[Share] Azure Feeds Newsletter for the week of Saturday July 22 2023 to Saturday July 29 2023
#mvpbuzz #microsoft #community #cloudfamily #azurenews #azureupdates #newsletter #azureweekly #AzureFeeds #Azure #MicrosoftLearn #sparkpossibility #cloudfamily
Announcing Avalonia 11.0! 🎉
After almost a year in preview, we've released v11 of Avalonia, packed full of improvements!
Read about why this is a massive deal for all #dotnet developers!
https://dev.to/avalonia/welcome-to-the-new-era-of-app-development-introducing-avalonia-v11-4na7
I have spent the past ~7 years helping build the open source OmniSharp, a C# language server, until I retired from the project earlier this year.
For years it provided the backbone for C# experience in Visual Studio Code and other editors and was used by millions of developers. Despite all of its problems, it has to be remembered that it was built in free time by a small group of passionate folks, and building a language experience and providing constant support in this quickly changing landscape is not technically trivial and emotionally very burdening.
From that perspective, I am glad to see that C# developers will finally get a first party language server, supported by the actual MS.NET tooling team https://devblogs.microsoft.com/visualstudio/announcing-csharp-dev-kit-for-visual-studio-code/. What is still not clear to me is licensing - it should be open to all editors and not only VS family of products.
I decided to try out the process of deploying a Python web app to Azure and lived to tell the tale.
I knew (or know) next to nothing about IaC (Terraform/Bicep/etc...), but wanted to try it anyway...
I wrote about the process on my blog:
https://www.pythonbynight.com/blog/deploying-python-app-azure
Managed to get a couple of examples of using #azure functions and #dotnet with #opentelemetry done today
There's some nuance that InProcess can only use 1.3.1 of OpenTelemetry and Isolated Functions needs a new middleware.
I also added the detection code for standard Azure attributes that come in through EnvVars. This is a lot better in 1.4.1 with resource detectors and the new Cinfigure methods.
Take a look
https://github.com/martinjt/otel-azure-functions
(Readme is coming)
I don't often just rant at the void much anymore, but here's one that really gets me...
The fact that you are a Big Company and Powerful will not save you from a cybersecurity incident.
The fact that you can put pressure on your cybersecurity contracting and consulting companies through $$$ does not change the fact that you might need their actual real life assistance someday.
I consistently see some very powerful, large companies contract buying contracts across the industry and using their weight and brand power to try to skip things like retainer on-boarding, critical document sharing, and preparatory exercises.
Oh. My. Sweet. And Fuzzy. Lord.
I understand that you are very busy. I understand that it is hard to get everybody on a call, and find the right documentation. I understand there are lawyers and bureaucracy that make it more difficult to share certain materials. I understand you're getting a retainer because your insurer or regulator says to.
This changes nothing. If you really need to call an incident response / digital forensics consultant (and you probably will), they're going to need that information and preparation. No amount of money in the world will be able magic away necessary prep work. No amount of money thrown at the compromise will make it go away without work - unless you intend to replace your entire domain and computer network (also a lot of work). Your insurer will not fix it. Your brand will not fix it.
The requirements your legitimate retainer company put forth exist for a reason. They are not to steal our money or retainer hours. They are to make sure that an entirely unrelated team to your operations and technology will be able to walk in during a crisis and meaningfully assist without days of ramp up time. We need context to be able to do that. Network maps. Response plans. System and facility access directions. Understanding of your organization and comms plan.
That can't be wished away with money. Anyone, absolutely anybody legitimate in DFIR on planet Earth will need that information. If we don't get it ahead of time, we will be getting it on expensive hour burn before we can actually start to put out a fire.
That's all I have to say about that.
I wanted to take a few moments and apologize to many of my former students.
In the past I said the industry needs people who look at security as a vocation and an avocation.
I was wrong.
Have a life outside of this industry.
Have hobbies that have nothing to do with your computer.
Get outside.
The problems of the industry are not problems of people not working hard enough.
They are not problems of people not being "hard core" enough.
They are problems of education and resource prioritization.
I was wrong.
I am sorry.
Stop breaking yourself on rocks for people who don't really care if you break yourself on rocks.
HOW TO: Use your own user @ domain for Mastodon discoverability with the WebFinger Protocol without hosting a server https://www.hanselman.com/blog/use-your-own-user-domain-for-mastodon-discoverability-with-the-webfinger-protocol-without-hosting-a-server
Still thinking of that sportsing comic strip every other week.
