Amazon Web Services (AWS) offers Service Level Agreements (SLAs) for each of their services, which typically promise very high availability, often upwards of 99.9% uptime.  That’s pretty good, and probably more than enough assurance for the average customer.  And yet, Amazon is not immune to natural disasters or catastrophic human errors.  In February 2017, one such human error led to a widespread S3 outage in the us-east-1 region, which then led to the cascading failure of many other AWS services that depend on S3.  While this outage only lasted several hours, it isn’t hard to imagine a different scenario (targeted attack or natural disaster) that could lead to a much longer time to recovery.  Again, depending on your tolerance for total downtime, it may or may not be worth the time and expense to prepare for such an eventuality. One of Simple Thread’s larger clients operates multiple mission-critical systems that can afford only minimal downtime and absolutely no data loss.  In response to this, we recently decided to move one such AWS-hosted system to a multi-region, pilot light architecture, with a standby system at the ready in the case of a prolonged outage in the primary region.  The upgrade took a while to build and test, and I won’t go into all of the details here.  However, there were a few key design decisions, as well as implementation tips and gotchas that might be useful to others looking to build out a similar failover system. Modules Are Your Friend At the time, the project existed only as a single-region system, deployed in a staging environment, and maintained in a Terraform IaC code repository.  The goal of this initiative was to augment the codebase in order to build a new production system, which would include a complete mirror of existing resources in a separate AWS region.  Thus, most of our terraform resources just needed to be cloned to the new failover region.  At first glance, it may seem easiest to simply copy the bulk of the terraform code, and change the resources’ region settings.  But that’s a lot of code duplication and not something we wanted to sign up to maintain.  Instead, we moved to using submodules that could each be called with their own AWS provider.  For the resources that needed to be cloned, we created a reusable multi-region module.  Then we configured AWS providers for each region, and called the module twice, once with the primary provider, and again with the failover provider. provider "aws" { region = var.primary_region alias = "primary" } provider "aws" { region = var.failover_region alias = "failover" } module "primary-region" { source = "./multi-region-module" … providers = { aws = aws.primary } } module "failover-region" { source = "./multi-region-module" … providers = { aws = aws.failover } } Global Services Of course, some AWS services are global and not associated with a particular region.  One popular misconception is that S3 is a global service.  It is true that the bucket namespace is global; an S3 bucket’s name must be unique across all existing S3 buckets in all regions.  However, when creating a new S3 bucket, you do specify a region, and that is where all of the bucket’s objects will be held.  This has implications both for data availability in the event of an outage, and also data retrieval latency, no different from any other regional service.  So if your application has critical data in one or more S3 buckets, be sure to also clone these resources to the failover region. In our case, our single-region module consisted primarily of IAM and Cloudfront resources.  This module created only the global resources, and so it was only called once using the primary region’s provider. module "single-region" { source = "./single-region-module" … providers = { aws = aws.primary } } Easy enough, right?  But these global resources don’t exist in a vacuum.  In most instances, they are created so that they can be referenced by other resources.  And many of those resources were in our multi-region module.  Resources in one module can’t be referenced directly from another module.  So how do you use them?  That answer lies in module input variables and output values. Inter-Module Communication This point is probably best explained with an example.  Let’s say we want to create an aws_ecs_task_definition resource in our multi-region module.  This task definition requires an execution_role_arn attribute.  And that role is an IAM resource that exists in our single-region module. single-region-module/ecs-iam.tf resource "aws_iam_role" "ecs_execution_role" { assume_role_policy = <<EOF { Policy text… } EOF } First we have to “export” the information we need from the single-region module.  Note that we are only outputting the ARN attribute of the resource, since that’s all we need.  If you need multiple attributes, you can also output the entire resource and reference individual attributes in the downstream module single-region-module/outputs.tf output "aws_iam_role_ecs_execution_role_arn" { value = aws_iam_role.ecs_execution_role.arn } Then in the root module, we need to “catch” this output value and pass it into the multi-region module main.tf (root module) module "primary-region" { source = "./multi-region-module" # Value from single region module aws_iam_role_ecs_execution_role_arn = module.single-region.aws_iam_role_ecs_execution_role_arn … } You can also pass that same value into the failover region module the same way.  Next we need to “import” this value into the multi-region module multi-region-module/main.tf # Input from single region module variable "aws_iam_role_ecs_execution_role_arn" {} Finally, we can reference this variable in the multi-region task definition mutli-region-module/application.tf resource "aws_ecs_task_definition" "app_server" { family = "${var.environment}-app-server" execution_role_arn = var.aws_iam_role_ecs_execution_role_arn … } And it works the same way going the other direction.  You can output values from both the primary and failover modules and pass both into the single-region module main.tf (root module) module "single-region" { source = "./single-region-module" # Value from primary region module aws_s3_bucket_uploads_primary  = module.primary-region.aws_s3_bucket_uploads # Value from failover region module aws_s3_bucket_uploads_failover = module.failover-region.aws_s3_bucket_uploads … } Clearly Terraform is not just applying your configuration one module at a time seeing as how we can have data dependencies between modules in both directions.  In my experience, Terraform does an excellent job of sorting out the order of dependencies and handling them seamlessly, but on occasion, you may need to add a depends_on hint to give Terraform a helping nudge.  Just keep an eye out for anything that is going to cause a blatant cyclic dependency issue. Data Replication There was one area where these inter-module dependencies became a little harder to overcome, and that was in the realm of data replication.  Our application holds data in three places an Aurora Postgres RDS cluster, an Elasticache replication group, and a few S3 buckets.  Each of these resources needed to be cloned to the failover region so it seemed that the resources belonged in the multi-region module.  But they also needed to replicate to one another (primary region resource replicating data to its failover region counterpart).  Terraform seemed to have issues when dealing with these tightly coupled resources that were generated from the same module code but with different providers.  So instead, we moved these resources and their replication strategies into the root module, configuring each with its own region-specific provider. For the Postgres database, since we were already configured for an Aurora cluster, it was a natural fit to use Aurora Global Database for replication.  The most important pieces of this configuration are shown below The aws_rds_global_cluster doesn’t have the source_db_cluster_identifier specified. The primary aws_rds_cluster has its global_cluster_identifier pointed at the global cluster ID. The failover aws_rds_cluster also has its global_cluster_identifier pointed at the global cluster ID The failover aws_rds_cluster has its replication_source_identifier pointed at the primary cluster Finally, the failover aws_rds_cluster depends on the primary cluster instance ## Global Database resource "aws_rds_global_cluster" "api_db_global" { provider = aws.primary … } ## Primary Cluster resource "aws_rds_cluster" "api_db" { provider                  = aws.primary global_cluster_identifier = aws_rds_global_cluster.api_db_global.id … } resource "aws_rds_cluster_instance" "api_db" { provider = aws.primary … } ## Failover Cluster resource "aws_rds_cluster" "api_db_failover" { provider                      = aws.failover global_cluster_identifier     = aws_rds_global_cluster.api_db_global.id replication_source_identifier = aws_rds_cluster.api_db.arn … depends_on = [ aws_rds_cluster_instance.api_db ] } resource "aws_rds_cluster_instance" "api_db_failover" { provider = aws.failover … } Keep in mind that this configuration was designed to build a new production system from scratch, with no existing database to begin with.  If instead you wish to update a deployed system with an existing database cluster, or create the primary database from an existing snapshot, the configuration would be slightly different, as shown below The aws_rds_global_cluster would have its source_db_cluster_identifier pointed at the primary cluster ID. The primary aws_rds_cluster wouldn’t have the global_cluster_identifier specified. For our Elasticache replication, we went with another AWS end-to-end cross-region replication solution Global Datastore. This too was a reasonably straightforward Terraform adjustment.  We added a new aws_elasticache_global_replication_group resource with its primary_replication_group_id pointed at the primary replication group, and then a failover aws_elasticache_replication_group with its global_replication_group_id pointed to the new global replication group ID. ## Primary Replication Group resource "aws_elasticache_replication_group" "redis" { provider = aws.primary … } ## Global Replication Group resource "aws_elasticache_global_replication_group" "redis_global" { provider                           = aws.primary global_replication_group_id_suffix = "${var.environment}-redis-global-datastore" primary_replication_group_id       = aws_elasticache_replication_group.redis.id } ## Failover Replication Group resource "aws_elasticache_replication_group" "redis_failover" { provider                    = aws.failover global_replication_group_id = aws_elasticache_global_replication_group.redis_global.global_replication_group_id … } One thing to note both the Global Database and Global Datastore services only support a subset of the RDS and Elasticache instance types.  So if you’re currently using rather small instances, you may need to step up to a larger machine type in order to take advantage of these replication services.  You can read more about the supported instance types here and here. Onward to Resilience And that about sums it up.  With these changes, you should have a truly fault tolerant system in place.  So you can reassure your client that the next time an AWS employee fat-fingers a console command, or one of their data centers finds itself underneath eight feet of flood waters, the application’s high availability, mission-critical data, and treasure trove of cat videos will be able to weather the storm. We’re always interested in hearing how other people are building security and resilience into their systems, so by all means, let us know what you think! The post Building a Multi-Region AWS Environment With Terraform appeared first on Simple Thread.

This post may contain paid links to my personal recommendations that help to support the site! Are you looking for the perfect Xbox Gamertag that will make your friends jealous? Whether you’re a new gamer just starting their journey into the world of Xbox or an experienced player wanting to switch up your online persona, we’ve got you covered! In this blog post, I’ll share 113+ creative and unique Xbox Gamertag ideas to help you! From funny and unique to edgy and cool, we’ve got a range of gamertag ideas so that you can find the one that fits your personality. Let’s jump right in with these creative Xbox names and Gamertags! What Are The Best Gamertags and Xbox Names? Funny Xbox Gamertag Ideas When looking for a good Gamertag, humor is always the way to go in making others smile! Sometimes, even a funny name can be a taunt to an enemy that’s being too sweaty and tryhard too. Here are some funny Gamertag ideas you can try Bananapants FartingFury SirFartsALot NinjaPotato TacoDestroyer UnicornPajamas ZombieUnicorn Baconator3000 ChickenNuggetKing/Queen CaptainUnderpants SnackAttack Baconator PizzaPirate SugarRush CerealKiller CaptainCrunch TheFastAndTheCurious NerfHerder_69 PotatOS (From Portal) PixelPal BooRadley MrSizzlePants TheHoneyBadger DoctorHoo SirLoin SpaceNerd TheNappingDragon FluffyBunny GhostPepper KingOfTheLions TurtlePuncher Poindexter CaptainAwesome ChucklesTheClown GummyBearJedi MightyMouse TheBluePanda SassyPants ProfessorChaos TheGreatGatsby69 Cool Xbox Gamertags Here are some simple yet cool gamertags you might like GamerBoy/GamerGirl PixelWarrior GameMaster DigitalKnight ConsoleChamp ControllerCrusher VirtualViking KeyboardKombatant ScreenSavior JoystickJockey Cybernaut CodeConqueror DigitalDominator MouseMarauder TheGamingGuru ControllerCommander GameNinja VirtualVillain ConsoleCrusader KeyboardKing PixelPirate TurboTech GameChanger DigitalDemigod MouseMaster CyberSamurai CodeWarrior JoystickJedi TheGamingGod/Goddess VirtualVindicator Unique Gamertag Ideas Looking for a new Gamertag that’s unique to you? Here is a list of some unique Gamertag ideas Venomous Viper Maverick Hunter Dark Knight Ice Queen Shadow Assassin Electric Eel Cyber Ninja Firestarter Steel Phoenix Toxic Titan Mystic Mage Thunderbolt Elemental Enigma Diamondback Phantom Fury Crimson Crusader Desert Storm Knight Rider Neon Night Dragon Slayer Blackout Bandit Angel of Death Solar Flare Gravity Guardian Lunar Legionnaire Chaos Conqueror Sabretooth Midnight Marauder Ghostly Gladiator Titanium Terror Gamertag Ideas for Boys We all want to be that player with the cool Gamertag that everyone talks about. I’ve put together some cool Xbox names you can use for some inspiration! Here they are BlazeFire ShadowAssassin ThunderBolt IronFist SavageWarrior NitroKnight DarkViper CyberPhantom RazorSharp IceDragon GhostTiger ChaosBringer TitanForce BurningPhoenix FrostByte SteelCrusher VenomousViper NeonRider CrimsonFury ThunderClash ShadowReaper BlazeKnight MysticWizard DemonSoul ThunderCharger ToxicAvenger BlazeRunner HellFire DragonSlayer IronWarrior Gamertag Ideas for Girls Gaming is for everyone, including the girl gamers who play on Xbox too! Here are some aesthetic Xbox gamertag ideas for girls LunaLights CherryBlossom StardustSprinkles AmberEyes RoseGold OceanElixir WildflowerWish SugarPlum MysticMuse GoldenGoddess ButterflyWhisper IvoryIntrigue CrimsonSunset BerryBlush EnchantedEcho IvoryRaindrops MysticMelody LilacLullaby EveningEmber SunflowerSiren VioletVixen RainbowRhapsody ElectricEchoes JadeJungle DesertDoll CosmicCandy NeonNebula PinkPetal SilverStorm TropicTease Minecraft Gamertag Ideas Having a unique and funny Gamertag is essential for Minecraft players, since it brings out your identity as a gamer. Some Gamertag ideas you can use for inspiration in the Minecraft gaming world include BlockMaster CreeperCrusher DiamondDigger EnderChampion FortressFighter GoldGrabber HelmetHero IronIsland JukeboxJunkie KnightKiller LootLord MinecartMaestro NetherNavigator ObsidianOverlord PickaxePro QuestQuencher RedstoneRanger SkyblockSurvivor TNTTerrorist UnderwaterAdventurer VillagerVindicator WitherWarrior X-RayExploration YellowYak ZombieZapper AquaAssassin BlazeBattler CraftCraze DragonDestroyer EnchantingExpert If any of these happen to be taken, don’t worry. Add a few numbers to the end, and you’ll have your own unique Gamertag. You can use your favorite number! I also recommend adding a few repeated letters at the end of the Gamertag if you intend to keep the meaning and uniqueness of your name. Call of Duty Gamertag Ideas For those who love Call of Duty and would like a cool gamertag to go along with your favorite game, I didn’t leave you out! Here are some Call of Duty Gamertags WarlordBane SniperWolfMate GhostlySpy Deathbringer SpartanLaser DarkKnighter Firestorming Eclipse Phoenix SilentKiller Thunderbolt Ghosthunter Vindicator Nightshade OutlawLight CommandoNando Killswitch TerminatingLine VenomJet BlackoutNex PaladinKing WraithSith ShadowAssassin LordofWar MaverickDome NemesisRun Thunderer_X Bladestormer SilentAssassin ApexPredator Related Questions What is an Xbox Gamertag? An Xbox Gamertag is a username you create to represent yourself on Xbox Live. It is the public name that other players in the Xbox Live community will see when they play with or against you, and it’s displayed on your profile card. You can also use it to find friends and start conversations in Xbox Live chat rooms. How do I make a catchy Gamertag? A catchy Gamertag is one that stands out and grabs people’s attention. Use words that have double meanings, rhymes, alliterations, puns, and other wordplay tricks to stand out from the crowd. You can also combine two words or mix up a word’s spelling to make it more unique. Additionally, you can create a unique Gamertag by adding numbers to the end of your name or by using a variation of capitalization. Finally, you can add special characters and symbols to further personalize your Gamertag. What is a OG gamertag? An OG Gamertag is an original username that was assigned to Xbox Live users without having attached numbers behind it like “#1234”. OG Gamertags can be highly sought after and are often considered more valuable in the gaming world than usernames with numbers attached to them. These Gamertags are also unique and only limited to one word. Having an OG Gamertag can make you appear more experienced as a gamer because it shows your commitment and loyalty to the gaming community. What are some good short gamertags? If you’re looking for a good Gamertag, some good ideas are Furor_X Blitzed Riptide Rebel_Y Flux_X EchoZap ShadowKitty RainDrift NeoRex WingFX TwistedFate VaporTech Sly_Fox LunarSkye ToxicWaves StarDusty Are Xbox usernames unique? No, Xbox usernames are not unique. However, each username or gamer tag comes with a unique suffix that makes the overall username unique even though the text might be similar. If someone tries to use the same gamer tag as yours, they will be assigned a different suffix number from you. This suffix is what makes your username unique from others. Can you change Xbox Gamertag? Yes, you can change your Xbox Gamertag. You’ll need to go to the Edit Profile page in your account and select the “Gamertag” option and then “Enter New Gamertag”. This will allow you to enter a new Gamertag that is available. You’ll be able to change it once for free, but subsequent changes will at a $9.99 fee. Wrapping Up We hope this list of creative Gamer tag ideas inspires you to create your unique and memorable name. Remember to think outside the box, add numbers or special characters for extra flair, and make sure it’s something that fits with who you are! The post 113+ Unique Xbox Gamertag Ideas (Funny & Cool Names!) appeared first on Any Instructor.

Job Requirements – Software Developer Job Requirements – Software Developer Required Skills 1. Degree in Software Development, Information Technology, Computer Science or comparable qualification with 3+ years’ experience. 2. Proven experience with Windows, Linux and MacOS environments. 3. Familiarity with RESTful APIs, microservices architecture, and cloud platforms (AWS/Azure/GCP). 4. Member of ICTAZ with ZAQA verified certificates Tasks & Responsibilities 1. Design, develop, and maintain scalable software applications using Java and C#. 2. Write clean, efficient, and well-documented code following best practices. 3. Debug, optimize, and refactor existing code for improved performance. 4. Collaborate with product managers, QA engineers, and other developers to deliver high-quality software.

This post may contain paid links to my personal recommendations that help to support the site! Are you a Discord user struggling to find a creative server name to give your group an edge? If so, you’ve come to the right place! In this blog post, I’ll be sharing all the best Discord server name ideas with you! With our 113+ unique and funny ideas for Discord server names, you’ll be sure to find a name to suit your crowd and create an unforgettable virtual hangout spot. From aesthetic masterpieces to humorous puns, there’s something here for everyone who wants to spice up their Discord Server Names! Read on for some name inspiration for your Discord new server. What Are The Best Discord Server Names? Having an iconic and good Discord server name will really help you stand out. Here are some ideas you can use for inspiration Funny Discord Server Names Funny server names are the way to go to really make your server more unique and iconic. Here are some funny and unexpected Discord server names you should try Server_not_valid Anti-Discord Discord Group Simps Unite Drama Queens No Name Server Shameless Bunch My Granny’s House Party of 5 No Life Gang Sarcastic Seven Junk Jokesters Talking Trash Tribe The Squid Squad Netflix and game Servants of The Royal Family Vibing Booth You can even choose your server name based on your favorite food or drink. These make for a funny yet meaningful Discord server name idea. The Caffeine Addicts Club The Potato Cult The Llama Farm The Snack Attack Squad The Pajama Party People The Cheeseburger Collective The Crazy Cat Ladies (and Gents) The Donut Hole The Bacon Brigade The Unicorn Squad The Funky Chicken Coop The Pizza Party Posse The Waffle House The Avocado Appreciation Society The Kitten Kaboodle The Sushi Samurai The Meme Machine The Popcorn Palace The Spicy Meatball Society The Ice Cream Empire The Fried Chicken Fanatics The Burrito Bandits The Candy Cartel The S’mores Squad The Nacho Nation The Peanut Butter Posse The Grilled Cheese Gang The Hot Sauce House The Chili Connoisseurs The Taco Titans The French Fry Fan Club The Mac and Cheese Mafia The Smoothie Squad The Breakfast Brigade The Popsicle Posse The Ramen Realm The Steakhouse Society The Tater Tot Tribe The Sausage Squad The Fried Rice Fraternity The Biggest Bread Empire Safe Space for Munchies Aesthetic Discord Server Names Not all Discord servers are made just for gaming or hangout for guys. Some servers can have an aesthetic theme to them too. Here are 40 aesthetic names you can try Pastel Paradise Rose Garden Moonlit Meadow Velvet Vault Celestial Haven Mystic Mansion Sunflower Studio Cherry Blossom Cafe Ocean Oasis Night Sky Lounge Marble Mansion Dreamy Den Enchanted Forest Crystal Cove Neon Nightscape Silky Serenade Vintage Vibes Cosmic Retreat Rustic Refuge Floral Foyer Golden Glades Lush Landscape Aurora Alleyway Butterfly Bower Heavenly Hideaway Whimsical Wonder Lavender Lounge Secret Sanctuary Elegant Estate Glimmering Glade Eternal Flames Urban Utopia Colorful Corner Moonstone Manor Sapphire Skyline Opulent Oasis Artistic Avenue Tranquil Terrace Cozy Castle Pearl Palace Soft Sunset Cool Discord Server Names For those who prefer a more neutral but cool name for your Discord server, here are some you can try The Chill Zone The Gaming Hub The Creative Corner The Social Circle The Book Nook The Movie Theatre The Music Room The Fitness Fanatics The Foodies The Travel Tribe The Art Gallery The Tech Talk The Beauty Bar The Writing Desk The Photography Club The Fashion Frenzy The History Buffs The Science Squad The Psychology Lounge The Philosophy Forum The Debate Den The Language Lab The Career Clinic The Entrepreneur’s Edge The Political Pulse The Spiritual Sanctuary The Pet Palace The Plant Parenthood The Environmentalists The Charity Corner The Sports Stadium The Comedy Club The Games Galore The Horror House The Romance Retreat The Mystery Mansion The Fantasy Fortress The Adventure Island The Action Arena The Crime Scene The Hangout House The Chill Chat The Lounge Lizards The Social Sphere The Friends’ Fortress The Connection Corner The Squad Sanctuary The Community Cave The Tribe’s Tavern The Fellowship Forum The Clubhouse The Meeting Place The Gathering Grounds The Assembly Area The Congregation Corner The Coven’s Crib The Brotherhood Banter The Sisterhood Sanctuary The Kin’s Kave The Family Forum The Unity Universe The Alliance Arena The Coalition Corner The Team’s Territory The Collaboration Cove The Partnership Platform The Comrades’ Club The Allies’ Abode The Fellowship Forum The Fellowship Fortress The Social Sanctuary The Community Club The Tribe’s Territory The Guild Gathering The Association Atrium The Congregation’s Community The Meeting Point The Squad’s Shelter The Companions’ Club The Unity Utopia Discord Server Names for Gamers I understand that many of you are on Discord to play video games together with your server members. Here are some good Discord server name ideas to call your favorite gaming gang Game On! +1 Up Chicken Dinner Club Chicken Dinner Enjoyers The Gaming Hub Sigma Warriors The Gamers’ Den Gamers Unite Ace Mavericks Game Changers Level Up Sweaty Bois Playmakers The Gaming Lounge Fraggerinos The Ultimate Gamers’ Hangout Gamers Central The Virtual Playground The Gaming Arena Pixelated Power The Gaming Society Pepeclub Friends The Game Room Virtual Victory Game Heroes The Gamers’ Guild Retro Gamers The Gaming Network The Gaming Frontier Elite Gamers The Gaming Empire Gamers Assemble The Gaming Collective The Gamer’s Cave The Gaming Universe The Gaming Experience The Gaming Paradise The Gaming Oasis The Gaming Insiders Hardcore Gamers The Gaming Legends The Gaming Syndicate The Gaming Expedition The Gaming Squad The Gaming Brotherhood Discord Server Names for Students If you’re a student and planning to find some ideas for your Discord study group server, here are some to try Brainy Bunch Knowledge Knights Study Squad Academic Avengers The Learning League Subject Savants Brainstormers Mind Melders Info Innovators The A-Team Scholarly Strivers Wise Wizards Master Minds Bright Sparks Education Enthusiasts The Info Hunters Subject Specialists The Study Hive Science Stars Language Luminaries Math Mavericks The Linguistics League History Heroes Grammar Gurus The Writing Warriors Literature Legends The Psychology Posse Social Studies Squad The Math Magicians The Creative Crew The Research Rangers The Analysis Army The Concepts Collective The Theory Troop The Exploration Experts The Investigation Insurgents The Learning Legion The Intellectual Icons The Thought Titans The Insightful Inquirers Related Questions What is the best name for a Discord server? The best name for a Discord server should have either a funny or cool theme to it. This would make it a memorable name for most uses. Ideally, Discord server names should be as unique as possible to help set it apart from other servers. What is the purpose of a Discord server? The primary purpose of a Discord server is to facilitate communication between members of a specific group or community. Discord servers provide users with a platform to chat and share information and voice and video chat capabilities for gaming and online social activities like giveaways, streams, and text discussion. They also allow users to create custom roles, channels, emotes, and bots. How do I make an original Discord server name? An original Discord server name should be creative and unique. It should also reflect the primary purpose of the server, such as gaming, studying, or socializing. Consider adding a word or phrase that has some relevance to your subject matter, like ‘gg’ for a gaming-related server or ‘geeks’ for an educational one. Additionally, consider using alliteration or puns to make the server name more interesting and eye-catching. Lastly, try to keep the name as short and concise as possible while still conveying your message. What should I name a server? You should name a server something that reflects its purpose or the people who are part of it. Consider including funny elements that are unique to the server members you’d like to include. Can you use the same name for Discord Servers? Yes, Discord servers can use the same name as existing ones. Discord does not enforce their server names to be unique. However, it is not recommended to use the same name for multiple Discord servers, as this can be confusing to users. It is best to give each server a unique name so that it stands out from others. Additionally, try to include a keyword or phrase in the server name that relates to its purpose. Final Thoughts That’s it for my list of Discord server name ideas! Hopefully, this gave you some inspiration for naming your own Discord servers. The post 113+ Discord Server Names (Funny & Aesthetic Ideas!) appeared first on Any Instructor.

Information A new F# compiler feature graph-based type-checking – Florian Verdonck Trying out MongoDB with EF Core using Testcontainers – Arthur Vickers Comparison of HTTP libraries – Ivan Yakimov Five is for 5X productivity. Announcing Uno Platform 5.0 – Uno Platform Team HTML Attributes, Properties, and Values – Rob Eisenberg

Like a lot of devs I went through a self documenting code phase. What eventually changed my mind was two times that we decided we needed to document our code. First I was on a team that added a dev fresh out of college. Our new dev needed a lot of help and the whole team was pitching in to show him the ropes. Handing off code I had written was a breeze. We also handed off code from our manager who had written some of the earliest web code in the company after reading one book and had been riding the wave of demand ever since. That code was rough but we all paid our dues on it. The whole team came together, realized we had a documentation problem and committed to fixing it. Naturally the features and changes kept rolling in and we wrote almost no documentation. The second was at a startup that added a director of engineering. This director came in and started making big changes. We stopped everything and wrote documentation for a week. This was really offensive to me because I had been writing self documenting code. I put in the time and carefully factored for clarity. I had my thesaurus at the ready constantly looking for just the right name for every concept. I knew where everything was. Writing long-form in a new wiki felt futile. The wiki syntax was weird and unfamiliar. I didn’t know what to write. Everything I wanted to say was obvious or already clearly stated in the code. The wiki sat idle until it was forgotten entirely with maybe five pages worth of documentation. It took me an embarrassingly long time to really understand what was going wrong. I had heard the phrase self documenting code somewhere and assigned my own meaning to it. Self documenting for me meant that I only had to write code. It was my get out of writing sentences free card. In writing only code with minimal comments, no matter how much effort I put into clarifying, that code only communicated what was being done and never why it needed to be done in the first place.   If code wasn’t clear enough it needed to be rewritten to clarify. This works great when time allows. Changing the code proves you fully understand it and you leave behind better code for the next person. When time doesn’t allow, you revert your changes. Repeat a couple of times and you understand well enough to make really targeted changes, but not those sweeping changes that will help the next person. This is one way tacit knowledge forms. You’ve done the work to learn something, built up a mental model and left behind nothing to jog your memory. The next person has to build up that mental model same as you did. The two documentation binges I experienced were drastic overcorrections for the problem of tacit knowledge. Deciding to halt all work and write documentation can lead to a week of minimal progress and a sense of guilt. We don’t necessarily want more documentation. We want less tacit knowledge. We want to remove barriers to writing and sharing information. Iterate! Documentation doesn’t need to be comprehensive. You can Leave placeholders for things you don’t understand. Annotate sections that might need further clarification. Add TODOs to indicate areas that need attention. Documentation doesn’t need to be perfect all the time. You can Speculate, but always make it clear that you’re speculating. Embrace the possibility of being wrong, as it can prompt corrections through Cunningham’s Law. Location Is Everything Self documenting code worked for me because it was always right there where I was working. The wiki didn’t get updated, it was too far away. Drawing inspiration from manufacturing’s 5S method – which emphasizes the importance of organizing tools and materials for efficiency – we can apply the same principle to documentation. Code comments are great for putting your thoughts near the code without breaking it. Putting a README.md or other markdown files in your code repo puts them in the middle of your development workflow ensures they will be seen. Documentation that is close at hand is more often updated. Know Your Audience Better yet, admit that you don’t! Is the next person to read this going have experience with this tech stack? This subject matter? This architectural pattern? Don’t try to predict the future. Learn from the past. Write what you needed ten minutes or two days ago. Copy, paste, or paraphrase that explanation you got from a coworker in a Slack DM. Use Links There’s no need to explain how a job queue works. Link out to another project’s documentation. Cite your sources. A well placed link can save a lot of time searching for terms that have different meanings in different fields, acronyms, or vendors who name their products to guarantee you cannot find them on google. You can finally give yourself permission to close those five tabs. When a coworker asks a question you can link to the docs you wrote. Keep in mind that your docs aren’t perfect. This is less “RTFM Noob!” and more “Oh, I wrote something last month, does that help?” Bonus points if this conversation happens in a shared channel that is searchable. Maybe the next person who needs it finds the docs by searching the channel. Each time you share a link you are answering a question, improving the discoverability of the docs, and subtly promoting the idea of writing documentation.   With a little luck, these ideas will prevent documentation from being a surprise writing assignment. With a little more luck coworkers will see the value in your writing and write the documentation you will need in the future.   The post Self Documenting Code appeared first on Simple Thread.

Information Introducing Dev Home – Kayla Cinnamon Open at Microsoft – Dapr – AugustaUd Create a Microsoft Power App for your ASP.NET Core Web API – Julia Kasper Iterating on your Welcome Experience feedback – Grace Taylor .NET 7–Serialize private fields and properties – Bart Wullems nameof get’s a bit better in C# 12 – Steven Giesel SciFiDevCon 2023 – Check your Thermal Exhaust Port – 10 Vulnerabilities Your Web Application Probably Has Right Now – Scott Sauber ASP.NET Core authentication using Microsoft Entra External ID for customers (CIAM) – Damien Bowden JavaScript Import Maps For ASP.NET Core Developers – Khalid Abuhakmeh TypeScript Tuple Types The What, Why, and How – Sachin Chaurasiya The Prickly Case of JavaScript Proxies – Rob Eisenberg Privacy Enhancing Technologies An Introduction for Technologists – Katharine Jarmul

Discoveries are one of the reasons I was excited to become a UX designer. Whether building a new product, rethinking an existing product, or incorporating new features, discoveries are an exciting time of exploration and collaboration to uncover what needs to be built and why. Discoveries also come with challenges as you often have to explore large amounts of information in a short amount of time and work with high levels of ambiguity. You also need to find ways to organize information, break down complexity, and identify gaps that require further exploration. Incorporating systematic thinking into the discovery process can help alleviate many of these challenges. When building systems, it’s helpful to incorporate tools that facilitate thinking systematically. Using tools like Obsidian, OOUX, and Notion can help you both stay organized in your research and make it easier for you to find and share information. This post explores each of these tools in more detail. 1. Obsidian for Research   Obsidian is a note taking application where you’re able to organize and connect related information using links. It’s built around the Zettelkasten method, a German term for a system of organizing and linking notes. Searchability In applications like Google Docs, organizing a large amount of information often requires creating separate documents for different concepts or user interviewers. This can make it challenging to search for specific terms or create connections between items. With Obsidian, you can take multiple notes within a single document, creating a workspace where you can easily navigate through various interviews or topics. This also allows for global search, which makes synthesizing much easier. Interconnectedness When taking notes, I often come across insights that are related to the topic at hand but are significant enough to deserve their own document or already have a related document where the note needs to be captured. It can be frustrating to have to stop and write down an insight in a separate place to ensure it isn’t lost. Obsidian addresses this by allowing you to create connections, known as bi-directional links, between different items. This helps you to establish relationships and easily navigate between related information, creating a better understanding of connections and insights. Visualization Obsidian also has a visualization tool that allows you to see the connections you’ve made visually. This helps to explore how concepts connect and visually grasp how often terms or concepts are used. By visualizing these connections, you can uncover the key insights and make connections that might have been missed otherwise. 2. Object-Oriented UX for Synthesizing and Organizing When completing research, the amount of information heading in can be overwhelming. It’s helpful to have a framework for organizing the information in a way that allows you to think about the product holistically and uncover gaps that need to be explored. This is where Object-Oriented UX (OOUX) comes into play. It’s a framework for synthesizing and organizing information that is useful for designers, developers, and end users. Traditionally, we organize what needs to be built around the actions or features that users need to take. However, this approach often leads to a linear way of building and organizing software, where we segment what we need to build into parts before we’ve thought about the whole. Before designing, it’s important we clearly understand the main parts of the system, and how they relate, so we can help users understand the relationships throughout the system as well. OOUX focuses on first exploring the objects, or main parts of the system, then defining the relationships between the objects, and then considers the actions that can be taken on each object. This shift in perspective allows for more interconnected thinking, which in turn, helps users understand how concepts relate within the product. You can also use this approach to organize the information from research in a structured way, which helps to clarify what needs to be built and uncover gaps earlier in the process. OOUX can be used flexibly, but is typically incorporated right in the middle of the Double-Diamond Process – after research and before wireframing. If you’d like to learn more, check out these OOUX Resources. 3. Notion for Requirements and Product Management Notion is another useful note-taking tool and is often used to help people manage tasks. You can also create databases where you can use properties, formulas, filters, and create different views of the information. Documenting Requirements When clients share more detailed information, it can be difficult to know how to organize everything to make sure it’s not lost in the mix. One especially helpful part of the OOUX process is creating an Object Map, which lists out all of the main pieces of functionality, with their attributes listed out as cards. This can help organize information surrounding requirements, values of attributes, details about the relationships between pieces of functionality, as well as information around calls to action. Notion is a great tool to use to organize all of this information. Not only can you list all of the information and place details inside of cards, but you also have the flexibility to create different views (table, list, kanban, timelines, etc.), and you have full control over the filtering and sorting. Project Management Tools like Airtable, ClickUp, and Shortcut allow you to create tables and relationships, but many have constraints in their hierarchies (i.e. Milestones, Epics, and Stories). Constraints can be useful, but if you need more flexibility, Notion allows you to build your own systems to model your product design and development process and can replace similar tools. Information Architecture Prototypes We build prototypes to test flows, layouts, and visual design using tools such as Figma, but it can be challenging to quickly test the system wide information architecture. Using related databases and building out pages using Notions structured UI, you can create information architecture based prototypes to test the foundational navigation and relationships. This ensures that you have all of the necessary pages, that one can navigate through the relationships in the system, and helps to determine if you’re missing any key relationships that need to be represented. The Value of Systematic Thinking Discoveries become more enjoyable when we are equipped with tools to manage large amounts of information and have frameworks that help us break apart complexity. By embracing systematic thinking, we can stay grounded throughout the process, collaborate more effectively with stakeholders, and bring clarity to the end-users of our products. Hoping these tools prove useful on your upcoming explorations – happy discovering! The post Three Tools to Systemize Your Discoveries appeared first on Simple Thread.

What are the underlying forces that account for the success of software engineering CEOs?

Multiple locations and remote opportunities are available depending on your experience (typically senior level or higher). You'll get more money in your pocket as a direct employee since 12% of your base salary is automatically contributed to a SEP IRA for free. This isn't a body shop. We will he

Have you ever left a meeting feeling like you just wasted an hour (or more) of your day? You’re not alone. Many people have experienced the frustration of attending meetings that are disorganized, unproductive, and seemingly pointless. That’s where the Level 10 meeting agenda comes in. The Level 10 is part of the larger Entrepreneurial Operating System® (EOS). EOS is a comprehensive set of practical tools and concepts that have helped thousands of small to medium size organizations worldwide achieve their business goals – including Simple Thread! One of the most popular components of EOS is the Level 10 meeting, a weekly meeting that is designed to be highly efficient, productive, and engaging. So, how do you make a meeting efficient, productive, and engaging? Here are 5 things that work for us 1. Same Bat Time, Same Bat Channel First and foremost, the meeting should take place on the same day and time each week. The meeting follows a strict agenda, which includes several key items that are critical to its success. I will share more about these next. 2. Be Present An opening segue provides the opportunity to shift the team’s attention from the distractions of the latest Slack chat or email that needs a reply and bring the focus to the present. At the start of the meeting, I might ask everyone to share their “best personal and best professional highlight” of the previous week. This can help set a positive tone and encourage everyone to engage in the meeting. Another great meeting opener is the “rose, thorn, and bud” method, which is a design thinking tool that helps identify what’s working (rose), what’s not (thorn), and what can be improved (bud).   “If You Can’t Measure it, You Can’t Improve it” – Peter Drucker 3. You Gotta Track Something The meeting then moves on to review the key performance indicators (KPIs) or scorecard for the department. This provides a weekly check-in on the numbers that are leading indicators of success and drive conversation around areas of opportunity or concern. What you track may vary by department, for marketing, we look at website traffic, conversions, and inbound leads to name a few! 4. Have S.M.A.R.T, Realistic Quarterly Goals Next, the team discusses their quarterly goals and reports on whether they are on track or off track towards this goal. This helps ensure that everyone is aligned on the department’s priorities and progress towards achieving them. If someone is “off track”, it gets added to the agenda for discussion and for the group to find ways to support and help get the project moving in the right direction.   “If You Don’t Know Where You Are Going, You’ll End Up Someplace Else” – Yogi Berra 5. Identify. Discuss. Solve. The meeting then moves on to the most crucial part of the Level 10 meeting tackling issues as a team. This is when I will guide the team through the IDS process Identify, Discuss, and Solve. The team identifies the real issue, discusses it from all angles, and then settles on a solution and one or two action points to implement the solution. And Now, to Wrap Things Up Like a Present… As the meeting comes to a close, the team takes five minutes to wrap up. This includes recapping the to-do list, sharing information from the meeting with the rest of the organization, and giving the meeting a grade on a scale of 1 to 10. EOS emphasizes that the most important criterion for grading the meeting is how well the team followed the agenda. So there you have it! A recipe for a meeting that is productive, efficient, and engaging! The Level 10 meeting is a powerful tool for organizations looking to run efficient and productive meetings. By following a strict agenda and incorporating key components like KPIs, quarterly goals, and the IDS process, teams can stay aligned and make progress towards achieving their business objectives. Try it out and let us know what you think  – and say goodbye to wasted time and hello to more productive, engaging meetings! The post How to Stop Wasting Time in Pointless Meetings 5 Things to Improve Your Meetings appeared first on Simple Thread.

Monday is a Public Holiday here in England, so in keeping with customs there will be no edition of The Morning Brew on Monday, and posting will resume on Tuesday. Information All-In-One Search available in 17.6 – Leah Tran Unified Settings Share Your Feedback! – Grace Taylor Announcing Azure Data Studio 1.44 – Erin Stellato Microsoft Build Book of News – Microsoft Building (and Testing) Minimal APIs in ASP.NET Core 7 – Peter Vogel BEWARE of Consumer Lag! – Derek Comartin Deno 1.34 deno compile supports npm packages – Simon Willison Upskilling ChatGPT Prompt Engineering for Developers now in C# – Mike Francis

Whenever website analytics are discussed it is usually in the context of marketing. Which pages are getting the most visits, which advertising campaigns are most successful, and so on. You don’t have to work in advertising to make use of analytics, especially when working with web applications. Analytics can be a vital tool in helping developers and designers diagnose bugs and track usage to determine if the app is solving the problems it’s supposed to be solving. Matomo is an analytics platform billing itself as a Google Analytics alternative that gives you 100% data ownership and the option to host on-premises. If your application has some additional privacy or security requirements, Matomo can be an excellent option for recording and aggregating user data. This article will be partly a guide to setting up Matomo tracking using the vue-matomo library, and partly a collection of tips and thoughts on making decisions about what should be tracked. After the setup and configuration, we will explore more specifics including fine tuning the automatic page visit tracking, using events to track user actions, and associating a user’s ID with their interactions. The vue-matomo Library The vue-matomo library is a small JavaScript package that integrates Matomo into Vue using the Vue router to automatically track page views. It also allows for writing more idiomatic tracking code that fits neatly into the Vue ecosystem by wrapping the Matomo tracking code in a Vue plugin module. This guide assumes you have already set up a Matomo instance either on-premise or using Matomo’s cloud option. Installing vue-matomo Vue-matomo can be installed one of three ways. Using npm npm install --save vue-matomo Referencing the vue-matomo CDN <script src="https//unpkg.com/vue-matomo"></script> Referencing locally downloaded files <!-- Include after Vue --> <script src="vue-matomo/dist/vue-matomo.js"></script> After installation vue-matomo can be configured like any other Vue plugin using the use function. This will look slightly different depending on your version of Vue, but all the available options remain the same. Vue 3 import { createApp } from 'vue'; import VueMatomo from 'vue-matomo'; import App from './App.vue'; createApp(App) .use(VueMatomo, { // Configuration Options host '{YOUR_MATOMO_INSTANCE_URL}', siteId {YOUR_SITE_ID}, router, }) .mount('#app'); Vue 2 import App from './App.vue'; import VueMatomo from 'vue-matomo'; Vue.use(VueMatomo, { // Configuration Options host '{YOUR_MATOMO_INSTANCE_URL}', siteId {YOUR_SITE_ID}, router, }); new Vue({ el '#app', router, components { App }, template '', }); The only required configuration options are the `host` option which will be the URL pointing to your Matomo server and the `siteId` option which is the numeric ID associated with your specific site. The router option is very valuable since it will allow vue-matomo to automatically track page visits. The full list of configuration options can be found on the vue-matomo github README. Supporting multiple environments with tracking It can be desirable to track different instances or environments of your application separately in Matomo if, for example, you wanted to keep your production analytics separate from any testing analytics done in a lower environment. This can be achieved by setting up multiple sites in your Matomo instance using the process described here and then changing the siteId in your vue-matomo configuration based on an environment variable. const environmentSiteIdMap = { development 1, staging 2, production 3, }; Vue.use(VueMatomo, { host '{YOUR_MATOMO_INSTANCE_URL}', siteId environmentSiteIdMap[process.env.ENV], router, }); This can allow you to have a test environment with working analytics in order to test tracking, or any other situation in which you would want to have separate analytics on different instances. Usage After configuration, vue-matomo will then automatically load the Matomo tracker code whenever the app is started as well as automatically track page views based on route changes. You can also manually interface with the Matomo tracker library by referencing this.$matomo which is provided to all components. It’s important to note that vue-matomo asynchronously loads the tracker so you should always guard your calls to $matomo using either an if statement or optional chaining like so this.$matomo?.trackPageView(). Customizing Automatic Page Tracking Behavior One of the most impactful decisions I found in implementing Matomo was deciding which type of route changes should be tracked. By default Matomo will track any type of route change, including changes to the path, query params, or URL fragments. Depending on how your application is set up this could result in inconsistent or misleading aggregate page view data. For example, if you have a search bar that updates a search query parameter, every time a user types something into the bar, vue-matomo will record a new page view. This could lead you to believe that your search page is the most popular feature in your app, even if it’s only a few people who have a lot of things to search. In order to allow more fine-grained control of which changes get tracked, I created a fork of the original library which adds an additional configuration option that allows you to determine specifically which route changes get tracked. The option called trackInteraction takes a predicate function that, given the previous and destination routes, will return a boolean that determines if that route change will be tracked as a page view. For example, in this configuration vue-matomo will only track a page view when either the route path or hash fragment changes, but not when only the query params change. Vue.use(VueMatomo, { host '{YOUR_MATOMO_INSTANCE_URL}', siteId {YOUR_SITE_ID}, router, trackInteraction (to, from) => { // If this is the first route visited, then always record a page visit if (!from) { return true; } // Return true if the path or hash changed, but not anything else return to.path !== from.path || to.hash !== from.hash; }, }); Another thing to keep in mind is that Matomo allows you to track both the page URL and the page name. I’ve found that properly tracking route names gives you better visit grouping in the Matomo interface, especially when working with dynamic routes. The prime example of this is a route with a variable ID such as /users/1 where 1 is the ID of the user you are viewing . If only the URL is tracked then all page views on separate user pages will not be properly grouped together so you would see 3 views for /users/1 and 7 views for /users/3 when really you just want to see 10 views in total for the user page. If you associate a name with the route such as ‘User Profile’ then they can be easily aggregated both separately as URLs and together under a shared name. By default vue-matomo will reference the route meta property called title. So the following router code will allow you to track the title “User Profile” along with the URL /users/1 along with the URL. const routes = [ { path "/users/userId", component UserProfile, meta { title "User Profile", }, }, ];   Using Events to Track Specific User Actions Besides page views, Matomo also allows you to track arbitrary user interactions in the form of events. This allows you to track whenever a user clicks a button, scrolls down a page, or any other page interaction that can trigger JavaScript. async updateProfilePicture() { await ProfileService.updateProfilePicture(); this.$matomo?.trackEvent("User Settings", "Update Profile Picture"); } Whenever the updateProfilePicture method is called and the update is successful this will track a new event occurrence with “User Settings” being the event category and “Update Profile Picture” being the event action. The event category is used to group similar events, and the event action is the name of the specific interaction you are tracking. You can also record an event name and a numeric event value for additional grouping and context. I’ve found that events are the best way to track application feature usage and provide additional context when troubleshooting bugs. Graph showing instances of events with the “User Settings” event category and the “Update Profile Picture” event action over time. User ID Tracking It can also be valuable to associate each visit with a user ID. If you set the user ID of the authenticated user before logging their visits and events, you will have a more accurate measure of your number of unique visitors and the timeline of each user’s visits. This can also help you associate page visits and events with specific database records helping with troubleshooting. In order to track a visitor’s user ID you could include it in your initial Matomo configuration using the userId property, but I’ve found that more often than not the application has already been initialized by the time the user is authenticated. For this case you can add an explicit setUserId call to your authentication code after the user has been authenticated like the following example. if (window?._paq) { window._paq.push(["setUserId", user.id]); }   Conclusion Adding user tracking to your web application can be very beneficial to understand feature usage, follow user journeys, and troubleshoot bugs. If Matomo meets the needs for your use case, then vue-matomo is a great library that can save implementation time and simplify your Matomo usage. Using events, user ID tracking, and customizing the vue-matomo’s router integration can help you record beneficial data that accurately reflects how your application is being used. If you plan on implementing Matomo using vue-matomo, I would highly recommend reading through all the available tracking options and doing plenty of experimentation to make sure that you are tracking usage in the easiest and most helpful way possible. The post Tracking Analytics in Vue with Matomo appeared first on Simple Thread.

Another day, another data breach.   Isn’t this all starting to seem a little too familiar? I don’t know about you, but the endless parade of disclosures is taking up entirely too much space in my news feed, pushing out important information on giant arcade cabinets and open source espresso machines. How is this still such a problem when we’ve all moved on to strong, randomly-generated, single-use passwords stored in password managers and multi-factor authentication? (Hold on, you haven’t done that? Go take care of that right now! I’ll wait.) Human Error Well, what do all these incidents have in common (besides giving CISOs heartburn)? Human error. Regardless of any other measures in place, at some point a human was given the sole responsibility for doing the right thing and they fumbled it. Hey, it happens. Even the smartest of us are extremely fallible creatures and this should surprise no one. What should be surprising is how, even armed with this knowledge, we insist on adopting security practices that assume anything we can usually get right we will always get right. Can you imagine living in a world where that was true? The initial foothold in most of these attacks was a successful phishing attempt. It might have been a counterfeit login page. It might have been a believable phone call from “customer service”. One way or another, someone was convinced to give out sensitive credentials to someone or something they shouldn’t have. It’s a classic because it works. You wouldn’t fall for that, right? You always check the headers and never click the links. You always hang up and call them back at the official number. You haven’t opened an email attachment since ActiveX roamed the earth. (Wow, it still does. Who knew?) But do you ever get tired? Or busy? Distracted, stressed, even hungry? No? I love the smell of swagger and hubris in the morning. Can you say the same thing about every one of your co-workers? How about your customers? Picture the least alert person you can imagine using a system you care about, and ask yourself why the integrity of that system should rely on their attentiveness. At least one of these incidents started with a push bombing. On the face of it those seem pretty easy to avoid, right? Just don’t approve MFA prompts unless you’re actually attempting to sign in. But there’s no rule that limits these attacks to times when you have your game face on. Do you really want to trust your security to your reactions when woken up at 3am by a nonstop stream of notifications, with your lizard brain still in charge of make bad noise stop? Would you agree that a system with a temperamental meat computer as a single point of failure is suboptimal if there are alternatives? If so my friend, I think you’re ready to hear about phishing-resistant MFA. What’s Wrong With Most MFA? Time-based One-Time Password (TOTP) authentication relies on a shared secret and a visible code. Only your authenticator app and the service you’re authenticating with know the secret for generating the correct code at any given moment. The service asks for the code, you provide it, and that proves to the service that you are you. But you get no such assurance from the service. This leaves you almost as vulnerable to phishing as if you weren’t using MFA at all. Instead of convincing you to share only your password the attacker also has to trick you into sharing your code, but the only real obstacle is whether they can act on that code before it expires. Another common approach is MFA via push notification. You attempt to access a service, it sends a push notification to your registered mobile device, you approve the access request, and that “proves” to the service that you’re the one attempting to log in. But as increasing numbers of push bombing incidents show, the fact that you were convinced to interact with a notification isn’t a guarantee of intentionality. MFA via SMS, email or voice is a train wreck, with all the same vulnerabilities as the methods above and some exciting unique additions like SIM swap attacks. Friends don’t let friends MFA this way. Which is naturally why it’s the only form of MFA most financial institutions support. Phishing-Resistant MFA This term applies to two categories of authentication. PKI-based MFA (public key infrastructure, generally encountered as smart cards) has been around for decades. But since it depends on having that infrastructure in place, and strong identity management, it’s generally the province of government agencies and large enterprises and is less supported by the types of services many of us use. The odds are good that if PKI makes sense for you you’re already using it and are in a better position to write about it than I am. But do it on your own time. A more appropriate option for most people is FIDO (Fast IDentity Online) authentication. Those links at the top of the post? I bet I snuck something past you. The last attack, on Cloudflare, didn’t actually result in a breach. Why not? Because everyone at Cloudflare authenticates with a FIDO2-compliant key that enforces origin binding with public key cryptography. Their write-up does a great job of explaining how the attack worked and how it would have played out if they were using standard TOTP MFA, but glosses over how it fizzled out when it ran into FIDO. Unlike TOTP, FIDO doesn’t rely on a single shared secret known to both the authenticator and the service. When a hardware key is registered with a service the device generates a new public-private key pair. The public key goes to the service, while the private key never leaves the secure storage of the device, where it’s tied to the identity of the service. During authentication, the service sends a challenge to the device. The device finds the private key tied to that service identity and uses it to sign the challenge. The service uses the public key to verify that the challenge was signed by the real private key and allows the connection. This process delivers some very powerful assurances. There is no user-facing code you can be tricked into revealing. Only the private key can successfully sign the challenge, so the service can be sure the hardware key is authentic. But the device will only be able to find a private key for the exact service it was registered with. It’s not going to be fooled by a phishing site at the wrong url, regardless of how good a forgery it is. The only way around the origin binding I’m aware of would be for the attacker to poison the victim’s DNS so their phishing site was accessible through the correct url for the real service and have a valid SSL certificate for that domain. That would involve a compromise of the user’s machine significant enough for the attacker to add their own certificate authority as a trusted root, or the ability to generate valid certificates for the service’s domain. If either of those are true you’re going to have a bad day regardless of the security process you’re using. FIDO also sidesteps the issues with push notifications by tying the authentication mechanism directly to the device attempting to authenticate. The hardware key is plugged into the web browsing device (literally or wirelessly) and all interaction between the key and the service goes through the web browser, initiated only by the user’s actions there. There’s no question that the user (or at least the key) is in fact present at the point of login.   I’m sure by now you’ve come up with at least one reason why FIDO sounds nice but would never work for you. Come at me. Does anyone even support this thing? You’d be surprised. Microsoft, Apple, Linux and Android all support FIDO at the system level. Browser compatibility is strong Chrome, Firefox, Edge, Safari, Opera, Vivaldi. The major cloud services providers are all covered, as well as common tools like Github and Dropbox. All this sounds great for proving that the key is present, but how does it prove I’m the one using it? What happens if it’s been stolen? That’s a great point. FIDO is definitely designed to counter remote attackers. Local attackers with physical access to your key aren’t part of the threat model the bulk of the specs are addressing. That’s why, even though FIDO2 in particular is touted as sufficient authentication unto itself, no passwords required, I myself would never go that far. This is where the “multi” in multi-factor authentication really comes into play. The hardware key is something you have, but I would still recommend requiring something you know, whether it’s a password on the account or a PIN on the key (which is absolutely something you can set). The options for unlocking the hardware key are largely up to the manufacturer, but many also come with biometric options like fingerprint readers, so you can also throw something you are into the mix. What about when I lose the key? Yeah, don’t do that. Kidding! Best practice is to have at least one backup key, stored in a different location. The point of the hardware key is to prevent the private keys from ever being readable from outside, which means there’s no way to simply clone a backup. You’re going to need to register each key separately with each service. Not ideal, I know, but it doesn’t have to be as tedious as it sounds either. A common strategy is to only protect the most sensitive accounts with the hardware key directly, and to use TOTP for the rest, but to use a TOTP authenticator app that supports being locked behind the hardware key. This still provides some of the FIDO benefits (no one can access your authenticator without your key) while minimizing how often keys need to be registered with a new service. I’m never going to remember to have this thing with me. You don’t have a keychain? You still have options, by tethering keys to specific devices. Low-profile nano keys are available that can be left in a USB port, giving that machine a more or less permanent authentication connection. And many machines come with built-in trusted platform modules specifically for protecting this kind of information. Windows devices using Hello, Apple devices with Touch ID or Face ID, and some Android phones can all be used as authenticators. My phone isn’t supported as an authenticator. And the idea of plugging in a key every time I want to authenticate sounds ridiculous, let alone leaving something permanently attached to my phone. Hardware keys also come in NFC and Bluetooth flavors. Tap to auth! This sounds expensive. It’s very likely at least some of the devices you use regularly already support FIDO. But yes, hardware security keys aren’t cheap. Neither are identity theft or corporate data breaches.   There, did you get it out of your system? No? Or have you already dashed off to try it? Either way, let us know! The post How to Neutralize the Biggest Threat to Your Online Security (You) appeared first on Simple Thread.

This article shows how an ASP.NET Core Razor Page application could implement an automatic sign-out when a user does not use the application for n-minutes. The application is secured using Azure AD B2C. To remove the session, the client must sign-out both on the ASP.NET Core application and the Azure AD B2C identity provider or whatever identity provider you are using. Code https//github.com/damienbod/AspNetCoreB2cLogout Sometimes clients require that an application supports automatic sign-out in a SSO environment. An example of this is when a user uses a shared computer and does not click the sign-out button. The session would remain active for the next user. This method is not fool proof as the end user could save the credentials in the browser. If you need a better solution, then SSO and rolling sessions should be avoided but this leads to a worse user experience. The ASP.NET Core application is protected using Microsoft.Identity.Web. This takes care of the client authentication flows using Azure AD B2C as the identity provider. Once authenticated, the session is stored in a cookie. A distributed cache is added to record the last activity of of each user. An IAsyncPageFilter implementation is used and added as a global filter to all requests for Razor Pages. The SessionTimeoutAsyncPageFilter class implements the IAsyncPageFilter interface. builder.Services.AddDistributedMemoryCache(); builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration, "AzureAdB2c" ) .EnableTokenAcquisitionToCallDownstreamApi(Array.Empty<string>()) .AddDistributedTokenCaches(); builder.Services.AddAuthorization(options => { options.FallbackPolicy = options.DefaultPolicy; }); builder.Services.AddSingleton<SessionTimeoutAsyncPageFilter>(); builder.Services.AddRazorPages() .AddMvcOptions(options => { options.Filters.Add(typeof(SessionTimeoutAsyncPageFilter)); }) .AddMicrosoftIdentityUI(); The IAsyncPageFilter interface is used to catch the request for the Razor Pages. The OnPageHandlerExecutionAsync method is used to implement the automatic end session logic. We use the default name identifier claim type to get an ID for the user. If using the standard claims instead of the Microsoft namespace mapping, this would be different. Match the claim returned in the id_token from the OpenID Connect authentication. I check for idle time. If no requests was sent in the last n-minutes, the application will sign-out, in both the local cookie and also on Azure AD B2C. It is important to sign-out on the identity provider as well. If the idle time is less than the allowed time span, the DateTime timestamp is persisted to cache. public async Task OnPageHandlerExecutionAsync(PageHandlerExecutingContext context, PageHandlerExecutionDelegate next) { var claimTypes = "http//schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"; var name = context.HttpContext .User .Claims .FirstOrDefault(c => c.Type == claimTypes)! .Value; if (name == null) throw new ArgumentNullException(nameof(name)); var lastActivity = GetFromCache(name); if (lastActivity != null && lastActivity.GetValueOrDefault() .AddMinutes(timeoutInMinutes) < DateTime.UtcNow) { await context.HttpContext .SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); await context.HttpContext .SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme); } AddUpdateCache(name); await next.Invoke(); } Distributed cache is used to persist the user idle time from each session. This might be expensive for applications with many users. In this demo, the UTC now value is used for the check. This might need to be improved and the cache length as well. This needs to be validated. if this is enough for all different combinations of timeout. private void AddUpdateCache(string name) { var options = new DistributedCacheEntryOptions() .SetSlidingExpiration(TimeSpan .FromDays(cacheExpirationInDays)); _cache.SetString(name, DateTime .UtcNow.ToString("s"), options); } private DateTime? GetFromCache(string key) { var item = _cache.GetString(key); if (item != null) { return DateTime.Parse(item); } return null; } When the session timeouts, the code executes the OnPageHandlerExecutionAsync method and signouts. This works for Razor Pages. This is not the only way of supporting this and it is not an easy requirement to fully implement. Next step would be to support this from SPA UIs which send Javascript or ajax requests. Links https//learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect#send-a-sign-out-request https//learn.microsoft.com/en-us/aspnet/core/razor-pages/filter?view=aspnetcore-7.0 https//github.com/AzureAD/microsoft-identity-web

In this post, Blazor and .NET 8 is used to implement a simple website. I took a .NET 7 project, updated it to .NET 8 and tried out some of the new features in .NET 8. Code https//github.com/damienbod/Hostedblazor8Aad Setup The project was setup using a .NET 7 project which implements an Azure AD authentication using best practice with a backend for frontend architecture and then updated to .NET 8. The security is implemented in the secure backend and the Blazor components are kept simple. The Blazor.BFF.AzureAD.Template template was used for this which takes care of all the project setup. At present no Microsoft template exists for implementing the security in this recommended way. The templates adds the security headers as best it can. The project was updated to .NET 8 and all the Nuget packages as well. <TargetFramework>net8.0</TargetFramework> Microsoft.Identity.Web is used to implement the OpenID Connect confidential client. An Azure App registration was created for this with the Web client and a user secret. You could also use a certificate instead of a secret which improves the token request in the second step of the OIDC code flow authentication. The application was started and like in .NET 7 we still have the annoying console warnings because the debugging tools try to add inline scripts to our code. The inline scripts are blocked by the CSP and this should be required for all deployments. I like to develop my application as close as possible to my target deployments, so I always develop with the best possible CSP and HTTPS like in the deployed applications. This prevents having to fix CSP issues when we go live or having to fix links to CSS CDNs or whatever. We also have a warning in the console logs looking for a JS map file from something we do not use. No idea where or what adds to my development. 2023-05-18 The CSP bug has no been fixed in the latest VS preview release https//developercommunity.visualstudio.com/t/browserlink-CSP-support-NET-7/10061464 Creating Random data from Arrays In .NET 8 GetItems() was added to System.Random. I decide to create my test data using this. I created an array of objects and returned this as a span. public static ReadOnlySpan<MyGridData> GetData() { return _mydata.AsSpan(); } The Random.Shared.GetItems method can be used to return n-items from my span in a random way. I set this to 24 items which can be then displayed in the Grid. [HttpGet] public IEnumerable<MyGridData> Get() { return Random.Shared.GetItems(MyData.GetData(), 24); } Using QuickGrid in Blazor The QuickGrid component was also added in .NET 8. This provides simple Grid features. The Nuget package needs to be added to the client (WASM) project. Microsoft.AspNetCore.Components.QuickGrid The QuickGrid can be used in any Razor page in the WASM application. You need to add the using for the Grid and you can create the grid as required. The Grid has good documentation here https//aspnet.github.io/quickgridsamples @page "/directapi" @using HostedBlazorAad.Shared @using Microsoft.AspNetCore.Components.QuickGrid @inject IAntiforgeryHttpClientFactory httpClientFactory @inject IJSRuntime JSRuntime <h3>QuickGrid display using data Direct API</h3> @if (myGridData == null) { <p><em>Loading...</em></p> } else { <hr /> <QuickGrid Items="@FilteredItems" Pagination="@pagination"> <PropertyColumn Property="@(p => p.Id)" Sortable="true" /> <PropertyColumn Property="@(c => c.Name)" Sortable="true" Class="name"> <ColumnOptions> <div class="search-box"> <input type="search" autofocus @bind="nameFilter" @bindevent="oninput" placeholder="name..." /> </div> </ColumnOptions> </PropertyColumn> <PropertyColumn Property="@(p => p.Colour)" Sortable="true" /> </QuickGrid> <Paginator State="@pagination" /> } @code { private IEnumerable<MyGridData>? myApiData; private IQueryable<MyGridData> myGridData = new List<MyGridData>().AsQueryable(); private PaginationState pagination = new PaginationState { ItemsPerPage = 8 }; private string nameFilter = string.Empty; GridSort<MyGridData> rankSort = GridSort<MyGridData> .ByDescending(x => x.Name) .ThenDescending(x => x.Colour) .ThenDescending(x => x.Id); IQueryable<MyGridData>? FilteredItems => myGridData.Where(x => x.Name.Contains(nameFilter, StringComparison.CurrentCultureIgnoreCase)); protected override async Task OnInitializedAsync() { var client = await httpClientFactory.CreateClientAsync(); var myApiData = await client.GetFromJsonAsync<MyGridData[]>("api/DirectApi"); if (myApiData != null) myGridData = myApiData.AsQueryable(); } } The 24 random items are displayed in the grid using a paging and a sort with eight items per page. The is client side and not server side paging which is important if using large amounts of data. Notes Blazor and .NET 8 will change a lot and new templates and project types are being created for Blazor and .NET 8. Blazor United or whatever it will be called after the release will be a new type of Blazor project and the 3 projects structure will probably be reduced down to one. I hope the security will be improved and I don’t understand why Microsoft still do security in the WASM part of the application when it is hosted in an ASP.NET Core backend. Links https//learn.microsoft.com/en-us/dotnet/core/whats-new/dotnet-8 https//github.com/damienbod/Blazor.BFF.AzureAD.Template https//dotnet.microsoft.com/en-us/download/visual-studio-sdks https//aspnet.github.io/quickgridsamples

You’ve just finished knocking out a complex feature. You’re happy with the state of the code, you’re a bit brain-fried, and the only thing between you and the finish line is creating a pull request. You’re not going to leave the description field blank, are you? You’re tired, you want to be done, and can’t people just figure out what you did by looking at the code? I get it. The impulse to skip the description is strong, but a little effort will go a long way toward making your coworker’s lives easier when they review your code. It’s courteous, and–lucky for you!–it doesn’t have to be hard. If you’re thinking I’m going to suggest writing a book in the description field, you’re wrong. In fact, I’m going to show you how to purposely write less by using the techniques below. Make it Scannable If your code is a report for the board of directors, your pull request description is the executive summary. It should be short and easy to digest while packing in as much important information as possible. The best way to achieve this combination is to make the text scannable. You can use bold or italic text to draw emphasis to important details in a paragraph. However, the best way to increase scan-ability is the liberal application of bulleted lists. Most of my PR descriptions start like this If merged, this PR will Add a Widget model Add a controller for performing CRUD on Widgets Update routes.rb to include paths for Widgets Update user policies to ensure only admins can delete Widgets Add tests for policy changes … There are a few things to note here. I’m using callouts to bring attention to important changes, including the object that’s being added and important files that are being modified. The sentences are short and digestible. They contain one useful piece of information each. And, for readability, they all start with a capital letter and end with no punctuation. Consistency of formatting makes for easier reading. Speak Plainly Simpler words win if you’re trying to quickly convey meaning, and normal words are preferable to jargon. Here are a few examples * Replace utilize with use. They have different meanings, and you’re likely wanting the meaning of use, which has the added bonus of being fewer characters. * Replace ask with request. “The ask here is to replace widget A with widget B.” Ask is not a noun; it’s a verb. * Replace operationalize with do. A savings of 12 characters and 5 syllables! There are loads of words that we use daily that could be replaced with something simpler; I bet you can think of a few off the top of your head. For more examples, see my book recommendations at the end of this article. Avoid Adverbs Piggybacking on the last suggestion, adverbs can often be dropped to tighten up your prose. Spotting an adverb is easy. Look for words that end in -ly. Really, vastly, quickly, slowly–these are adverbs and they usually can be removed without changing the meaning of your sentence. Here’s an example “Replace a really slowly performing ActiveRecord query with a faster raw SQL query” “Replace a slow ActiveRecord query with a faster raw SQL query” Since we dropped the adverbs, performing doesn’t work on its own, so we can remove it and save even more characters. Simplify Your Sentences Sentences can sometimes end up unnecessarily bloated. Take this example “The reason this is marked DO NOT MERGE is because we’re missing the final URL for the SSO login path.” The reason this is can be shortened to simply this is. The is before because is unnecessary and can be removed. And the last part of the sentence can be rejiggered to be more direct while eliminating an unnecessary prepositional phrase. The end result is succinct “This is marked DO NOT MERGE because we’re missing the SSO login path’s production URL.” Bonus Round Avoid Passive Voice Folks tend to slip into passive voice when talking about bad things like bugs or downtime. Uncomfortable things make people want to ensure they’re dodging–or not assigning–blame. I’m not saying you should throw someone under the bus for a bug, but it helps to be direct when writing about your code. “We were asked to implement the feature that caused this bug by the sales team.” The trouble here is were asked. This makes the sentence sound weak. Luckily, a rewrite is easy “The sales team asked us to implement the feature that caused this bug.” By moving the subject from the end of the sentence to the beginning, we ditch an unnecessary prepositional phrase by the sales team, shorten the sentence, and the overall meaning is now clear and direct. There’s More! But we can’t cover it all here. If you want to dig deeper, I recommend picking up The Elements of Style. It’s a great starting point for improving your writing. Also, Junk English by Ken Smith is a fun guide for spotting and avoiding jargon, and there’s a sequel if you enjoy it. The post Writing Tips for Improving Your Pull Requests appeared first on Simple Thread.

This article shows how to reset a password for tenant members using a Microsoft Graph application client in ASP.NET Core. An Azure App registration is used to define the application permission for the Microsoft Graph client and the User Administrator role is assigned to the Azure Enterprise application created from the Azure App registration. Code https//github.com/damienbod/azuerad-reset Create an Azure App registration with the Graph permission An Azure App registration was created which requires a secret or a certificate. The Azure App registration has the application User.ReadWrite.All permission and is used to assign the Azure role. This client is only for application clients and not delegated clients. Assign the User Administrator role to the App Registration The User Administrator role is assigned to the Azure App registration (Azure Enterprise application pro tenant). You can do this by using the User Administrator Assignments and and new one can be added. Choose the Azure App registration corresponding Enterprise application and assign the role to be always active. Create the Microsoft Graph application client In the ASP.NET Core application, a new Graph application can be created using the Microsoft Graph SDK and Azure Identity. The GetChainedTokenCredentials is used to authenticate using a managed identity for the production deployment or a user secret in development. You could also use a certificate. This is the managed identity from the Azure App service where the application is deployed in production. using Azure.Identity; using Microsoft.Graph; namespace SelfServiceAzureAdPasswordReset; public class GraphApplicationClientService { private readonly IConfiguration _configuration; private readonly IHostEnvironment _environment; private GraphServiceClient? _graphServiceClient; public GraphApplicationClientService(IConfiguration configuration, IHostEnvironment environment) { _configuration = configuration; _environment = environment; } /// <summary> /// gets a singleton instance of the GraphServiceClient /// </summary> public GraphServiceClient GetGraphClientWithManagedIdentityOrDevClient() { if (_graphServiceClient != null) return _graphServiceClient; string[] scopes = new[] { "https//graph.microsoft.com/.default" }; var chainedTokenCredential = GetChainedTokenCredentials(); _graphServiceClient = new GraphServiceClient(chainedTokenCredential, scopes); return _graphServiceClient; } private ChainedTokenCredential GetChainedTokenCredentials() { if (!_environment.IsDevelopment()) { // You could also use a certificate here return new ChainedTokenCredential(new ManagedIdentityCredential()); } else // dev env { var tenantId = _configuration["AzureAdGraphTenantId"]; var clientId = _configuration.GetValue<string>("AzureAdGraphClientId"); var clientSecret = _configuration.GetValue<string>("AzureAdGraphClientSecret"); var options = new TokenCredentialOptions { AuthorityHost = AzureAuthorityHosts.AzurePublicCloud }; // https//docs.microsoft.com/dotnet/api/azure.identity.clientsecretcredential var devClientSecretCredential = new ClientSecretCredential( tenantId, clientId, clientSecret, options); var chainedTokenCredential = new ChainedTokenCredential(devClientSecretCredential); return chainedTokenCredential; } } } Reset the password Microsoft Graph SDK 4 Once the client is authenticated, Microsoft Graph SDK can be used to implement the logic. You need to decide if SDK 4 or SDK 5 is used to implement the Graph client. Most applications must still use Graph SDK 4 but no docs exist for this anymore. Refer to Stackoverflow or try and error. The application has one method to get the user and a second one to reset the password and force a change on the next authentication. This is ok for low level security, but TAP with a strong authentication should always be used if possible. using Microsoft.Graph; using System.Security.Cryptography; namespace SelfServiceAzureAdPasswordReset; public class UserResetPasswordApplicationGraphSDK4 { private readonly GraphApplicationClientService _graphApplicationClientService; public UserResetPasswordApplicationGraphSDK4(GraphApplicationClientService graphApplicationClientService) { _graphApplicationClientService = graphApplicationClientService; } private async Task<string> GetUserIdAsync(string email) { var filter = $"startswith(userPrincipalName,'{email}')"; var graphServiceClient = _graphApplicationClientService .GetGraphClientWithManagedIdentityOrDevClient(); var users = await graphServiceClient.Users .Request() .Filter(filter) .GetAsync(); return users.CurrentPage[0].Id; } public async Task<string?> ResetPassword(string email) { var graphServiceClient = _graphApplicationClientService .GetGraphClientWithManagedIdentityOrDevClient(); var userId = await GetUserIdAsync(email); if (userId == null) { throw new ArgumentNullException(nameof(email)); } var password = GetRandomString(); await graphServiceClient.Users[userId].Request() .UpdateAsync(new User { PasswordProfile = new PasswordProfile { Password = password, ForceChangePasswordNextSignIn = true } }); return password; } private static string GetRandomString() { var random = $"{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}-AC"; return random; } private static int GenerateRandom() { return RandomNumberGenerator.GetInt32(100000000, int.MaxValue); } } Reset the password Microsoft Graph SDK 5 Microsoft Graph SDK 5 can also be used to implement the logic to reset the password and force a change on the next signin. using Microsoft.Graph; using Microsoft.Graph.Models; using System.Security.Cryptography; namespace SelfServiceAzureAdPasswordReset; public class UserResetPasswordApplicationGraphSDK5 { private readonly GraphApplicationClientService _graphApplicationClientService; public UserResetPasswordApplicationGraphSDK5(GraphApplicationClientService graphApplicationClientService) { _graphApplicationClientService = graphApplicationClientService; } private async Task<string?> GetUserIdAsync(string email) { var filter = $"startswith(userPrincipalName,'{email}')"; var graphServiceClient = _graphApplicationClientService .GetGraphClientWithManagedIdentityOrDevClient(); var result = await graphServiceClient.Users.GetAsync((requestConfiguration) => { requestConfiguration.QueryParameters.Top = 10; if (!string.IsNullOrEmpty(email)) { requestConfiguration.QueryParameters.Search = $"\"userPrincipalName{email}\""; } requestConfiguration.QueryParameters.Orderby = new string[] { "displayName" }; requestConfiguration.QueryParameters.Count = true; requestConfiguration.QueryParameters.Select = new string[] { "id", "displayName", "userPrincipalName", "userType" }; requestConfiguration.QueryParameters.Filter = "userType eq 'Member'"; // onPremisesSyncEnabled eq false requestConfiguration.Headers.Add("ConsistencyLevel", "eventual"); }); return result!.Value!.FirstOrDefault()!.Id; } public async Task<string?> ResetPassword(string email) { var graphServiceClient = _graphApplicationClientService .GetGraphClientWithManagedIdentityOrDevClient(); var userId = await GetUserIdAsync(email); if (userId == null) { throw new ArgumentNullException(nameof(email)); } var password = GetRandomString(); await graphServiceClient.Users[userId].PatchAsync( new User { PasswordProfile = new PasswordProfile { Password = password, ForceChangePasswordNextSignIn = true } }); return password; } private static string GetRandomString() { var random = $"{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}-AC"; return random; } private static int GenerateRandom() { return RandomNumberGenerator.GetInt32(100000000, int.MaxValue); } } Any Razor page can use the service and update the password. The Razor Page requires protection to prevent any user or bot updating any other user account. Some type of secret is required to use the service or an extra id which can be created from an internal IT admin. DDOS protection and BOT protection is also required if the Razor page is deployed to a public endpoint and a delay after each request must also be implemented. Extreme caution needs to be taken when exposing this business functionality. private readonly UserResetPasswordApplicationGraphSDK5 _userResetPasswordApp; [BindProperty] public string Upn { get; set; } = string.Empty; [BindProperty] public string? Password { get; set; } = string.Empty; public IndexModel(UserResetPasswordApplicationGraphSDK5 userResetPasswordApplicationGraphSDK4) { _userResetPasswordApp = userResetPasswordApplicationGraphSDK4; } public void OnGet(){} public async Task<IActionResult> OnPostAsync() { if (!ModelState.IsValid) { return Page(); } Password = await _userResetPasswordApp .ResetPassword(Upn); return Page(); } The demo application can be started and a password from a local member can be reset. The https//mysignins.microsoft.com/security-info url can be used to test the new password and add MFA or whatever. Notes You can use this solution for applications with no user. If using an administrator or a user to reset the passwords, then a delegated permission should be used with different Graph SDK methods and different Graph permissions. Links https//aka.ms/mysecurityinfo https//learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0 https//learn.microsoft.com/en-us/graph/sdks/paging?tabs=csharp https//learn.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword?view=graph-rest-1.0&tabs=csharp

What it means for software to be fast, and why most software is not.

This article shows how to provision Azure IoT hub devices using Azure IoT hub device provisioning services (DPS) and ASP.NET Core. The devices are setup using chained certificates created using .NET Core and managed in the web application. The data is persisted in a database using EF Core and the certificates are generated using the CertificateManager Nuget package. Code https//github.com/damienbod/AzureIoTHubDps Setup To setup a new Azure IoT Hub DPS, enrollment group and devices, the web application creates a new certificate using an ECDsa private key and the .NET Core APIs. The data is stored in two pem files, one for the public certificate and one for the private key. The pem public certificate file is downloaded from the web application and uploaded to the certificates blade in Azure IoT Hub DPS. The web application persists the data to a database using EF Core and SQL. A new certificate is created from the DPS root certificate and used to create a DPS enrollment group. The certificates are chained from the original DPS certificate. New devices are registered and created using the enrollment group. Another new device certificate chained from the enrollment group certificate is created per device and used in the DPS. The Azure IoT Hub DPS creates a new IoT Hub device using the linked IoT Hubs. Once the IoT hub is running, the private key from the device certificate is used to authenticate the device and send data to the server. When the ASP.NET Core web application is started, users can create new certificates, enrollment groups and add devices to the groups. I plan to extend the web application to add devices, delete devices, and delete groups. I plan to add authorization for the different user types and better paging for the different UIs. At present all certificates use ECDsa private keys but this can easily be changed to other types. This depends on the type of root certificate used. The application is secured using Microsoft.Identity.Web and requires an authenticated user. This can be setup in the program file or in the startup extensions. I use EnableTokenAcquisitionToCallDownstreamApi to force the OpenID Connect code flow. The configuration is read from the default AzureAd app.settings and the whole application is required to be authenticated. When the enable and disable flows are added, I will add different users with different authorization levels. builder.Services.AddDistributedMemoryCache(); builder.Services.AddAuthentication( OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp( builder.Configuration.GetSection("AzureAd")) .EnableTokenAcquisitionToCallDownstreamApi() .AddDistributedTokenCaches(); Create an Azure IoT Hub DPS certificate The web application is used to create devices using certificates and DPS enrollment groups. The DpsCertificateProvider class is used to create the root self signed certificate for the DPS enrollment groups. The NewRootCertificate from the CertificateManager Nuget package is used to create the certificate using an ECDsa private key. This package wraps the default .NET APIs for creating certificates and adds a layer of abstraction. You could just use the lower level APIs directly. The certificate is exported to two separate pem files and persisted to the database. public class DpsCertificateProvider { private readonly CreateCertificatesClientServerAuth _createCertsService; private readonly ImportExportCertificate _iec; private readonly DpsDbContext _dpsDbContext; public DpsCertificateProvider(CreateCertificatesClientServerAuth ccs, ImportExportCertificate importExportCertificate, DpsDbContext dpsDbContext) { _createCertsService = ccs; _iec = importExportCertificate; _dpsDbContext = dpsDbContext; } public async Task<(string PublicPem, int Id)> CreateCertificateForDpsAsync(string certName) { var certificateDps = _createCertsService.NewRootCertificate( new DistinguishedName { CommonName = certName, Country = "CH" }, new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(50) }, 3, certName); var publicKeyPem = _iec.PemExportPublicKeyCertificate(certificateDps); string pemPrivateKey = string.Empty; using (ECDsa? ecdsa = certificateDps.GetECDsaPrivateKey()) { pemPrivateKey = ecdsa!.ExportECPrivateKeyPem(); FileProvider.WriteToDisk($"{certName}-private.pem", pemPrivateKey); } var item = new DpsCertificate { Name = certName, PemPrivateKey = pemPrivateKey, PemPublicKey = publicKeyPem }; _dpsDbContext.DpsCertificates.Add(item); await _dpsDbContext.SaveChangesAsync(); return (publicKeyPem, item.Id); } public async Task<List<DpsCertificate>> GetDpsCertificatesAsync() { return await _dpsDbContext.DpsCertificates.ToListAsync(); } public async Task<DpsCertificate?> GetDpsCertificateAsync(int id) { return await _dpsDbContext.DpsCertificates.FirstOrDefaultAsync(item => item.Id == id); } } Once the root certificate is created, you can download the public pem file from the web application and upload it to the Azure IoT Hub DPS portal. This needs to be verified. You could also use a CA created certificate for this, if it is possible to create child chained certificates. The enrollment groups are created from this root certificate. Create an Azure IoT Hub DPS enrollment group Devices can be created in different ways in the Azure IoT Hub. We use a DPS enrollment group with certificates to create the Azure IoT devices. The DpsEnrollmentGroupProvider is used to create the enrollment group certificate. This uses the root certificate created in the previous step and chains the new group certificate from this. The enrollment group is used to add devices. Default values are defined for the enrollment group and the pem files are saved to the database. The root certificate is read from the database and the chained enrollment group certificate uses an ECDsa private key like the root self signed certificate. The CreateEnrollmentGroup method is used to set the initial values of the IoT Hub Device. The ProvisioningStatus is set to enabled. This means when the device is registered, it will be enabled to send messages. You could also set this to disabled and enable it after when the device gets used by an end client for the first time. A MAC or a serial code from the device hardware could be used to enable the IoT Hub device. By waiting till the device is started by the end client, you could choose a IoT Hub optimized for this client. public class DpsEnrollmentGroupProvider { private IConfiguration Configuration { get;set;} private readonly ILogger<DpsEnrollmentGroupProvider> _logger; private readonly DpsDbContext _dpsDbContext; private readonly ImportExportCertificate _iec; private readonly CreateCertificatesClientServerAuth _createCertsService; private readonly ProvisioningServiceClient _provisioningServiceClient; public DpsEnrollmentGroupProvider(IConfiguration config, ILoggerFactory loggerFactory, ImportExportCertificate importExportCertificate, CreateCertificatesClientServerAuth ccs, DpsDbContext dpsDbContext) { Configuration = config; _logger = loggerFactory.CreateLogger<DpsEnrollmentGroupProvider>(); _dpsDbContext = dpsDbContext; _iec = importExportCertificate; _createCertsService = ccs; _provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString( Configuration.GetConnectionString("DpsConnection")); } public async Task<(string Name, int Id)> CreateDpsEnrollmentGroupAsync( string enrollmentGroupName, string certificatePublicPemId) { _logger.LogInformation("Starting CreateDpsEnrollmentGroupAsync..."); _logger.LogInformation("Creating a new enrollmentGroup..."); var dpsCertificate = _dpsDbContext.DpsCertificates .FirstOrDefault(t => t.Id == int.Parse(certificatePublicPemId)); var rootCertificate = X509Certificate2.CreateFromPem( dpsCertificate!.PemPublicKey, dpsCertificate.PemPrivateKey); // create an intermediate for each group var certName = $"{enrollmentGroupName}"; var certDpsGroup = _createCertsService.NewIntermediateChainedCertificate( new DistinguishedName { CommonName = certName, Country = "CH" }, new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(50) }, 2, certName, rootCertificate); // get the public key certificate for the enrollment var pemDpsGroupPublic = _iec.PemExportPublicKeyCertificate(certDpsGroup); string pemDpsGroupPrivate = string.Empty; using (ECDsa? ecdsa = certDpsGroup.GetECDsaPrivateKey()) { pemDpsGroupPrivate = ecdsa!.ExportECPrivateKeyPem(); FileProvider.WriteToDisk($"{enrollmentGroupName}-private.pem", pemDpsGroupPrivate); } Attestation attestation = X509Attestation.CreateFromRootCertificates(pemDpsGroupPublic); EnrollmentGroup enrollmentGroup = CreateEnrollmentGroup(enrollmentGroupName, attestation); _logger.LogInformation("{enrollmentGroup}", enrollmentGroup); _logger.LogInformation("Adding new enrollmentGroup..."); EnrollmentGroup enrollmentGroupResult = await _provisioningServiceClient .CreateOrUpdateEnrollmentGroupAsync(enrollmentGroup); _logger.LogInformation("EnrollmentGroup created with success."); _logger.LogInformation("{enrollmentGroupResult}", enrollmentGroupResult); DpsEnrollmentGroup newItem = await PersistData(enrollmentGroupName, dpsCertificate, pemDpsGroupPublic, pemDpsGroupPrivate); return (newItem.Name, newItem.Id); } private async Task<DpsEnrollmentGroup> PersistData(string enrollmentGroupName, DpsCertificate dpsCertificate, string pemDpsGroupPublic, string pemDpsGroupPrivate) { var newItem = new DpsEnrollmentGroup { DpsCertificateId = dpsCertificate.Id, Name = enrollmentGroupName, DpsCertificate = dpsCertificate, PemPublicKey = pemDpsGroupPublic, PemPrivateKey = pemDpsGroupPrivate }; _dpsDbContext.DpsEnrollmentGroups.Add(newItem); dpsCertificate.DpsEnrollmentGroups.Add(newItem); await _dpsDbContext.SaveChangesAsync(); return newItem; } private static EnrollmentGroup CreateEnrollmentGroup(string enrollmentGroupName, Attestation attestation) { return new EnrollmentGroup(enrollmentGroupName, attestation) { ProvisioningStatus = ProvisioningStatus.Enabled, ReprovisionPolicy = new ReprovisionPolicy { MigrateDeviceData = false, UpdateHubAssignment = true }, Capabilities = new DeviceCapabilities { IotEdge = false }, InitialTwinState = new TwinState( new TwinCollection("{ \"updatedby\"\"" + "damien" + "\", \"timeZone\"\"" + TimeZoneInfo.Local.DisplayName + "\" }"), new TwinCollection("{ }") ) }; } public async Task<List<DpsEnrollmentGroup>> GetDpsGroupsAsync(int? certificateId = null) { if (certificateId == null) { return await _dpsDbContext.DpsEnrollmentGroups.ToListAsync(); } return await _dpsDbContext.DpsEnrollmentGroups .Where(s => s.DpsCertificateId == certificateId).ToListAsync(); } public async Task<DpsEnrollmentGroup?> GetDpsGroupAsync(int id) { return await _dpsDbContext.DpsEnrollmentGroups .FirstOrDefaultAsync(d => d.Id == id); } } Register a device in the enrollment group The DpsRegisterDeviceProvider class creates a new device chained certificate using the enrollment group certificate and creates this using the ProvisioningDeviceClient. The transport ProvisioningTransportHandlerAmqp is set in this example. There are different transport types possible and you need to chose the one which best meets your needs. The device certificate uses an ECDsa private key and stores everything to the database. The PFX for windows is stored directly to the file system. I use pem files and create the certificate from these in the device client sending data to the hub and this is platform independent. The create PFX file requires a password to use it. public class DpsRegisterDeviceProvider { private IConfiguration Configuration { get; set; } private readonly ILogger<DpsRegisterDeviceProvider> _logger; private readonly DpsDbContext _dpsDbContext; private readonly ImportExportCertificate _iec; private readonly CreateCertificatesClientServerAuth _createCertsService; public DpsRegisterDeviceProvider(IConfiguration config, ILoggerFactory loggerFactory, ImportExportCertificate importExportCertificate, CreateCertificatesClientServerAuth ccs, DpsDbContext dpsDbContext) { Configuration = config; _logger = loggerFactory.CreateLogger<DpsRegisterDeviceProvider>(); _dpsDbContext = dpsDbContext; _iec = importExportCertificate; _createCertsService = ccs; } public async Task<(int? DeviceId, string? ErrorMessage)> RegisterDeviceAsync( string deviceCommonNameDevice, string dpsEnrollmentGroupId) { int? deviceId = null; var scopeId = Configuration["ScopeId"]; var dpsEnrollmentGroup = _dpsDbContext.DpsEnrollmentGroups .FirstOrDefault(t => t.Id == int.Parse(dpsEnrollmentGroupId)); var certDpsEnrollmentGroup = X509Certificate2.CreateFromPem( dpsEnrollmentGroup!.PemPublicKey, dpsEnrollmentGroup.PemPrivateKey); var newDevice = new DpsEnrollmentDevice { Password = GetEncodedRandomString(30), Name = deviceCommonNameDevice.ToLower(), DpsEnrollmentGroupId = dpsEnrollmentGroup.Id, DpsEnrollmentGroup = dpsEnrollmentGroup }; var certDevice = _createCertsService.NewDeviceChainedCertificate( new DistinguishedName { CommonName = $"{newDevice.Name}" }, new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(50) }, $"{newDevice.Name}", certDpsEnrollmentGroup); var deviceInPfxBytes = _iec.ExportChainedCertificatePfx(newDevice.Password, certDevice, certDpsEnrollmentGroup); // This is required if you want PFX exports to work. newDevice.PathToPfx = FileProvider.WritePfxToDisk($"{newDevice.Name}.pfx", deviceInPfxBytes); // get the public key certificate for the device newDevice.PemPublicKey = _iec.PemExportPublicKeyCertificate(certDevice); FileProvider.WriteToDisk($"{newDevice.Name}-public.pem", newDevice.PemPublicKey); using (ECDsa? ecdsa = certDevice.GetECDsaPrivateKey()) { newDevice.PemPrivateKey = ecdsa!.ExportECPrivateKeyPem(); FileProvider.WriteToDisk($"{newDevice.Name}-private.pem", newDevice.PemPrivateKey); } // setup Windows store deviceCert var pemExportDevice = _iec.PemExportPfxFullCertificate(certDevice, newDevice.Password); var certDeviceForCreation = _iec.PemImportCertificate(pemExportDevice, newDevice.Password); using (var security = new SecurityProviderX509Certificate(certDeviceForCreation, new X509Certificate2Collection(certDpsEnrollmentGroup))) // To optimize for size, reference only the protocols used by your application. using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly)) //using (var transport = new ProvisioningTransportHandlerHttp()) //using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly)) //using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.WebSocketOnly)) { var client = ProvisioningDeviceClient.Create("global.azure-devices-provisioning.net", scopeId, security, transport); try { var result = await client.RegisterAsync(); _logger.LogInformation("DPS client created {result}", result); } catch (Exception ex) { _logger.LogError("DPS client created {result}", ex.Message); return (null, ex.Message); } } _dpsDbContext.DpsEnrollmentDevices.Add(newDevice); dpsEnrollmentGroup.DpsEnrollmentDevices.Add(newDevice); await _dpsDbContext.SaveChangesAsync(); deviceId = newDevice.Id; return (deviceId, null); } private static string GetEncodedRandomString(int length) { var base64 = Convert.ToBase64String(GenerateRandomBytes(length)); return base64; } private static byte[] GenerateRandomBytes(int length) { var byteArray = new byte[length]; RandomNumberGenerator.Fill(byteArray); return byteArray; } public async Task<List<DpsEnrollmentDevice>> GetDpsDevicesAsync(int? dpsEnrollmentGroupId) { if(dpsEnrollmentGroupId == null) { return await _dpsDbContext.DpsEnrollmentDevices.ToListAsync(); } return await _dpsDbContext.DpsEnrollmentDevices.Where(s => s.DpsEnrollmentGroupId == dpsEnrollmentGroupId).ToListAsync(); } public async Task<DpsEnrollmentDevice?> GetDpsDeviceAsync(int id) { return await _dpsDbContext.DpsEnrollmentDevices .Include(device => device.DpsEnrollmentGroup) .FirstOrDefaultAsync(d => d.Id == id); } } Download certificates and use The private and the public pem files are used to setup the Azure IoT Hub device and send data from the device to the server. A HTML form is used to download the files. The form sends a post request to the file download API. <form action="/api/FileDownload/DpsDevicePublicKeyPem" method="post"> <input type="hidden" value="@Model.DpsDevice.Id" id="Id" name="Id" /> <button type="submit" style="padding-left0" class="btn btn-link">Download Public PEM</button> </form> The DpsDevicePublicKeyPemAsync method implements the file download. The method gets the data from the database and returns this as pem file. [HttpPost("DpsDevicePublicKeyPem")] public async Task<IActionResult> DpsDevicePublicKeyPemAsync([FromForm] int id) { var cert = await _dpsRegisterDeviceProvider .GetDpsDeviceAsync(id); if (cert == null) throw new ArgumentNullException(nameof(cert)); if (cert.PemPublicKey == null) throw new ArgumentNullException(nameof(cert.PemPublicKey)); return File(Encoding.UTF8.GetBytes(cert.PemPublicKey), "application/octet-stream", $"{cert.Name}-public.pem"); } The device UI displays the data and allows the authenticated user to download the files. The CertificateManager and the Microsoft.Azure.Devices.Client Nuget packages are used to implement the IoT Hub device client. The pem files with the public certificate and the private key can be loaded into a X509Certificate instance. This is then used to send the data using the DeviceAuthenticationWithX509Certificate class. The SendEvent method sends the data using the IoT Hub device Message class. var serviceProvider = new ServiceCollection() .AddCertificateManager() .BuildServiceProvider(); var iec = serviceProvider.GetService<ImportExportCertificate>(); #region pem var deviceNamePem = "robot1-feed"; var certPem = File.ReadAllText($"{_pathToCerts}{deviceNamePem}-public.pem"); var eccPem = File.ReadAllText($"{_pathToCerts}{deviceNamePem}-private.pem"); var cert = X509Certificate2.CreateFromPem(certPem, eccPem); // setup deviceCert windows store export var pemDeviceCertPrivate = iec!.PemExportPfxFullCertificate(cert); var certDevice = iec.PemImportCertificate(pemDeviceCertPrivate); #endregion pem var auth = new DeviceAuthenticationWithX509Certificate(deviceNamePem, certDevice); var deviceClient = DeviceClient.Create(iotHubUrl, auth, transportType); if (deviceClient == null) { Console.WriteLine("Failed to create DeviceClient!"); } else { Console.WriteLine("Successfully created DeviceClient!"); SendEvent(deviceClient).Wait(); } Notes Using certificates in .NET and windows is complicated due to how the private keys are handled and loaded. The private keys need to be exported or imported into the stores etc. This is not an easy API to get working and the docs for this are confusing. This type of device transport and the default setup for the device would need to be adapted for your system. In this example, I used ECDsa certificates but you could also use RSA based keys. The root certificate could be replaced with a CA issued one. I created long living certificates because I do not want the devices to stop working in the field. This should be moved to a configuration. A certificate rotation flow would make sense as well. In the follow up articles, I plan to save the events in hot and cold path events and implement device enable, disable flows. I also plan to write about the device twins. The device twins is a excellent way of sharing data in both directions. Links https//github.com/Azure/azure-iot-sdk-csharp https//github.com/damienbod/AspNetCoreCertificates Creating Certificates for X.509 security in Azure IoT Hub using .NET Core https//learn.microsoft.com/en-us/azure/iot-hub/troubleshoot-error-codes https//stackoverflow.com/questions/52750160/what-is-the-rationale-for-all-the-different-x509keystorageflags/52840537#52840537 https//github.com/dotnet/runtime/issues/19581 https//www.nuget.org/packages/CertificateManager Azure IoT Hub Documentation | Microsoft Learn

Simple Thread is a digital product agency with a focus in the electric power industry. The power and electric utility industry is absolutely fascinating in its scale and complexity and we love sharing all of the interesting things we have learned. The topics may vary from facts about the grid, to green energy, energy sustainability, basic electrical engineering, the future of the grid, and everything in between. If you’d like to hear more, keep checking back! ———————————————- The United States power grid is quite possibly the most complex machine ever devised. As we discussed in the post A Tale of Two Grids the continental US power grid is actually made up of three separate synchronous grids called interconnections. These interconnections are The Eastern Interconnection The Western Interconnection The Texas Interconnection You can tell that clever names weren’t high on the todo list. Federal Energy Regulatory Commission These interconnections are massively complex, and managing, operating, and regulating them is a monumental task. At the top of the regulatory pyramid is FERC, the Federal Energy Regulatory Commission. FERC was formed in 1977 as a result of the Department of Energy Organization Act. The Department of Energy Organization Act abolished the previously created Federal Power Commission (FPC) and transferred its responsibilities to FERC. FERC is the federal agency that regulates the transmission and sale of electricity across state lines. However its powers extend far beyond the electric grid to regulate other forms of energy such as natural gas and oil. It also has the responsibility of ensuring the reliability and security of the nation’s bulk power system. It does this in part through the oversight and approval of reliability standards for the U.S. bulk electric system (any part of the grid operating at 100kV or higher). North American Electric Reliability Corporation FERC doesn’t actually create these standards though, it does this through a partnership with an international nonprofit called the North American Electric Reliability Corporation (NERC). NERC is the successor to the North American Electric Reliability Council (Also NERC), which was a voluntary industry association formed in the aftermath of the Northeast Blackout of 1965. The current NERC was formed out of the Energy Policy Act of 2005 in the aftermath of the 2003 Northeast blackout. The Energy Policy Act of 2005 mandated the creation of an “Electric Reliability Organization” (ERO) within the United States in order to enforce reliability standards on the bulk power grid. In 2006 FERC approved the newly overhauled NERC to be the Electric Reliability Organization (ERO) for the United States. NERC develops and oversees the enforcement of mandatory reliability standards across the United States, Canada, and parts of Mexico. It works with a variety of stakeholders including utility companies and other regulators to establish standards and best practices for operating the grid. It is also responsible for monitoring the grid’s performance, identifying risks, and performing audits to ensure compliance with its standards. Regional Entities You might have noticed that I said “oversees the enforcement of mandatory reliability standards” in the previous paragraph. Yes, NERC doesn’t actually enforce the standards, but instead delegates enforcement of their standards to six Regional Entities (REs). These Regional Entities are responsible for ensuring compliance with NERCs mandatory reliability standards within a specific region. They audit, assess, and investigate utilities and other electric grid participants for compliance with those reliability standards. They also work with NERC to develop additional regional reliability standards, if there are needs specific to where they operate. Reliability Coordinators Sitting alongside Regional Entities is another group of organizations known as Reliability Coordinators (RCs). Reliability Coordinators are certified by NERC and are the highest level organization responsible for the reliable functioning of the bulk electric system. RCs are primarily responsible for the real-time management of a specific area of the grid. They have a wide-area and real-time view of the grid and they monitor things like grid conditions, generation output, and transmission line statuses. RCs ensure that generation and demand is balanced, and is also responsible for issuing reliability alerts or implementing emergency procedure directives. For example, they might tell a particular utility to reduce load on a particular transmission line in response to a situation on the grid. Reliability Coordinators can be RTOs/ISOs (discussed below), other regional entities such as the Tennessee Valley Authority, or a single utility such as Southern Company. Balancing Authorities Balancing Authorities (BAs) are entities certified by NERC that are responsible for maintaining the balance between electricity supply and demand within a geographical area. There are currently 66 Balancing Authorities within the United States that range from large multi-state areas to small chunks of single states. BAs implement real-time grid operations such as dispatching generation, controlling electrical interchange with neighbors, and frequency regulation. Balancing Authorities can be RTOs/ISOs (discussed below), other regional entities such as the Tennessee Valley Authority, or a single utility such as Southern Company. RTOs and ISOs As if all of this wasn’t complicated enough, there are also nine organizations known as either Regional Transmission Organizations (RTOs) or Independent System Operators (ISOs). These organizations are responsible for the operation, planning, and management of the transmission grid and electricity markets within their respective regions. The main difference between ISOs and RTOs is that ISOs usually operate within a single state, while RTOs are larger regional entities. The naming is less than clear though, since both ISO New England (ISO-NE) and the Midcontinent ISO (MISO) are both RTOs. The reason for this is that ISOs were formed in 1996 as part of FERC Orders 888 and 889, while RTOs were not formed until FERC Order 2000 in 1999. MISO was made an ISO in 1998, but later also became the first RTO in 2001. RTOs/ISOs and Regional Entities may seem redundant at first glance, but they serve very different purposes. Regional Entities are responsible for enforcing NERCs reliability standards, including enforcing those standards against RTOs and ISOs. RTOs and ISOs can be audited by Regional Entities and be penalized for non-compliance. RTOs and ISOs have to implement those standards, but they are more concerned with coordinating, controlling, monitoring, and managing the grid and electricity markets within their region. One other very important distinction is that RTOs and ISOs are voluntary, and not all of the United States is covered by either type of organization. Parts of the Southeast and Northwest are two of the largest regions that are not covered by ISOs or RTOs. Therefore utilities within those regions must form agreements with other power companies or ISOs/RTOs they want to interconnect with or to trade power with. RTOs can also be ISOs, and they can also be Regional Entities, Reliability Coordinators, and Balancing Authorities! For example, PJM is the RTO for most of the mid-Atlantic and is also the region’s Regional Entity, Reliability Coordinator, and Balancing Authority. Transmission Operators And finally we get to the companies that do the work of actually transmitting the electricity! We call these Transmission Operators (TOPs). Transmission Operators are responsible for the maintenance, monitoring, and operation of the part of the transmission grid they own. The list of responsibilities these organizations have is a mile long, but at the end of the day they own a piece of the transmission grid and are responsible for it. There are organizations that sit around them that do things like enforce compliance and manage markets, but Transmission Operators are the folks that show up if there is an actual problem with the grid and fix it. They monitor their piece of the grid in real-time and communicate with balancing authorities and regional entities to ensure that everything is running smoothly. A Quick Example This is all a bit complex, so to clarify things a bit, let’s look at an example. Simple Thread is headquartered in Richmond, Virginia on the east coast of the United States and so we are physically located within the eastern interconnection and the hierarchy of entities that oversees this area is this FERC – The federal agency that regulates the transmission and sale of electricity across state lines. Approves and oversees the creation of standards that are created and enforced by NERC. NERC – The nonprofit organization responsible for establishing reliability standards for the North American power grid. SERC – The SERC Reliability Corporation (which originally stood for Southeastern Electric Reliability Council) is the Regional Entity for all of the southeast that NERC has delegated authority to in order to enforce NERC reliability standards. Virginia is split between two Regional Entities SERC and ReliabilityFirst. PJM – PJM Interconnection Inc. is the RTO that Virginia is located within. The acronym originally stood for Pennsylvania-New Jersey-Maryland, but its footprint is much larger now. PJM oversees a part of the bulk electric system in parts of 13 states and Washington DC that has more than 185 gigawatts of generation capacity. It is also the regional Reliability Coordinator and Balancing Authority for its region. Dominion Energy – The power company which is the local Transmission Operator (TOP), meaning that they actually build, maintain, and operate all of the local pieces of the bulk electric system that is overseen by PJM. Summary The management structure of the Bulk Power System in the United States is a complex system of organizations each with different responsibilities and authority. I hope that this article gives you a little better insight into the different organizations that exist and what they are responsible for. The post Management Structure of the U.S. Bulk Electric System appeared first on Simple Thread.

GitHub is where people build software. More than 28 million people use GitHub to discover, fork, and contribute to over 85 million projects.

This post looks at onboarding users into an Azure DevOps team or project using Azure AD access packages. The Azure AD access packages are part of the Microsoft Entra Identity Governance and provide a good solution for onboarding internal or external users into your tenant with access to the defined resources. Flow for onboarding Azure DevOps members Sometimes we develop large projects with internal and external users which need access to an Azure DevOps project for a fixed length of time which can be extended if required. These users only need access to the the Azure DevOps project and should be automatically removed when the contract or project is completed. Azure AD access packages are a good way to implement this. Use an Azure AD group The access to the Azure DevOps can be implemented by using an Azure security group in Azure AD. This security will be used to add team members for the Azure DevOps project. Azure AD access packages are used to onboard users into the Azure AD group and the Azure DevOps project uses the security group to define the members. The “azure-devops-project-access-packages” security group was created for this. Setup the Azure DevOps A new Azure DevOps project was created for this demo. The project has an URL on the dev.azure.com domain. The Azure DevOps needs to be attached to the Azure AD tenant. Only an Azure AD member with the required permissions can add a security group to the Azure DevOps project. My test Azure DevOps project was created with the following URL. You can only access this if you are a member. https//dev.azure.com/azureadgroup-access-packages/use-access-packages The project team can now be onboarded. Create the Azure AD P2 Access packages To create an Azure AD P2 Access package, you can use the Microsoft Entra admin center. The access package can be created in the Entitlement management blade. Add the security group from the Azure AD which you use for adding or removing users to the Azure DevOps project. Add the users as members. The users onboarded using the access package are given a lifespan in the tenant for the access and can be extended or not as needed. The users can be added using an access package link, or you can get an admin to assign users to the package. I created a second access package to assign any users to the package which can then be approved or rejected by the Azure DevOps project manager. The Azure DevOps administrator can approve the access package and the Azure DevOps team member can access the Azure DevOps project using the public URL. The new member is added to the Azure security group using the access package. An access package link would look something like this https//myaccess.microsoft.com/@damienbodsharepoint.onmicrosoft.com#/access-packages/b5ad7ec0-8728-4a18-be5b-9fa24dcfefe3 Links https//learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-create https//learn.microsoft.com/en-us/azure/devops/organizations/accounts/faq-user-and-permissions-management?view=azure-devops#q-why-cant-i-find-members-from-my-connected-azure-ad-even-though-im-the-azure-ad-global-admin https//entra.microsoft.com/

This post may contain paid links to my personal recommendations that help to support the site! Do you have an iPad that’s sitting around, and you’ve no idea what to use it for? Or do you feel like you’re missing out on all the amazing possibilities your iPad has to offer? There’s no doubt that iPads have become an integral part of our lives, but have you ever stopped to think about the many ways your Apple device can be used? From productivity to leisure, here are 20+ creative, interesting, and innovative iPad uses that will revolutionize how you use your tablet! Read on for a full list of these ideas! Best Uses for iPad 1. A Second Display If you like working with multiple monitors, you can also turn your iPad into a second display. With the help of Sidecar on Mac, you can easily mirror and extend your main screen to the iPad. If you’re planning to use both the functions of the iPad and your Mac, you can also use Universal Control. It allows you to drag and drop files between the two devices. 2. As a Photo Frame Turn your iPad into a digital photo frame that displays all your best memories! All you need to do is download apps that help you turn your iPad into a digital photo frame, and you’ll be able to easily scroll through all of your photos on the iPad’s display. 3. Learning iPads can also be used for educational purposes too! For example, students can take down notes using an Apple Pencil on their iPads using the built-in Notes app. Additionally, iPads can be used to record lectures and take notes in class. Here are some common apps used by students for taking notes Apple Notes Notability GoodNotes Notion 4. Gaming iPads can be used for gaming, whether you’re an avid gamer or just looking to have some fun. There are tons of games available on the App Store, and many of them are free to download. Plus, most iPads have powerful hardware that can make playing games a great experience. 5. Entertainment The iPad is also a great way to stay entertained while on the go! Whether watching movies or streaming music, your iPad can be a fully-fledged entertainment device. Listen to podcasts and audiobooks, catch up on the latest episodes of your favorite TV shows, and watch movies wherever you are. Plus, with the help of AirPlay or Chromecast, you can cast what’s playing on your iPad to another screen. 6. Video Calling a Loved One We all have called our loved ones before, and we tend to do it on our phones for convenience. However, have you considered using the iPad for video calls instead? This is especially useful when having video calls with a group of people. iPads have larger displays, making it easier to see and talk with multiple people at the same time. Also, you’ll be able to use the iPad’s built-in camera and microphone for high-quality video calls. To start using these calls, you can simply start with the built-in FaceTime app or download third-party apps like WhatsApp and Telegram. Just make sure you have a good internet connection for video calls with no lag or disruption! FaceTime calls have been the best call quality for me when calling my loved ones so far, so if you’re calling an Apple device, you should consider that. iPad Uses for Work For those who are wondering if your iPad can also be put to good use for work, here are some ideas 1. Video Editing If you’re a professional video editor, the iPad is your perfect companion for editing while you’re away from your main Mac or PC workstation. Thanks to its powerful hardware and apps likeLumaFusion, you can do some serious work on the go. For more casual video editing, you can try out iMovie for a decent video editing experience. You can edit videos and even add effects with ease using the touchscreen on an iPad. However, one of the limitations you’ll encounter is the lack of ports for drives to handle all your large videos. Not to worry, though! Just make sure you get a USB hub and a reliable solid-state drive to ensure you have enough space for editing, and you’ll do fine! 2. Project Management With project management apps like Trello and Asana, you can easily manage your team’s tasks from anywhere. You can create boards and assign tasks to your team members, add comments, and keep track of progress with just a few taps on the iPad. What I like about these apps is that you’ll get timely notifications for deadlines or changes made to the project. This makes your iPad a very good dashboard to have to monitor work progress. I’d place my iPad next to my desktop to the side and use it to track how work is going along. Since the iPad is also very portable, you can easily pick it up and take it with you to meetings without having to lug around your laptop. 3. Taking Minutes Talking about meetings the iPad is also a handy tool to have for meetings as well. You can use it to take notes and record what’s said in the meeting. Evernote is a great app you can use to easily take down notes while in meetings, and you can also record audio or video of the meeting as well. This makes taking meeting minutes much easier than taking down manual notes on a notepad. If you’re looking for a simpler app, just use the record function within the Apple Notes app to record any discussions. I’m pretty sure you’ll thank me for speeding up your minute-taking workflow for this! iPad Uses for Students And, of course, I won’t be leaving out the students who want to use iPads to help them too. The iPad has become an essential tool for student learning for its portability. 1. Note Taking As mentioned earlier, there are several apps you can use for note-taking on an iPad. Whether you prefer handwritten notes, typed notes, or even audio and video recordings of lectures, the iPad has something that you’ll be able to use for studying. Additionally, with a keyboard case, magic keyboard, or Apple Pencil, the iPad can be used to replace a laptop entirely! The addition of a keyboard can also help you type essays quickly. 2. Working on Math Calculations As a math, science, or engineering student, you’ll most likely require some practice in solving problems. Thanks to the iPad, you can now use note-taking apps to write down and practice working on the problem questions. This makes things much easier, since you won’t require so much physical paper just to work out a question. Moreover, since they are taken down digitally, you’ll be able to refer to them quickly. 3. Art and Design Projects For art and design students, the iPad is a great tool to have for sketching ideas down quickly and for serious project work. With apps like ProCreate and Photoshop Sketch, you can easily draw illustrations or sketches with your Apple Pencil. The app also offers several features, like a wide variety of brushes and mediums that let you easily create stunning digital artwork. Not only that, but it’s also great for sharing your artwork with friends or classmates. To get the best drawing experience, you’ll need a screen cover that can provide more friction to simulate actual drawing. The Paperlike iPad Screen Protector is a good option I recommend. Best Uses for iPad Pro The iPad Pro really packs a punch, with the latest models equipped with the latest M2 chip. To make the best use of your iPad pro, I’ve listed some great ideas below. 1. Photo Editing With the iPad Pro, you have the largest iPad screen size in the whole lineup. This can be useful for editing photos. With a powerful processor and beautiful display, you can bring out the best of your images with apps like Lightroom or Photoshop Express. The bright display also lets you edit photos with ease, even when you’re outside working in a dark space. 2. Video Editing As for video editing, you can use apps like iMovie or LumaFusion to edit videos quickly and easily. You’ll be able to work on multiple layers of video, add music and effects, and even export it in 4K resolution. 3. AR/VR Experiences Virtual Reality (VR) and Augmented Reality (AR) experiences can be used for educational or entertainment purposes. The iPad Pro has a powerful processor and graphics card that will make these types of experiences run smoother than ever before. Plus, with the new LiDAR scanner Apple introduced on the 2020 models of iPad Pro, you can experience AR/VR content in a whole new way. You can even use the iPad as a measurement tool using AR through the Measure app. 4. Drawing and Animation Most people know that the iPad Pro is a great tool for note-taking, but they don’t realize that drawing on the iPad Pro is amazing too. With apps like Adobe Fresco, you can create digital art easily with your Apple Pencil. It also features animation tools so you can animate your artwork as well. 5. Data Analysis One lesser-known use for the iPad Pro is for data analysis. With a powerful processor and graphics, you can use the iPad Pro to analyze data quickly. With apps like MATLAB or Microsoft Excel, you’ll be able to work on complex calculations and analytics while on the move. 6. Gaming Making full use of the ProMotion (high-frequency refresh rate) in an iPad Pro, you’ll be able to enjoy your favorite games at a much smoother experience! The iPad Pro can support the latest graphics-heavy game titles that offer great visuals and performance. Moreover, you can even pair an Xbox or PS4 controller with it for a console-like gaming experience. Best Uses for iPad Air Some of the best uses for iPad Air include 1. Reading & Writing The iPad Air’s bright, vibrant display makes it great for reading and writing. You can use apps like Kindle or even comics to read books. You can also write essays or take down notes with the help of a keyboard attachment. 2. Social Media The iPad Air is also great for social media because of its decently sized screen. Enjoying your favorite TikToks on your iPad Air’s 10.9″ display will be incredibly immersive, and you can even comment or like videos with ease. Plus, the iPad Air has great battery life, so you won’t have to worry about your device dying on you during a long scrolling session! 3. Streaming & Media Consumption If you want to watch movies and shows with the best picture quality, an iPad Air is perfect for you. With the latest models of the iPad Air, you can even stream in 2K resolution. Best Uses for iPad Mini The iPad Mini is one of Apple’s unique products, having an 8.3″ screen size that’s perfect for one-handed use. Here are some of the best uses for it 1. Consuming Social Media The iPad mini is great for consuming social media, especially if you have small hands. Thanks to its compact size, it can fit perfectly in your hand without feeling too big or heavy. Plus, it has a beautiful display that will make looking at pictures and videos more enjoyable. 2. Reading & Writing The iPad Mini is also great for reading books or writing essays. With its small size and lightweight, it can easily fit into your pocket or bag, allowing you to take it with you wherever you go. Uses for an Old iPad If you have an old iPad just lying around with no use, here are some ways to make the most out of it 1. A Secondary Device The old iPad can be used as a secondary device for when you’re on the go. You can use it to check emails, browse the web, or even watch movies. 2. Digital Picture Frame You can also turn your old iPad into a digital picture frame! I’d recommend creating a slideshow of your favorite pictures taken during your last vacation and having them displayed on your iPad. 3. Gaming Console If you still want to play games on an old iPad, you can use it as a gaming console. You can download classic titles or retro games onto the device and enjoy some nostalgic gaming. How to Use An iPad in Everyday Life Here’s a simple guide I made to help you understand how to use an iPad in everyday life Start by including your iPad in your workflow by using it to take notes while you take calls at work. You can also jot down a quick daily to-do list. If you’re a student, consider using it for studying and recording notes in lectures. Another way to include the iPad in your life is to start journaling on your iPad. This can be done when you pen down your reflections in a journaling app on your tablet at the end of the day. These steps should be a good way to get you started in being a power iPad user. Related Questions Here are some commonly asked questions you might have. I’ll answer them below! What is the purpose of having an iPad? The purpose of having an iPad is to use it as a device for entertainment, productivity, or both. You can stream movies, play games, take notes, keep track of your schedule, and more. It’s also great for taking pictures and videos with its advanced cameras. iPads have excellent battery life, so you won’t have to worry about them dying on you during an important task. What are the main uses of an iPad? The main uses of an iPad are note-taking, reading, media consumption, video editing, and gaming. What is better, an iPad or a laptop? An iPad is the better choice for a lightweight and versatile option, but the laptop is better for typing and heavier computing work. Also, if you need more processing power or want access to traditional desktop PC applications, then a laptop is the way to go. Ultimately, it comes down to what tasks you need in your workflow. Can iPad be used as a laptop? Yes, an iPad can be used as a laptop with the help of a keyboard and an external mouse. The iPadOS operating system supports these accessories, which makes it possible to use the device for more intensive work like typing up documents or coding. Why do I need an iPad if I have a laptop? An iPad can be a great supplement for your laptop if you need to do light work on the go. It’s portable, easy to carry around, and has long battery life. It also offers access to apps that might not be available on laptops which makes it perfect for tasks like drawing or playing games. It also provides an external device dedicated to excellent digital drawing and note-taking. If you already own iOS devices, having an iPad is also great for tight integrations through the Apple Ecosystem. Final Thoughts The iPad is a versatile tool that can be used for many different tasks. Whether you use it as a notebook, gaming console, or digital picture frame, you’ll find that this device can make your life more productive and enjoyable. I hope I was able to help you understand how to use an iPad in everyday life and make good use of that iPad that’s just doing nothing but collecting dust in your home. The post iPad Uses 20+ Creative Things to Do With Your Apple Tablet! appeared first on Any Instructor.

Every Digital Product Starts in the Same Place—With an Idea An idea that sticks in your craw (as we say here in the South), and won’t let go. An idea that strikes in a moment of clarity, or one that slowly takes shape over time. An idea that stands up to endless poking and prodding, questions asked and answered, and examined from a multitude of angles. After years of working in startups and mentoring folks in the startup world, I can tell you that the best ideas are born out of problems. Maybe it’s a small problem in your day-to-day life (i.e., always hunting for your partner’s keys brought us a product like Tile), or a problem that if resolved would greatly impact your company’s efficiency and collaboration (such as cloud-based file-sharing, i.e., Dropbox). Intentionally looking for and digging into the pain points in your daily life, your community, or your industry can be a rich place for digital product ideas. No matter how great you think your idea is, just having an idea isn’t enough to pull-off a product build. You need at least some of the aforementioned people and processes to build a product. And in order to pull together the resources and expertise that you need, you’re going to have to communicate your idea and your plan in a compelling way.   This Isn’t a Guide About How to Hone Your Elevator Pitch to Land Venture Capitalists There’s a lot of ground to cover between initial idea and elevator pitch—practically an entire ecosystem of information, concepts, and strategies such as innovation accounting, cohort analysis, growth engines, actionable metrics, customer validation, validated learning, value propositions, BHAGS, OKRs, MVPs… the list goes on and on and each one has their own line of books, podcasts, articles, blogs, and Twitter experts to sift through. It is overwhelming and the sheer wealth of information could be enough to make you want to hurl your idea into the ocean and run far, far away. But if that idea keeps coming back to you, or never really leaves. If you are convinced there is something there. If you’re ready to take on the monumental task of building a digital product. Then I am here for you. My goal with this article is to help you navigate the startup landscape, avoid analysis paralysis, and give you a framework for forward progress. There are some great concepts and processes out there that you should explore as you cultivate your idea and we’ll pick and choose from some of the best ones so you can keep moving towards bringing your idea to reality. The concept is to build something that you can test, test it, and then learn from those tests to allow you to make decisions on what you need to build next. However, if taken too literally, this process can be extremely expensive, an ineffective use of resources, and could crush your entire endeavor before you really get off the ground. Every Product’s Goal Is to Reach a Solid Product/Market Fit. Your idea might be amazing, and might solve a real problem for you, but it is just a hypothesis. Many entrepreneurs fall in love with their solution, spend a bunch of precious resources designing, building, and releasing a product onto an unsuspecting world and find that it falls flat on its face. Unfortunately this is the fate of most startups. Instead of this big bang approach, you’ll want to take smaller steps, and slowly adjust to reach a good product/market fit. It might feel like this process would take longer, especially if you’re convinced that your product is a perfect fit for the market, but it is the constant learning and adjustments that ensure that you don’t move too quickly in the wrong direction. Below is a diagram of what it looks like when you build out a product, but are moving in the wrong direction, and then have to pivot. It can be a very costly mistake as opposed to moving in small and measured increments. The Roadmap As we’ve noted before, there’s a lot of ground to cover on our way to a solid digital product, and many ways to get there. There are a lot of flashy billboards along the way that promise quick results, immediate feedback, and guaranteed success. We’re going to avoid those — they’re tourist traps. But do feel free to take a pit stop if there’s an idea that’s presented in this next section that seems really intriguing to you — a little more exploration in that area may be just what you need to follow through on your journey. If you’re familiar with the concept of “Design Thinking,” then you probably recognized these as roughly the same steps that you’ll see outlined as the phases of design thinking. I am going to walk through these different steps and talk about some of the approaches that I think can help you keep moving through the process.   Find Your Problem As we mentioned earlier, the best ideas for digital products are born out of problems—those pain points in our processes or daily life that repeatedly slow us down or cause irritation. Look around at your own life, your family, your commute, your schedule, your work, your hobbies. Consider your organization, your industry, your conferences, your networking opportunities. Where are the trouble spots? When do nerves get frayed and who does it affect the most? What systems run smoothly while others just can’t get off the ground? Is there a pattern? I really wish I could offer more advice on this topic. But until you’ve found a problem that is urgent, and that truly solves a problem for someone, you should probably stop here. However, I have a strong feeling that if you’re reading this, you are already well aware of a problem that is just dying to be solved. Onward! Be intentional about looking for problems in your day to day life and you’ll likely find plenty of ideas! Define the Problem Maybe this has happened to you You’re pouring out your heart to a close friend or partner about a particularly difficult situation and before you even finish talking, they’re cutting you off so they can tell you what you should do (“What you need is…”, “Let me tell you about the time I…”, “You need to talk to my friend who sells…”) As supportive as they’re trying to be, they’re jumping to offer a quick-fix, uninformed solution when what you really need is someone to just listen and understand. In startups, as in relationships, jumping ahead to the solution without doing the work of listening to the problem is where things can start to veer off course. So this is where we begin the work of defining the problem that you’re trying to solve — and that’s not the same thing as solving the problem! The goal at this point is to start learning. In order to start learning, we have to start with a hypothesis about what problems we are trying to solve. Write down a few of them, and don’t get too hung up on whether they are right or wrong for now. A few examples of the hypotheses could be Finding recipes and making dinner when working parents get home from work is hard. It is too challenging for coworkers to share large files with each other in a secure way. It is so hard to regularly keep in touch with your extended network of friends. Remember, we’re not looking for solutions, just the problems. Stay open to possibilities, and as the saying goes… fall in love with the problem, not the solution. If you’re feeling challenged with your problems, or you just want to dig in a little deeper into the topic, here are some helpful tools available that you may want to explore. Lean Canvas does a great job of helping people refine a product’s business model. Check out the “Problems” section as a jumping off point (see below). Five Whys might be a helpful framework for trying to get to the root causes of your problem. Try your hand at writing a formal Problem Statement, and see if that helps you identify and explain your problem. Empathize With Others The next step in this process is to shift our perspective a bit and think about the problem from the viewpoint of possible customers. This could look like a simple list of target customers and users, but I think it’s worth digging a little deeper to form a clearer picture of your users, because from here on out “User Needs” are the source of truth that we’ll come back to over and over throughout our journey. It will serve as the “north star” for our future decision making. To start off, just list out the possible groups of users that you think might want to use your product. You can call these “customer segments” or “user archetypes” or whatever you want, but the point is to get to a list like this Lawyers in large natural gas companies Owners of pet grooming businesses Fraud analysts working in medium-sized financial services companies You should try to be as specific as possible with these customers. Having a list of the top four or five is usually good, because you can only focus on so many people’s needs. You’ll want users that are specific enough that you can imagine a person that would fit into those roles. As you proceed with the process, it can be incredibly useful to actually think of imaginary people that represent these roles. People in the UX industry call these Personas. Personas are a tool for defining the major groups of users for your product, and allow you to design your product with a particular set of users and needs in mind, which is incredibly valuable. Being able to design some functionality and then test that functionality against the needs of your personas allows you to quickly gut-check your designs. However, creating true personas requires finding potential users and interviewing those users, which can be time and resource-intensive. If you are able to do that, then awesome, go do it! But, to quickly bootstrap this process, Jeff Gothelf coined the term “Proto-Personas,” which is simply the process of creating hypothetical personas that you can use to launch your process and then refine later. There are thousands of blog posts, training courses, and books on creating personas, but here are some basic attributes, and examples, to consider as you get started Don’t get too hung up on figuring out the “right way” to put this initial version together. The value here is in thinking deeply about the types of customers who could be using your application, and why they would get value out of it. Defining these proto-personas will allow you to dig deeper and really start to think about whether the problems you came up with in the previous step really were the set of problems you’re setting out to solve. If, after you’ve defined your proto-personas, you’re still confident in the problems you defined, then feel free to continue on—otherwise go back and spend some more time with them until you feel good about them. If you feel like you’re completely making things up, and you don’t feel good about your proto-personas at all, then maybe it is time to get out and go talk to some folks that might be users of your product. The value here is in thinking deeply about the types of customers who could be using your application, and why they would get value out of it. Generate Solutions Time to dream. Congratulations! You’ve finally made it to the part where you can begin to think about possible solutions to your problem. This is usually where most entrepreneurs start, so you can pat yourself on the back for forcing yourself to back up a bit and really start at the beginning. So let’s dig in What do you think it would take to solve the problems that you’ve defined? At this point, we’re still keeping it very high-level—we’re zoomed out, at 30,000 feet, and thinking big picture. We’ll break it down later on. For instance, if your problem was “Sharing large files is hard,” then your solution could be “Software to allow files to be sent to friends with one click.” Be sure to come up with a high-level solution for each part of the problem you defined earlier. Once you have your list of solutions, quickly check that list against your proto-personas. Do the solutions you’re thinking of meet the needs of the proto-personas you defined? If not, then think about whether you need to go back and define your problem even more, or refine what you already have. Let’s Be Honest, Did You Have a Solution in Mind When You Started? Is that the same solution as what you just wrote down? Do you feel like you refined your solution at all by thinking about your possible customers? If not, then there are two possibilities here Your solution is amazing, you’re perfectly on target. You’re really caught up on your solution, and it is clouding how you think about your problems and your customers. I know which one I think is most likely. But in either case, it is always a good idea to go out and find people who might be your customers and talk to them. Try not to ask leading questions, try not to suggest the solutions you already have in your head. Just ask them what their problems are. If you can’t get them to talk about their problems, then tell them your problems. Ask them if the problems you’re describing are actually a problem for them. Usually this will get them talking. Only once you’ve really exhausted the discussion around the problems they are facing should you broach the idea of your solution. Just remember, everyone is going to tell you that your idea is good. No one likes to shoot down someone else’s idea. Genuinely ask them how your proposed solution might help them. Try to get them to be specific. Tell them it won’t hurt your feelings if they don’t like your proposed solution (even if it is a bit of a fib). Ask them if they will pay money for it. Do whatever you can to elicit an honest response from them. Turning Solutions Into a Product If you’re feeling pretty good about the problems you’ve defined, your set of customers, and about your proposed solutions, then you’re probably ready to move forward. Our next step is to take those high level solutions and break them down into high level features. Sometimes a helpful tool here is what design folks call a user flow. At its most basic level, a user flow is the series of steps a person must perform in order to accomplish a task. Going through this process step-by-step for each of our high-level solutions is how we come to understand what we really want to build—it’s all about learning and understanding. A small example user flow for a food delivery app You don’t necessarily have to create a graphical representation of a user flow. You can either sketch them out on paper, or you can just start by creating a list. The point is to start thinking about how a person might accomplish one of their goals within your solution. As soon as you create one of these flows, you can start to think about what are the individual features that you’ll have to build to let a user complete the flow. Try to capture the high level features that you think your customers will really care about. You can spend a ton of time here, and you can build out a feature list that is a mile long, but that usually isn’t very helpful at this stage. If you do end up with a very long feature list, then you’ll need to think a bit about how to whittle your list down. The features you define will look something like this Search a list of restaurants View a restaurant’s menu Add an item to your cart from the restaurant’s menu Refine Your Solutions One of the easiest tools that I have found for whittling down an initial feature-set is to plot all of your features based on impact vs cost. This is also a great conversation to have with people in your life who may be possible users (family, friends, co-workers), because the primary value here is the conversations about the impact of different features, and the associated difficulty with implementing them. And in order to get the most value out of this process, it’s important to talk with an experienced software engineer who can help you estimate the effort of implementing the features you’ve come up with. Clearly, the best possible set of features is a grouping that is almost exclusively high impact and low cost — you definitely want the most bang for your buck. However, it’s incredibly rare to put together an initial prototype from all high impact/low cost features. You can expect that you’ll need to include a few high impact/high cost features as well as those wonderful high impact/low cost features. But don’t get too worried if you have a lot of high impact/high cost features, just because something is high cost doesn’t mean that you have to implement it right out of the gate. You can always use manual methods to fake features until you’re ready to invest more effort. People often refer to these as a “Wizard of Oz” Prototype. While maximum effectiveness at minimum cost is important when it comes to narrowing down your feature list, you don’t want to lose sight of the “complete experience.” Take a look at this now famous drawing by Henrik Kniberg The idea here is to build a small but useful product, and then keep making it larger and more feature-filled until you have a product that your customers love. You can’t just build an isolated feature and continue to add other fully fleshed-out features until your product finally works. You won’t learn anything or gain any customers along the way. As an example, pretend you’re building a file sharing product. You couldn’t just build out the file uploading piece without building a sharing mechanism, the users wouldn’t get any value from this and so it wouldn’t provide you with any learning. In order to stress this point, some people in the industry have started using the phrase Minimum Loveable Product instead of Minimum Viable Product to bring focus to the idea that you need to build something that a small number of users really love, rather than setting out to build something that a large number of users merely like. Trying to build out a series of features to tackle a really big market might seem like a great idea, but you’re almost always better off tackling a smaller market and then moving upstream. Prototype Have we finally traveled far enough on this journey that it’s time to jump out and go build something? Well, no. This happens far too often, especially from startup founders who are software engineers. I’ve been there. Engineers want to build things, and they see building something as a way to test out an idea. If you’re an engineer, and you just want to build something, then by all means go and build it. Just don’t pretend that it is always the fastest and easiest way to test and iterate on your idea. For many types of digital startup products, prototypes are the way to go. You may have heard the terms wireframe, mockup, prototype, etc… and the differences can be a bit confusing. They are all visual representations of your future product, just at different levels of fidelity. There isn’t a ton of agreement, and so you’ll sometimes hear people use these terms interchangeably, particularly mockup and prototype. I like to think of a wireframe as a very low-fidelity view, a mockup as a static high-fidelity view, and a prototype as an interactive version of a mockup. There are a lot of amazing tools out there to help you build out your prototype (we particularly enjoy Figma), and if you have the skills to use those tools, you should absolutely pursue that. However, for most people just getting started, it isn’t realistic to go learn one of these tools just to start this process. Instead just grab a whiteboard, or a piece of paper and a pen! What’s the most important thing to get out of a prototype? Yep, you guessed it…learning! A hand-drawn prototype might not be as slick as a digital prototype, but if you’re able to create something that will let you and your prospective customers imagine what it would be like to use your product, then you can learn quite a bit! While it is true that digital prototypes allow you to iterate faster and help your users feel like they are using a real product, don’t get stuck feeling like you absolutely have to create one. Just remember to start small. I can’t say enough how important it is to start simple and slowly ramp things up. Don’t go big at the beginning and build out a large and detailed prototype before you start putting it in front of people. If you do this you’ll fall into the sunk cost trap, and once you get attached to it, you won’t be able to throw it away…even if your users are telling you it isn’t meeting their needs. Test, Then Iterate Start small, start simple. Create a quick and dirty prototype, show it to people, do some learning, and then iterate on it. Keep doing this until you feel good about your prototype. When building out your prototype, you’ll probably get to a point pretty quickly where you’ll want to show it to someone. And please do! Show it to someone as early as possible. Don’t let perfect be the enemy of good! If your instinct is to hide it away until you’re “done,” you’re going to have to force yourself to overcome this. This is the fear of ridicule or failure biting at you, and if you want to launch a product, you’re going to have to find a way to start referring to failure as learning, because it really is the same thing. When you’re asking for feedback on your prototype from potential customers, be sure you’re focused on doing real learning and not just looking for affirmation or reinforcement of your own assumptions. As I mentioned earlier, most people won’t want to offend when giving feedback, so you might not hear that your idea is bad or your product is unusable. Be willing to read between the lines of their feedback to get to their true feelings. Ask open-ended questions that allow your customer to consider the product from their own perspective, and not through your own, highly invested lens. Allow your potential customer to work their own way through your prototype without any of your input and make sure you’re asking questions to try to prove your assumptions wrong. You want your product to hold up to scrutiny, so as uncomfortable as it may be to put your baby out there, know that this process is meant for good—either your product will hold up and flourish, or you’ll know that it’s not ready yet and you can walk it back and iterate again. One critical piece of information to gain from this part of the process is whether people will pay for your product. As soon as you’ve refined your prototype to the point that it is starting to feel real, ask people to put down real money in order to be a customer when it launches. Lots of people will tell you your idea is great, and that they love it. But when you ask for money you’ll quickly start to hear their objections. But that’s not failure—it’s learning! If people are finding reasons not to pay, find out what those are, and iterate again. Even an objection as innocuous as “our company policy won’t let us pay for products ahead of time,” can be a learning opportunity. If your product can be the solution to a painful problem they are having, they are probably going to be brainstorming ways to get around company policies, rather than using them as an excuse to end the conversation. So now you’ve put your prototype in front of a few people, hopefully potential customers, and you’ve started to get feedback. Based on that feedback how does it affect your initial assumptions? Does it change how you think about your users? Does it change the problems you’re trying to solve? Does it change the solutions you’re proposing? If you still feel like you’re headed in the right direction on the items listed above, then maybe it just changes the implementation of your solution? If so, go back and update your prototype and check in with the same folks again. After a few rounds of this you can expand and iterate on your prototype until you’re in a spot where you feel like you have a prototype of an MVP that you can get excited about! Maybe it doesn’t have all of the features you want, maybe it feels a little basic, but that can be a good thing. As long as you’re excited, and your potential customers are excited, you’re probably in a good spot to move on to the next step. What’s Next? There are a few directions you can go from here Build it The first, and most obvious option would be to start building out your MVP. If you’re able to build it yourself, or you can get someone to build it for you, then this might make sense. Just be realistic about what you can accomplish, and aim for getting something minimal to market that people will love. And try to do that in a really short timeframe. Raise money Friends or family that are willing to chip in is how many startups get their initial funding. Others will find investors who are willing to invest in their idea, but this is much rarer unless you have a ton of specialized expertise, relationships, experience, or are a smooth talker. Don’t build it, fake it! Some startups are ripe for what we referred to earlier as a “Wizard of Oz” experiment or what people call a “Concierge MVP.” If you start small, you might be able to manually make the whole thing work until you have some customers under your belt. For certain types of ideas, you can get pretty far with a Google Form wired up to Zapier. Once you have some learnings and a few paying customers, finding funding can be a much easier prospect. Just remember, once you start building, fundraising, or experimenting you’ll still need to pay careful attention to the learning that occurs along the way. Don’t get so wrapped up in the direction you’re heading that you ignore what investors or customers are telling you. You need to continue to focus on the build, measure, learn cycle and keep prototyping, testing, and iterating as you go. Great Software Is About People, Not Code Thank you for taking the time to read through this guide. We hope that you took something away from it that can help you in your product journey. For us, building digital products is about understanding the people involved, what they need, and what drives them. If you always keep your focus on that, you’ll go far. If you ever need help, feel free to reach out, we would love to hear from you. The post Bootstrapping a Digital Product appeared first on Simple Thread.

Information Announcing Azure Monitor OpenTelemetry Distro – Matt McCleary & Sam Spencer Blazor and CSP – Damien Bowden Visual Studio 2022 17.6 – Http Endpoint explorer – Bart Wullems The Art of HTTP Connection Pooling How to Optimize Your Connections for Peak Performance – Ramakrishna Thanniru & Pete Tian Detect Globalization-Invariant mode in .NET – Gérald Barré Exploring the C# Source Link Feature Enhancing Debugging Experiences – Neel Bhatt 2 Good Tools To Test gRPC Server Applications – Karthik Chintala How To Creating a Private Journal and Mood Tracking App Using .NET 6, Chat GPT, C# and Visual Studio 2022 – Jamie Maguire

This article shows how an administrator can reset passwords for local members of an Azure AD tenant using Microsoft Graph and delegated permissions. An ASP.NET Core application is used to implement the Azure AD client and the Graph client services. Code https//github.com/damienbod/azuerad-reset Setup Azure App registration The Azure App registration is setup to authenticate with a user and an application (delegated flow). An App registration “Web” setup is used. Only delegated permissions are used in this setup. This implements an OpenID Connect code flow with PKCE and a confidential client. A secret or a certificate is required for this flow. The following delegated Graph permissions are used Directory.AccessAsUser.All User.ReadWrite.All UserAuthenticationMethod.ReadWrite.All ASP.NET Core setup The ASP.NET Core application implements the Azure AD client using the Microsoft.Identity.Web Nuget package and libraries. The following packages are used Microsoft.Identity.Web Microsoft.Identity.Web.UI Microsoft.Identity.Web.GraphServiceClient (SDK5) or Microsoft.Identity.Web.MicrosoftGraph (SDK4) Microsoft Graph is not added directly because the Microsoft.Identity.Web.MicrosoftGraph or Microsoft.Identity.Web.GraphServiceClient adds this with a tested and working version. Microsoft.Identity.Web uses the Microsoft.Identity.Web.GraphServiceClient package for Graph SDK 5. Microsoft.Identity.Web.MicrosoftGraph uses Microsoft.Graph 4.x versions. The official Microsoft Graph documentation is already updated to SDK 5. For application permissions, Microsoft Graph SDK 5 can be used with Azure.Identity. Search for users with Graph SDK 5 and resetting the password The Graph SDK 5 can be used to search for users and reset the user using a delegated scope and then to reset the password using the Patch HTTP request. The Graph QueryParameters are used to find the user and the HTTP Patch is used to update the password using the PasswordProfile. using System.Security.Cryptography; using Microsoft.Graph; using Microsoft.Graph.Models; namespace AzureAdPasswordReset; public class UserResetPasswordDelegatedGraphSDK5 { private readonly GraphServiceClient _graphServiceClient; public UserResetPasswordDelegatedGraphSDK5(GraphServiceClient graphServiceClient) { _graphServiceClient = graphServiceClient; } /// <summary> /// Directory.AccessAsUser.All User.ReadWrite.All UserAuthenticationMethod.ReadWrite.All /// </summary> public async Task<(string? Upn, string? Password)> ResetPassword(string oid) { var password = GetRandomString(); var user = await _graphServiceClient .Users[oid] .GetAsync(); if (user == null) { throw new ArgumentNullException(nameof(oid)); } await _graphServiceClient.Users[oid].PatchAsync( new User { PasswordProfile = new PasswordProfile { Password = password, ForceChangePasswordNextSignIn = true } }); return (user.UserPrincipalName, password); } public async Task<UserCollectionResponse?> FindUsers(string search) { var result = await _graphServiceClient.Users.GetAsync((requestConfiguration) => { requestConfiguration.QueryParameters.Top = 10; if (!string.IsNullOrEmpty(search)) { requestConfiguration.QueryParameters.Search = $"\"displayName{search}\""; } requestConfiguration.QueryParameters.Orderby = new string[] { "displayName" }; requestConfiguration.QueryParameters.Count = true; requestConfiguration.QueryParameters.Select = new string[] { "id", "displayName", "userPrincipalName", "userType" }; requestConfiguration.QueryParameters.Filter = "userType eq 'Member'"; // onPremisesSyncEnabled eq false requestConfiguration.Headers.Add("ConsistencyLevel", "eventual"); }); return result; } private static string GetRandomString() { var random = $"{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}-AC"; return random; } private static int GenerateRandom() { return RandomNumberGenerator.GetInt32(100000000, int.MaxValue); } } Search for users SDK 4 The application allows the user administration to search for members of the Azure AD tenant and finds users using a select and a filter definition. The search query parameter would probably return a better user experience. public async Task<IGraphServiceUsersCollectionPage?> FindUsers(string search) { var users = await _graphServiceClient.Users.Request() .Filter($"startswith(displayName,'{search}') AND userType eq 'Member'") .Select(u => new { u.Id, u.GivenName, u.Surname, u.DisplayName, u.Mail, u.EmployeeId, u.EmployeeType, u.BusinessPhones, u.MobilePhone, u.AccountEnabled, u.UserPrincipalName }) .GetAsync(); return users; } The ASP.NET Core Razor page supports an auto complete using the OnGetAutoCompleteSuggest method. This returns the found results using the Graph request. private readonly UserResetPasswordDelegatedGraphSDK4 _graphUsers; public string? SearchText { get; set; } public IndexModel(UserResetPasswordDelegatedGraphSDK4 graphUsers) { _graphUsers = graphUsers; } public async Task<ActionResult> OnGetAutoCompleteSuggest(string term) { if (term == "*") term = string.Empty; var usersCollectionResponse = await _graphUsers.FindUsers(term); var users = usersCollectionResponse!.ToList(); var usersDisplay = users.Select(user => new { user.Id, user.UserPrincipalName, user.DisplayName }); SearchText = term; return new JsonResult(usersDisplay); } The Razor Page can be implemented using Bootstrap or whatever CSS framework you prefer. Reset the password for user X using Graph SDK 4 The Graph service supports reset a password using a delegated permission. The user is requested using the OID and a new PasswordProfile is created updating the password and forcing a one time usage. /// <summary> /// Directory.AccessAsUser.All /// User.ReadWrite.All /// UserAuthenticationMethod.ReadWrite.All /// </summary> public async Task<(string? Upn, string? Password)> ResetPassword(string oid) { var password = GetRandomString(); var user = await _graphServiceClient.Users[oid] .Request().GetAsync(); if (user == null) { throw new ArgumentNullException(nameof(oid)); } await _graphServiceClient.Users[oid].Request() .UpdateAsync(new User { PasswordProfile = new PasswordProfile { Password = password, ForceChangePasswordNextSignIn = true } }); return (user.UserPrincipalName, password); } The Razor Page sends a post request and resets the password using the user principal name. public async Task<IActionResult> OnPostAsync() { var id = Request.Form .FirstOrDefault(u => u.Key == "userId") .Value.FirstOrDefault(); var upn = Request.Form .FirstOrDefault(u => u.Key == "userPrincipalName") .Value.FirstOrDefault(); if(!string.IsNullOrEmpty(id)) { var result = await _graphUsers.ResetPassword(id); Upn = result.Upn; Password = result.Password; return Page(); } return Page(); } Running the application When the application is started, a user password can be reset and updated. It is important to block this function for non-authorized users as it is possible to reset any account without further protection. You could PIM this application using an azure AD security group or something like this. Notes Using Graph SDK 4 is hard as almost no docs now exist, Graph has moved to version 5. Microsoft Graph SDK 5 has many breaking changes and is supported by Microsoft.Identity.Web using the Microsoft.Identity.Web.GraphServiceClient package. High user permissions are used in this and it is important to protection this API or the users that can use the application. Links https//aka.ms/mysecurityinfo https//learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0 https//learn.microsoft.com/en-us/graph/sdks/paging?tabs=csharp https//github.com/AzureAD/microsoft-identity-web/blob/jmprieur/Graph5/src/Microsoft.Identity.Web.GraphServiceClient/Readme.md https//learn.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword?view=graph-rest-1.0&tabs=csharp