.NET R&D Digest (April, 2023)

.NET 8 is coming closer, Microsoft Build 2023 is almost here, AI demonstrates exciting capabilities. Technology changes very fast these days, every month there is something new to expect, to study and to learn. Still, in this never ending whirlwind of change, there is one thing that doesn’t change – every month there is a new issue of .NET R&D Digest and this April is not an exception.

This issue includes bits of stories, concurrency, diagnostics, artificial intelligence, security, operating systems, performance, tools and not surprisingly – .NET.

Enjoy your reading!

Developers Story

1. How StackOverflowException can bring down an expensive compute cluster (by Nemanja Mijailovic)
   It is common to see security updates fixing issue here and there. But, is it really so important to fix every issue, especially if it is not related to our personal information? We have Clouds with dozens of extremely powerful machines which can handle any load and auto-recover after crash, what can go wrong? In this post Nemanja Mijailovic gives a real demonstration of how devastating can be such simple thing as application throwing a StackOverflowException in a response to a malicious request, even, on the top-notch hardware.
2. An example of LLM prompting for programming (by Martin Fowler)
   LLM models are able to generate and optimise code in any programming language. However, with the right prompt, they are capable of much more. In this post Martin Fowler describes how using a structured approach to collaborate with LLM model can result into generation of structured, self-tested application code. 
3. Drawing graphs in GitHub comments with Mermaid diagrams (by Andrew Lock)
   Software development has always been about solving problems rather than writing a class or implementing a pattern (which, by the way, also can solve a problem). One way to prove that is to see how creative people can be when integrating with external systems 🙂 In this post Andrew Lock demonstrates how you can draw performance “charts” in GitHub comments with an automated CI job using built-in functionality and nothing more. The post is easy to read and it doesn’t require special knowledge of GitHub or CI tooling.

.NET

1. Investigating a crash in Enumerable.LastOrDefault with a custom collection (by Gérald Barré)
   In . NET, thread safety is a guarantee given by objects or collections which essentially means the following “it is safe to call these methods simultaneously from multiple threads”. However, does it mean any operation on the object involving these methods is safe? In this post Gérald Barré describes a situation when use of thread safe collection turned into an unexpected concurrency issue.
2. Adding client-side validation to ASP.NET Core, without jQuery or unobtrusive validation (by Andrew Lock)
   In a client-server architecture, the server usually knows everything and makes decisions while client just goes back and forth asking questions. However, if it is implemented in its purest form without caching and without making client “smarter” it always results in the same issues – network delays, huge response times and so on. These issues were true for ASP.NET and they are still valid for modern ASP.NET Core MVC / Razor Pages, especially when it comes to validation. In this post Andrew Lock describes how client side validation works in ASP.NET Core, how it can be improved by replacing jQuery, and how it can be extended with custom validation attributes. 
3. IdentityServer – IdentityResource vs. ApiResource vs. ApiScope (by Tore Nestenius)
   Application security requires not only time and resources but also requires understanding of basic security concepts from the whole team. In this post Tore Nestenius gives a brief introduction in identity resource, scopes and API resources and demonstrates how we can use IdentityServer to work with them.
4. Understanding the .NET ecosystem (Part 1 and Part 2) (by Andrew Lock)
   .NET Framework, it hasn’t been so long (hasn’t it?) since it was «The .NET», Microsoft framework to build applications for Windows and with some portion of luck (and courage) for a few, selected platforms. Nowadays, .NET means a completely different thing, now it is robust, composable, high-performance and cross-platform framework for building application for Windows, Mac, Linux and mobile devices. How did we get there? What was the cost and what comes next? In this series (currently of two posts) Andrew Lock describes the path from .NET Framework to «One .NET» and explains all its major steps in details. Good, retrospective.

Windows

1. The Quest for the Ultimate GUI Framework (by Pavel Yosifovich)
   I admire well designed Graphical User Interface (GUI) because it not only provides «buttons» to click but also helps to visualise data, streamline common operations and of course (which is my favourite) save you from remembering every command of the tool you are using right now. In this post Pavel Yosifovich shares his personal story of GUI in (with all of ups and downs) giving a very nice historical prospective on Windows UI evolution. Recommended to read.
2. Memory Information in Task Manager (by Pavel Yosifovich)
   When our PC starts to lag the first think we look at is memory consumption because … well we are living in a time when 16 GB of RAM is considered «not enough», so it is not surprising we blame memory all the time. On Windows, the simples way to find what application consumes memory is to open Task Manager but if you do so, you will find that there are much more than just a single memory column. In this post Pavel Yosifovich explains how to interpret information from Task Manager and what of it matters the most.

Performance

1. Ice and Fire: How to read icicle and flame graphs (by Kemal Akkoyun)
   Program optimisation is an inherently iterative process — you need to identify the problematic place, make a change, analyse the impact and repeat until satisfied. Besides making changes (which always requires a significant expertise) it is also a challenge to measure the impact of the change. That is were visualisations like flame graphs can help a lot. In this post Kemal Akkoyun describes what flame and icicle graphs are, explains what they represent and how they can be use to iteratively optimise application performance.

Tools

1. A list of programming playgrounds (and integer.exposed) (by Julia Evans)
   Quick prototyping is a critical aspect of verifying theories and ideas, that is why having access to ready to use playgrounds is so important. In this amazing list composed by Julia Evans you will find links to language, tools and even database playgrounds. Must be bookmarked.

Tips & Tricks

1. 8 Unexpected Profiling Use Cases Beyond Performance Optimization (by Felix Geisendörfer)
   Application profiling is usually associated with understanding application properties such as execution time, memory, energy consumption and so on. However, profilers as instruments can be used for much more. In this tip Felix Geisendörfer share 8 more ways of how profilers can help you understand application code and its behaviour.
2. Debugging OpenID Connect claim problems in ASP.NET Core (by Tore Nestenius)
   Web security is an area of many subtle and hard to diagnose issues. In this tip Tore Nestenius share a set of way to diagnose one of such issues – an issue with OpenID claims.
3. Testing Roslyn Incremental Source Generators (by Gérald Barré)
   Source generators is a go to tool for code generation during project compilation. The are robust, they give you information about existing source code, you can focus on logic instead of parsing. The only downside is if written badly, the generators will slow down IDE and will make development slow and demotivating. That is why it is critical to ensure your generator are executed only when they have to. But how to do this? In this tip Gérald Barré demonstrates how to write a simple source generator and accompanying tests to ensure generator results are properly cached and generator runs only when necessary.