We would really like to enable our developers to use Copilot CLI but are currently somewhat stuck on the terms for Copilot Business stating that prompts from Copilot CLI will be retained.
I canβt seem to find info on for what purpose and for how long GitHub retains those prompts?
Does it even make sense to introduce agentic ai to accellerate workflow execution if we donβt have a clear idea of what that flow or process looks like?
It does seem worthwhile to accelerate a code generation phase if it only accounts for 20%(?) of the entire value-stream?
Removing waste is better?
If using agentic ai corresponds to ingesting more work into a system (e.g.generating code) but weβre not moving faster?
So using ai didnβt remove the right bottleneck in a theory of constraints type of way?
During a discussion I got the feeling that value-stream-mapping and LEAN are still relevant.
Follow up from the matplotlib maintainer who got hitbotted theshamblog.com/an-ai-agent-...
The first time I heard about βback-of-an-envelope-calculationsβ was during a computer science class in 2002 which referenced a βProgramming Pearlsβ article by Jon Bentley.
This has been a tremendous help in my life (both personal and professional) ever since!
dl.acm.org/doi/epdf/10....
My personal (unscientific) theory is that itβs the NTFS filesystem itself, which results in poor build time performance for Java Microservices (e.g. Quarkus). Weβve unfortunately not seen Dev Drive make a huge difference. So our Java developers favor MacBooks because itβs much faster build times!
For a long time we thought it was Defender which resulted in poor build performance when building Java Microservices on our Win11 developer machines. But that was disproved by comparing performance with a non-enrolled machine with similar poor build performance. We donβt see this issue on MacOS
That rule prevents newly build binaries (the output of a build) to be run on a machine with Defender of you donβt disable it (or put it into monitor/ audit mode).
Disabling that rule for specific file paths made the world of a difference.
Weβve done these things to exactly avoid local signing of files as part of a developer flow.
Our risk scenario was a developer machine that was compromised and able to sign executable files which were then distributed across the network and trusted.
We wanted to avoid that.
Weβve been meaning to investigate process whitelisting to avoid having to request an IDE to run as Admin based on fingerprinting - but it hasnβt been prioritized (yet). So some teams still have to elevate processes locally +10 times a dayβ¦.
Our local developer environment (Windows 11 with E5 license and Defender XDR) is (almost?) CIS2 baseline compliant.
So lots of things have been disabled and or restricted as well.
ASR rules and not local admin user however being the major issues that we had to handle. There is no local signingβ¦
Many restrictions! π
Apologies - I thought you were asking about what we tried to do to make βWindows Desktopβ development feasible again?
Running IDE as admin user when youβre no longer local admin on your dev machine is also a pain. We use a PIM tool: User requests that program is run as admin.
Exactly that one! π
Binary signing is done using an EV certificate stored in a Azure keyvault and can only be done through a pipeline. Never locally.
ASR = Attack Surface reduction rules
We choose to exclude a specific folder from Defender ASR which was the worst issue for home-built exe/dll as well as Python development. Our developers love WSL because itβs much faster for Java development than e.g. normal Windows and Dev Drive
βAs the US military chases Trumpβs ever-changing Sharpie lines across the worldβs maps, the Westβs enemies will be tempted to take advantage of the fact that the US has obliterated the most powerful alliance in history while scattering American forces around the globe in showpiece operations.β
Analysis paralysis?β¦ everything needs to be thought of before taking action.
So many times, nothing (bad) actually happened⦠yet weeks are spent consulting, asking, contemplating⦠without adding value.
New blog post - Automatically Signing a Windows EXE with Azure Trusted Signing, dotnet sign, and GitHub Actions www.hanselman.com/blog/automat...
Because if it does, we could remove:
- Azure Keyvault for storing EV certificate
- GitHub large runner with IP assigned to firewall rules to limit from where certificate can be retrieved
- EV certificate with bi-annual renewal.
Those additional expences should disappear if trust works the same?
We did something similar with EV certificates 2 years ago which naturally requires certificate renewal. The instant trust at clients in Defender through EV certificate was essential for our case.
Does Azure Trusted Signing provide the same level of instant trust with clients as an EV certificate?
The article specifically mentions ARO as an example runtime. Would it be possible to use Jaz in a hybrid setting, where workloads could be in a selfhosted OpenShift instance as well? Or is this an Azure thing only?
Admitted: I only read the linked article - but what if?! π₯³
I believe Iβve heard a similar quote from Christopher Alexander(?) on building architecture:βfirst we shape the buildings - then they shape usβ.
So one might be a paraphrase of the other?
Modernization will almost certainly increase pressure on your bottlenecks so it's important to identify them in advance.
Things will get worse before they get better as you start to unpack all the dependencies and address the neglect.
#legacyModernization #architectureModernization
"[that team] they're lazy, unresponsive, take ages to deliver new features, cause a lot of bugs, don't following good testing practices, everybody complains about them"
I heard this a lot as a consultant and I was always curious to meet these teams and see how dysfunctional they were.
1/4
Youβre not using a VPN are you?
We saw issues (and still experience them) when using WSL and activating a VPN connection - we needed to use a WSL VPN-KIT in order to make it work reliable.
I havenβt checked if we saw the same error code as youβve postedβ¦
You could invoke a full Domain Driven Design workshop and find the boundaries - But I doubt that would be quick? Iβve looked at the product CodeScene which should determine boundaries exactly based on e.g. code that changes at the same pace? Not tried it (yet!) though.
Interstellar (just to mention one). The way the organ variations is played has so many βvibesβ of Bachs Fuga!
I canβt count the number of times Iβve end-to-end listened the soundtrack for Jurassic Park. I can pick that up anytime and still enjoy listening to it!
Among the books in this yearβs Software Architecture humble bundle:
@andrewhl.bsky.social : Facilitating Software Architecture
and
@dianamontalion.com : Learning Systems Thinking
Software Architect Books from Humble Bundle
www.humblebundle.com/books/softwa...
The most important thing to understand about Tool Design is that the user does not experience Tools. Users experience Workflows.
Tools are not workflows, and no tool is used in a vacuum. The holistic user experience of all internal tools needs to be considered to design good workflows.
