News For Dev-ops

When assessing the attack complexity of a race condition security vulnerability, you have to look not only at how small the race window is but also how easy it is to hit the window. Consider the following time-of-check-to-time-of-use (TOCTTOU) race condition. Suppose this code runs in kernel mode, and receives an InfoStruct from user mode that specifies where to put the information. struct InfoStruct { uint32_t size; char* buffer; }; void GetInfo(InfoStruct* info) { __try { // If the buffer does not point to user mode, then fail. if (!ValidateUserModeBuffer(info->buffer, info->size)) { return ERROR_INVALID_PARAMETER; } FillBufferWithData(info->buffer, info->size); return ERROR_SUCCESS; } __except (⟦ invalid user-mode pointer provided ⟧) { return ERROR_INVALID_PARAMETER; } } The race condition occurs if the user-mode buffer pointer changes after it is validated and before it is ...

Microsoft Entra External ID, our next-generation customer identity and access management (CIAM) solution, launched in May 2024 with a focus on flexibility and intuitive user experience. Based on customer feedback, one key request that emerged was support for federation with external identity providers like Amazon, Auth0, Okta, and our predecessor product, Azure Active Directory B2C, to enable our customers to enrich their new Microsoft Entra CIAM experiences by federating with their Azure AD B2C platform. Today, we are excited to announce the Public Preview of OpenID Connect (OIDC) identity provider support in Microsoft Entra External ID. This new functionality allows you to federate sign-in and sign-up user flows with identity providers using the OAuth 2.0 authorization standard and OpenID Connect specifications. Enabling users to access your applications with existing accounts from other identity providers offers two key benefits: it enables partner integrations through identity fe...

With the AI landscape changing so rapidly, choosing the correct tooling for AI enablement becomes increasingly important. In our team's last engagement, the customer we worked with is an Independent Software Vendor (ISV) that has grown through acquisitions and many of their products are poorly integrated, making more traditional mechanisms for handling some functionality very difficult to achieve. AI was seen as a way to bridge the gap between these many systems. The customer was seeking to build a general AI Orchestrator that could be easily customizable by adding or restricting functionality. This would be based on the selection of products purchased by their customers, as well as the roles and capabilities of their customers' end users. While building a general AI solution is not recommended, our team found success in utilizing Semantic Kernel as our tool of choice and we identified valuable learnings to share back to the ISE community. The Semantic Kernel SDK empowers deve...

Are your unit tests failing, and do you want to debug them more effectively? The latest feature in Visual Studio 2022, powered by GitHub Copilot, has the perfect solution for you. Introducing the Debug with Copilot button in Test Explorer, this feature takes the hassle out of debugging failed tests and gets you closer to passing tests in no time. Debugging failing unit tests can often be a tedious and frustrating process. Developers spend significant time identifying the root cause of the failure and figuring out the steps to resolve it. This time-consuming process can delay development timelines and reduce productivity. But fear not, Visual Studio 2022 with GitHub Copilot has an innovative solution to streamline this process. Introducing Debug with Copilot in Test Explorer With Debug with Copilot in Test Explorer, your debugging experience is about to become more efficient and user-friendly. When you click on this button, GitHub Copilot steps in to assist you with a comprehensive ...

We’re excited to share with you a new version of Dev Proxy to help you build robust apps connected to APIs. In this version: Inspect API requests issued by cloud services Improved mocking responses ...and more! Inspect API requests issued by cloud services When you integrate your application with cloud services, one of the challenges you face is understanding how the cloud service interacts with the APIs it uses. Being able to inspect API requests is especially important when you're troubleshooting issues. Typically, it's challenging, because you don't have access to the cloud service's runtime, and you also might not have access to the monitoring tools for the cloud API. In this release, we’re introducing the ability to use Dev Proxy and dev tunnels to inspect API requests. Typically, when you integrate an API with a cloud service, the service calls the API directly server-side. If you want to inspect the request, you need access to the monitoring system behind t...

Hi everyone, welcome to the November 2024 update for Jakarta EE on Azure. It covers topics as new AZD template of Quarkus Apps on ACA , Cargo Tracker Deployment with AI integration , AI infused apps with Open Liberty on AKS , Java apps authentication with Microsoft Entra ID , and new features for JBoss EAP on Azure and WebLogic Server on Azure . If you're interested in providing feedback or collaborating on migrating Java workloads to Azure with the engineering team developing Jakarta EE on Azure solutions, please complete this short  survey on Jakarta EE migration . The team of product managers, architects, and engineers will promptly get in touch with you to initiate close collaboration. Microsoft partners with Jakarta EE application server vendors to create Azure Marketplace offers. These Marketplace offers have Solution Templates and Base Images which allow customers to quickly deploy their software on Azure Virtual Machines (VMs), Azure Kubernetes Service (AKS), Azure Red Hat...

Amazon FSx for Lustre , a service that provides high-performance, cost-effective, and scalable file storage for compute workloads, now supports Elastic Fabric Adapter (EFA) and NVIDIA GPUDirect Storage (GDS). With this launch, Amazon FSx for Lustre now provides the fastest storage performance for GPU instances in the cloud, delivering up to 12x higher throughput per client instance (1200 Gbps) compared to previous FSx for Lustre systems, so you can complete machine learning training jobs faster and reduce workload costs. EFA improves workload performance by using the AWS Scalable Reliable Datagram (SRD) protocol to increase network throughput utilization and by bypassing the operating system during data transfer. For applications powered by high-performance computing instances such as Trn1 and Hpc7a, you can use EFA to achieve higher throughput per client instance. GDS support builds on EFA to further enhance performance by enabling direct data transfer between the file system and t...

AWS Partner Assistant, a generative AI–powered virtual assistant built on Amazon Q Business, is now available for Partners in AWS Partner Central and the AWS Marketplace Management Portal. Partner Assistant makes it easier for you to get quick answers to common questions—helping you boost productivity and accelerate your AWS Partner journey to unlock benefits faster. Partner Assistant enables you to reduce the need for manual searches by generating real-time guidance and concise summaries from guides and documentation that are available specifically for AWS Partners. For example, you can ask Partner Assistant how to list a software as a service (SaaS) product in AWS Marketplace, for details about available funding programs for Partners, or how to obtain the Generative AI Competency. The assistant’s responses include links to resources available in Partner Central and AWS Docs for further details. AWS Partner Assistant is available to all Partners who have linked their Partner Centr...

Amazon Elastic Container Registry (ECR) now supports a 10x increase in the default limit for repositories per region per account to 100,000, up from the previous limit of 10,000. This change better aligns with your growth needs and saves you time from not having to request limit increases till 100,000 repositories. You still have the flexibility to adjust the new limit and request additional increases if you require more than 100,000 repositories per registry. The new limit increase is already applied to your current registries and is available in all AWS commercial and Gov Cloud (US) regions. To learn more about default ECR service limits, please visit our documentation . You can learn more about storing, managing and deploying container images and artifacts with Amazon ECR, including how to get started, from our product page and user guide . Post Updated on November 26, 2024 at 06:00PM

AWS announces the general availability of Amazon Redshift multi-data warehouse writes through data sharing. You can now start writing to Amazon Redshift databases from multiple Amazon Redshift data warehouses in just a few clicks. The written data is available to all Amazon Redshift warehouses as soon as it is committed. This allows your teams to flexibly scale compute by adding warehouses of different types and sizes based on their write workloads’ price-performance needs, isolate compute to more easily meet your workload performance requirements, and easily and securely collaborate with other teams. With Amazon Redshift multi-data warehouse writes through data sharing, you can easily keep extract, load and transform (ETL) jobs more predictable by splitting workloads between multiple warehouses, helping you meet your workload performance requirements with less time and effort. You can track usage and control costs as each team or application can write using its own warehouse, regard...

Today, we are excited to announce support for new protocols in AWS Network Firewall so you can protect your Amazon VPCs using application-specific inspection rules. With this launch, AWS Network Firewall will detect protocols like HTTP2, QUIC, and PostgreSQL so you can apply firewall inspection rules to these protocols. You can also use new rule keywords in TLS, SNMP, DHCP, and Kerberos rules to apply granular security controls to your stateful inspection rules. AWS Network Firewall is a managed firewall service that makes it easy to deploy essential network protections for all your Amazon VPCs. It’s flexible rules engine lets you define firewall rules that give you fine-grained control over network traffic. You can also enable AWS Managed Rules for intrusion detection and prevention signatures that protect against threats such as botnets, scanners, web attacks, phishing and emerging events. You can create AWS Network Firewall rules using Amazon VPC console , AWS CLI or the Network...

We are thrilled to announce a host of exciting new features in Visual Studio 17.12, designed to enhance your development experience and boost your productivity. Our team has been working diligently to address some of the most popular requests from our developer community, and we are confident that these updates will significantly improve your workflow. For a full list of updates, check out the release notes . Display Inline Method Return Values The Visual Studio debugger now displays inline values for return statements, responding to one of the most requested features from the developer community. This enhancement allows you to see the exact values being returned by functions directly in the code, eliminating the need for additional code or temporary variables to inspect return values. With GitHub Copilot, you can take it further by using the  Ask Copilot  option on hover to analyze return values directly in Visual Studio, allowing you to address issues immediately. It is su...

A customer was writing diagnostic code to monitor another application. They found that under certain conditions (which they can detect by other means), the program would stop responding to incoming posted messages, though it would respond to incoming sent messages.¹ Is there version of Post­Message that puts the message in the message queue and either waits for the message to be retrieved (like Send­Message ) or calls you back when the retrieval occurs (like Send­Message­Callback )? No, there is no such version. When a message is posted, it is placed in destination queue, and that's the end of it. There is no further tracking of the message. If you can change the target program, you can post it a custom message like WM_ HEARTBEAT and implement the handler for that message by posting an acknowledgement back. // Monitoring program posts a heartbeat PostMessage(hwndAppBeingMonitored, WM_HEARTBEAT, (WPARAM)hwndMonitor, MAKELPARAM(replyMessage, replyMessageData)); // Progr...

Have you ever been frustrated by the tedious process of copying error descriptions from the Error List? Previously with Visual Studio, copying an error would include all column headers and row values, which isn’t always what you want. If you were planning to search for the error online, it was a hassle to clean up the text after pasting. Now when you `Ctrl+C` on a row in the Error List, only the error description is copied to the clipboard. You can still copy the entire row with `Ctrl+Shift+C` and now even directly search the web for the error. This makes it easy to get the information you need, saving precious time and headaches. Additional options for copying Visual Studio 2022 now offers multiple copy options in the Error List for quick access to what you need. After selecting the relevant error, you can choose the option in the context menu or use the following keyboard shortcuts. Context menu option Keyboard shortcut Description Copy Ctrl+C Copy only the description ...

Do you find yourself drowning in company documentation, spending hours searching through SharePoint, knowledge bases, and contract repositories for one specific piece of information? You're not alone. Organizations now have plenty of information – the challenge lies in finding the right information when you need it. We have built a packaged GitHub template that helps you harness AI to make YOUR data searchable and useful. This code sample will help you create your own ChatGPT-like enterprise search and chat experience, powered by Azure AI Search and large language models. [caption id="attachment_372" align="aligncenter" width="1920"] Chat with your data: All things Azure Comics[/caption] Use Cases Consider these scenarios: A new employee asks, "What's our parental leave policy?" and receives an instant, accurate response. A financial advisor preps for a client meeting by having a natural conversation with their documentation about emer...