud or behind the firewall.
Another interesting solution comes from github to help with webhook development. This solution saves setting up tunnels which (at least with free versions) change their public url every x hours meaning you need to reconfigure endpoints. You can join their beta program to use the GH CLI for local port forwarding:
Webhook forwarding in the GitHub CLI (public beta)
Coding
Somehow I write more and more shell scripts. Mostly because the Windows Subsystem for Linux is so simple to use, but I also like the power of a shell script. You can use some tools however, like checking your script on common issues:
ShellCheck is an open source static analysis tool that automatically finds bugs in your shell scripts.
But do not start from scratch, there are nice templates:
BASH3 Boilerplate
This article is about a few quick thumb rules I use when writing shell scripts that I’ve come to appreciate over the years. Very opinionated.
I recently saw a blog post on how to debug Azure Functions which run on something like a timer trigger. As you must wait for the timer to kick off, it is hard to step into your code at the right time. The proposed solution involved setting up a HttpTrigger, which would feed a queue trigger to reach the code eventually…complex, and a lot of additional code is needed. Let alone adding another component in the mix, the queue. There is however a better way…
Some while ago I posted the below tweet; let me know if you share those or have more suggestions!
Observations while working with distributed systems:
👉Handle transient errors (retry/timeout/circuitbreaker patterns)
👉Minimize dependencies as others will go offline (outbox and queues)
👉Embrace eventual consistency and idempotency
👉Employ distributed tracingMore tips?
— Michiel van Oudheusden (@mivano)
9:06 AM • Sep 8, 2022
GitHub
Systems like github actions are more and more illegally used for bitcoin mining. There are safeguards in place, but the attackers use automatic account creation, random VPN connections, solve 2FA phone prompts etc so they can run docker containers.
Sysdig TRT uncovered an extensive and sophisticated active cryptomining operation using GitHub, Heroku, Buddy.works, and others. We are going to refer to this as PURPLEURCHIN.
Talking about security, my colleague Rob Bos did some interesting work by analyzing the GitHub marketplace and found some scary results:
Analyzing the GitHub marketplace - Dependency security is a big issue
Are you already using the excellent GitHub CLI tool called GH? Are you aware that you can also use extensions?
A nice list of those can be found here: https://github.com/kodepandai/awesome-gh-cli-extensions
Do you still remember your first Pull Request on GitHub?
I could not, but you can look it up with this site:
What was the first pull request you sent on GitHub?
It happens to the best of us; committing a secret. GitHub already had the ability to detect checked-in secrets, but it will now also disallow you to push secrets to GitHub:
Proactively prevent secret leaks with GitHub Advanced Security secret scanning | The GitHub Blog — github.blog
Protect against secret leaks with secret scanning’s new push protection feature.
Computing
A trip down memory lane; remember FrontPage or Visual InterDev? Why do we use port 80? Where does the IMG tag came from?
An interesting look at the history of web tech by @stevensanderson
Interesting highlight by Kong on async culture: "Managers should encourage a written-heavy culture. This usually takes the form of memos, wiki pages and markdown documents. A written culture naturally encourages an async culture.”
Read the full article for more tips and tricks:
Managing software company teams that work from home requires new management styles and strategies.
Helpers
Something you just need to upload a picture, but it contains some sensitive stuff. You can open paint again, but this online tools works in the browser to redact your image:
Free And Private Image Redaction In The Browser
Computer Laws
“When a measure becomes a target, it ceases to be a good measure.”
- Goodhart’s Law
Seen too many times when metrics are used by management. E.g. story points, lines of code, velocity, code coverage.
And with that, thanks for reading and take care of yourself. I’ll see you next time!
Reply