DEV Community: Abdul

C# tips: DateTime formatting tip

Abdul — Wed, 18 Feb 2026 19:43:10 +0000

If you want to do something like this:

2026/02/18 at 19:36

You can do it like so:

time.ToString("yyyy/MM/dd 'at' HH:mm")

You can even input any string you want in the formatting and it will not be changed or affected, as long as you put the single quotes around it.

time.ToString("yyyy/MM/dd 'just because 😄' HH:mm")

// Output
2026/02/18 just because 😄 19:36

Thanks for tuning in!

Creating an AI car analyser

Abdul — Sun, 15 Feb 2026 22:03:14 +0000

Hellooo, I've become interested in creating, and this is one of the things I've been looking into. The car market is a weird, some may argue under-regulated market, and I've been thinking about how a new comer like me can be protected. It will be a part of a series of ideas and their architectural aspects. Hope you enjoy!

Why am I doing this?

I've been looking at cars to buy lately, and I've been interested in knowing how I can save myself some time when looking at the details of each car. It's a bore to go from one place to the next and do endless scrolling to get the information that I want. Plus, I need to know how to analyse what I see when I look at the results from certain cars' MOT results.

Where do I get the information from?

I thought about looking at where some of the vehicle inspection apps get their information from. Turns out that the information comes form the government, it was a free API! I love free stuff, especially API's, so this was a welcome find. There were many types, and it was fun to see what information you can get from a single licence plate.

So that's the information, what do I want to do with it?

I want to use it to feed an AI model, that will be able to analyse the information and get back to me (the user) with well thought, digestible information. Kind of like a buddy car specialist, I'm sure there's some car specialist Models out there, or in the least, the general GPT models have consumed some car content from the internet in the last 10 years.

This would allow the user to understand, especially if they are not as knowledgeable in cars, the condition of the car, the history of it and how it would affect them if they were to buy it.

So, where do I start? Draw draw draw 🖼️🎨🖌️

I decided to go with a weird hybrid between flowchart and use case diagram lol. Essentially it should explain the process where the user would enter a licence plate number, it would transfer from the front end to the backend. The backend would check if the licence plate has been requested already by the same or other user, this saves us the money and time it would take calling the AI model API and free data API some rate limits.

Let's assume it's a cache miss, it would then begin the process of gathering all the data needed by querying the API with the licence plate. After that, we would begin the process structuring the data into a singular object model, called the vehicle analysis object (for a lack of better term, I know 🙄, will change at some point).

Once that is done, the fun begins, where we serialise the data into a JSON format, that can easily be inserted into a formatted string. The reason we do this is to be able to add it to the prompt we would like to give to the AI model. Of course, the prompt itself will be very concise but will have enough detail to ensure the AI model knows exactly what it needs to do, doesn't waste any output tokens (for those that know that AI models these days talk garbaage for days and waste tokens). The output will 100% have to be in a JSON format that we can quickly deserialise from and use right away. No point in doing extra work if the AI model API doesn't charge by compute but by tokens, so I might as well make them do it!

Anyway, we can see the weird result circle, which represents...tada.. the result, which we will then use as part of an action to ensure that result is transformed into a more front end friendly object. This will save to the cache, with a specific cache expiry lifetime. I haven't decided yet what the cache lifetime could/should be, but my gut feeling while looking at cars in some of the websites, that good cars can go pretty quickly, maybe like in 1-2 days. This probably means I wouldn't be the only one looking at them, but I don't want to hold things for a whole 2 days just in case people are interested, I'd clog up the RAM! Instead, I'll be starting with 6 hour cache potentially and see where it goes from there.

Side notes

An interesting thing I thought of was the issue of the cache itself, and the way in which I can find out how long should the expiry be. There would be monitoring involved of course, more so looking at how the all the request that go to any of the free data API, as the query will just be the licence plate, so it'd be easy to search.

That's all for now

I guess for now I'm just going through the creation of the app, starting with exploring the APIs and their documentation. It should give me a vision on how to structure the code, and how to model the vehicle analysis object. Thanks for tuning in, see you in the next instalment! 🙌

Parallel vs Concurrent ✌☝

Abdul — Thu, 18 Jul 2024 07:56:58 +0000

Intro

Hello, just small notes to myself on the definitions of Parallel vs Concurrent programming. Hope it helps differentiate the meanings into distinct mental boxes for you 🤙

Parallelism

This is where a program executes multiple tasks at once, literally, through different threads. And so, as a result, the tasks execute at the same time.

Parallelism usually requires some sort of hardware support. For example, when running a program in parallel, there would usually be two or more cores helping tasks to run at the same time with no dependency on each other. If there was a dependency in one task on the other, then it would be more difficult to assume Parallelism as you'd have to wait for one task to finish it's par to start the other.

Concurrency

Concurrency in it's literal definition means the same thing as parallelism, looking at the oxford definition:

the fact of two or more events or circumstances happening or existing at the same time

It feels like there's two definitions of this term among many developers, and the other term is more specific in that it executes task differently than Parallelism does. According to a post on Stack Overflow (the ocean of knowledge that helps us keep our jobs everyday 😄):

Concurrency is when the execution of multiple tasks is interleaved, instead of each task being executed sequentially one after another. - link to post here

So, instead of doing everything at the same time, tasks are executed interchangeably; when one task is halted and waiting for something, the thread can go somewhere else and tackle a different task. In terms of hardware support, a thread executing instructions would typically only execute one instruction at a time, but can interchange between instructions so fast that it looks like it's doing it at the same time.

A note to remember is that parallelism is a term that lives inside the broader concept of concurrency, because they both share the definition of simultaneous executions. The more specific definition of concurrency, however, does not equate to parallelism because of what we just mentioned.

Please feel free to correct me on the definitions if you see something incorrect, would be much appreciated! 🙌

Re-learning security: detecting package vulnerabilities 🎁 NPM and Nuget.

Abdul — Wed, 24 Jan 2024 16:15:43 +0000

Intro

Hello, and welcome to today's post on detecting third party package vulnerabilities in the .NET and JavaScript space.
In this post, we delve into the realm of package vulnerabilities, exploring. We also take a look at how the .NET and JavaScript leverage tools to address these vulnerabilities. What does Github have to do with all of this, and how can I get started on detecting dependency vulnerabilities today?

Vulnerable?

To define a vulnerable dependency, lets look at the word vulnerable in the app security context.

The OWASP website states that a vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. (Link here)

Pretty straight forward, to be fair. So for our situation, there's code out there in third party packages that are made in a way which can be exploited by either the author or other attackers who are accessing the application which uses that package.

I like the phrase shared in "Alice and Bob Learn Application Security" regarding assessing the security of third party applications: "if it is insecure, your application is now also insecure".

Types of vulnerabilities

Much like the love that parents show their children, not all vulnerabilities are equal (did I share too much?😐). There are two main types:

Known
Unknown

Known vulnerabilities

Consider a situation where you have decided to install an open source application in your computer. In this situation, you may be fully confident that you wouldn't need to be worried about any potential security issue that may arise because it's "public" for everyone to see, and any code written could be immediately detected and reverted.

You're half right, but what about it's third party dependencies? This is where the concept of the known vulnerability comes in. It's a type of vulnerability that is known by the public, an example in this situation is an open source code that has dependencies with known ways of hacking it. Going back to the Alice and Bob book, the open source app is now hack-able too.

Other examples could include things like an exposed storage account that allows anonymous reads and writes when it's not supposed to, or an api missing authentication/authorization controls. Examples taken from this excerpt here.

Unknown/Unique vulnerabilities

The opposite case comes in the form of software that is "custom" and potentially not "exposed to the public" in a sense. The word "custom" in this case bares the meaning of being containing unique enough code that makes vulnerability discovery all the more of an effort; as opposed to already discovered ones by the public.

An example of this would include a situation where the company person A works for has unknowingly released vulnerable code. Given the unlucky times companies find themselves in, they happen to run into an attacker with a specific set of hacking skills that are exactly in the area that vulnerability is "suited" for. And so, they discover the unique way to expose this vulnerability from the application and start wreaking havoc.

In this particular segment, since the main subject is about securing third party dependencies, we'll be talking mostly about known vulnerabilities and how to avoid them.

Best practices

We'll be looking at detecting and avoiding known vulnerabilities in third party dependencies in two languages:

CSharp
JavaScript

Both use very similar ways of detecting third party package vulnerabilities, and are also able to utilize very well known tools the same way. As a result, each section of best practice will mention how it's done for both the .NET framework and JavaScript.

Nuget - CSharp

For those not in the .NET space, Nuget is a development tool that is used by developers to package, publish and consume code in the public sphere. It's also a software used to keep a track of what your project has installed, what needs updating etc.

In regards to tackling this issue within the .NET space, it's safe to say that this third party dependency management software is the main area we will focus on. As of this moment, the current GitHub Advisory Database shows that there are currently 560 security issues detected within certain third party packages published to Nuget.

Having this information is vital, in that it allows us to know what packages and versions of those packages are currently dangerous to use, or roll back/forward from in some unavoidable situations. This is good news, but how exactly do we take advantage of this in Nuget?

Luckily for us we, Nuget already has this feature built into it's software. As pointed out by Drew Gillies in this post, Nuget get's it's info directly from Github. So there's less chance of the package information being out of date or incorrect.

Of course, you may also be a terminal type of person, and that can also be addressed through the use of .NET CLI.



dotnet list package --vulnerable ---include-transitive

This get's your direct packages, as well as your packages' dependencies. This way, you can see exactly which package needs to be upgraded.

NPM - JavaScript

Now, for those that are not in the JavaScript space, NPM stands for Node Package Manager. It's essentially what Nuget is for the .NET space; a public library registry for JS based packaged code.

Just like Nuget, NPM also uses the Github Advisory Database to power it's reports and package vulnerability detection. It used to have it's very own NPM advisory database, however it later it began solely relying on Githubs version (Circa 2021).

The process is pretty much the same for javascript users in that they can simply run the npm audit command. This will generate a report of any known vulnerabilities within your dependencies list. This includes direct dependencies, devDependencies, bundledDependencies, and optionalDependencies, but does not check peerDependencies..

There's no need to run this separately from npm install, as part of the npm install process also runs this audit command. Two for the price of one!

While in GitHub

You can also automatically get GitHub to check for any list of dependencies at risk. This can be done via turning on the Dependabot option in the settings of your GitHub repo.

It's a fairly simple process that can be followed in this example here if you don't want to have a no code solution to the issue of detecting vulnerabilities. However if you do, then it can also be done via the use of yaml files, but letting GitHub deal with that is better in my opinion; less need for us to waste time on it and more time working on our app.

Conclusion

This is what this post is all about, we managed to take a look at the concept of package vulnerabilities and the different ways it presents itself; being known or unknown. We've also seen how both the .NET and JavaScript worlds use certain tools to deal with these vulnerabilities. Both of which are tied to a very popular GitHub Advisory Database which keeps track of all the known vulnerabilities, and can automatically scan/reports on our app dependency vulnerabilities so we don't have to.

I hope you enjoyed and learned from this post, I know I did 🙌 Until next time, in the next post and in the next learning opportunity 👋

Re-learning security: Encryption, Encoding, Hashing ☄

Abdul — Wed, 27 Dec 2023 19:57:34 +0000

Helloo peeps, hope all of our holidays have been well and we all stayed healthy, positive and ready to change the world (and ourselves) for the better in this winter 🙌❄. Today we will be exploring some key word jumbling processes that differ in definition, processes and intentions. Hope you enjoy, as always I would appreciate a nudge if there's anything that needs correction!

Encoding

Encoding, or output encoding as the OWASP website mentioned it's commonly called, is essentially the transformation from one format to another specific format that is understood by a target you wish to send it to.

It's a sort of translation between languages. Typing a quick google search of "Types of encoding in programming", I can see that there are many, some of which is more common; Like URL encoding, HTML encoding and Base 64 encoding among others. You can also count the transformation of human readable code into 1's and 0's as encoding, because now the machine understands what we're trying to do with that code.

The purpose for this, as greatly put in the "Alice and Bob learn Security" book, is not to protect the data, but to change the format of the data to be used by wherever you want it to be used. From a security standpoint, the translated characters into that specific interpreter would also no longer possess any power to influence it.

In keeping with the security theme in this definition, encoding usually goes hand in hand with another popular term called "escaping". It is defined as a way to render a string input by a user as only a string, avoiding the possibility of inputting executable code. An example of this is when we use the backslash (\) for line breaks and quotes etc.

Example of attack and how this technique defends against it

A web app that uses user input in the URL as parameters
An attacker can use this feature to input a potential redirect to a malicious site which is exactly identical
Victim is fooled, and evil wins

Encryption

As encoding is about making data as easy to understand as possible, encryption is about making it as hard to understand as possible. This is because the point of encryption is to protect the data (the Confidentiality part of the CIA).

The word "Encryption" is actually part of a larger concept called "Cryptography". Coined as the science of obfuscating data, with the intention of only displaying meaning to anyone with the key to clarifying it. It's a process that's been used for thousands of years (example of the Caesar cipher by google).

Side note: Can we count certain emojis as a sort of encoding 🔥? Because anyone who doesn't know the context won't understand the other meaning behind it. I mean, the ancient Egyptians had emojis for days and it took us a while to decrypt it 👀.

Encryption is the first part of the process, where we make the information no longer understandable. It's a two-way process so it can be "Decrypted" as well (made understandable again). It's true that encoding is technically two way as well, but the difference, at least from my perspective, is that encryption involves secret keys to get the actual value from the jumbled up words.

There are two types of encryption (ways to make the jumbled up words), one is more secure than the other so we'll go through them:

Symmetric encryption
Asymmetric encryption

Symmetric encryption

From the first word "Symmetric" we can tell that there is an equal "something" on both sides, and that thing is the key used to encrypt and decrypt the information. It's known as the shared key or private key and if someone were to get a hold of that, they would be able to both encrypt and decrypt valuable information. A con to this is that it's seen as the less secure out of the two types, but a pro is that it's cheap to execute and doesn't take much compute power.

Asymmetric encryption

Opposite to the previous type of encryption, this one has an inequality between encryption and decryption. And, you guessed it, the keys are different when doing either action. As google simply puts it "One is a public key shared among all parties for encryption. Anyone with the public key can then send an encrypted message, but only the holders of the second, private key can decrypt the message.". This, being the opposite, is seen as more secure, but takes more compute power because of the size of the public key (being stupidly large). It makes sense, then, for google to suggest that "asymmetric encryption is often not suited for large packets of data.".

Hashing

Going back to comparing the two-way system of encryption and encoding, hashing on the other hand is one way. This means that once it's jumbled up, that baby is gone and will not be understood again. You might think "that's a bit extreme" at first, and I thought that too. This was until I took myself outside of the box where the hashed values live, to see what the intention is.

First, though, let's take a step back and look at some concrete ways to define what hashing is.

TLDR: It's basically a unique fingerprint of the data that's created using that very same data, via an algorithm

A hashing algorithm transforms blocks of data that a file consists of into shorter values of fixed length. In other words, a hash value is basically a summary of what is in that file. - crypto templar
Hashing is the process of converting data — text, numbers, files, or anything, really — into a fixed-length string of letters and numbers. Data is converted into these fixed-length strings, or hash values, by using a special algorithm called a hash function. - codecademy

So what is the intention? Well, it seems from the get go that jumbling up this data may mean we want to hide it. However, according to Tanya Janca's "Alice and Bob learn security", she claps back at that idea saying that "data is not the value; proving your identity is". This makes sense since it's a one way jumbling process, if someone were to get it they wouldn't be able to use it anywhere. They can't take it back to the application and try enter it as a password, because the system will try and hash that hash and compare it with the hashed password in it's system (too many hashes, say it all again but quickly 🙄🧻💩).

The security issue of hashing and it's variations

Let's go into that scenario and pretend that someone gets the hashed version of that password, something like dfli458tv5oyo84ht4ti45ut45. You would think that the damage is minimized by jumbling up the password, so they would find it near impossible to find the real value. Well, we'd be kind of wrong but not all the way.

To explain this further, we have to acknowledge the amount of hashing algorithms out there; starting with one of the earlier, probably commonly known, MD5 hashing algorithm. Created in the early 90s, it's aim was just as mentioned: jumble up words so that it's no longer usable, and it was used in a lot of places in systems for years. Until at some point technology and computing minds improved, and it exposed some pretty serious flaws in it. I was able to understand the list of vulnerabilities simpler in this link, I will list a couple of them here anyway:

Collision Vulnerabilities : There's a chance that two different values can produce the same hash 😱 now imagine a bot that tries to create any value to match the hash, and it can run locally until it finds one.
Preimage Attacks : It can apparently be reverse engineered, I did a shallow search to see if that is possible but I only got ideas for Collision attacks (first vulnerability).

Since MD5, however, there came more secure and now widely used hashing algorithms to last us for the moment. Some include SHA-256 and SHA-3. These alternatives provide better security against the attacks mentioned. But, oh boy 🤦‍♂️, we will eventually have to worry about quantum computing which is so powerful that there is a chance that some of the strong hashing algorithms today can be pushed aside. Apparently some of the SHA hashing family of algo's are quantum safe 🙃 from collisions and preimage attacks, and it's a long way from now so I can relax a little for the next n+ years lol.

Conclusion

So we learned a few things today about the different ways we jumble words up for security reason. We learnt that encoding is not actually made to protect, but to actually make it more readable to it's data's target - Encoding (i.e humans understand words, machines understand 1's and 0s). Unlike encoding, encryption values the data and does not want to even be found. So it uses different (secretive) styles of keys to jumble the data, so that any party with the key unlock it and get what they need. The last is hashing, which is one-way and doesn't care who sees the jumbled up value or not. We learnt that there are some vulnerable hashing algorithms out there, but just as current ones are being exposed everyday, newer and stronger ones pop up at a similar rate too.

I hope you enjoyed and learned form this post, I know I learnt a lot from it myself! Thank you for sticking around, as always please comment let me know of any good or bad, I wanna be better!

See you in the next post 👋

Underrated concepts in C#: Delegates and Events

Abdul — Wed, 20 Dec 2023 14:53:46 +0000

Intro

Hello and welcome to another blog post, about something that I either didn't know or didn't fully understand (and somehow got away with in my career 😆). In this particular post we will be looking into delegates and events, what they are and how they're used.

What are delegates and events?

I've used these two C# keywords in applications before and know what they can do what, why it's used for. But for some reason I can't put it into words, my initial thoughts were that it was because I think I didn't understand it correctly.

Delegates

According to Microsoft A delegate is a type that holds a reference to a method. A delegate is declared with a signature that shows the return type and parameters for the methods it references, and it can hold references only to methods that match its signature.

I agree with this statement fully, but to me it makes more sense to think of it as a type the can hold a reference to a method, as well as be used as a type for declaring an event (this will be explored in the next section). Some also see delegates as a contract between the publisher and the subscriber, in that all the events related to a particular topic will be sent with a particular type.

In the example above, we can see a few things happening. Firstly, the declaration of the delegate DoSomething can be seen in line 4. Line 8 shows the assignment of the delegate to a method in line 8. We can also see they're being called in line 9 which produces the Normal text: normal text console output. We can also see it being overridden in line 11 and called again in line 12 to demonstrate the override successfully. This satisfies the statement that delegates can hold references to other methods.

Events

However, what about the other statement I mentioned that delegates can be used as a type when declaring events? Well, we can see it in line 5 where the event named ThresholdReached is being declared. This ties in with the notion of agreement in contract between decoupled classes, essentially saying that any event in this name will be of this delegate type. But, how do we use this event, what does an event really mean in relation to delegates?

Lets go back to Microsoft again, to decipher its definition. It has a few definitions in different areas of it's website, but the simplest one I found was: Events enable a class or object to notify other classes or objects when something of interest occurs. The class that sends (or raises) the event is called the publisher and the classes that receive (or handle) the event are called subscribers..

The statement of allowing a class to notify another class of happenings is true, however I could do the same with just an instance of a delegate.

The picture above functions the same as the picture below:

The event keyword technically fits the bill, however the concept of an event doesn't just belong to it on it's own as we can see. On a surface level, it helped me to accept that, for my current understanding, the event keyword is used for clarity and to restrict external classes from assigning = their method to it (thereby wiping out other subscribers) rather than adding to it +=.

So what use is are events and delegates?

One interesting thing about the pictures shared above is that the outputs are displayed in the order that the methods subscribed to the event. This can give us a clue as to how it can be used, we can create a queue of methods that can be called in order.

A benefit of using delegates is that, not all classes need to know of each other to execute together. For example, a class that holds 5 injected services could instead be replaced by a single delegate that allows external classes to subscribe to it's events. this way, the original class does not need to know any external unrelated classes, and the external classes are responsible for their own subscription.

I recently found out that we can execute asynchronous programming using delegates 👀. I haven't looked into it as deep as I'd like to yet, but from what I can see, the BeginInvoke method that is available on delegates allows the main thread to continue execution on the main thread. The original thread, which submitted the request, is free to continue executing in parallel with the target method. This can be useful for time critical operations that require parallel processing like database operations etc.

An easier way of using delegates and events

Microsoft has come up with a way to remove the need to go through the steps of creating a delegate and then defining an event using that delegate signature. It's called `EventHandler, which I had no idea it was introduced donkey years ago:

The EventHandler is actually a delegate itself, with a more or less common scenario signature, in that it allows the subscriber of the event to know who sent it (the first argument in the signature - the sender/publisher) and what arguments to expect (the second argument - EventArgs). This is what declaring it looks like as opposed to the initial way mentioned:

Mind you, this applies the same things as I mentioned in regards to the event keyword, since it's a delegate as well. So having or not having the keyword would not make much of a difference still.

Event handlers can be genericised as well, to accommodate for any arguments that he sender may want to send to their subscribers. This can be done through inheriting from the simple EventArgs class and adding our own properties to it, more on it here.

This class is then used as a generic type for the event handler, which informs it that the receivers of the message will be expecting an object of certain type with certain properties (i.e expecting the ShoeSize property to be present when handling the event).

Extra notes

I used to see a check for null before invoking the handlers and I never knew why that was done. It turns out that handlers that have no subscribers are essentially null references. This makes sense because when we're declaring these event handlers, more often than not, we don't actually assign it on the spot. We either add subscribers to it or assign a function to it later or (with the = sign). I tested this and tried to invoke a "subscriber-less" event handler and sure enough got a null reference exception.

But what about when we initialise it? Looks like that doesn't have any problems, since it has a subscriber at it inception:

So we've learnt about delegates, events and event handlers, how to use them, when to use them and some small general notes on it. I hope you've learnt something as I did. If I made any mistakes please let me know I would love to keep track of it and make changes so I do not lead people astray. Let's keep learning and falling in love with our craft, much love! 🙌

Re-learning security: CIA

Abdul — Tue, 05 Dec 2023 20:04:15 +0000

Intro

Hello Hello, been a while since I last posted, but it was for a good reason! I've enjoyed a new company/apartment/life and needed as much time as I could to get situated 🙌 Since then I've learnt a lot, but somehow, also learnt that I have much more to learn 😄 oh the ocean of knowledge, how can I swim?

For this blog we're going to look into one of the things I've realised I've not paid attention to in the past year or so. As a result, I've gotten rusty, and so I'll be taking a more active approach by addressing it through reading books, doing certain exercises and seeing how I can influence the team I'm apart of.

A particular reference I'll be reading from as I go through this journey is the "Alice and Bob Learn Security" book. The flow of the blogs will also similar to the structure of the book, as it helps me stick things in my mind easier.

Why start now?

Well, security is, and should always be, one of the first things that should pop into anyone's mind when they're dealing with creating/developing interactive software. Even if it weren't interactive, we'd still need to make sure that our applications are safe and we don't get hurt in the process of making a positive change in the world (one release at a time).

The Security Mandate: CIA

This is where the security standard such as the CIA (Confidentiality, Integrity and Availability) is discussed. As it equips us with the ability to make design/code decisions that ultimately help make our apps safer.

Confidentiality

Being able to keep information private is harder than first thought, speaking for myself. It also varies in importance depending on the situation. I'm currently reading "Alice and Bob Learn Application Security", and it talks about how confidentiality plays a certain role in their lives. Due to her position as CEO of a top 500 company, Alice does not want certain information about her health to be public (so it's of utmost importance), while Bob (who has a much lower ranking job) doesn't gain or lose anything by letting people know about his heart condition and using a pacemaker.

Integrity

For this principle, it's about the accuracy and the currency of the information that is presented to us. The importance which we place this is also something that is dependent on the situation. In trading, for example, we cannot have numbers that are very inaccurate, as this could potentially cause miss-trades: leading to large financial loss in the process. In most cases, I would think, accuracy is part of what is being part for in most, if not all, applications on the internet. However, you could argue that blogs like this don't prioritise this principle as much since it's users can post anything they want (as inaccurate as they want).

Availability

For certain applications in the health industry, this could be a case of life and death, literally! Take the previous case of Alice and Bob for example, both of which rely on the availability of their information. Alice, being a diabetic, measures her levels multiple times a day using this device, but she can also do it manually. So having this device not working is not the end of the world for her. However, for Bob, who relies on a pacemaker to keep a consistent rhythm of beats for him: it would be frightening to not have it available and working to help through the irregular heartbeats.

Conclusion

As we read the "Alice and Bob Learn Security" book, we've take a look at these starting blocks, and the why's, of some of the security rules we may see in our everyday applications. Understanding the reason for their existence and how they fit in our lives through the lens of the CIA principles would equip us to make better decisions in the future.

🤹‍♂️ What the heck is caching? 🚶‍♀️

Abdul — Fri, 06 May 2022 21:10:21 +0000

Having things in our pockets while we're out are usual, and so is having cached data while we're running our apps 🚶‍♀️🚶‍♂️💽💻

While resisting the urge to shout "Cache me outside.. how boww daah" at the screen, allow me to explain to you what caching is to me. I will also mention the different types that you can come across and their pros and cons. This is purely from my perspective, it also carries a couple of tips on how to start caching in .NET.

Definition

Caching is the action to store data the first time around you get it, and when it is required again, instead of going to the source (where you got it from), you can go to a much closer place (where you stored it) and retrieve it there instead. This, therefore, saves you time and money.

..Or as Microsoft puts it: “Caching enables you to store data in memory for rapid access. When the data is accessed again, applications can get the data from the cache instead of retrieving it from the original source.” - Caching in .NET framework applications

In my own head, I always see it as a thing you have in your pocket until someone asks for it again, meanwhile you can walk and go about your daily life while this "thing" lives in your pocket until it's needed again.

It can be good for ya:

Improves performances and scalability (don’t need to hammer the source that much)
Can make data available when the source is unavailable
“Caching works best with data that changes infrequently and is expensive to generate” - Cache in-memory in asp.net core

Hold your horses

To be frank, not everything is roses and rainbows with what is introduced here. It is always advised that we shouldn't build and test our app to "depend on cached data" ; and rightly so, there could creep up discrepancies between the cached store and the origin very easily, especially if the data we're working with has a tendency to change frequently.

Also when it comes to in-memory cache, we should expect that the more data we store in memory the lower our performance levels become. Metaphorically speaking, we will find it harder to walk around with our pockets as packed as our wardrobes, something will eventual fall out. This is the same with our RAM storage, something has to give. If we use this caching strategy as a half way house for our DB, then we're in a world of trouble.

Types of caching

In-memory (or in-process) caching (Cache stored in the memory of the web server, very simple to implement)
Distributed caching (Cache shared across multiple servers)

The main differences between them can be seen in this link here

The decision to choose which really comes down to the situation, where we consider the size and frequency of the data that's being called upon. Can we afford to get from the a source that is a copy of the original, if so then how do we navigate around the consistency issues between these two sources?

My personal opinion

For small applications, in general, it would probably be easier and simpler to use the in-memory caching strategy. This is considering the very likely outcome that there would be a minimal and predictable amount of request made given a particular unit of time.

How to use in-memory cache in .NET?

Install the “Microsoft.Extensions.Caching.Memory” nuget package
Initialize the MemoryCache object with an options Accessor argument (I.e., MemoryCacheOptions)
It would usually follow this pattern of fetching or setting:

if (!memoryCache.TryGetValue("cachedThingIdOrName", out List<int> data)) 
{
    data = memoryCache.Set("cachedThingIdOrName", await GetLargeDatabaseList(), new MemoryCacheEntryOptions().SetAbsoluteExpiration(TimeSpan.FromSeconds(10)); 
} 

return data;

It can also be injected using this:

In startup, add this: services.AddMemoryCache()
Now in any constructor, you can just inject IMemoryCache and it can be used

How to cache using Redis (local dev)

We can use a docker container to pull down/host the latest image for Redis
After Redis is up and running, we need to download the microsoft.extensions.caching.stackexchangeredis package
We would also need to download the Stackexchange.Redis package
Go to the ConfigureServices method and add the extension method AddStackExchangeRedisCache with the following expression settings:
- options.Configuration = Configuration.GetConnectionString("Some connectionstring in you config file")
  - This gets the connection string /configuration used to connect to the Redis that is set up.
- options.InstanceName = "RedisCachingApp_(app name)";
  - This is just a convvention that can be used to stop any potential mix-up when it comes to inserting a value with the same key across multiple apps. Remember that Redis can be shared across different instances and apps in general, so it can be more likely that key names would be mixed, this isolates whatever is set in this app TO this app.
- Inject IDistributedCache into the constructor as normal and use

An important thing to note is to always use a form of expiration otherwise the data would stay in the cache forever. AbsoluteExpirationRelativeToNow or AbsoluteExpiration or SlidingExpiration are fine to use.

Thanks for hanging around, see you on the next one 🙌

{{{Do curly braces waste space?}}} 📖📘

Abdul — Fri, 04 Feb 2022 22:52:42 +0000

While writing an if-statement, have you ever wondered about the conventions of the curly braces that follow it? I mean, put curly braces in, don't put curly braces and the "style guide" section of whatever company we work in that tells us which ones to use. Well, I want to look at it in a more factual way. Does it do anything to the common intermediate language (or formerly just IL I believe) that get's drummed up by C# or another .NET language?

The plan is to give a short demonstration to provide us with the answer we are looking for, and then we can just go back to our daily lives like nothing happened. Or... we can take this to the belly of the beast (our company slack channels), drop the discussion in there and see what happens 👀.

Ok, I'm glued, so what happens when I put curly braces in?

Glad you asked, and I'm gonna waste these extra words to make it look like a complex research was conducted. We can see below a simple bit of code that is an if statement, which when true contains a "hello" being dumped into the console using the Dump method.

Firstly, to give a more detailed view of what happens, let's see the IL code that's spouted out when we don't have curly braces.

Nothing special to see here, the top bit is the C# code, and the bottom is the Intermediate Language (IL) version of it. We can tell that some steps are taken before going to IL_0003 which let's us know that there's this string "hello"; it is then followed by IL_0008 which is the execution of the extension method Dump.

Adding the curly braces changes things interestingly, the step numbers (not sure what the name is) seem to have been altered.

There seems to be these extra NOP steps that are added to the list, thereby changing the chronology of the process. I didn't fully understand it's effect on size or time, but I compared it the only way I know how; by saving the file and right clicking to see if there was any size change.

The image above is with curly braces.... and below is...

Mind 🤯 blown ... slightly.

I don't know what or how or why it does this but it certainly is interesting to see a difference.

What does this mean on a wider scale?

I'm not entirely sure, but if we were to extrapolate this into a massive real life project, strip all the unnecessary braces and compare I reckon it could display a nuget package or two worth of size difference...Maybe...

This definitely raises the question about how efficient we can/should be with our code, and could style differences be detrimental or a positive impact on the code base?

Anyway, if you drop this in the slack, please don't blame me for sudden invitations to a "match to the death" by your colleagues. Also, most of all, don't try this at home 🦺

Thank you for sticking around!

I hope to have more stuff underway as I sort my life out at the moment, there will be a few non-technical things I'd like to talk about this year especially concentrating on mental health. There's one in particular that I think could prove important so please watch out for that 😊 See ya round!

Running a .NET Twitter bot on Pi: Part 3 – Pi in the sky 🥧👩‍🚀

Abdul — Mon, 27 Dec 2021 21:37:22 +0000

Part 1 : The bot
Part 2 : The rules

Heya! The final part of this twitter bot series is here.

In the first part of this series, we've taken a look at creating a twitter bot in .NET that listens to particular tweets and retweets them. For the second part we created Api endpoints for it, so it now has the capability to change its tweet stream rules whilst listening at the same time. This final part is where we deploy our twitter bot to the Pi, lets go!

his is the link to the repo (here). It includes the previous changes as well as what will occur during the course of this blog.

Requirements first✋

In order for this to work, we will need a couple of things to have at hand:

A Raspberry Pi
Setting up the Pi with SSH (link here)
- Please take note of the OS chosen during the setup for later
Docker installed in Pi (link here)
- I only followed the "Installing Docker to the Raspberry Pi" and "Testing the Docker Installation on Raspberry Pi" sections
A docker hub account (link here)
Docker desktop (link here)
(Optional) Docker VS Code extension (link here)

Referring to the video for setting up an SSH for the Pi, her video pretty much applies the same to windows users, if you follow that you should be good to go on your Pi/SSH needs: that’s if you actually need to SSH, if you don’t and are fine with the full OS version then you can go ahead with that too 👍

Dockerizing ..⛴

The dockerizing part is really nothing new, it's just adding the dockerfile and a dockerignore to our project as seen in many tutorials. I came across a hiccup when attempting to pull an image for our twitter bot into the Pi but we'll work up to that point.

To start off in visual studio, we’ll first need to add the docker support to the project, and that is pretty much straight forward; right clicking the project and scrolling down the options to select the “add docker support” button. VS generates the necessary files for our docker process which are the dockerignore and dockerfile files:

This can also be done in VS code, ensuring the docker extension installed, via the command (select the first option):

Time to build

Once this is done, we are ready to start the build process and we do this by going to the terminal/cmd and cd-ing into our project directory. Because of the way the dockerfile looks for things, and how it sets up what current directory it looks at; I ensured that I ran the following docker command in the solution directory and not the individual project directory.

docker build -t {username}/abtest-image -f TwitterBot/Dockerfile .

The command specifics can be found here. This command basically states to create a docker image named {username}/abtest-image which is based on the dockerfile located in the TwitterBot folder. The period at the end of the command is also a necessity as it states that we will execute this command in the current directory that we are in.

Time to test run

The previous command should build an image, however it has not been run in a container yet. The command to do so is this:

docker run --rm -p 8080:80 {username}/abtest-image

Here we can see that docker instructs (via docker run) the {username}/abtest-image image to run on port 8080 (via -p 8080:80). The port argument shows that the left side of the colon is 8080 while the right side is 80. The left side is what docker exposes to the outside world (the users - us) to appropriately talk to this container. The right side is for communication inside the container itself, something we wouldn’t need to look into too much for this project. --rm is simply an option to let docker know to remove containers once they have been stopped.

If we want to run this image in a container in the background and not have it hog the terminal, we can introduce the -d flag just after the run keyword in that same command above.

The hiccup

Now that we have test run this image in our OS, it’s time we talk about the potential nightmare we could’ve gotten into.

I ran into the hiccup stemming from after creating the dockerfile as instructed above, which is perfectly fine for what we’re currently running on. This file has various steps that include packaging the app into the image we need, however it relies on a base image to create our image from which causes compatibility issues down the line.

This is usually the first command in the file and it would probably look like this by default:

FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base

The problem is that this command doesn’t get an image which targets the correct OS version that our Pi runs on (remember when we mentioned to keep a note of the OS). This could result in a little mess down the line trying to figure out what this message means:

The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm/v7) and no specific platform was requested

The crux of this states that we need to change that first line mentioned a little, depending on what platform we will be targeting. It looks like the platform is targeting the arm instruction set (based on the error message), but to find out what type our host platform (Pi) is running on, we can use the uname –m command in the Pi terminal.

This will give us one of two answers, either aarch64 (which means we’re on 64 bit) or armv7l (which means we’re on 32 bit). Once we find that, we can go to this link to find out what version of aspnet in that command we should be pulling down. For my case, it was 6.0.1-bullseye-slim-arm32v7 and I’d safely guess it could be yours too:

Now the command looks like this:

FROM mcr.microsoft.com/dotnet/aspnet:6.0.1-bullseye-slim-arm32v7 AS base

After this change, running this image in our current OS wouldn’t work as we’ve changed our target platform, but it will run on the Pi (have faith and stay the course!). Now that we have built up the image, it’s time to fling it off to the web!

Publishing the image to the hub 🚀

In order for us to publish the image to docker hub we will need to have a docker account. Given the steps mentioned at the start, we can safely assume this has been done already.

In our current terminal, we will need to log into to our docker hub:

docker login docker.io -u <username>

A standard credential check will occur, after which we should be granted access to our account via the terminal.

Side note, the “docker.io” part was added to solve an issue I had with pulling from a private repo. I could have used “docker login” on its own and it would have worked for the steps later if I chose to have a public repo.

Anyway, once we’ve logged in, we can finally get to the juicy part which is pushing this image out there:

Docker push {username}/abtest-image

It does what it says on the tin. The image we created earlier will now be pushed into a new repo in the cloud with the same name. There might be some problems here as I have experienced, mostly to do with the naming convention of the image name. I found that pushing an image name without my username preceding it was not possible, it gave me errors stating “request to the resource is denied”.

I looked at the logs when attempting to push the image with that exact name and it seems to push to a directory that didn’t belong to me (if you know please drop a comment below 👍):

The push refers to repository [docker.io/library/abtest-image]

However, when I used my docker username and then followed by “/abtest-image”, the logging looked different and the push succeeded:

The push refers to repository [docker.io/{username}/abtest-image]

Check the web to see that the new repo is there and it should be 🙌.

Pulling the image from the Pi(moment of truth)

Coolio, we’ll need to SSH in to the Pi for this. When we have done so, we’ll need to install docker into the Pi. This blog is adequate enough to install docker, three quick easy steps to get docker into the Pi 👍

Once that is done, all that is left is to say these magic words:

docker pull {username}/abtest-image

It will do its thing, with regards to getting the image down from our remote repo and adding it to the list of images in our Pi docker. Check using the docker images for this list.

Once that is done, and the hiccup issue has been resolved, we should be able to run our twitter bot using the same command in previous steps:

docker run -d -p 8080:80 {username}/abtest-image

Test it in the Pi for a final time to see if it holds and we should have lift off!

This was a fun project to take on, this three-part series saw me create a .NET twitter bot app which listens to specific tags I’ve pre-set and retweets those tags. We then went onto creating endpoints to change what the tweet stream should and shouldn’t listen to by exposing the “rules” end point. This led to looking at deploying this .NET bot onto the Raspberry Pi.

I’ve learnt quite a bit from this, I was able to enjoy some of the features of .NET 6 such as minimal Api. This was also followed by a refreshing and fun exposure to docker and how it can be used. I have some ideas for a bonus episode on how much a dockerized twitter bot in azure would rack up in costs. I have a feeling it wouldn’t be more than two burgers worth a month (let's hope it doesn't cost me a pretty penny!).

Thank you for sticking around and following my journey with this twitter bot, I hope to see you in the next project I decide to take on. PS: lookout for that possible bonus episode on exploring this bot with Azure 🚀

Running a .NET Twitter bot on Pi: Part 2 – The Rules endpoints 🗣🤳

Abdul — Sun, 05 Dec 2021 16:16:51 +0000

Part 1 : The bot
Part 3 : The Pi in the sky

In the first part of this series, we've taken a look at creating a twitter bot in .NET that simply listens to particular tweets and retweets them. But we were missing the ability to control what this bot can and cannot listen to. This is the link to the repo (here). It includes the previous changes as well as what will occur during the course of this blog.

For this part of the project, I’ll be adding the endpoints to the existing TwitterBot project. However, some things need to be chopped and changed about: such as migrating the current project to target *.NET 6 * (in order to take advantage of minimal Api’s). Firstly, though, I’ll be exploring what it takes to create the templated Api project in .NET 6.

Creating the Api project but from scratch

It would have been all well and easy for me to create an Api project from the template, but I wanted to really note what it takes to create an Api project from scratch (especially for a .NET 6 version). I decided to create two projects and compare both, one is a console project which I will be using to create my sample Api project, and another pre-made Api project generated from the VS template. Both of these projects are in .NET 6.

As I started, I already noted some differences between the standard and the console templates. The first being in the CSProj files, their SDKs are different; the console one is Microsoft.NET.Sdk while the Api one is Microsoft.NET.Sdk.Web. This could be where the Program.cs file gets its ability to use the WebApplication class without any using statement. The second difference is that the console project has an output type property in its CSProj while the Api doesn’t (although it does have the lanchsettings.Json for how it should execute etc).

After I amended my CSProj to look like its Api counterpart and built the projects, the references started to look the same also. It seems to have added the Microsoft.AspnetCore.App reference as a result of a change in Sdk.

I’ve managed to get the first few lines down in order to get the Api project up and running, only these three lines were really needed in the Program.cs file:

var builder = WebApplication.CreateBuilder(args); 

var app = builder.Build(); 

app.Run();

These will be entered in order, and we shouldn’t get any errors as the WebApplicationclass relies on the .Web Sdk we have in the CSProj (as mentioned previously). Just before the third line, we can create an example endpoint that will help us determine the success so far. Use the appvariable to access the MapGet method, which is essentially a shorter version of creating a HTTPGET endpoint in a controller we’d usually have.

app.MapGet("/hey", () => "Hello World”);

As we can see, the first argument is the endpoint we’re establishing, the second argument is a function we pass down which will be invoked whenever the endpoint is hit.

Another cool thing to mention is that the configuration manager works out of the box. All we have to do is access it using the app variable like so: app.Configuration["Greeting"]. Try it with the MapGet method as an endpoint result 👍.

Cool, sounds good, time to apply migration to the real project!

Currently we have two projects, a library and a console project that runs a hosted services for listening to these tweets. Leaning on what we’ve learnt in the previous section, we can also turn this into a .NET 6 project and get it up and running. The steps are the same:

Change <Project Sdk="Microsoft.NET.Sdk"> to <Project Sdk="Microsoft.NET.Sdk.Web"> in the CSProj.
Most of the nuget packages that we use for hosting and configurations (such as .Extensions.Configuration and .Extensions.Hosting) will not be needed anymore and can be removed.
No need to let the CSProj know that we rely on an appSettings.Json file and that we need it to be copied to output, we can remove this section as well.

What we should have as a result is this:

Please note that I kept the output type to exe as I like a console but you can feel free to delete the OutputType line. Also, I made sure in the launch settings that the launchBrowser property is marked as false as I won’t be needing it for now (possible play with blazor stuff soon? 👀) as this is just an Api project with a running background service.

I also changed the library project into .NET 6, ensuring the OutputType is Library, changing Sdk type to .web and, as a result, removing all the unneeded nuget references.

After the setup I made sure to test that:

Any fake endpoint works
Any appsettings.json property can be reached using IConfiguration

Cool, migrated the console project into a functioning api project, time to get the rules endpoints down

This was a very quick way to setup endpoints (as shown in the previous section). It work's right out of the box, no routing and none of the faff needed to configure 😍. However, it doesn’t feel like a clean room for me to have all the endpoints just splatted out there in the Program.cs. So, I created an extension method to help with organization. If it’s for a first iteration, it's just as standard to have it in the same page if that is what is preferred.

Reflection

It’s correct to assume that it may be too much to separate the Api endpoints from the Program.cs file at this stage as there’s not many. It ended up creating more work for myself in the end while trying to make it look neater. I'm not sure if any of the successful companies ever had the perfect looking code base to begin with, functionality must have come first: and as the code expands it would then be more reasonable to look for ways to optimize the structure. I also feel I’ve done too much, could there have been ego involved in the over engineering aspect? I will reflect on this in another blog 👍

I was able to create Api endpoints for the twitter bot that also has a running background service to listen to tweets. It now has the capability to change its rules whilst listening. The comparison of a .NET 6 console project and a .NET Api template project helped me in the migration stage for the twitter bot, as well as the library. The .Web Sdk proved to be very useful in getting rid of all of the junk that’s involved with establishing an Api project. However, one thing I will take a look into in further projects, and on a separate blog, is the effect of over engineering and how ego can play a part in it.

Please let me know of any mistakes made during this project and/or this blog, it would be very much appreciated! Now that we have this done, time for part 3, which is looking to host this bad boy onto a Pi 4! Thanks for sticking around, see you then! 👋

Running a .NET Twitter bot on Pi: Part 1 – The Bot

Abdul — Fri, 19 Nov 2021 17:32:37 +0000

I know there are a bunch of .NET twitter bots out there, there are even packages such as TweetInvi that can help me pretty much setup a bot straight away. However, I’ve decided to take the hard road on this challenge and do it myself. I'd like to get more in-depth knowledge about what it takes to create a bot, to deploy it and explore possible scenarios that can arise after deployment as a result of the choices made during development.

This three-part series contains a project that will take a look at creating a .NET app which will listen to specific tags I’ve pre-set and will retweet those tags. After that, we will then go on to creating endpoints for influencing what the stream should and shouldn’t listen to, hitting the “rules” end point for twitter. We will also look at deploying this .NET bot onto my newly purchased Raspberry Pi (the last two objectives will be in no particular order).

Part 2 : The rules
Part 3 : The Pi in the sky

Starting with a console app to test

I wanted to get to grips with how twitter outputs its stream. The most straight forward way for me to get into it was to create a simple console app that has a HttpClient, which consumes whatever comes from the never-ending stream; and that’s what I did! Also by the way, I made a call (outside of the app using postman) to the twitter stream rules endpoint. This is in order to create a rule for my filtered stream to listen to, when providing me with messages (link here). This is just to get things started until I get to the next episode in the series.

What happened in that pic, was it WebSockets?

It was the use of HTTP streaming, a method whereby the response to the client is held open by the server with basically no end in sight until the server decides so. If you would like to find out the differences between these two WebSockets and HTTP streaming, check this brief explanation in this blog here and why I chose to go with this rather than WebSockets.

To sum up that short blog, I’ve taken a look at the twitter Api documentation which states that it delivers “...Tweet objects in JSON format through a persistent HTTP Streaming connection.”. This is what essentially made me choose HTTP Streaming instead for this occasion.

We got it working, time to do something with it

After cleaning it up a little, and established being able to create a “listener” to these tweets, we will look creating the action of posting a tweet whenever something pops up.

This new code is the shortened version of the first example, we just separated the responsibilities and placed them in different classes. The TwitterStreamQueries class (as the name suggests) is responsible for the establishment streams, whether it’s the filtered one (as shown) or any other that could be applied in other scenarios. It takes in a TwitterClient class that is responsible for instantiating things such as client credentials and base Uri etc.

The GetFilteredStream method is probably the most interesting thing here because we pass in a function as its argument. This is to provide the filtered stream the open-closed opportunity. This in return gives us the flexibility to chop and change the function argument however we like; without much, if any, changes to the GetFilteredStream method. To start with, I created a function that acknowledges a message for iteration's sake, surprise... it works 👍.

Time to create a process that will retweet the message that comes in.

The retweeting process

As the title suggests, I now dive into what it takes to be able to create a successful retweet request. One thing I do know is that I cannot use the same client, as twitter has a different authorization header requirement for the post request (OAuth1.0 instead of OAuth2.0 which uses bearer tokens).

There were many ways in which I could have ensured that the client used for a particular process utilizes the correct OAuth header for its intended purpose. An example of this could be creating a separate client for each OAuth process (I.e. OAuth1 client and OAuth2 client). However, that is too much for a single purpose-built app such as this.

For this particular case, I thought to go with assigning the header required for each case in their own respective method. It’s a simple enough solution that only cares about listening to the stream and retweeting, I won’t faff about with it I reckon 🤷‍♀️ (being a lazy dev here – don't copy me!).

Speaking on the request process, I particularly struggled with OAuth 1.0, holy moly 😭. At first, the idea of having this crazy looking value that required the existence of a bunch of keys and secrets seemed daunting. I was later able to come to terms with the fact that the only real work being done is just generating the OAuth signature. This page in twitter and this blog helped me figure out the requirements needed to generate the signature for the request.

The structure of the whole app

I quite enjoyed separating the process from the library of code containing the logic. What I mean by that is the console app that is essentially running this process doesn’t actually have any other physical files inside it that help it run the twitter stream or retweet etc. That lives in a different project whose output type is a library.

The structure of “listen and retweet” process

This is just to give a clearer explanation to what was mentioned above about the GetFilteredStream methods function as an argument argument. The client just listens to the stream, if anything pops up it invokes an action that it knows not much (if anything) about, as mentioned before. In this case, we're invoking the retweeting process.

Clean up and putting things on a background service

To clean up, I decided to make the console app into something more suitable. I’ve introduced a class that inherits from the BackgroundService class, named TwitterStreamService. The BackgroundService class is a “base class for implementing a long running hosted service”, I couldn't have said it better myself; (link here).

I used to inherit from IHostedService myself but I had to deal with implementing its other methods such as start and stop async. This BackgroundService class does so and only lets us deal with one method, it takes care of the rest. You can see how it's set up in this (repo here).

In order to start making this background service work, I would have to do a couple of things first in the program.cs file; The first thing would be to create a new instance of the HostBuilder (via the Host.CreateDefaultBuilder method), this would help in establishing a ground for me to create this console-based service and add any dependencies needed to it. The second step is to actually register those dependencies, some of which can be seen in the constructors of some of the pictures already displayed.

I’ve taken a note to mention the significance in ensuring that the twitter client stays as a transient, as I wouldn't want to mix up OAuth requirements between the streaming (which wants OAuth 2.0) and the retweet post requests (which wants OAuth 1.0). The twitter stream and the commands which use these transient clients can be singletons themselves.

I’ve probably made an unnecessary meal of this, but I’ve learnt quite a few things! Namely, about HTTP streaming and how certain values in the response headers can hint at the intent of the response itself. It was also fun adding background services and revisiting hosted services in console apps. The OAuth 1.0 process was probably my biggest struggle, coming to terms with something that looks fairly daunting at the start is an achievement within itself; and it provided me with new knowledge in OAuth 1.0 which is cool!

This link here is the git repo to this project, let me know how many wtf per seconds you experience 😂

My next step for this will be two things, to establish some CRUD rules operations via API endpoints (using the latest .NET 6 features – which should be fun) and to also attempt hosting this in my raspberry pi (in no particular order). Can’t wait, see you there! 💨💨💨🕺