V011 - Weekly Technology Vlog #11
In this episode, Chris unveils a refreshed visual identity for Cloud With Chris, recaps a DevOps-heavy week of content, and digs into Azure, Azure DevOps, and GitHub news with a strong security theme throughout.
New Branding
The Cloud With Chris stream background and lower-thirds have been redesigned for a more consistent, polished look. The new backdrop carries through to all series going forward.
Recent Content
GPG Keys Part 3: The generated GPG keys are now associated with Git commits (git config --global user.signingkey), and the public key is uploaded to GitHub so commits display the “Verified” badge. YubiKey integration comes in Part 4 this week.
Cache Aside Pattern: The latest episode in Architecting for the Cloud, One Pattern at a Time covers how to manage cache population and synchronisation when a caching service (e.g. Azure Cache for Redis) does not natively write through to the backing data store. Special guest: the Bits plushie, courtesy of the Microsoft UK Dev team.
Coming Up This Week
- Azure Thames Valley meetup (Tuesday 16 March): Alan Erdly on security and compliance core concepts — timely given recent supply chain attacks.
- GPG Keys Part 4 (Wednesday): Moving private keys onto a YubiKey hardware token so they are never stored on the host machine.
- Terraform Cloud + Azure (Friday): Deploying to Azure using Terraform Cloud, with a focus on state management.
- Welsh Azure User Group lightning talk (Thursday): A condensed 15-minute version of the GitHub Actions for static site deployment talk. Sessions include VS Code, devsecops, Azure migrations, and Azure Backup.
- MSHowTo Live with Mert (next Thursday): Visual Studio Code for Azure.
Azure Blog Posts
Azure Routing Preference: Customers can now choose whether traffic routes over the Microsoft global network (lower latency) or through the public internet via the ISP network (potentially lower cost). Requirements-driven flexibility now in your hands.
Azure Trusted Launch VMs (preview): Boot-level security using a virtual Trusted Platform Module (vTPM). Protects against bootkits, rootkits, and kernel-level malware by verifying the integrity of the entire boot chain. Available for both confidential and non-confidential VM types.
Java Apps with Custom Connectors in PowerApps: Low-code/no-code front ends (PowerApps) wired into Java back ends using custom connectors — relevant to enterprise integration scenarios that need a modern front-end layer over existing Java investments.
Azure Defender for Storage — Malware Upload Detection: Azure Defender for Storage now scans uploaded blobs for malware and malicious content at ingestion time. A frequently requested capability — generated significant social media traction when Chris shared it.
Naraya — ML-Powered Failure Prediction & Mitigation: Microsoft’s internal system for proactively managing infrastructure reliability at scale. Naraya moves beyond reactive playbooks by:
- Predicting failure likelihood using ML models trained on telemetry.
- Selecting and applying the most appropriate mitigation action.
- A/B testing different mitigations and converging on the best result.
The post discusses a specific case where Naraya triggered live migrations to protect customer workloads before failures occurred — a compelling illustration of resilience engineering at hyperscale.
Azure Updates
- Azure Functions: .NET 5 (GA): Production-ready .NET 5 support. Note: Durable Functions support for .NET 5 (isolated worker model) is not yet available — PowerShell Durable Functions support is expected to arrive sooner due to implementation differences.
- Azure Functions: Python Durable Functions (GA) and Node.js 14 (GA): Both now generally available.
- App Service Managed Certificates for Apex Domains (GA): Custom naked domains like
cloudwithchris.comnow supported with free auto-renewing managed TLS certificates. - Azure API Management: Request/Response Validation Policies (GA): Validates requests and responses against OpenAPI schemas natively — catches missing parameters, non-compliant JSON bodies, excessive payload sizes, and unspecified headers.
- Azure ML on SQL Managed Instance (GA): Machine Learning Services now generally available on Azure SQL Managed Instance.
- Token Lifecycle Management for Azure DevOps PATs (private preview): A REST API for programmatic PAT creation, rotation, and revocation — a long-standing request from teams automating DevOps operations.
Azure DevOps Blog
Mitigating Leaked PATs on GitHub Public Repos: GitHub and Azure DevOps now collaborate to detect Azure DevOps PATs accidentally committed to public GitHub repositories. On detection, the user is notified immediately. If the token is not manually revoked within 72 hours, Azure DevOps automatically revokes it — an important step in closing the accidental secret-exposure loop.
DevOps Fireside Chat — Infrastructure as Code: April Edwards, Jay Gordon, Steve Moraski, and Eric Sorensen (Puppet Labs) discuss IaC foundations — Bicep vs. ARM templates, when to start, mono vs. multi-repo structures, and who IaC is really for.
Community stories: Safe IaC Terraform pipelines with Azure DevOps, ARM CI/CD for Azure Cloud, and multi-region expansion strategies with Azure.
GitHub Blog
GitHub In Focus — Code Security & DevSecOps: A preview of a global series covering application security, DevSecOps workflows, and code security tooling.
GitHub Security Update: GitHub force-logged all users out of github.com after identifying a rare scenario where an authentication token could be delivered to an unintended user. A full root cause analysis is forthcoming.
Git Clone Vulnerability: A security vulnerability in the delayed checkout mechanism used by Git LFS during git clone, affecting versions 2.15 and newer. Mitigation: upgrade to Git 2.30.2.
GitHub Discussions for Private Repositories: GitHub Discussions — previously only available for public repos — can now be used in private repositories for internal community and knowledge management.
GitHub CLI Scripting: The GitHub CLI supports calling GitHub APIs directly (gh api), with built-in authentication, pagination, and response caching. A compelling alternative to raw curl for API automation workflows.
Related Content
V009 - Weekly Technology Vlog #9 (1 year of Cloud With Chris, Azure Retirements, Microsoft Ignite)
Week nine of the vlog coincides with the one-year anniversary of the Cloud With Chris podcast. Chris kicks off a multi-part blog series on GPG key signing for Git commits, demonstrating how trivially easy it is to spoof a contributor's identity in Git without verification — and how GitHub's GPG validation feature closes that gap. Azure news this week is lighter than usual, covering serverless and low-code scenarios with PowerApps, the new Private Azure Marketplace, and the Azure Quota REST API, plus a significant list of retirement notices from the Azure Updates page all targeting 29 February 2024.
V003 - Weekly Technology Vlog #3 (Contributing to OSS, Azure Thames Valley and Tech News)
Chris announces his involvement with relaunching the Azure Thames Valley meetup, recaps the static content hosting pattern episode and his open source blog, and previews upcoming talks at AzureIsh Live and a SquaredUp webinar on application observability with Azure Monitor and App Insights. He covers Azure Updates including public IP SKU upgrades, built-in Azure Policy for NSG flow logs, GitHub's availability in Iran, the GitHub Enterprise Server 3.0 release candidate, and Docker Desktop integration with Azure Container Instances.
V008 - Weekly Technology Vlog #8 (Changing Role, Guest Appearances, LOTS of Azure News)
Chris marks two months of weekly vlogging with a big career update: leaving FastTrack for Azure to become a Cloud Solution Architect in Microsoft's UK Customer Success Unit, focusing on the Manufacturing & Resources industry. The cloudwithchris.com site is also refreshed with a PodScribe-powered interactive transcript player that highlights spoken words in real time and enables crowd-sourced corrections — a meaningful accessibility improvement. Azure news is substantial this week, headlined by Azure RBAC for Key Vault data plane reaching GA (enabling secret- and certificate-level access control) and Azure Front Door Standard & Premium entering preview with private origin support via Private Link.