RFC Weekly - 21st March 2016

Development

Entity Framework 7

I'm still working my way through the Pluralsight Building a Web App with ASP.NET 5, MVC 6, EF7 and AngularJS course. In the EF7 chapter, Shawn Wildermuth shares some of the upcoming goodness of EF7.

I've never been a great fan of EF6 - predominantly on performance grounds. Like any technique for making development easier - you are producing a trade off between convenience and performance. For most of the stuff I wanted to be doing, ADO.Net & Stored Procedures was still the best way to go.

I do however see the benefits in EF. I have to admit all the new features in EF6 snuck up on me and came a pleasant surprise when I re-certified my MSCD.

EF7 is, according to Shawn, a complete re-write - so hopefully some good stuff. From his demonstration it certainly seemed very similar to EF6 - he worked with code first and migrations - seeding the DB from code, etc. I'd expect that to be fairly shallow learning curve.

Interesting EF7 will support not just relational databases (SQL Server, Oracle, etc) but also the NoSQL types - such as Mongo. This will be interesting to dig into.

I plan on re-writing my Red Folder Consultancy Website over the coming weeks based the course (see the Self Promotion section for a link to the first article in a series covering this). Fingers crossed that I'll get back to my Microservices series as well as part of that.

RxMarbles

A visual site to show the effects of various Rx operators.

Summary of JavaScript frameworks for 2016

Small (and quick) article just summarising the position of some of the key JavaScript frameworks for 2016 - both front-end and back-end.

Development Process

Nuget team discuss how they use Octopus Deploy

Nice quick YouTube video discussing how the Nuget team utilise Octopus Deploy with Azure as part of their Continuous Deployment pipeline. Useful if you've never seen Octopus Deploy

Azure Continuous Delivery

Podcast with .Net Rocks Team & Jeffrey Palermo. They talk about experiences of using Azure for Continuous Delivery. They also cover some of the differences between Continuous Integration, Deployment & Delivery.

CSP (Content Security Policy)

CSP is a means of providing additional security for your website (predominantly to assist protecting your customer).

"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware." MDN

We (as developers) are obviously not using this enough - and if it can help protect our users then we should be.

It seems that historically, browser support has been patchy. But according to CanIUse it seems to be across most of the major browsers.

More information can be found here.

Other

Social Engineering Games

Found this interesting - came across it in a podcast. A security conference made a capture the flag championship from social engineering.

They defined "flags" (such as finding out what operating system was in use, or get an individual to visit a specific URL) for contestants to collect. The contestants where then given unaware companies to target - effectively in front of a conference audience using phone & email.

Scary stuff. Fascinating, but scary.

Open Command Prompt Here

I often find myself working at the windows command prompt - and the first job is to cd to the same location as the folder I'm looking at.

I've just discovered that on the folder, if you hold shift when you right click, you get an option to "Open Command Prompt Here" - genius.

I'm probably the only person on the planet that didn't know that, but it has made my week.

Self Promotion

ROI Series

I've released released the next article in my ROI series - What is Security?

Converting to ASP.Net Code

I've started a small series of articles about converting a simple ASP.Net MVC 5 website over to ASP.Net Core & MVC 6.

The first article can be found here

And finally

Have I Been pwned?

Useful little site to see if your details have been part of some of the high profile security breaches.

About the author:

Mark Taylor is an experience IT Consultant passionate about helping his clients get better ROI from their Software Development.

He has over 20 years Software Development experience - over 15 of those leading teams. He has experience in a wide variety of technologies and holds certification in Microsoft Development and Scrum.

He operates through Red Folder Consultancy Ltd.