Full Stack Developer - Tab

TLDR The courses in The Software Developer Certification Bundle teach various coding languages, valuable developing tools and even the business acumen to succeed. There’s a great ...

You’ve just finished knocking out a complex feature. You’re happy with the state of the code, you’re a bit brain-fried, and the only thing between you and the finish line is creating a pull request. You’re not going to leave the description field blank, are you? You’re tired, you want to be done, and can’t people just figure out what you did by looking at the code? I get it. The impulse to skip the description is strong, but a little effort will go a long way toward making your coworker’s lives easier when they review your code. It’s courteous, and–lucky for you!–it doesn’t have to be hard. If you’re thinking I’m going to suggest writing a book in the description field, you’re wrong. In fact, I’m going to show you how to purposely write less by using the techniques below. Make it Scannable If your code is a report for the board of directors, your pull request description is the executive summary. It should be short and easy to digest while packing in as much important information as possible. The best way to achieve this combination is to make the text scannable. You can use bold or italic text to draw emphasis to important details in a paragraph. However, the best way to increase scan-ability is the liberal application of bulleted lists. Most of my PR descriptions start like this If merged, this PR will Add a Widget model Add a controller for performing CRUD on Widgets Update routes.rb to include paths for Widgets Update user policies to ensure only admins can delete Widgets Add tests for policy changes … There are a few things to note here. I’m using callouts to bring attention to important changes, including the object that’s being added and important files that are being modified. The sentences are short and digestible. They contain one useful piece of information each. And, for readability, they all start with a capital letter and end with no punctuation. Consistency of formatting makes for easier reading. Speak Plainly Simpler words win if you’re trying to quickly convey meaning, and normal words are preferable to jargon. Here are a few examples * Replace utilize with use. They have different meanings, and you’re likely wanting the meaning of use, which has the added bonus of being fewer characters. * Replace ask with request. “The ask here is to replace widget A with widget B.” Ask is not a noun; it’s a verb. * Replace operationalize with do. A savings of 12 characters and 5 syllables! There are loads of words that we use daily that could be replaced with something simpler; I bet you can think of a few off the top of your head. For more examples, see my book recommendations at the end of this article. Avoid Adverbs Piggybacking on the last suggestion, adverbs can often be dropped to tighten up your prose. Spotting an adverb is easy. Look for words that end in -ly. Really, vastly, quickly, slowly–these are adverbs and they usually can be removed without changing the meaning of your sentence. Here’s an example “Replace a really slowly performing ActiveRecord query with a faster raw SQL query” “Replace a slow ActiveRecord query with a faster raw SQL query” Since we dropped the adverbs, performing doesn’t work on its own, so we can remove it and save even more characters. Simplify Your Sentences Sentences can sometimes end up unnecessarily bloated. Take this example “The reason this is marked DO NOT MERGE is because we’re missing the final URL for the SSO login path.” The reason this is can be shortened to simply this is. The is before because is unnecessary and can be removed. And the last part of the sentence can be rejiggered to be more direct while eliminating an unnecessary prepositional phrase. The end result is succinct “This is marked DO NOT MERGE because we’re missing the SSO login path’s production URL.” Bonus Round Avoid Passive Voice Folks tend to slip into passive voice when talking about bad things like bugs or downtime. Uncomfortable things make people want to ensure they’re dodging–or not assigning–blame. I’m not saying you should throw someone under the bus for a bug, but it helps to be direct when writing about your code. “We were asked to implement the feature that caused this bug by the sales team.” The trouble here is were asked. This makes the sentence sound weak. Luckily, a rewrite is easy “The sales team asked us to implement the feature that caused this bug.” By moving the subject from the end of the sentence to the beginning, we ditch an unnecessary prepositional phrase by the sales team, shorten the sentence, and the overall meaning is now clear and direct. There’s More! But we can’t cover it all here. If you want to dig deeper, I recommend picking up The Elements of Style. It’s a great starting point for improving your writing. Also, Junk English by Ken Smith is a fun guide for spotting and avoiding jargon, and there’s a sequel if you enjoy it. The post Writing Tips for Improving Your Pull Requests appeared first on Simple Thread.

I quite like to break things. While I’m not a QA or security professional, I have developed a knack for doing “stupid” things with software which causes it to malfunction. Some developer friends of mine have lamented that they didn’t show me software before they released it. Because I sometimes find annoying bugs immediately after they release. Here’s some fun examples of pushing the boundaries of software, sometimes by doing things a little “out there”, beyond what the developer expected or tested.

This post may contain paid links to my personal recommendations that help to support the site! Are you seeking the best data analytics tools to gain insightful business intelligence? If you answer yes, then I’ve just the right list for you! This blog post will provide an in-depth list of the most popular and effective data analyst tools available, as well as an overview of each of them. We will look at both free and paid options – so no matter what size organization or budget you have – there is something here for everyone. Let’s dive right in! What Are The Best Data Analyst Tools? Here is our list of the 7 best data analyst tools 1. Tableau Tableau is one of the most popular and powerful data analysis tools available. It allows users to explore, visualize, and interact with their data intuitively. With its drag-and-drop user interface, you don’t need prior programming knowledge or specialized skills to create stunning data visualization. Tableau helps organizations in various industries uncover insights from their data that can be used to make better business decisions. It provides a range of features, including dashboard creation, advanced analytics, predictive analytics, forecasting tools, ETL integrations, and social media integrations. Tableau is also designed to be scalable to meet the needs of any business size. Whether you’re an individual or a large enterprise, Tableau can adapt to most of the data analysis needs. I’ve had the chance to work on Tableau to build a data warehouse and integrate it with a data integration platform and found it a must-learn for beginner data analysts! 2. Microsoft Power BI Microsoft Power BI is another popular data analytic tool used by businesses worldwide. It provides advanced analytics capabilities that allow users to produce impressive visualizations from big data sources. It also has a drag-and-drop user interface, where users can easily transform vast amounts of raw data into visuals such as charts, graphs, and dashboards. Additionally, Microsoft Power BI provides a range of features, including predictive analytics, segmentation analysis, artificial intelligence (AI) powered insights, and M language. With its comprehensive feature set and scalable platform, Microsoft Power BI is an ideal choice for those looking to gain valuable business intelligence from their data. Additionally, the cloud-based architecture allows users to access the latest real-time updates and share them with their team members or clients, regardless of location. This is good for companies that use a Microsoft ecosystem of applications. 3. Microsoft Excel Microsoft Excel is the most simple and popular data analysis tool available. It is packed with powerful features to help data analysts work with data for a quick analysis. It offers a range of features that allow you to manipulate, visualize, and analyze data quickly and easily. You can also use Excel for tasks such as creating pivot tables or performing calculations on big datasets. This makes Excel perfect for data modeling. With its easy-to-use graphical user interface, you can create sophisticated reports in just a few clicks. Additionally, Excel has built-in macros that allow users to automate some of the common tasks associated with analyzing data. Excel also makes it simple to share information with other users by providing options for exporting and importing files from various formats (including CSV, HTML, and XML). This means that any data analysis done in Excel can be easily shared and distributed. One of the biggest advantages to using Microsoft Excel is that it’s relatively inexpensive; compared to other more powerful data analysis tools, Excel is a very cost-effective choice. It also has a large user base, so plenty of resources are available if you need help with your analysis tasks. Lastly, Excel supports multiple versions of Windows operating systems, making it easier for users to access their data no matter which version they’re using. 4. Jupyter Notebook Jupyter Notebook is one of the most popular and powerful open-source data analytics tools. It provides an interactive environment to write and execute code and visualize data outputs. With Jupyter Notebook, you can quickly gain insights from your data through code and graphical representations. The platform integrates many popular programming languages, such as Python, R, and Julia, making it easy for users to explore their data differently. One of the major advantages of using Jupyter Notebook is that you can quickly test and modify your code without having to restart the session every time. This makes it easier for users to find errors and tweak their programs accordingly. Furthermore, Jupyter Notebook is extremely flexible and customizable – allowing users to customize styles, plot outputs, and even add interactive widgets. It also provides a secure environment with multi-user access control and an inbuilt web server. These features make Jupyter Notebook a great data analytics tool for experienced professionals and newbies. 5. Apache Spark Apache Spark is a powerful open-source data analytics tool that allows users to process large datasets quickly and efficiently. It offers an intuitive interface that enables users to easily load, query, and manipulate data at scale. With Apache Spark, you can easily perform complex calculations on the data – making it ideal for machine learning and predictive analytics applications. The platform is designed to be fault-tolerant, meaning that if any node in the system goes down, the job will still get done without any disruption of service. Apache Spark can also be used for real-time streaming analysis by leveraging its built-in streaming engine. One of the major advantages of using Apache Spark is its speed – it’s capable of processing large datasets faster than Hadoop MapReduce. Another great thing about Apache Spark is its scalability, allowing users to easily add new nodes to the cluster and scale out their applications as needed. Last but not least, Apache Spark also comes with an extensive library of tools and APIs that can be used to integrate other frameworks into your applications as needed. Overall, Apache Spark is one of the best data analytics tools available today – offering powerful features and an intuitive interface that makes it easy for users to gain insights from their data quickly and accurately. 6. SAS Business Intelligence SAS Business Intelligence is a powerful suite of data analytics and business intelligence tools designed to help organizations better understand their data. The platform offers extensive features and capabilities, including data integration, reporting, forecasting, modeling, and visualization The software’s drag-and-drop interface makes it easy for users to access their data sources and create insightful reports with just a few clicks. Additionally, SAS Business Intelligence supports multidimensional analysis – enabling users to quickly identify trends and correlations in large datasets. It also comes with advanced forecasting capabilities that allow users to develop more accurate predictions based on historical data. Furthermore, the platform provides real-time analysis capabilities, enabling users to make informed decisions faster than ever. SAS Business Intelligence also features a comprehensive library of pre-built models and algorithms that can be used to quickly create accurate predictive models from data. Overall, SAS Business Intelligence is an incredibly powerful suite of tools that enable organizations to make better decisions by gaining deeper insights into their data. 7. Python Python is a powerful programming language with many open-source libraries for data science and analysis. Being one of the most used languages for data science, it is also a popular option among data analysts and data scientists! It provides an efficient data structure in data frames through Pandas, making it easy to analyze, manipulate, and visualize data. With its rich features, Python can be used as a standalone tool or as part of larger analytics pipelines that connect to data integration tools. Pandas offers unique capabilities, such as indexing and labeling, which helps users select specific subsets of their datasets quickly and accurately. Furthermore, it supports merging, joining, concatenation, and aggregation – allowing users to easily combine different datasets into a unified view. The Pandas library in Python also features an extensive range of built-in functions such as group by (), pivot_table(), and melt() that can be used to execute complex analytics tasks with minimal coding. With these functions, users can easily create powerful data visualizations such as bar graphs, pie charts, and scatter plots – providing valuable insights into their data. Another great feature of Python is its support for various data formats like CSV, JSON, and Excel spreadsheets. This lets users quickly import any data source into the library without converting it first – making the analysis process much smoother than other solutions. Finally, the language also provides a rich set of tools for developers looking to build custom applications with advanced functionality. Python Pandas has something for everyone, from web scraping to data preparation statistical analysis, and machine learning pipelines. Related Questions What Are Data Analyst Tools? Data analyst tools are software programs used by data analysts designed to gather, store and present data to gain insight. They are used by businesses of all sizes to gain better insights into customer behavior and target audiences. These tools help organizations make informed decisions about their operations, products, and services. What type of data do I need to analyze? Data analysis generally involves looking at different data types, such as numerical data, website traffic, financial data, and customer information. You’ll need to understand how the data is structured and what insights you are trying to uncover to optimize your analysis. If you’re unsure what kind of data you need to analyze, plenty of online tutorials and resources are available to help guide you through the process. Are data analyst tools difficult to use? Not at all! Many of the most popular analytical tools are designed with user-friendly interfaces that allow anyone to gain insights quickly and easily. Plus, many come with intuitive tutorials and resources to help you get to grips with the software more quickly. With a little practice, you can analyze data like a pro quickly. However, more advanced data analytics tools like Python and Spark have a steeper learning curve. Why are data analysis tools important? Data analysis tools are essential for uncovering valuable insights from your data. Using the right tool lets you quickly identify trends and patterns that may have gone unnoticed, giving your business a competitive edge. Plus, with the right tool, you can make informed decisions more quickly and accurately – helping you achieve success faster. Are data analytics tools secure? Most data analytics tools are secure and encrypted to protect your data and privacy. Additionally, many of them come with built-in authentication systems that allow you to manage user access and control who has access to the information. This ensures that only authorized personnel can access and analyze the data, providing a secure and reliable way to gain insights. However, using only open-source tools would make your data less secure than proprietary tools storing data on the cloud. Wrapping Up I hope this article has given you an overview of some of the most popular and effective data analyst tools available and answered any questions. The post 7 Best Data Analyst Tools To Use in 2023 (Free & Paid!) appeared first on Any Instructor.

This article shows how to provision Azure IoT hub devices using Azure IoT hub device provisioning services (DPS) and ASP.NET Core. The devices are setup using chained certificates created using .NET Core and managed in the web application. The data is persisted in a database using EF Core and the certificates are generated using the CertificateManager Nuget package. Code https//github.com/damienbod/AzureIoTHubDps Setup To setup a new Azure IoT Hub DPS, enrollment group and devices, the web application creates a new certificate using an ECDsa private key and the .NET Core APIs. The data is stored in two pem files, one for the public certificate and one for the private key. The pem public certificate file is downloaded from the web application and uploaded to the certificates blade in Azure IoT Hub DPS. The web application persists the data to a database using EF Core and SQL. A new certificate is created from the DPS root certificate and used to create a DPS enrollment group. The certificates are chained from the original DPS certificate. New devices are registered and created using the enrollment group. Another new device certificate chained from the enrollment group certificate is created per device and used in the DPS. The Azure IoT Hub DPS creates a new IoT Hub device using the linked IoT Hubs. Once the IoT hub is running, the private key from the device certificate is used to authenticate the device and send data to the server. When the ASP.NET Core web application is started, users can create new certificates, enrollment groups and add devices to the groups. I plan to extend the web application to add devices, delete devices, and delete groups. I plan to add authorization for the different user types and better paging for the different UIs. At present all certificates use ECDsa private keys but this can easily be changed to other types. This depends on the type of root certificate used. The application is secured using Microsoft.Identity.Web and requires an authenticated user. This can be setup in the program file or in the startup extensions. I use EnableTokenAcquisitionToCallDownstreamApi to force the OpenID Connect code flow. The configuration is read from the default AzureAd app.settings and the whole application is required to be authenticated. When the enable and disable flows are added, I will add different users with different authorization levels. builder.Services.AddDistributedMemoryCache(); builder.Services.AddAuthentication( OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp( builder.Configuration.GetSection("AzureAd")) .EnableTokenAcquisitionToCallDownstreamApi() .AddDistributedTokenCaches(); Create an Azure IoT Hub DPS certificate The web application is used to create devices using certificates and DPS enrollment groups. The DpsCertificateProvider class is used to create the root self signed certificate for the DPS enrollment groups. The NewRootCertificate from the CertificateManager Nuget package is used to create the certificate using an ECDsa private key. This package wraps the default .NET APIs for creating certificates and adds a layer of abstraction. You could just use the lower level APIs directly. The certificate is exported to two separate pem files and persisted to the database. public class DpsCertificateProvider { private readonly CreateCertificatesClientServerAuth _createCertsService; private readonly ImportExportCertificate _iec; private readonly DpsDbContext _dpsDbContext; public DpsCertificateProvider(CreateCertificatesClientServerAuth ccs, ImportExportCertificate importExportCertificate, DpsDbContext dpsDbContext) { _createCertsService = ccs; _iec = importExportCertificate; _dpsDbContext = dpsDbContext; } public async Task<(string PublicPem, int Id)> CreateCertificateForDpsAsync(string certName) { var certificateDps = _createCertsService.NewRootCertificate( new DistinguishedName { CommonName = certName, Country = "CH" }, new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(50) }, 3, certName); var publicKeyPem = _iec.PemExportPublicKeyCertificate(certificateDps); string pemPrivateKey = string.Empty; using (ECDsa? ecdsa = certificateDps.GetECDsaPrivateKey()) { pemPrivateKey = ecdsa!.ExportECPrivateKeyPem(); FileProvider.WriteToDisk($"{certName}-private.pem", pemPrivateKey); } var item = new DpsCertificate { Name = certName, PemPrivateKey = pemPrivateKey, PemPublicKey = publicKeyPem }; _dpsDbContext.DpsCertificates.Add(item); await _dpsDbContext.SaveChangesAsync(); return (publicKeyPem, item.Id); } public async Task<List<DpsCertificate>> GetDpsCertificatesAsync() { return await _dpsDbContext.DpsCertificates.ToListAsync(); } public async Task<DpsCertificate?> GetDpsCertificateAsync(int id) { return await _dpsDbContext.DpsCertificates.FirstOrDefaultAsync(item => item.Id == id); } } Once the root certificate is created, you can download the public pem file from the web application and upload it to the Azure IoT Hub DPS portal. This needs to be verified. You could also use a CA created certificate for this, if it is possible to create child chained certificates. The enrollment groups are created from this root certificate. Create an Azure IoT Hub DPS enrollment group Devices can be created in different ways in the Azure IoT Hub. We use a DPS enrollment group with certificates to create the Azure IoT devices. The DpsEnrollmentGroupProvider is used to create the enrollment group certificate. This uses the root certificate created in the previous step and chains the new group certificate from this. The enrollment group is used to add devices. Default values are defined for the enrollment group and the pem files are saved to the database. The root certificate is read from the database and the chained enrollment group certificate uses an ECDsa private key like the root self signed certificate. The CreateEnrollmentGroup method is used to set the initial values of the IoT Hub Device. The ProvisioningStatus is set to enabled. This means when the device is registered, it will be enabled to send messages. You could also set this to disabled and enable it after when the device gets used by an end client for the first time. A MAC or a serial code from the device hardware could be used to enable the IoT Hub device. By waiting till the device is started by the end client, you could choose a IoT Hub optimized for this client. public class DpsEnrollmentGroupProvider { private IConfiguration Configuration { get;set;} private readonly ILogger<DpsEnrollmentGroupProvider> _logger; private readonly DpsDbContext _dpsDbContext; private readonly ImportExportCertificate _iec; private readonly CreateCertificatesClientServerAuth _createCertsService; private readonly ProvisioningServiceClient _provisioningServiceClient; public DpsEnrollmentGroupProvider(IConfiguration config, ILoggerFactory loggerFactory, ImportExportCertificate importExportCertificate, CreateCertificatesClientServerAuth ccs, DpsDbContext dpsDbContext) { Configuration = config; _logger = loggerFactory.CreateLogger<DpsEnrollmentGroupProvider>(); _dpsDbContext = dpsDbContext; _iec = importExportCertificate; _createCertsService = ccs; _provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString( Configuration.GetConnectionString("DpsConnection")); } public async Task<(string Name, int Id)> CreateDpsEnrollmentGroupAsync( string enrollmentGroupName, string certificatePublicPemId) { _logger.LogInformation("Starting CreateDpsEnrollmentGroupAsync..."); _logger.LogInformation("Creating a new enrollmentGroup..."); var dpsCertificate = _dpsDbContext.DpsCertificates .FirstOrDefault(t => t.Id == int.Parse(certificatePublicPemId)); var rootCertificate = X509Certificate2.CreateFromPem( dpsCertificate!.PemPublicKey, dpsCertificate.PemPrivateKey); // create an intermediate for each group var certName = $"{enrollmentGroupName}"; var certDpsGroup = _createCertsService.NewIntermediateChainedCertificate( new DistinguishedName { CommonName = certName, Country = "CH" }, new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(50) }, 2, certName, rootCertificate); // get the public key certificate for the enrollment var pemDpsGroupPublic = _iec.PemExportPublicKeyCertificate(certDpsGroup); string pemDpsGroupPrivate = string.Empty; using (ECDsa? ecdsa = certDpsGroup.GetECDsaPrivateKey()) { pemDpsGroupPrivate = ecdsa!.ExportECPrivateKeyPem(); FileProvider.WriteToDisk($"{enrollmentGroupName}-private.pem", pemDpsGroupPrivate); } Attestation attestation = X509Attestation.CreateFromRootCertificates(pemDpsGroupPublic); EnrollmentGroup enrollmentGroup = CreateEnrollmentGroup(enrollmentGroupName, attestation); _logger.LogInformation("{enrollmentGroup}", enrollmentGroup); _logger.LogInformation("Adding new enrollmentGroup..."); EnrollmentGroup enrollmentGroupResult = await _provisioningServiceClient .CreateOrUpdateEnrollmentGroupAsync(enrollmentGroup); _logger.LogInformation("EnrollmentGroup created with success."); _logger.LogInformation("{enrollmentGroupResult}", enrollmentGroupResult); DpsEnrollmentGroup newItem = await PersistData(enrollmentGroupName, dpsCertificate, pemDpsGroupPublic, pemDpsGroupPrivate); return (newItem.Name, newItem.Id); } private async Task<DpsEnrollmentGroup> PersistData(string enrollmentGroupName, DpsCertificate dpsCertificate, string pemDpsGroupPublic, string pemDpsGroupPrivate) { var newItem = new DpsEnrollmentGroup { DpsCertificateId = dpsCertificate.Id, Name = enrollmentGroupName, DpsCertificate = dpsCertificate, PemPublicKey = pemDpsGroupPublic, PemPrivateKey = pemDpsGroupPrivate }; _dpsDbContext.DpsEnrollmentGroups.Add(newItem); dpsCertificate.DpsEnrollmentGroups.Add(newItem); await _dpsDbContext.SaveChangesAsync(); return newItem; } private static EnrollmentGroup CreateEnrollmentGroup(string enrollmentGroupName, Attestation attestation) { return new EnrollmentGroup(enrollmentGroupName, attestation) { ProvisioningStatus = ProvisioningStatus.Enabled, ReprovisionPolicy = new ReprovisionPolicy { MigrateDeviceData = false, UpdateHubAssignment = true }, Capabilities = new DeviceCapabilities { IotEdge = false }, InitialTwinState = new TwinState( new TwinCollection("{ \"updatedby\"\"" + "damien" + "\", \"timeZone\"\"" + TimeZoneInfo.Local.DisplayName + "\" }"), new TwinCollection("{ }") ) }; } public async Task<List<DpsEnrollmentGroup>> GetDpsGroupsAsync(int? certificateId = null) { if (certificateId == null) { return await _dpsDbContext.DpsEnrollmentGroups.ToListAsync(); } return await _dpsDbContext.DpsEnrollmentGroups .Where(s => s.DpsCertificateId == certificateId).ToListAsync(); } public async Task<DpsEnrollmentGroup?> GetDpsGroupAsync(int id) { return await _dpsDbContext.DpsEnrollmentGroups .FirstOrDefaultAsync(d => d.Id == id); } } Register a device in the enrollment group The DpsRegisterDeviceProvider class creates a new device chained certificate using the enrollment group certificate and creates this using the ProvisioningDeviceClient. The transport ProvisioningTransportHandlerAmqp is set in this example. There are different transport types possible and you need to chose the one which best meets your needs. The device certificate uses an ECDsa private key and stores everything to the database. The PFX for windows is stored directly to the file system. I use pem files and create the certificate from these in the device client sending data to the hub and this is platform independent. The create PFX file requires a password to use it. public class DpsRegisterDeviceProvider { private IConfiguration Configuration { get; set; } private readonly ILogger<DpsRegisterDeviceProvider> _logger; private readonly DpsDbContext _dpsDbContext; private readonly ImportExportCertificate _iec; private readonly CreateCertificatesClientServerAuth _createCertsService; public DpsRegisterDeviceProvider(IConfiguration config, ILoggerFactory loggerFactory, ImportExportCertificate importExportCertificate, CreateCertificatesClientServerAuth ccs, DpsDbContext dpsDbContext) { Configuration = config; _logger = loggerFactory.CreateLogger<DpsRegisterDeviceProvider>(); _dpsDbContext = dpsDbContext; _iec = importExportCertificate; _createCertsService = ccs; } public async Task<(int? DeviceId, string? ErrorMessage)> RegisterDeviceAsync( string deviceCommonNameDevice, string dpsEnrollmentGroupId) { int? deviceId = null; var scopeId = Configuration["ScopeId"]; var dpsEnrollmentGroup = _dpsDbContext.DpsEnrollmentGroups .FirstOrDefault(t => t.Id == int.Parse(dpsEnrollmentGroupId)); var certDpsEnrollmentGroup = X509Certificate2.CreateFromPem( dpsEnrollmentGroup!.PemPublicKey, dpsEnrollmentGroup.PemPrivateKey); var newDevice = new DpsEnrollmentDevice { Password = GetEncodedRandomString(30), Name = deviceCommonNameDevice.ToLower(), DpsEnrollmentGroupId = dpsEnrollmentGroup.Id, DpsEnrollmentGroup = dpsEnrollmentGroup }; var certDevice = _createCertsService.NewDeviceChainedCertificate( new DistinguishedName { CommonName = $"{newDevice.Name}" }, new ValidityPeriod { ValidFrom = DateTime.UtcNow, ValidTo = DateTime.UtcNow.AddYears(50) }, $"{newDevice.Name}", certDpsEnrollmentGroup); var deviceInPfxBytes = _iec.ExportChainedCertificatePfx(newDevice.Password, certDevice, certDpsEnrollmentGroup); // This is required if you want PFX exports to work. newDevice.PathToPfx = FileProvider.WritePfxToDisk($"{newDevice.Name}.pfx", deviceInPfxBytes); // get the public key certificate for the device newDevice.PemPublicKey = _iec.PemExportPublicKeyCertificate(certDevice); FileProvider.WriteToDisk($"{newDevice.Name}-public.pem", newDevice.PemPublicKey); using (ECDsa? ecdsa = certDevice.GetECDsaPrivateKey()) { newDevice.PemPrivateKey = ecdsa!.ExportECPrivateKeyPem(); FileProvider.WriteToDisk($"{newDevice.Name}-private.pem", newDevice.PemPrivateKey); } // setup Windows store deviceCert var pemExportDevice = _iec.PemExportPfxFullCertificate(certDevice, newDevice.Password); var certDeviceForCreation = _iec.PemImportCertificate(pemExportDevice, newDevice.Password); using (var security = new SecurityProviderX509Certificate(certDeviceForCreation, new X509Certificate2Collection(certDpsEnrollmentGroup))) // To optimize for size, reference only the protocols used by your application. using (var transport = new ProvisioningTransportHandlerAmqp(TransportFallbackType.TcpOnly)) //using (var transport = new ProvisioningTransportHandlerHttp()) //using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly)) //using (var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.WebSocketOnly)) { var client = ProvisioningDeviceClient.Create("global.azure-devices-provisioning.net", scopeId, security, transport); try { var result = await client.RegisterAsync(); _logger.LogInformation("DPS client created {result}", result); } catch (Exception ex) { _logger.LogError("DPS client created {result}", ex.Message); return (null, ex.Message); } } _dpsDbContext.DpsEnrollmentDevices.Add(newDevice); dpsEnrollmentGroup.DpsEnrollmentDevices.Add(newDevice); await _dpsDbContext.SaveChangesAsync(); deviceId = newDevice.Id; return (deviceId, null); } private static string GetEncodedRandomString(int length) { var base64 = Convert.ToBase64String(GenerateRandomBytes(length)); return base64; } private static byte[] GenerateRandomBytes(int length) { var byteArray = new byte[length]; RandomNumberGenerator.Fill(byteArray); return byteArray; } public async Task<List<DpsEnrollmentDevice>> GetDpsDevicesAsync(int? dpsEnrollmentGroupId) { if(dpsEnrollmentGroupId == null) { return await _dpsDbContext.DpsEnrollmentDevices.ToListAsync(); } return await _dpsDbContext.DpsEnrollmentDevices.Where(s => s.DpsEnrollmentGroupId == dpsEnrollmentGroupId).ToListAsync(); } public async Task<DpsEnrollmentDevice?> GetDpsDeviceAsync(int id) { return await _dpsDbContext.DpsEnrollmentDevices .Include(device => device.DpsEnrollmentGroup) .FirstOrDefaultAsync(d => d.Id == id); } } Download certificates and use The private and the public pem files are used to setup the Azure IoT Hub device and send data from the device to the server. A HTML form is used to download the files. The form sends a post request to the file download API. <form action="/api/FileDownload/DpsDevicePublicKeyPem" method="post"> <input type="hidden" value="@Model.DpsDevice.Id" id="Id" name="Id" /> <button type="submit" style="padding-left0" class="btn btn-link">Download Public PEM</button> </form> The DpsDevicePublicKeyPemAsync method implements the file download. The method gets the data from the database and returns this as pem file. [HttpPost("DpsDevicePublicKeyPem")] public async Task<IActionResult> DpsDevicePublicKeyPemAsync([FromForm] int id) { var cert = await _dpsRegisterDeviceProvider .GetDpsDeviceAsync(id); if (cert == null) throw new ArgumentNullException(nameof(cert)); if (cert.PemPublicKey == null) throw new ArgumentNullException(nameof(cert.PemPublicKey)); return File(Encoding.UTF8.GetBytes(cert.PemPublicKey), "application/octet-stream", $"{cert.Name}-public.pem"); } The device UI displays the data and allows the authenticated user to download the files. The CertificateManager and the Microsoft.Azure.Devices.Client Nuget packages are used to implement the IoT Hub device client. The pem files with the public certificate and the private key can be loaded into a X509Certificate instance. This is then used to send the data using the DeviceAuthenticationWithX509Certificate class. The SendEvent method sends the data using the IoT Hub device Message class. var serviceProvider = new ServiceCollection() .AddCertificateManager() .BuildServiceProvider(); var iec = serviceProvider.GetService<ImportExportCertificate>(); #region pem var deviceNamePem = "robot1-feed"; var certPem = File.ReadAllText($"{_pathToCerts}{deviceNamePem}-public.pem"); var eccPem = File.ReadAllText($"{_pathToCerts}{deviceNamePem}-private.pem"); var cert = X509Certificate2.CreateFromPem(certPem, eccPem); // setup deviceCert windows store export var pemDeviceCertPrivate = iec!.PemExportPfxFullCertificate(cert); var certDevice = iec.PemImportCertificate(pemDeviceCertPrivate); #endregion pem var auth = new DeviceAuthenticationWithX509Certificate(deviceNamePem, certDevice); var deviceClient = DeviceClient.Create(iotHubUrl, auth, transportType); if (deviceClient == null) { Console.WriteLine("Failed to create DeviceClient!"); } else { Console.WriteLine("Successfully created DeviceClient!"); SendEvent(deviceClient).Wait(); } Notes Using certificates in .NET and windows is complicated due to how the private keys are handled and loaded. The private keys need to be exported or imported into the stores etc. This is not an easy API to get working and the docs for this are confusing. This type of device transport and the default setup for the device would need to be adapted for your system. In this example, I used ECDsa certificates but you could also use RSA based keys. The root certificate could be replaced with a CA issued one. I created long living certificates because I do not want the devices to stop working in the field. This should be moved to a configuration. A certificate rotation flow would make sense as well. In the follow up articles, I plan to save the events in hot and cold path events and implement device enable, disable flows. I also plan to write about the device twins. The device twins is a excellent way of sharing data in both directions. Links https//github.com/Azure/azure-iot-sdk-csharp https//github.com/damienbod/AspNetCoreCertificates Creating Certificates for X.509 security in Azure IoT Hub using .NET Core https//learn.microsoft.com/en-us/azure/iot-hub/troubleshoot-error-codes https//stackoverflow.com/questions/52750160/what-is-the-rationale-for-all-the-different-x509keystorageflags/52840537#52840537 https//github.com/dotnet/runtime/issues/19581 https//www.nuget.org/packages/CertificateManager Azure IoT Hub Documentation | Microsoft Learn

This post may contain paid links to my personal recommendations that help to support the site! Today, Artificial Intelligence (AI) is transforming businesses’ operations by increasing operational efficiency and unlocking previously untapped opportunities. Whether you are a small startup or a large enterprise, AI offers an array of potential business ideas and solutions. In this blog post, I’ll discuss some of the most lucrative AI business ideas and how incorporating them into your startup or business strategy could give you a competitive advantage. Read on to learn more! What Are Some AI Business Ideas for Startups? 1. Fraud Detection Firm AI-driven fraud detection is one of the most lucrative AI business startup ideas today. This technology uses machine learning and predictive analytics to detect fraudulent activities in real time. By leveraging AI, businesses can identify and stop fraudulent activities before they cause significant losses. AI-driven fraud detection solutions enable companies to detect and verify suspicious activities quickly, accurately, and automatically. Not only can this help companies to save time and money, but it also provides them with the peace of mind that their operations are secure. To launch an AI-driven fraud detection firm, you need experienced professionals who understand both the technical aspects of AI and the specific needs of your customers. You must also develop a comprehensive fraud detection solution that meets the customer’s needs and can detect and prevent fraudulent activities in real time. 2. AI Healthcare Startup AI healthcare startups have become increasingly popular as they offer many benefits. AI-enabled healthcare solutions can help reduce operational costs, enhance patient care improve overall health outcomes through predictive and data insights. These businesses are transforming how we approach medical diagnosis, enabling doctors to make more informed decisions quickly. Healthcare AI startups also can leverage machine learning to improve pharmaceutical discovery and help automate administrative processes. With its potential to revolutionize the healthcare system, entrepreneurs can use artificial intelligence to create effective solutions to Meet patient needs Reduce operational costs Provide health insights 3. AI Logistics and Supply Startup Artificial Intelligence (AI) can benefit logistics and supply chain management too! Having an AI system to manage logistics can help reduce costs, optimize inventory management, automate processes, and improve customer service. For example, AI systems can automatically identify patterns in data and make informed decisions based on those results. Additionally, AI could be used to forecast supply and demand, helping companies prepare for unexpected events. AI-powered solutions also enable startups to track shipments and optimize delivery routes efficiently. This adds visibility into the entire process and lowers costs associated with shipping errors or late arrival of goods. Furthermore, AI can identify potential problems before they arise, resulting in smoother operations and improved customer experience. 4. AI-Personal Shopper Business AI-enabled personal shoppers are becoming increasingly popular as they allow businesses to provide personalized shopping experiences for their customers. AI-powered virtual agents can interact with customers via chatbots, voice bots, or other interfaces to identify their needs and recommend products that best meet them. By leveraging AI’s powerful data analytics capabilities, personal shoppers can collect data to customize product recommendations, detect trends and offer discounts based on customer preferences. Additionally, AI-powered personal shoppers can help streamline customer service by providing personalized support and advice in real time. Companies that invest in this technology can expect to gain a competitive edge as they differentiate their offering with the latest trends and products that meet customer demands. This business idea offers a unique opportunity to improve customer experiences and loyalty while improving operational efficiency using customer data. You can even build a startup that provides AI chatbots for online shops. In this case, you’ll be working with B2B partnerships and selling your AI bot as a product. 5. AI Marketing Startup AI marketing startups have the potential to revolutionize how companies interact with customers and generate leads. AI technologies such as natural language processing (NLP), computer vision, machine learning, and chatbots can automate mundane marketing tasks and enable more personalized interactions. AI startups utilize these tools to improve customer segmentation, develop targeted campaigns, optimize website conversion rates, and generate new leads. For example, NLP algorithms can analyze customer data to predict sentiment or future behavior based on past customer interactions. AI-based chatbots offer a more personalized approach to customer service, quickly identifying and resolving highly specific queries. 6. Personalized Education AI technology can be used to personalize education and offer tailored content, recommendations, and feedback based on a student’s needs. This allows teachers to provide instruction tailored to each student’s capability level, interests, and goals. AI can also automate grading and provide insights into students’ academic performance. AI-based assessment tools can detect patterns in a student’s work and offer personalized learning plans based on those patterns. This helps teachers identify areas where students may need additional help or recommend more challenging material when they are ready for it. AI technology also provides the ability to quickly analyze large amounts of data, allowing teachers to identify skills gaps and weaknesses in their students. This enables them to provide more targeted instruction tailored to each student’s needs. By using AI technology in education, businesses can create an individualized learning experience that encourages each student to reach their full potential. 7. AI-Content Generator AI-based content generators are becoming increasingly popular in the business world. And that’s because they enable businesses to create personalized and high-quality content quickly and efficiently. The technology leverages natural language processing (NLP) algorithms to generate content tailored to a customer’s needs with minimal effort from the business side. This can save companies time and money in the long run, as they can produce content faster and at a lower cost than traditional methods. AI-based content generators have a variety of applications, from generating reports to creating personalized emails. Companies are also using the technology to optimize their website content, which helps them improve search engine rankings and increase their online visibility. Why Should You Launch Your AI Business Idea? AI is revolutionizing how businesses operate and creating new opportunities in the market. Incorporating AI-driven business ideas into your strategy gives you a competitive advantage. It can lead to improved operational efficiency, greater insights into customer needs, increased revenue, and improved customer experience. These benefits of AI create an impetus for businesses of all sizes to launch an AI business idea. By leveraging the power of AI, you can effectively manage data and other business processes and automate operations with machine learning algorithms. Additionally, AI-driven solutions such as natural language processing and computer vision can provide valuable insights into customer preferences while improving customer experience. Launching an AI business idea is the perfect way to capitalize on AI opportunities and stay ahead of your competition. Related Questions How are AI companies making money? AI companies are making money through various sources, such as developing and selling AI-based products. Some others provide AI-as-a-service or offer solutions that help companies leverage AI technology to improve their operations. Additionally, some AI companies are monetizing the data they collect from customers for targeted advertising. How do I start an artificial intelligence business? Starting an AI business requires a solid understanding of the technology and insight into applying it in different industries and scenarios. Additionally, mastering basic data science and programming skills is key. Many startups are leveraging the power of pre-existing AI systems, such as Google’s TensorFlow, to develop their applications. Since many such tools are open-source, starting a business in AI is a good way to start a future-proof business. Is an AI startup idea good for making money? An AI startup idea can be a great way to make money, particularly if it provides a tangible solution to existing problems or creates new opportunities. With the right strategy and execution, AI startup ideas can generate significant revenue growth by leveraging their data-driven insights into customer needs and behaviors. How will AI affect business in the future? In the future, AI will continue to revolutionize business processes by offering more efficient, cost-effective solutions that can help companies to remain competitive. Furthermore, AI startups and businesses will have the opportunity to develop innovative products and services that could profoundly change the way we live and work. Incorporating artificial intelligence into business operations could increase productivity, better decision-making capabilities, and improve customer engagement. How can businesses prepare for AI? Businesses can prepare for AI by developing a comprehensive strategy incorporating technological advances and trends in their AI business ideas. Additionally, businesses should ensure they have the right team to drive their AI efforts forward. Investing in training and upskilling employees on topics related to artificial intelligence is essential if companies are to stay ahead of the curve. Lastly, understanding the ethical considerations behind AI is essential for organizations to ensure their AI applications comply with regulations. Final Thoughts AI businesses require technical skills and are usually complex to set up. But, considering the current state of the market, there is massive potential for those who decide to take a risk and launch an innovative AI-driven business idea. From fraud detection to personalized education, entrepreneurs have many options for creating a successful AI-driven enterprise. Whether you focus on healthcare, logistics and supply chains, personal shoppers, or marketing, each presents unique opportunities. Investing time and effort in building an artificial intelligence platform can create sustainable value for your customers and team. The post 7 Profitable AI Business Ideas for Startups (2023) appeared first on Any Instructor.

GNU Octave is a programming language for scientific computing.

A couple of years ago, I worked in a SaaS company that suffered from probably all possible issues with software development. Code was so complex that adding simples changes could take months. All tasks and the scope of the project were defined by the project manager alone. Developers didn’t understand what problem they were solving. Without an understanding the customer’s expectations, many implemented functionalities were useless. The development team was also not able to propose better solutions.

The article looks at onboarding different Azure AD users with a temporary access pass (TAP) and some type of passwordless authentication. An ASP.NET Core application is used to create the Azure AD member users which can then use a TAP to setup the account. This is a great way to onboard users in your tenant. Code https//github.com/damienbod/AzureAdTapOnboarding The ASP.NET Core application needs to onboard different type of Azure AD users. Some users cannot use a passwordless authentication (yet) and so a password setup is also required for these users. TAP only works with members and we also need to support guest users with some alternative onboarding flow. Different type of user flows are supported or possible AAD member user flow with TAP and FIDO2 authentication AAD member user flow with password using email/password authentication AAD member user flow with password setup and a phone authentication AAD guest user flow with federated login AAD guest user flow with Microsoft account AAD guest user flow with email code FIDO2 should be used for all enterprise employees with an office account in the enterprise. If this is not possible, then at least the IT administrators should be forced to use FIDO2 authentication and the companies should be planning on a strategy on how to move to a phishing resistant authentication. This could be forced with a PIM and a continuous access policy for administration jobs. Using FIDO2, the identities are protected with a phishing resistant authentication. This should be a requirement for any professional solution. Azure AD users with no computer can use an email code or a SMS authentication. This is a low security authentication and applications should not expose sensitive information to these user types. Setup The ASP.NET Core application uses Microsoft.Identity.Web and the Microsoft.Identity.Web.MicrosoftGraphBeta Nuget packages to implement the Azure AD clients. The ASP.NET Core client is a server rendered application and uses an Azure App registration which requires a secret or a certificate to acquire access tokens. The onboarding application uses Microsoft Graph applications permissions to create the users and initialize the temporary access pass (TAP) flow. The following application permissions are used User.EnableDisableAccount.All User.ReadWrite.All UserAuthenticationMethod.ReadWrite.All The permissions are added to a separate Azure App registration and require a secret to use. In a second phase, I will look at implementing the Graph API access using Microsoft Graph delegated permissions. It is also possible to use a service managed identity to acquire a Graph access token with the required permissions. Onboarding members using passwordless When onboarding a new Azure AD user with passwordless and TAP, this needs to be implemented in two steps. Firstly, a new Microsoft Graph user is created with the type member. This takes an unknown length of time to complete on Azure AD. When this is finished, a new TAP authentication method is created. I used the Polly Nuget package to retry this until the TAP request succeeds. Once successful, the temporary access pass is displayed in the UI. If this was a new employee or something like this, you could print this out and let the user complete the process. private async Task CreateMember(UserModel userData) { var createdUser = await _aadGraphSdkManagedIdentityAppClient .CreateGraphMemberUserAsync(userData); if (createdUser!.Id != null) { if (userData.UsePasswordless) { var maxRetryAttempts = 7; var pauseBetweenFailures = TimeSpan.FromSeconds(3); var retryPolicy = Policy .Handle<HttpRequestException>() .WaitAndRetryAsync(maxRetryAttempts, i => pauseBetweenFailures); await retryPolicy.ExecuteAsync(async () => { var tap = await _aadGraphSdkManagedIdentityAppClient .AddTapForUserAsync(createdUser.Id); AccessInfo = new CreatedAccessModel { Email = createdUser.Email, TemporaryAccessPass = tap!.TemporaryAccessPass }; }); } else { AccessInfo = new CreatedAccessModel { Email = createdUser.Email, Password = createdUser.Password }; } } } The CreateGraphMemberUserAsync method creates a new Microsoft Graph user. To use a temporary access pass, a member user must be used. Guest users cannot be onboarded like this. Even though we do not use a password in this process, the Microsoft Graph user validation forces us to create one. We just create a random password and will not return this, This password will not be updated. public async Task<CreatedUserModel> CreateGraphMemberUserAsync (UserModel userModel) { if (!userModel.Email.ToLower().EndsWith(_aadIssuerDomain.ToLower())) { throw new ArgumentException("A guest user must be invited!"); } var graphServiceClient = _graphService .GetGraphClientWithManagedIdentityOrDevClient(); var password = GetRandomString(); var user = new User { DisplayName = userModel.UserName, Surname = userModel.LastName, GivenName = userModel.FirstName, OtherMails = new List<string> { userModel.Email }, UserType = "member", AccountEnabled = true, UserPrincipalName = userModel.Email, MailNickname = userModel.UserName, PasswordProfile = new PasswordProfile { Password = password, // We use TAP if a paswordless onboarding is used ForceChangePasswordNextSignIn = !userModel.UsePasswordless }, PasswordPolicies = "DisablePasswordExpiration" }; var createdUser = await graphServiceClient.Users .Request() .AddAsync(user); return new CreatedUserModel { Email = createdUser.UserPrincipalName, Id = createdUser.Id, Password = password }; } The TemporaryAccessPassAuthenticationMethod object is created using Microsoft Graph. We create a use once TAP. The access code is returned and displayed in the UI. public async Task<TemporaryAccessPassAuthenticationMethod?> AddTapForUserAsync(string userId) { var graphServiceClient = _graphService .GetGraphClientWithManagedIdentityOrDevClient(); var tempAccessPassAuthMethod = new TemporaryAccessPassAuthenticationMethod { //StartDateTime = DateTimeOffset.Now, LifetimeInMinutes = 60, IsUsableOnce = true, }; var result = await graphServiceClient.Users[userId] .Authentication .TemporaryAccessPassMethods .Request() .AddAsync(tempAccessPassAuthMethod); return result; } The https//aka.ms/mysecurityinfo link can be used to complete the flow. The new user can click this link and enter the email and the access code. Now that the user is authenticated, he or she can add a passwordless authentication method. I use an external FIDO2 key. Once setup, the user can register and authenticate. You should use at least two security keys. This is an awesome way of onboarding users which allows users to authenticate in a phishing resistant way without requiring or using a password. FIDO2 is the recommended and best way of authenticating users and with the rollout of passkeys, this will become more user friendly as well. Onboarding members using password Due to the fact that some companies still use legacy authentication or we would like to support users with no computer, we also need to onboard users with passwords. When using passwords, the user needs to update the password on first use. The user should add an MFA, if not forced by the tenant. Some employees might not have a computer and would like user a phone to authenticate. An SMS code would be a good way of achieving this. This is of course not very secure, so you should expect these accounts to get lost or breached and so sensitive data should be avoided for applications used by these accounts. The device code flow could be used together on a shared PC with the user mobile phone. Starting an authentication flow from a QR Code is unsecure as this is not safe against phishing but as SMS is used for these type of users, it’s already not very secure. Again sensitive data must be avoided for applications accepting these low security accounts. It’s all about balance, maybe someday soon, all users will have FIDO2 security keys or passkeys to use and we can avoid these sort of solutions. Onboarding guest users (invitations) Guest users cannot be onboarded by creating a Microsoft Graph user. You need to send an invitation to the guest user for your tenant. Microsoft Graph provides an API for this. There a different type of guest users, depending on the account type and the authentication method type. The invitation returns an invite redeem URL which can be used to setup the account. This URL is mailed to the email used in the invite and does not need to be displayed in the UI. private async Task InviteGuest(UserModel userData) { var invitedGuestUser = await _aadGraphSdkManagedIdentityAppClient .InviteGuestUser(userData, _inviteUrl); if (invitedGuestUser!.Id != null) { AccessInfo = new CreatedAccessModel { Email = invitedGuestUser.InvitedUserEmailAddress, InviteRedeemUrl = invitedGuestUser.InviteRedeemUrl }; } } The InviteGuestUser method is used to create the invite object and this is sent as a HTTP post request to the Microsoft Graph API. public async Task<Invitation?> InviteGuestUser (UserModel userModel, string redirectUrl) { if (userModel.Email.ToLower().EndsWith(_aadIssuerDomain.ToLower())) { throw new ArgumentException("user must be from a different domain!"); } var graphServiceClient = _graphService .GetGraphClientWithManagedIdentityOrDevClient(); var invitation = new Invitation { InvitedUserEmailAddress = userModel.Email, SendInvitationMessage = true, InvitedUserDisplayName = $"{userModel.FirstName} {userModel.LastName}", InviteRedirectUrl = redirectUrl, InvitedUserType = "guest" }; var invite = await graphServiceClient.Invitations .Request() .AddAsync(invitation); return invite; } Notes Onboarding users with Microsoft Graph can be complicated because you need to know which parameters and how the users need to be created. Azure AD members can be created using the Microsoft Graph user APIs, guest users are created using the Microsoft Graph invitation APIs. Onboarding users with TAP and FIDO2 is a great way of doing implementing this workflow. As of today, this is still part of the beta release. Links https//entra.microsoft.com/ https//learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass https//learn.microsoft.com/en-us/graph/api/authentication-post-temporaryaccesspassmethods?view=graph-rest-1.0&tabs=csharp https//learn.microsoft.com/en-us/graph/authenticationmethods-get-started https//learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises Create Azure B2C users with Microsoft Graph and ASP.NET Core Onboarding new users in an ASP.NET Core application using Azure B2C Disable Azure AD user account using Microsoft Graph and an application client Invite external users to Azure AD using Microsoft Graph and ASP.NET Core https//learn.microsoft.com/en-us/azure/active-directory/external-identities/external-identities-overview https//learn.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal

This article looks at implementing an ASP.NET Core application which authenticates using Microsoft Entra External ID for customers (CIAM). The ASP.NET Core authentication is implemented using the Microsoft.Identity.Web Nuget package. The client implements the OpenID Connect code flow with PKCE and a confidential client. Code https//github.com/damienbod/EntraExternalIdCiam Microsoft Entra External ID for customers (CIAM) is a new Microsoft product for customer (B2C) identity solutions. This has many changes to the existing Azure AD B2C solution and adopts many of the features from Azure AD. At present, the product is in public preview. App registration setup As with any Azure AD, Azure AD B2C, Azure AD CIAM application, an Azure App registration is created and used to define the authentication client. The ASP.NET core application is a confidential client and must use a secret or a certificate to authenticate the application as well as the user. The client authenticates using an OpenID Connect (OIDC) confidential code flow with PKCE. The implicit flow does not need to be activated. User flow setup In Microsoft Entra External ID for customers (CIAM), the application must be connected to the user flow. In external identities, a new user flow can be created and the application (The Azure app registration) can be added to the user flow. The user flow can be used to define the specific customer authentication requirements. ASP.NET Core application The ASP.NET Core application is implemented using the Microsoft.Identity.Web Nuget package. The recommended flow for trusted applications is the OpenID Connect confidential code flow with PKCE. This is setup using the AddMicrosoftIdentityWebApp method and also the EnableTokenAcquisitionToCallDownstreamApi method. The CIAM client configuration is read using the json EntraExternalID section. services.AddDistributedMemoryCache(); services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp( builder.Configuration .GetSection("EntraExternalID")) .EnableTokenAcquisitionToCallDownstreamApi() .AddDistributedTokenCaches(); In the appsettings.json, user secrets or the production setup, the client specific configurations are defined. The settings must match the Azure App registration. The SignUpSignInPolicyId is no longer used compared to Azure AD B2C. // -- using ciamlogin.com -- "EntraExternalID" { "Authority" "https//damienbodciam.ciamlogin.com", "ClientId" "0990af2f-c338-484d-b23d-dfef6c65f522", "CallbackPath" "/signin-oidc", "SignedOutCallbackPath " "/signout-callback-oidc" // "ClientSecret" "--in-user-secrets--" }, Notes I always try to implement user flows for B2C solutions and avoid custom setups as these setups are hard to maintain, expensive to keep updated and hard to migrate when the product is end of life. Setting up a CIAM client in ASP.NET Core works without problems. CIAM offers many more features but is still missing some essential ones. This product is starting to look really good and will be a great improvement on Azure AD B2C when it is feature complete. Strong authentication is missing from Microsoft Entra External ID for customers (CIAM) and this makes it hard to test using my Azure AD users. Hopefully FIDO2 and passkeys will get supported soon. See the following link for the supported authentication methods https//learn.microsoft.com/en-us/azure/active-directory/external-identities/customers/concept-supported-features-customers I also require a standard OpenID Connect identity provider (Code flow confidential client with PKCE support) in most of my customer solution rollouts. This is not is supported at present. With CIAM, new possibilities are also possible for creating single solutions to support both B2B and B2C use cases. Support for Azure security groups and Azure roles in Microsoft Entra External ID for customers (CIAM) is one of the features which makes this possible. Links https//learn.microsoft.com/en-us/azure/active-directory/external-identities/ https//www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-external-id https//www.cloudpartner.fi/?p=14685 https//developer.microsoft.com/en-us/identity/customers https//techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/microsoft-entra-external-id-public-preview-developer-centric/ba-p/3823766 https//github.com/AzureAD/microsoft-identity-web

Have you ever left a meeting feeling like you just wasted an hour (or more) of your day? You’re not alone. Many people have experienced the frustration of attending meetings that are disorganized, unproductive, and seemingly pointless. That’s where the Level 10 meeting agenda comes in. The Level 10 is part of the larger Entrepreneurial Operating System® (EOS). EOS is a comprehensive set of practical tools and concepts that have helped thousands of small to medium size organizations worldwide achieve their business goals – including Simple Thread! One of the most popular components of EOS is the Level 10 meeting, a weekly meeting that is designed to be highly efficient, productive, and engaging. So, how do you make a meeting efficient, productive, and engaging? Here are 5 things that work for us 1. Same Bat Time, Same Bat Channel First and foremost, the meeting should take place on the same day and time each week. The meeting follows a strict agenda, which includes several key items that are critical to its success. I will share more about these next. 2. Be Present An opening segue provides the opportunity to shift the team’s attention from the distractions of the latest Slack chat or email that needs a reply and bring the focus to the present. At the start of the meeting, I might ask everyone to share their “best personal and best professional highlight” of the previous week. This can help set a positive tone and encourage everyone to engage in the meeting. Another great meeting opener is the “rose, thorn, and bud” method, which is a design thinking tool that helps identify what’s working (rose), what’s not (thorn), and what can be improved (bud).   “If You Can’t Measure it, You Can’t Improve it” – Peter Drucker 3. You Gotta Track Something The meeting then moves on to review the key performance indicators (KPIs) or scorecard for the department. This provides a weekly check-in on the numbers that are leading indicators of success and drive conversation around areas of opportunity or concern. What you track may vary by department, for marketing, we look at website traffic, conversions, and inbound leads to name a few! 4. Have S.M.A.R.T, Realistic Quarterly Goals Next, the team discusses their quarterly goals and reports on whether they are on track or off track towards this goal. This helps ensure that everyone is aligned on the department’s priorities and progress towards achieving them. If someone is “off track”, it gets added to the agenda for discussion and for the group to find ways to support and help get the project moving in the right direction.   “If You Don’t Know Where You Are Going, You’ll End Up Someplace Else” – Yogi Berra 5. Identify. Discuss. Solve. The meeting then moves on to the most crucial part of the Level 10 meeting tackling issues as a team. This is when I will guide the team through the IDS process Identify, Discuss, and Solve. The team identifies the real issue, discusses it from all angles, and then settles on a solution and one or two action points to implement the solution. And Now, to Wrap Things Up Like a Present… As the meeting comes to a close, the team takes five minutes to wrap up. This includes recapping the to-do list, sharing information from the meeting with the rest of the organization, and giving the meeting a grade on a scale of 1 to 10. EOS emphasizes that the most important criterion for grading the meeting is how well the team followed the agenda. So there you have it! A recipe for a meeting that is productive, efficient, and engaging! The Level 10 meeting is a powerful tool for organizations looking to run efficient and productive meetings. By following a strict agenda and incorporating key components like KPIs, quarterly goals, and the IDS process, teams can stay aligned and make progress towards achieving their business objectives. Try it out and let us know what you think  – and say goodbye to wasted time and hello to more productive, engaging meetings! The post How to Stop Wasting Time in Pointless Meetings 5 Things to Improve Your Meetings appeared first on Simple Thread.

Attackers have compromised the software distribution system of BigNox, developer of a popular Android emulator for PCs and Macs.

Open source has become a major force in the world of IT, and today a startup that has built a profitable operation by developing business management software on the priniciple is announcing a sizable secondary investment on the back of that growth. Odoo — a Belgium-based provider of open-sour…

Crime thriller Heat is getting a sequel/prequel in the form of a new novel from Michael Mann. But Heat 2 was once in very early development at Borderlands developer Gearbox Software, before being put on ice.

Information Introducing Dev Home – Kayla Cinnamon Open at Microsoft – Dapr – AugustaUd Create a Microsoft Power App for your ASP.NET Core Web API – Julia Kasper Iterating on your Welcome Experience feedback – Grace Taylor .NET 7–Serialize private fields and properties – Bart Wullems nameof get’s a bit better in C# 12 – Steven Giesel SciFiDevCon 2023 – Check your Thermal Exhaust Port – 10 Vulnerabilities Your Web Application Probably Has Right Now – Scott Sauber ASP.NET Core authentication using Microsoft Entra External ID for customers (CIAM) – Damien Bowden JavaScript Import Maps For ASP.NET Core Developers – Khalid Abuhakmeh TypeScript Tuple Types The What, Why, and How – Sachin Chaurasiya The Prickly Case of JavaScript Proxies – Rob Eisenberg Privacy Enhancing Technologies An Introduction for Technologists – Katharine Jarmul

Playdate, the first piece of hardware made by software developer Panic, has been delayed to early 2021. Panic cites COVID-19 related issues for the delay with work from home and a shutdown of its partner Malaysian factory leading to a delayed launch.

(marketscreener.com) The following is a round-up of updates by London-listed companies, issued on Thursday and not separately reported by Alliance News--------Alfa Financial Software Holdings PLC - London-based software developer for the finance industry - Reports strong third quarter trading, leading the finance-focused software developer to upgrade its full-year...https//www.marketscreener.com/quote/stock/ALFA-FINANCIAL-SOFTWARE-H-35043565/news/TRADING-UPDATES-Alfa-Financial-lifts-annual-revenue-guidance-42272130/?utm_medium=RSS&utm_content=20221110

The software developer publicly scalded a colleague for not including a Black Lives Matter statement in documentation for a project they worked on.

Sick of his internet dropping out, software developer Matt Hall paid to have the NBN to his home upgraded. He didn't realise that he was also paying for his neighbours to get cheap access.

(marketscreener.com) New QNX Academy for Functional Safety Combines Both Companies' Developer Resources into one Comprehensive OfferingLAS VEGAS, Jan. 5, 2023 /PRNewswire/ -- BlackBerry Limited and Texas Instruments today unveiled the QNX® Academy for Functional Safety, a comprehensive online software developer enablement program designed to turbocharge...https//www.marketscreener.com/quote/stock/BLACKBERRY-LIMITED-1411475/news/BlackBerry-QNX-and-Texas-Instruments-Collaborate-to-Launch-Online-Training-Academy-to-Jump-Start-Emb-42665612/?utm_medium=RSS&utm_content=20230105

Call of Duty Warzone is already off to another rough week. Just a few days after developer Raven Software tried to fix the infinite stim glitch for the second time, players found a way to turn themselves invisible in Amored Royale. So the developer removed the game mode.

Der Internet-Shoppingboom und florierende Cloud-Dienste haben den weltgrößten Online-Händler Amazon zu Jahresb

This article shows how to reset a password for tenant members using a Microsoft Graph application client in ASP.NET Core. An Azure App registration is used to define the application permission for the Microsoft Graph client and the User Administrator role is assigned to the Azure Enterprise application created from the Azure App registration. Code https//github.com/damienbod/azuerad-reset Create an Azure App registration with the Graph permission An Azure App registration was created which requires a secret or a certificate. The Azure App registration has the application User.ReadWrite.All permission and is used to assign the Azure role. This client is only for application clients and not delegated clients. Assign the User Administrator role to the App Registration The User Administrator role is assigned to the Azure App registration (Azure Enterprise application pro tenant). You can do this by using the User Administrator Assignments and and new one can be added. Choose the Azure App registration corresponding Enterprise application and assign the role to be always active. Create the Microsoft Graph application client In the ASP.NET Core application, a new Graph application can be created using the Microsoft Graph SDK and Azure Identity. The GetChainedTokenCredentials is used to authenticate using a managed identity for the production deployment or a user secret in development. You could also use a certificate. This is the managed identity from the Azure App service where the application is deployed in production. using Azure.Identity; using Microsoft.Graph; namespace SelfServiceAzureAdPasswordReset; public class GraphApplicationClientService { private readonly IConfiguration _configuration; private readonly IHostEnvironment _environment; private GraphServiceClient? _graphServiceClient; public GraphApplicationClientService(IConfiguration configuration, IHostEnvironment environment) { _configuration = configuration; _environment = environment; } /// <summary> /// gets a singleton instance of the GraphServiceClient /// </summary> public GraphServiceClient GetGraphClientWithManagedIdentityOrDevClient() { if (_graphServiceClient != null) return _graphServiceClient; string[] scopes = new[] { "https//graph.microsoft.com/.default" }; var chainedTokenCredential = GetChainedTokenCredentials(); _graphServiceClient = new GraphServiceClient(chainedTokenCredential, scopes); return _graphServiceClient; } private ChainedTokenCredential GetChainedTokenCredentials() { if (!_environment.IsDevelopment()) { // You could also use a certificate here return new ChainedTokenCredential(new ManagedIdentityCredential()); } else // dev env { var tenantId = _configuration["AzureAdGraphTenantId"]; var clientId = _configuration.GetValue<string>("AzureAdGraphClientId"); var clientSecret = _configuration.GetValue<string>("AzureAdGraphClientSecret"); var options = new TokenCredentialOptions { AuthorityHost = AzureAuthorityHosts.AzurePublicCloud }; // https//docs.microsoft.com/dotnet/api/azure.identity.clientsecretcredential var devClientSecretCredential = new ClientSecretCredential( tenantId, clientId, clientSecret, options); var chainedTokenCredential = new ChainedTokenCredential(devClientSecretCredential); return chainedTokenCredential; } } } Reset the password Microsoft Graph SDK 4 Once the client is authenticated, Microsoft Graph SDK can be used to implement the logic. You need to decide if SDK 4 or SDK 5 is used to implement the Graph client. Most applications must still use Graph SDK 4 but no docs exist for this anymore. Refer to Stackoverflow or try and error. The application has one method to get the user and a second one to reset the password and force a change on the next authentication. This is ok for low level security, but TAP with a strong authentication should always be used if possible. using Microsoft.Graph; using System.Security.Cryptography; namespace SelfServiceAzureAdPasswordReset; public class UserResetPasswordApplicationGraphSDK4 { private readonly GraphApplicationClientService _graphApplicationClientService; public UserResetPasswordApplicationGraphSDK4(GraphApplicationClientService graphApplicationClientService) { _graphApplicationClientService = graphApplicationClientService; } private async Task<string> GetUserIdAsync(string email) { var filter = $"startswith(userPrincipalName,'{email}')"; var graphServiceClient = _graphApplicationClientService .GetGraphClientWithManagedIdentityOrDevClient(); var users = await graphServiceClient.Users .Request() .Filter(filter) .GetAsync(); return users.CurrentPage[0].Id; } public async Task<string?> ResetPassword(string email) { var graphServiceClient = _graphApplicationClientService .GetGraphClientWithManagedIdentityOrDevClient(); var userId = await GetUserIdAsync(email); if (userId == null) { throw new ArgumentNullException(nameof(email)); } var password = GetRandomString(); await graphServiceClient.Users[userId].Request() .UpdateAsync(new User { PasswordProfile = new PasswordProfile { Password = password, ForceChangePasswordNextSignIn = true } }); return password; } private static string GetRandomString() { var random = $"{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}-AC"; return random; } private static int GenerateRandom() { return RandomNumberGenerator.GetInt32(100000000, int.MaxValue); } } Reset the password Microsoft Graph SDK 5 Microsoft Graph SDK 5 can also be used to implement the logic to reset the password and force a change on the next signin. using Microsoft.Graph; using Microsoft.Graph.Models; using System.Security.Cryptography; namespace SelfServiceAzureAdPasswordReset; public class UserResetPasswordApplicationGraphSDK5 { private readonly GraphApplicationClientService _graphApplicationClientService; public UserResetPasswordApplicationGraphSDK5(GraphApplicationClientService graphApplicationClientService) { _graphApplicationClientService = graphApplicationClientService; } private async Task<string?> GetUserIdAsync(string email) { var filter = $"startswith(userPrincipalName,'{email}')"; var graphServiceClient = _graphApplicationClientService .GetGraphClientWithManagedIdentityOrDevClient(); var result = await graphServiceClient.Users.GetAsync((requestConfiguration) => { requestConfiguration.QueryParameters.Top = 10; if (!string.IsNullOrEmpty(email)) { requestConfiguration.QueryParameters.Search = $"\"userPrincipalName{email}\""; } requestConfiguration.QueryParameters.Orderby = new string[] { "displayName" }; requestConfiguration.QueryParameters.Count = true; requestConfiguration.QueryParameters.Select = new string[] { "id", "displayName", "userPrincipalName", "userType" }; requestConfiguration.QueryParameters.Filter = "userType eq 'Member'"; // onPremisesSyncEnabled eq false requestConfiguration.Headers.Add("ConsistencyLevel", "eventual"); }); return result!.Value!.FirstOrDefault()!.Id; } public async Task<string?> ResetPassword(string email) { var graphServiceClient = _graphApplicationClientService .GetGraphClientWithManagedIdentityOrDevClient(); var userId = await GetUserIdAsync(email); if (userId == null) { throw new ArgumentNullException(nameof(email)); } var password = GetRandomString(); await graphServiceClient.Users[userId].PatchAsync( new User { PasswordProfile = new PasswordProfile { Password = password, ForceChangePasswordNextSignIn = true } }); return password; } private static string GetRandomString() { var random = $"{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}-AC"; return random; } private static int GenerateRandom() { return RandomNumberGenerator.GetInt32(100000000, int.MaxValue); } } Any Razor page can use the service and update the password. The Razor Page requires protection to prevent any user or bot updating any other user account. Some type of secret is required to use the service or an extra id which can be created from an internal IT admin. DDOS protection and BOT protection is also required if the Razor page is deployed to a public endpoint and a delay after each request must also be implemented. Extreme caution needs to be taken when exposing this business functionality. private readonly UserResetPasswordApplicationGraphSDK5 _userResetPasswordApp; [BindProperty] public string Upn { get; set; } = string.Empty; [BindProperty] public string? Password { get; set; } = string.Empty; public IndexModel(UserResetPasswordApplicationGraphSDK5 userResetPasswordApplicationGraphSDK4) { _userResetPasswordApp = userResetPasswordApplicationGraphSDK4; } public void OnGet(){} public async Task<IActionResult> OnPostAsync() { if (!ModelState.IsValid) { return Page(); } Password = await _userResetPasswordApp .ResetPassword(Upn); return Page(); } The demo application can be started and a password from a local member can be reset. The https//mysignins.microsoft.com/security-info url can be used to test the new password and add MFA or whatever. Notes You can use this solution for applications with no user. If using an administrator or a user to reset the passwords, then a delegated permission should be used with different Graph SDK methods and different Graph permissions. Links https//aka.ms/mysecurityinfo https//learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0 https//learn.microsoft.com/en-us/graph/sdks/paging?tabs=csharp https//learn.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword?view=graph-rest-1.0&tabs=csharp

This week how to set up lead magnets that attract prospective customers who are ready to purchase.

KeepTruckin, a hardware and software developer that helps trucking fleets manage vehicle, cargo and driver safety, has just raised $190 million in a Series E funding round, which puts the company’s valuation at $2 billion, according to CEO Shoaib Makani.  G2 Venture Partners, which just raise…

Hogwarts Legacy, the open-world action-RPG set in the Harry Potter universe, will not be released in 2021. Instead, developer Avalanche Software and publisher Portkey Games announced that it will be delayed until 2022.

Imagine an OS for the software developer, maker and computer science professional who uses their computer as a tool to discover and create. Welcome to Pop!_OS.

What it means for software to be fast, and why most software is not.

Apple renewed its focus on privacy at its annual developer conference, as well introducing a period tracker for the Apple Watch and announcing new software

Corsair Gaming today announced that it has acquired EpocCam, the software developer behind the iOS software of the same name. It’s easy to see why the gaming company would be interested in such an acquisition in 2020. The COVID-19 pandemic has lead to a worldwide spike in remote working — and, as a…

(marketscreener.com) New QNX Academy for Functional Safety Combines Both Companies' Developer Resources into one Comprehensive OfferingLAS VEGAS, Jan. 5, 2023 /PRNewswire/ -- BlackBerry Limited and Texas Instruments today unveiled the QNX® Academy for Functional Safety, a comprehensive online software developer enablement program designed to turbocharge...https//www.marketscreener.com/quote/stock/BLACKBERRY-LIMITED-1411475/news/BlackBerry-QNX-and-Texas-Instruments-Collaborate-to-Launch-Online-Training-Academy-to-Jump-Start-Emb-42665612/?utm_medium=RSS&utm_content=20230105

Mobile app developer Kosta Eleftheriou, who is behind the Apple Watch keyboard app FlickType, has filed a lawsuit against the iPhone maker, accusing it of abusing its monopoly power in trying to buy his app and then not taking action on scams and copycat software.

Deal is Prosus’ biggest investment in online learning and comes weeks after it sold a chunk from its massive Tencent holding

"In my opinion, the word ‘agile’ has been loosely applied to many different approaches and strategies to manage projects so the discussion of ‘fake’ versus ‘real’ agile is tricky without a specific context or example."

NVIDIA data scientists took three of the top spots in a brain tumor segmentation challenge validation phase at the prestigious MICCAI 2021.

(marketscreener.com) Sigma to Expand Agnostic Software-only Offerings to Provide Key Analytics to EOS Machine, Process, and Part In-process Datahttps//www.marketscreener.com/quote/stock/SIGMA-ADDITIVE-SOLUTIONS-34091120/news/Sigma-Additive-Solutions-Joins-the-EOS-Developer-Network-42453741/?utm_medium=RSS&utm_content=20221201

At the Google I/O developer conference, the company took steps toward its vision of ambient computing, making its phones, watches, and software work well and work together.

The term “anti-pattern” is a derogatory term used to disparage software design approaches that a given developer, or group of developers may not like. The term started its life as a use…

India News A survey of 65 countries by workplace software developer Atlassian found that people across the world were starting remote work earlier and logging of

Nixxes Software is now part of PlayStation Studios. Sony Interactive Entertainment has acquired Nixxes, a developer of PC ports and PC optimizations, to work on PlayStation’s IP.

Today we’re excited to launch the Academic Research product track on the new Twitter API.

Luxemburg hat Amazon wegen eines Verstoßes gegen die DSGVO eine Strafe von 746 Millionen Euro aufgebrummt. Der

This article shows how an administrator can reset passwords for local members of an Azure AD tenant using Microsoft Graph and delegated permissions. An ASP.NET Core application is used to implement the Azure AD client and the Graph client services. Code https//github.com/damienbod/azuerad-reset Setup Azure App registration The Azure App registration is setup to authenticate with a user and an application (delegated flow). An App registration “Web” setup is used. Only delegated permissions are used in this setup. This implements an OpenID Connect code flow with PKCE and a confidential client. A secret or a certificate is required for this flow. The following delegated Graph permissions are used Directory.AccessAsUser.All User.ReadWrite.All UserAuthenticationMethod.ReadWrite.All ASP.NET Core setup The ASP.NET Core application implements the Azure AD client using the Microsoft.Identity.Web Nuget package and libraries. The following packages are used Microsoft.Identity.Web Microsoft.Identity.Web.UI Microsoft.Identity.Web.GraphServiceClient (SDK5) or Microsoft.Identity.Web.MicrosoftGraph (SDK4) Microsoft Graph is not added directly because the Microsoft.Identity.Web.MicrosoftGraph or Microsoft.Identity.Web.GraphServiceClient adds this with a tested and working version. Microsoft.Identity.Web uses the Microsoft.Identity.Web.GraphServiceClient package for Graph SDK 5. Microsoft.Identity.Web.MicrosoftGraph uses Microsoft.Graph 4.x versions. The official Microsoft Graph documentation is already updated to SDK 5. For application permissions, Microsoft Graph SDK 5 can be used with Azure.Identity. Search for users with Graph SDK 5 and resetting the password The Graph SDK 5 can be used to search for users and reset the user using a delegated scope and then to reset the password using the Patch HTTP request. The Graph QueryParameters are used to find the user and the HTTP Patch is used to update the password using the PasswordProfile. using System.Security.Cryptography; using Microsoft.Graph; using Microsoft.Graph.Models; namespace AzureAdPasswordReset; public class UserResetPasswordDelegatedGraphSDK5 { private readonly GraphServiceClient _graphServiceClient; public UserResetPasswordDelegatedGraphSDK5(GraphServiceClient graphServiceClient) { _graphServiceClient = graphServiceClient; } /// <summary> /// Directory.AccessAsUser.All User.ReadWrite.All UserAuthenticationMethod.ReadWrite.All /// </summary> public async Task<(string? Upn, string? Password)> ResetPassword(string oid) { var password = GetRandomString(); var user = await _graphServiceClient .Users[oid] .GetAsync(); if (user == null) { throw new ArgumentNullException(nameof(oid)); } await _graphServiceClient.Users[oid].PatchAsync( new User { PasswordProfile = new PasswordProfile { Password = password, ForceChangePasswordNextSignIn = true } }); return (user.UserPrincipalName, password); } public async Task<UserCollectionResponse?> FindUsers(string search) { var result = await _graphServiceClient.Users.GetAsync((requestConfiguration) => { requestConfiguration.QueryParameters.Top = 10; if (!string.IsNullOrEmpty(search)) { requestConfiguration.QueryParameters.Search = $"\"displayName{search}\""; } requestConfiguration.QueryParameters.Orderby = new string[] { "displayName" }; requestConfiguration.QueryParameters.Count = true; requestConfiguration.QueryParameters.Select = new string[] { "id", "displayName", "userPrincipalName", "userType" }; requestConfiguration.QueryParameters.Filter = "userType eq 'Member'"; // onPremisesSyncEnabled eq false requestConfiguration.Headers.Add("ConsistencyLevel", "eventual"); }); return result; } private static string GetRandomString() { var random = $"{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}{GenerateRandom()}-AC"; return random; } private static int GenerateRandom() { return RandomNumberGenerator.GetInt32(100000000, int.MaxValue); } } Search for users SDK 4 The application allows the user administration to search for members of the Azure AD tenant and finds users using a select and a filter definition. The search query parameter would probably return a better user experience. public async Task<IGraphServiceUsersCollectionPage?> FindUsers(string search) { var users = await _graphServiceClient.Users.Request() .Filter($"startswith(displayName,'{search}') AND userType eq 'Member'") .Select(u => new { u.Id, u.GivenName, u.Surname, u.DisplayName, u.Mail, u.EmployeeId, u.EmployeeType, u.BusinessPhones, u.MobilePhone, u.AccountEnabled, u.UserPrincipalName }) .GetAsync(); return users; } The ASP.NET Core Razor page supports an auto complete using the OnGetAutoCompleteSuggest method. This returns the found results using the Graph request. private readonly UserResetPasswordDelegatedGraphSDK4 _graphUsers; public string? SearchText { get; set; } public IndexModel(UserResetPasswordDelegatedGraphSDK4 graphUsers) { _graphUsers = graphUsers; } public async Task<ActionResult> OnGetAutoCompleteSuggest(string term) { if (term == "*") term = string.Empty; var usersCollectionResponse = await _graphUsers.FindUsers(term); var users = usersCollectionResponse!.ToList(); var usersDisplay = users.Select(user => new { user.Id, user.UserPrincipalName, user.DisplayName }); SearchText = term; return new JsonResult(usersDisplay); } The Razor Page can be implemented using Bootstrap or whatever CSS framework you prefer. Reset the password for user X using Graph SDK 4 The Graph service supports reset a password using a delegated permission. The user is requested using the OID and a new PasswordProfile is created updating the password and forcing a one time usage. /// <summary> /// Directory.AccessAsUser.All /// User.ReadWrite.All /// UserAuthenticationMethod.ReadWrite.All /// </summary> public async Task<(string? Upn, string? Password)> ResetPassword(string oid) { var password = GetRandomString(); var user = await _graphServiceClient.Users[oid] .Request().GetAsync(); if (user == null) { throw new ArgumentNullException(nameof(oid)); } await _graphServiceClient.Users[oid].Request() .UpdateAsync(new User { PasswordProfile = new PasswordProfile { Password = password, ForceChangePasswordNextSignIn = true } }); return (user.UserPrincipalName, password); } The Razor Page sends a post request and resets the password using the user principal name. public async Task<IActionResult> OnPostAsync() { var id = Request.Form .FirstOrDefault(u => u.Key == "userId") .Value.FirstOrDefault(); var upn = Request.Form .FirstOrDefault(u => u.Key == "userPrincipalName") .Value.FirstOrDefault(); if(!string.IsNullOrEmpty(id)) { var result = await _graphUsers.ResetPassword(id); Upn = result.Upn; Password = result.Password; return Page(); } return Page(); } Running the application When the application is started, a user password can be reset and updated. It is important to block this function for non-authorized users as it is possible to reset any account without further protection. You could PIM this application using an azure AD security group or something like this. Notes Using Graph SDK 4 is hard as almost no docs now exist, Graph has moved to version 5. Microsoft Graph SDK 5 has many breaking changes and is supported by Microsoft.Identity.Web using the Microsoft.Identity.Web.GraphServiceClient package. High user permissions are used in this and it is important to protection this API or the users that can use the application. Links https//aka.ms/mysecurityinfo https//learn.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0 https//learn.microsoft.com/en-us/graph/sdks/paging?tabs=csharp https//github.com/AzureAD/microsoft-identity-web/blob/jmprieur/Graph5/src/Microsoft.Identity.Web.GraphServiceClient/Readme.md https//learn.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword?view=graph-rest-1.0&tabs=csharp

A new project from frontend software developer Tanner Villarete has attempted to emulate the iPod’s controls as a web app, complete with support for your Spotify and Apple Music library.

Call of Duty Warzone's new map exploit will be fixed "soon", says developer Raven Software.

Within the field of software development, we are prone to gazing upon the future – new libraries, new tools. But from where did we come? The philosophical foundation of the field is largely absent from the contemporary zeitgeist, but our work is deeply rooted in the philosophical traditions of not only Logic, but Ontology, Identity, Ethics and so on. Daily, the programmer struggles with not only their implementation of logic but the ontological and identity questions of classifying and organizing their reality into a logical program. What is a User? What are its properties? What actions can be taken on it? “Oh the mundanity!” – cries the programmer. But in-deed, as we will explore here – you are doing God’s work! Because the work of programmers is not too dissimilar from that of philosophers throughout history, we can look to them for guidance on the larger questions of our own tradition. In this piece, we will focus mainly on the ancient Greeks and their metaphysical works. Guided by their knowledge, we can better incorporate Reason and Logic into our programs and strive to escape Plato’s Cave (https//en.wikipedia.org/wiki/Allegory_of_the_cave). Furthermore, because the results of our work is our reason manifested into reality, we must suffer under the greater burden of responsibility to aim towards the divine Reason. ????? [T]he spermatikos logos in each man provides a common, non-confessional basis in each man, whether as a natural or supernatural gift from God (or both), by which he is called to participate in God’s Reason or [?????], from which he obtains a dignity over the brute creation, and out of which he discovers and obtains normative judgments of right and wrong (https//lexchristianorum.blogspot.com/2010/03/st-justin-martyr-spermatikos-logos-and.html) The English word logic is rooted in the Ancient Greek ????? (Logos) – meaning “word, discourse or reason”. ????? is related to the Ancient Greek ???? (légo) – meaning “I say”, a cognate with the Latin legus or “law”. Going even further back, ????? derives from the PIE root *le?- which can have the meanings “I put in order, arrange, gather, I choose, count, reckon, I say, speak”. (https//en.wikipedia.org/wiki/Logos) The concept of the ????? has been studied and applied philosophically throughout history – going back to Heraclitus around 500 BC. Heraclitus described the ????? as the common Reason of the world and urged people to strive to know and follow it. “For this reason it is necessary to follow what is common. But although the ????? is common, most people live as if they had their own private understanding.” (Diels–Kranz, 22B2) With Aristotelian, Platonic and early Stoic thought, the ????? as universal and objective Reason and Logic was further considered and defined. ????? was seen by the Stoics as an active, material phenomenon driving nature and animating the universe. The ????? spe?µat???? (“logos spermatikos”) was, according to the Stoics, the principle, generative Reason acting in inanimate matter in the universe. Plutarch, a Platonist, wrote that the ????? was the “go-between” between God and humanity. The Stoics believed that humans each possess a part of the divine ?????. The ????? was also a fundamental philosophical foundation for early Christian thought (see John 11-3). The ????? is impossible to concisely summarize. But for the purpose of this piece, we can consider it the metaphysical (real but immaterial) universal Reason; an infinite source of Logic and Truth into which humans tap when they reason about the world. Imitation of the Divine In so far as the spirit is also a kind of ‘window on eternity’… it conveys to the soul a certain influx divinus… and the knowledge of a higher system of the world (Jung, Carl. Mysterium Coniunctionis) What is “imitation of the divine”? One could certainly begin by considering what the alternative would be. A historical current has existed in the philosophical tradition of humanity’s opportunity and responsibility to turn to and harness the divine ????? in their daily waking life. With language and thought we reason about the material and immaterial. As Rayside and Campbell declared in their defense of traditional logic in the field of Computer Science – “But if what is real and unchanging (the intelligible structure in things) is the measure of what we think about it (concept) and speak (word) about it, then it too is a work of reason not our reason, for our reason is the measured, but of Reason.” (Rayside, D, and G Campbell. Aristotle and Object-Oriented Programming Why Modern Students Need Traditional Logic. https//dl.acm.org/doi/pdf/10.1145/331795.331862.) Plato, in his theory of the tripartite soul, understood that the ideal human would not suffer passions (??µ?e?d??, literally “anger-kind”) or desires (?p???µ?t????) but be led by the ????? innate in the soul (????st????). When human reasoning is concordant with Reason, for a moment, Man transcends material reality and is assimilated with the divine (the ?????). “Hence, so many of the great thinkers who have gone before us posited that the natural way in which the human mind gets to God is in a mediated way — via things themselves, which express God to the extent that they can.” (Rayside, Campbell) God here is the representative of the ????? – humanity can achieve transcendental knowledge by consideration (in the deepest sense of the word) of the things around them. The Programmer Assimilated It is simply foolish to pretend that human reason is not concerned with meaning, or that programming is not an application of human reason (Rayside, Campbell) The programmer must begin by defining things – material or conceptual. “We are unable to reason or communicate effectively if we do not first make the effort to know what each thing is.” (Rayside, Campbell) By considering the ontological questions of the things in our world, in order to represent them accurately (and therefore ethically) in our programs, the programmer enters into the philosophical praxis. Next, the programmer adds layers of identity and logic on top of their ontological discovery, continuing in the praxis. But the programmer takes it a step further – the outcome of their investigation is not only their immaterial thought but, in executing the program, the manifestation of their philosophical endeavor into material reality. The program choreographs trillions of elementary charges through a crystalline maze, harnessing the virtually infinite charge of the Earth, incinerating the remains of starlight-fueled ancient beings in order to realize the reasoning of its programmer. Here the affair enters into the realm of Ethics. “The programmer is attempting to solve a practical problem by instructing a computer to act in a particular fashion. This requires moving from the indicative to the imperative from can or may to should. For a philosopher in the tradition, this move from the indicative to the imperative is the domain of moral science.” (Rayside, Campbell) Any actions taken by the program are the direct ethical responsibility of the programmer. Furthermore, the programmer, as the source of reason and will driving a program, manifesting it into existence, becomes in that instant the ????? spe?µat???? (“logos spermatikos”) incarnate. The programmer’s reason, tapped into the divine Reason (?????), is generated into existence in the Universe and commands reasonable actions of inanimate matter. Feeble Earthworm What sort of freak then is man? How novel, how monstrous, how chaotic, how paradoxical, how prodigious! Judge of all things, feeble earthworm, repository of truth, sink of doubt and error, glory and refuse of the universe! (Pascal, B. (1670). Pensées.) Pascal would be even more perplexed by the paradox of the programmer – in search of Logic and simultaneously materializing their logic; their “repository of truth” a hand emerging from the dirt reaching towards the ?????. Programmers are equals among the feeble earthworms crawling out of Plato’s cave. We enjoy no extraordinary access to Reason and yet bear a greater responsibility as commanders of this technical revolution in which we find ourselves. While the Greeks had an understanding of the weight of their work, their impact was restricted to words. The programmer’s work is a true hypostatization or materialization of the programmer’s reason. As programmers – as beings of Reason at the terminal of this grand system – we should most assuredly concern ourselves with embracing and modeling ourselves and our work after the divine and eternal ?????. The post Embracing ????? Programming as Imitation of the Divine appeared first on Simple Thread.

This post looks at onboarding users into an Azure DevOps team or project using Azure AD access packages. The Azure AD access packages are part of the Microsoft Entra Identity Governance and provide a good solution for onboarding internal or external users into your tenant with access to the defined resources. Flow for onboarding Azure DevOps members Sometimes we develop large projects with internal and external users which need access to an Azure DevOps project for a fixed length of time which can be extended if required. These users only need access to the the Azure DevOps project and should be automatically removed when the contract or project is completed. Azure AD access packages are a good way to implement this. Use an Azure AD group The access to the Azure DevOps can be implemented by using an Azure security group in Azure AD. This security will be used to add team members for the Azure DevOps project. Azure AD access packages are used to onboard users into the Azure AD group and the Azure DevOps project uses the security group to define the members. The “azure-devops-project-access-packages” security group was created for this. Setup the Azure DevOps A new Azure DevOps project was created for this demo. The project has an URL on the dev.azure.com domain. The Azure DevOps needs to be attached to the Azure AD tenant. Only an Azure AD member with the required permissions can add a security group to the Azure DevOps project. My test Azure DevOps project was created with the following URL. You can only access this if you are a member. https//dev.azure.com/azureadgroup-access-packages/use-access-packages The project team can now be onboarded. Create the Azure AD P2 Access packages To create an Azure AD P2 Access package, you can use the Microsoft Entra admin center. The access package can be created in the Entitlement management blade. Add the security group from the Azure AD which you use for adding or removing users to the Azure DevOps project. Add the users as members. The users onboarded using the access package are given a lifespan in the tenant for the access and can be extended or not as needed. The users can be added using an access package link, or you can get an admin to assign users to the package. I created a second access package to assign any users to the package which can then be approved or rejected by the Azure DevOps project manager. The Azure DevOps administrator can approve the access package and the Azure DevOps team member can access the Azure DevOps project using the public URL. The new member is added to the Azure security group using the access package. An access package link would look something like this https//myaccess.microsoft.com/@damienbodsharepoint.onmicrosoft.com#/access-packages/b5ad7ec0-8728-4a18-be5b-9fa24dcfefe3 Links https//learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-create https//learn.microsoft.com/en-us/azure/devops/organizations/accounts/faq-user-and-permissions-management?view=azure-devops#q-why-cant-i-find-members-from-my-connected-azure-ad-even-though-im-the-azure-ad-global-admin https//entra.microsoft.com/

Epic Games, the developer of Fortnite and the widely used game-making software Unreal Engine, is about to start selling other companies’ games, too. Epic is launching a new online store like Valve’s Steam that will similarly feature third-party games.

What are the underlying forces that account for the success of software engineering CEOs?