During a recent client engagement, my team and I were given an unusual task: give the user the ability to write, compile, and run Visual Basic .NET code in a web app environment. This presented us with a great learning opportunity since no one on the team had experienced anything like this before. Our first choice was to use the System.CodeDom namespace to compile the source code and generate a dll to be run on-demand in other components of our web app. However, we quickly discovered that while CodeDom is available for .NET Core 2 (after installing it via NuGet), calls to the CompileAssembly methods would throw a System.PlatformNotSupportedException. We knew that we would need to change our approach. This led us on a path to Roslyn. Roslyn is a .NET compiler framework written in .NET. It contains code analysis…
Before you start reading, write down (or mentally note) two things: 1) what is one of the pains you face on a daily, weekly, monthly, or some recurring basis? And 2) what is a pain point that your BOSS (or your boss’s boss) faces in the same way?
(No, seriously – write it down… 😉)
Alright – now it’s our turn. Here are some pain points that we’ve encountered with our partners in the mortgage lending space:
Pre-approved buyers no-showing up to appointments
Documents are often hard copy and must be tended to in person
Too much time passes by between interactions with customers
Your online customer-facing resources leave much to be desired
Your internal go-to-market activities are too slow
Customers have a hard time identifying the right loan/product for them
Closing processes take too much time (for both you and your customers)
Non-commissioned internal resources lack the incentive…
If you aren’t familiar, Entity Framework is a powerful open-source object-relational mapping (ORM) framework. Its initial release was back in 2008, so it has grown and evolved quite a bit. I have been using it now, very regularly, for about four years and just wanted to bring to light some tips and the missteps that I have encountered during that time.
I think the most important thing when using EF(Entity Framework) is to be aware of the work it is doing on your behalf. The best way to see what EF is doing is to simply log it, and for me, that means the output window in Visual Studio, not the database, as you will see, EF does a lot. So, that being said, it is actually much easier to do than you might expect, and in my mind, there are…
Anyone who has done web development for any significant length of time has probably had one or more of these situations arise:
I need to expose an API or webhook running locally to an external service or application
My application has external services or integrations that require special handling or emulation when developing locally
I want my deployed application or service in a higher environment to call the endpoint(s) that I am running locally
The common problem here is the need to expose a locally running endpoint to an external service or application. Enter ngrok (https://ngrok.com/).
Ngrok solves this problem by creating and exposing a public url on the ngrok.io domain, and then forwarding the traffic that arrives at that endpoint through to a specified localhost port. Conceptually, it looks something like this:
This diagram was taken directly from https://ngrok.com/product, where the curious can find a…
Azure DevOps is a work item tracking, source control, and release management solution provided by Microsoft. It is the cloud-based evolution of Team Foundation Server. If you don’t have a DevOps account, you can get one for free at https://azure.microsoft.com/en-us/services/devops/.
Release Pipelines is a powerful feature of DevOps that allows you to create pipelines to deploy your builds out to your server environments. Let’s say that you are creating a Release Pipeline for your website and you have a separate environment for Dev and Production, both hosted on Azure App Services. When you check code in, you want it to be deployed to your Dev environment automatically through Continuous Integration. This is easily configurable through the Release Pipeline interface.
What about your Production environment though? You want to use the same build artifacts for your Dev and Production environments, so it makes…
Welcome to part two of Exploring Buffer Overflows in C! If you have not taken the time to read the previous article I highly recommend doing so before going any further. In this post, I will be walking you through a simplified version of a buffer overflow exploit and will draw heavily on the vocabulary and theory discussed out in the last post. You can find Part One on Tallan’s Blog here. It also would be helpful to be familiar with hexadecimal numbers, which you can read about here. With that out of the way, let’s get to hacking.
Before We Begin
Before we can start we have to pick a target. Several methods exist to detect potential buffer overflows, ranging from manually reading the code to automated testing. Assuming you do have the source code of a program, searching for insecure…
If you’ve ever signed up for a YouTube account, you’re probably more than familiar with YouTube’s head-scratching video recommendations at times. After mounting dissatisfaction over the new recommendation algorithm, which produced too many similar recommendations and videos promoting misinformation, the YouTube team published a January 2019 post indicating that the algorithm is still a work in progress, and announced changes in response to recent feedback.
The new algorithm changes are advertised to be capable of pulling in recommendations from a wider range of topics than before: “on any given day, more than 200 million videos are recommended on the homepage alone.” Contrasting the broadening of topics, YouTube is putting in an effort to reduce videos from being included in the recommendation algorithm which violate the YouTube Community Guidelines, or videos with the potential to misinform users “…such as videos promoting a…
Logging and tracing are both critical components of enterprise software development. And yet they are often overlooked or otherwise treated as an afterthought. However, as any programmer worth his or her salt will tell you, proper logging and tracing saves countless hours and headaches when it comes to tracking down bugs in a production environment. To serve these needs, there are numerous logging frameworks to choose from. In this article I am going to explore two popular frameworks and how to best use them together as a comprehensive logging and tracing solution.
Before we begin, let’s define the difference between logging and tracing. Logging is the broad process of recording events that occur in a running software program. The resulting logs include any information about these events that the developer deems necessary. Tracing, on the other hand, is a more specialized…
For this, we will be focusing on some of the basics of how Quill.js expresses its contents in the Delta format and how you might go about processing those contents to fit your needs. The examples below begin after the JSON string is converted to a C# object. For the features that are being covered here (bold, underline, italic, font color, and numbered/bulleted lists) the class structure might look something…
Cybersecurity is one of the fastest evolving tech fields and the stakes are high. Mistakes can be in the order of millions of dollars. Computers have invaded all aspects of our everyday lives. Although this means I can access millions of cat pictures with the touch of a button, it is dangerous to assume that everyone using a computer is in it for the fuzzy felines. Credit cards, passwords, and social security numbers are moving across the internet just as quickly as cat pictures but with a lucrative black market. There is a lot to gain from a successful hack and hackers will be doing their best to break into the systems we rely on and use daily. Ranging from high-tech exploits such as 2018’s Spectre and Meltdown to low-tech exploits like phishing and social engineering, it is important for…