TWIL: December 19, 2021

This week revolved a lot around the log4j vulnerability (Log4Shell), but I’d also like to highlight an awesome podcast by Scott Hanselman with David Copperfield and the .NET Rocks podcast on DAPR. Great stuff!


.NET Rocks

Episode 1770: Building Microservices using DAPR with Paul Yuknewicz
What is DAPR, and why do you want it? Carl and Richard talk to Paul Yuknewicz about how DAPR helps you build better microservices by dealing with all the plumbing. We all need messaging, security, logging, and other services to make microservices work – and there are a ton of SDKs and libraries out there to help. DAPR helps glue all those pieces together with a nice layer of abstraction to make it easier for your tool selections to work!

The Azure Podcast

Episode 404: When Windows is nowhere to be found – Making Azure better with CBL Mariner
The team learns about CBL Mariner, a Microsoft-maintained Linux distribution that runs underneath a number of Azure services.

Episode 405: Azure Active Directory’s Investments in Reliability and Resilience
The team catches up with Nadim Abdo who fills them in on all the work Azure AD has been doing to increase their resiliency and improve the customer experience.

Episode 406: Azure Bastion
The team talks to Azure PMs Isabelle Morris and Tanu Balla about the Bastion service which allows for secure access to VMs. We discuss the use-cases for this service, and they provide insights into using it effectively.


Episode 817: Becoming a Digital Unicorn with Trice Johnson
The continuous wave of digital disruptions is demanding something new from each of us, whether you work for a large corporation or a small business, own a startup, or are a recent graduate looking to break into the industry. Trice explains to Scott that your ability to think beyond what’s possible and solve problems with a different lens is the secret sauce that will set you apart – and increase your uniqueness in the market.

Episode 818: David Copperfield’s History of Magic – in partnership with Microsoft Outside In
Microsoft has an internal lecture series called Outside in where interesting people come to talk about cool things they are working on. I got to speak to Magician David Copperfield inside his secret magic museum in Las Vegas. He’s written a new book called History of Magic that’s a wonderful exploration of the last 500+ years of magic. We talk about his career and the fascinating parallels between technology and magic.


Announcing the Microsoft Sentinel: Zero Trust (TIC3.0) Solution
The Microsoft Sentinel: Zero Trust (TIC 3.0) Workbook was released earlier this year with an overwhelmingly positive reception from our user community. We are announcing the next evolution of this content in the Microsoft Sentinel: Zero Trust (TIC 3.0) Solution. This content features a redesigned user interface, new control card layouts, dozens of new visualizations, better-together integrations with Microsoft Defender for Cloud for assessments and alerting rules to actively monitor/alert on compliance posture deviations across each TIC 3.0 control family.

What’s New: Detecting Apache Log4j vulnerabilities with Microsoft Sentinel
Microsoft’s security research teams have been tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2 referred to as “Log4Shell” and tracked as CVE-2021-44228. The vulnerability allows unauthenticated remote code execution and is triggered when a specially crafted string provided by the attacker through a variety of different input vectors is parsed and processed by the Log4j 2 vulnerable component.

How Defender for Cloud displays machines affected by Log4j vulnerabilities
When news breaks of a major security story, like the vulnerability in the open-source Apache logging library Log4j (CVE-2021-44228), vendors and organizations move as fast as they can to understand the issue, determine their exposure, and mitigate the risks. In situations like this, organizations that are using Microsoft Defender for Cloud can immediately begin investigations – even before there’s a CVE number – with our Inventory tools as shown below.

Log4Shell, as explained by Metaphor and Memes!
Log4J is a super common toolkit used by software in the Java ecosystem to create logs. Logs are great, generally much beloved, and not historically one of the big sources of systems compromise. They’re even a great way to monitor your system against compromise!


In-Memory and Distributed cache (.NET Core)
Article about what types of cache are there and how we can use them in .NET Core. Describes in-memory cache and distributed cache options.

Cool Stuff

Azure Quiz
If you’re bored or just want to check how well you know existing Azure services, then check this quiz.

Have a fantastic week!

Photo by Bermix Studio on Unsplash