Microsoft Build 2018 Highlights

Microsoft Build 2018 Highlights.md

Microsoft Build 2018 Highlights

May 7 - 9, 2018, Washington State Convention Center, Seattle, WA

This is a summary of my notes for the most valuable sessions I attended. Notes regarding hands-on experience (labs, expo) and most sessions less than 45 minutes were not included.

Vision Keynote: Intelligent Cloud and Intelligent Edge

Satya Nadella, CEO

• Several big high-level announcements, including partnership with Qualcomm and DJI, Project Kinect for Azure, and Project Brainwave

Building Secure Cloud Apps - Lessons Learned from Microsoft's Internal Security and Software Engineering Teams

Robert Venable, Sudhindranath Byna

• Microsoft pushes the culture of security to its engineering team
  • Forces responsibility and accountability
• Security is hard
  • Developers need to secure against everything, but attackers only need to find a single flaw
  • "Attacker's advantage and defender's dilemma"
    • Defender must defend all points
    • Defender can only defend against known attacks
    • Defender must be constantly vigilant
    • Defender must play by the rules
    • Attacker can choose weakest point
    • Attacker can probe for unknown vulnerabilities
    • Attacker can strike at will
    • Attacker can play dirty
• No app is ever "secure": security is a continuous, iterative process
• Security requires 4 things to be carefully considered:
  1. Design (authentication, authorization, data classification, transport & storage, threat model)
  2. Code (secret management, code management, code quality, dependency management, static analysis)
  3. Environment (ARM RBAC model, network, OS, patching, encryption)
  4. Operations (telemetry & audits, incident management, access control, disaster recovery)
• Security Intellisense Extension preview for Azure development
  • Optionally fails builds if security issues are identified

.NET Overview & Roadmap

Scott Hanselman, Scott Hunter

• Video recording
• 1 million new active .NET users in the last year
• Overview of some impressive .NET Core 2.1 performance enhancements
  • 10x faster builds
  • 123% faster data access
  • Large memory and runtime optimizations
• .NET Core build support for ARM processors (e.g. Raspberry Pi)
• WebAPI development enhancements
  • Debugging API will launch the API CLI
  • "ls" returns available endpoints
  • typing ui launches a web-based auto-generated UI
• .NET Core 3.0
  • Focus on desktop, IoT, and AI, including WinForms and WPF frameworks
  • .NET Core App Bundler will now remove unused MSIL and compile into a single executable - no DLLs required
  • Existing WinForms apps can simply have their runtime swapped out to .NET Core 3.0, no other changes
    • Twice as fast
• Visual Studio 15.7 can now download NuGet package source and step through in debugger
  • If VS can't locate source, it will decompile it for you
    • Options -> Text Editor -> C# -> Advanced -> Enable navigation to decompiled sources (experimental)
• Announced ML.NET 0.1 Preview
  • Cross-platform, open-source machine learning framework
  • Can train and execute models
  • Mature library - used internally by Microsoft for a decade in Bing, Office, and many other products
• .NET can now run natively in the browser with WebAssembly and Blazor
  • Demo

Introducing ML.NET

Ankit Asthana, Gal Oshri, Markus Weimer

• General-purpose machine learning library
  • Supports model training, regression, classification, many different learning algorithms
• "Framework-first" approach
  • Will support and integrate with CNTK, TensorFlow, etc
• Iris classification tutorial

Diagnosing and Debugging Live Cloud Applications

Andy Sterland, Paul Yuknewicz

• Application Insights & Snapshot Debugger
• Great log querying features on Azure
• Can log and aggregate exceptions
• CorrelationId on HTTP Request
  • Can be very useful for logging to determine exactly what events were logged for a specific HTTP request
• Snapshots will take a "snapshot" on your live application where you put a snappoint (similar to a breakpoint)
  • You can then inspect this snapshot in VS, including variable inspection, locals, watches, etc
  • Very much like debugging, but you can't continue to step through
  • However, you can add multiple snappoints and inspect all of them
  • All data preserved from that request

The Future of C#

Mads Torgersen, Dustin Campbell

• Video recording
• Overview of 7.1, 7.2, 7.3
• Future features:
  • Nullable reference types
  • Recursive patterns
  • Asynchronous streams
  • Asynchronous foreach
  • Asynchronous disposable
  • Default interface members
  • Pattern matching switch syntax
  • Records (maybe)
  • "Hat" syntax
    • var last = myArray[myArray.Length - 1];
    • var last = myArray[^1];
  • Range syntax
    • Span<T> range = myArray[1..3];
    • Span<T> wholeSpan = myArray[..];
    • Span<T> beginning = myArray[..5];
    • Span<T> end = myArray[5..];

Demystifying Machine and Deep Learning for Developers

Seth Juarez, Chris Lauren

• Azure has some built-in models e.g. image captioning
• For specialized machine learning processes, users can customize any pre-existing models to fit their needs
• For extra specialized needs, users can train their own models and export from Azure; use it anywhere with ONNX
• Can update models programmatically
• Cool demos of image captioning and disease diagnosis via x-ray
  • Higher level of accuracy than trained radiologists

Supercharge your Debugging in Visual Studio 2017

Andy Sterland, Lead Program Manager, VS Diagnostic Tools

• My vote for most valuable session
• Settings -> Solution Explorer -> Properties -> Multiple Startup Projects
• F10 will begin debugging at first line instead of first breakpoint
• While debugging, right click -> Run to Cursor
  • Alternatively, hover over desired line and click the green arrow
• How to debug Foo(Bar(baz.DoThing().Save()))?
  • Right click -> Step Into Specific
• Tracepoints
  • Right click -> Breakpoint -> Insert Tracepoint
  • Can be used to output data to debug console without changing your code
  • $FUNCTION will resolve to the name of the current functions
    • Other pseudo-variables available here
• Evaluating expressions in Watch window can cause side-effects
  • Use a format specifier
  • nse - No Side Effects
    • Not mentioned in above link, probably outdated
• Locals window can break down each function return
  • " Hello World ".ToLower().ToUpper().Trim()
  • Will show the results of the literal, ToLower, ToUpper, and Trim separately
• Use the DebuggerDisplayAttribute
  • [DebuggerDisplay("{Title,nq}, id: {Id}")]
  • More semantically correct than overriding ToString just for the debugger
  • Really useful for debugging collections
• Can right click on watch, "Make Object ID"
  • $1 returns the data even if out of scope
  • $1 can then be used in conditional breakpoints to debug a specific instance
• C++ debugging
  • Use $err to retrieve last error
  • Use format specifier hr to replace an error code (203) with the message ("Environment variable not found")
• Snapshots & snappoints
  • Similar to dump, but it doesn't stop the whole process
  • Under the hood, it forks the process and attaches it to a debugger to evaluate data
  • VS Enterprise has IntelliTrace, can be enabled in the IntelliTrace options pane
• Step back button, basically a rewind (may only be available for snapshots)
• Exception window in diagnostic tool has value, can rewind to where exception was thrown (maybe only for snapshots as well)
• More interesting features on Diagnostic Tools -> Events window for determining where an exception was created, as opposed to where an exception was unhandled

Securing Web Applications in ASP.NET Core 2.1

Nate Barbettini

• ASP.NET Core 2.1 has HTTPS on by default, even during development
  • Installs a local, self-signed certificate
• Instead of adding [ValidateAntiForgeryToken] on every POST action, you can add AutoValidateAntiForgeryToken as a filter in Startup to ensure it is added at any non-idempotent endpoints
• Header information, similar to observatory.mozilla.org
• Also recommended using securityheaders.io

Tuning Visual Studio for Optimal Performance for a Huge Codebase

Varun Gupta, Viktor Veis

• The VS 2017 15.7 update loads large solutions 4.5x faster than the previous version
• A SSD has a more dramatic effect than CPU or RAM on VS performance
• Hiding windows on startup makes startup faster
  • Can return windows by selecting Windows -> Apply Window Layout
• Close documents when finished
• Closing solutions and reopening another is faster than closing all of VS just to open another solution
• Avoid rebuilding projects when nothing has changed
  • This can be an issue when some files Build Action is set to Copy Always
  • These should be carefully considered since they force a rebuild of that project
  • Setting these to PreserveNewest will keep similar behavior but not force rebuilding
• Use globbing carefully
  • Globbing pulls all files which match a pattern
  • C:\Users\john**\web.config would pull all files named "web.config" in the C:\Users\john directory
  • Can be powerful but is very slow to analyze all those files
• Debugging loads symbol files, which map source code with binaries
  • Speed up debugging by loading fewer symbols
  • Enable Just My Code which only loads symbols by projects in the current solution

Decoding your Users - Addressing Cognitive Bias in Product Feedback

Cindy Alvarez, Principal Design Researcher

• Try to prevent hindsight bias - "I knew it all along"
• Notes to take during a project to keep track of changes:
  • "We started this week believing ____"
  • "Here's what we learned: ____"
  • "Here's how we're adjusting: ____"
• Avoid cognitive dissonance
  • The uncomfortable feeling when we're trying to hold two contradicting ideas in our heads at once.
  • We try to talk ourselves out of the controversy by creating excuses or imagining scenarios
  • Scenario: poorly received application release after good internal reception
  • "The customers just aren't ready for this yet"
  • To resolve: set the more negative scenario to true, and handle the situation from there
    • "Assume we didn't create the best app: now what do we do?"
    • Great for meetings - tells a story and helps us to elaborate all scenarios
• Confirmation bias
  • We look for evidence that "proves us right"; we avoid or ignore evidence that contradicts our beliefs
  • "The customers just aren't tech savvy enough"
  • "Are you worried that paying your bills online can go wrong?"
  • "Don't you feel like writing checks is just easier?"
  • These questions probe specific answers to confirm our bias
  • To resolve: "Tell me about how you're currently doing ____..."
    • "Walk me through how you're paying your bills today"
  • More goes into processes than we think
    • Bill pay example: users have to check their current balance, be aware of when their direct deposit hits, etc...
    • Users would never elaborate on all this information. This is why it's important to have them narrate the process
• Getting customer feedback
  • Give permission to complain
    • Lots of people don't feel OK about complaining
    • Some people are much more polite
    • Make shy customers feel like they have a voice
  • "If you had to change one thing..."
  • "Which tasks do you put off doing?"
  • "How have you done ____ differently in the past?"
• Determining everyday problems
  • Suppose you had a new coworker join your team - what advice would you give them?
  • People love stories and sounding smart, this helps them elaborate without asking the question "what problems do you have with...?"
• Loss aversion
  • We really hate losing what we have - we'd be more unhappy about losing $5 than we would be about gaining $5
  • This is why it's hard to lose features
  • Sometimes there is ownership: "that's my feature"
  • Sometimes this is just about power
  • Sometimes it's because the answer to the question "do you want this feature?" is always "yes!"
    • Must weigh cost vs benefits
    • Technical debt
    • Wanting is free! Building, maintaining, and user frustration later is NOT free!
    • Metaphor for washing machines: no one uses most of their washer settings
• Social desirability bias
  • We edit what we say to make ourselves "look good"; we don't usually realize we're doing this.
  • If the answer is 'yes' or 'no', one of those answers is usually socially preferable.
    • So, don't ask yes/no questions!
    • At best, you'll get a short answer and then ask follow-up questions
    • Instead, "In the past month, when have you ____...?" "In the past month, tell me about a time you didn't have a good chance to do a code review."
    • This is a much safer way to get more accurate and specific data
    • When asking a question, you want them to remember instead of inventing
• Backfire effect
  • Presenting rational evidence against our beliefs can make us reject it and believe even more strongly.
  • Rational evidence vs feelings: feelings always win
    • Sometimes this results in anger
    • "You're right - and I'd love to understand how you're using their product, what it's allowing you to do..."
    • This can be a lie! But, it lets their guard down and accommodates open communication
    • Consumers have a low bar, so it's easy to do this and get "on their side"
    • "Just to be sure I'm clear - if you had that already, how would it make your job/life easier?" - avoids the response that "It's just nice to have"
    • "Since you don't have it today, what's your current workaround?" - might give some insights into a solution