RFC Weekly - 21st March 2016

This is the next of my RFC Weeklies - a summary of things that I find interesting.  It is an indulgence; its the weekly update that I would like to receive.  Unfortunately no-one else is producing it so I figured I best get on with it.  Hopefully someone else also find useful.


Entity Framework 7
I'm still working my way through the Pluralsight Building a Web App with ASP.NET 5, MVC 6, EF7 and AngularJS course.  In the EF7 chapter, Shawn Wildermuth shares some of the upcoming goodness of EF7.
I've never been a great fan of EF6 - predominantly on performance grounds.  Like any technique for making development easier - you are producing a trade off between convenience and performance.  For most of the stuff I wanted to be doing, ADO.Net & Stored Procedures was still the best way to go.
I do however see the benefits in EF.  I have to admit all the new features in EF6 snuck up on me and came a pleasant surprise when I re-certified my MSCD.
EF7 is, according to Shawn, a complete re-write - so hopefully some good stuff.  From his demonstration it certainly seemed very similar to EF6 - he worked with code first and migrations - seeding the DB from code, etc.  I'd expect that to be fairly shallow learning curve.
Interesting EF7 will support not just relational databases (SQL Server, Oracle, etc) but also the NoSQL types - such as Mongo.  This will be interesting to dig into.
I plan on re-writing my Red Folder Consultancy Website over the coming weeks based the course (see the Self Promotion section for a link to the first article in a series covering this).  Fingers crossed that I'll get back to my Microservices series as well as part of that.

A visual site to show the effects of various Rx operators.

Summary of JavaScript frameworks for 2016

Small (and quick) article just summarising the position of some of the key JavaScript frameworks for 2016 - both front-end and back-end.

Development Process

Nuget team discuss how they use Octopus Deploy
Nice quick YouTube video discussing how the Nuget team utilise Octopus Deploy with Azure as part of their Continuous Deployment pipeline.  Useful if you've never seen Octopus Deploy

Azure Continuous Delivery
Podcast with .Net Rocks Team & Jeffrey Palermo.  They talk about experiences of using Azure for Continuous Delivery.  They also cover some of the differences between Continuous Integration, Deployment & Delivery.

CSP (Content Security Policy)
CSP is a means of providing additional security for your website (predominantly to assist protecting your customer).

"Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware." MDN
We (as developers) are obviously not using this enough - and if it can help protect our users then we should be.
It seems that historically, browser support has been patchy.  But according to CanIUse it seems to be across most of the major browsers.
More information can be found here.


Social Engineering Games
Found this interesting - came across it in a podcast.  A security conference made a capture the flag championship from social engineering.
They defined "flags" (such as finding out what operating system was in use, or get an individual to visit a specific URL) for contestants to collect.  The contestants where then given unaware companies to target - effectively in front of a conference audience using phone & email.
Scary stuff.  Fascinating, but scary.
Open Command Prompt Here
I often find myself working at the windows command prompt - and the first job is to cd to the same location as the folder I'm looking at.
I've just discovered that on the folder, if you hold shift when you right click, you get an option to "Open Command Prompt Here" - genius.
I'm probably the only person on the planet that didn't know that, but it has made my week.

Self Promotion

ROI Series

I've released released the next article in my ROI series - What is Security?

Converting to ASP.Net Code
I've started a small series of articles about converting a simple ASP.Net MVC 5 website over to ASP.Net Core & MVC 6.
The first article can be found here.

And finally

Have I Been pwned?

Useful little site to see if your details have been part of some of the high profile security breaches.