A couple of months back Gautham (my son) started playing Reading Eggs. We started off initially with a free trial after it being recommended by our friend Asha. We got a 21-day extended trial in addition to the initial 21 days free trial (i.e a total of 42 days), which helped a lot with confirming that Gautham was to use this app. We noticed that he was reading small words quite comfortably and he grew an interest to read various things around. We took an annual subscription and feels totally worth it.

Reading Eggs Levels

Using the five essential keys to reading success, the program unlocks all aspects of learning to read for your child.

  • The lessons use colourful animation, fun characters, songs, and rewards to keep children motivated.
  • The program is completely interactive to keep children on task.
  • When children start the program, they can complete a placement quiz to ensure they are starting at the correct reading level.
  • Parents can access detailed progress reports as well as hundreds of full-colour downloadable activity sheets that correspond with the lessons in the program.
  • The program includes over 2000 online books for kids – each ending with a comprehension quiz that assesses your child’s understanding.

Each level explores different letters/word combinations and has a knowledge quiz at the end of it to pass to the next level. The program unlocks all aspects of learning to read for your child, focusing on a core curriculum of phonics and phonemic awareness, sight words, vocabulary, comprehension, and reading for meaning.

Do give the app a try if you have kids at home!

Over the last weekend, I was playing around with Visual Studio Connected Services support for Azure Key Vault. The new feature allows seamless integration of ASP.NET Web applications with Azure Key Vault, making it as simple as using the ConfigurationManager to retrieve the Secrets from the Key Vault - just like you would retrieve it from the config file.

In this post, we will look detailed into the AzureKeyVaultConfigBuilder class that allows the seamless integration provided by Connected Services. As we saw in the previous post when you add Key Vault as a Connected Service, it modifies the applications configuration file to add in the AzureKeyVaultConfigBuilder references.

Make sure to update the Microsoft.Configuration.ConfigurationBuilders.Azure and Microsoft.Configuration.ConfigurationBuilders.Base Nuget packages to the latest version.

Loading Connection String and App Settings

The AzureKeyVaultConfigBuilder can be specified on both appsettings and connectionString element using the configBuilders attribute.

Configuration File
1
2
3
4
5
6
 <appSettings configBuilders="AzureKeyVault">
 ...
 </appSettings>
 <connectionStrings configBuilders="AzureKeyVault">
 ...
 </connectionStrings>

Accessing Multiple Key Vaults

The configBuilders element supports comma-separated list of builders. Using this feature, we can specify multiple Vaults as a source for our secrets. Note how we pass in ‘keyVault1,keyVault2’ to configBuilders option below.

Configuration File
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<configBuilders>
    <builders>
      <add
        name="keyVault1"
        vaultName="keyVault1"
        type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral" />

      <add
        name="keyVault2"
        vaultName="keyVault2"
        type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral" />
    </builders>
  </configBuilders>
  <appSettings configBuilders="keyVault1,keyVault2">
  ...
  </appSettings>

If the same key has a value in multiple sources, then the value from the last builder in the list takes precedence. (But I assume you would not need that feature!)

Modes

All config builders have the options of setting a mode, which allows three options.

  • Strict - This is the default. In this mode, the config builder will only operate on well-known key/value-centric configuration sections. It will enumerate each key in the section, and if a matching key is found in the external source, it will replace the value in the resulting config section with the value from the external source.

  • Greedy - This mode is closely related to Strict mode, but instead of being limited to keys that already exist in the original configuration, the config builders will dump all key/value pairs from the external source into the resulting config section.

  • Expand - This last mode operates on the raw XML before it gets parsed into a config section object. It can be thought of as a simple expansion of tokens in a string. Any part of the raw XML string that matches the pattern ${token} is a candidate for token expansion. If no corresponding value is found in the external source, then the token is left alone.

In short when set to Strict it matches the names in configuration file to Secrets in the Vault’s configured. If it does not find corresponding Secret it ignores that key. When set to Greedy, irrespective of what keys are there in the configuration file, it makes all the secrets available in the Vaults specified via Configuration. This to me sounds like magic and would not prefer to do in an application that I build.

Greedy Mode Filtering and Formatting Secrets

When using Greedy mode, we can filter on the list of keys that are made available by using the prefix option. Only Secret Names starting with the prefix is made available in the configuration. The other secrets are ignored. This feature can be used in conjunction with stripPrefix option. When stripPrefix is set to true (defaults to false), the Secret is made available in the configuration after stripping off the prefix.

For e.g. if we have a Secret with the name connectionString-MyConnection, having the below configuration will add the connection string with name MyConnection.

Configuration File
1
2
3
4
5
6
<add
  name="keyVault1"
  vaultName="keyVault1"
  prefix="connectionString-"
  stripPrefix="true"
  type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral" />
1
var connectionString = ConfigurationManager.ConnectionStrings["MyConnection"];

Use prefix and stripPrefix in conjunction with the Greedy mode. For keys mentioned in the config it will try to match it with the prefix appended to the key name

Preloading Secrets

By default, the Key Vault Config Builder is set to preload the available Secrets in key vault. By doing this the config builder knows the list of configuration values that the key vault can resolve. For preloading the Secrets, the config builder uses the List call on Secrets. If you don’t have list access on Secrets you can turn this feature off using the preloadSecretNames configuration option. At the time of writing the config builder version (1.0.1) throws an exception when preloading Secrets in turned on and List policy is not available on the Vault. I have raised a PR to fix this issue, which if accepted would no longer throw the exception and would invalidate this configuration option.

Configuration File
1
2
3
4
5
<builders>
    <add
    name="keyVault1"
    preloadSecretNames="false"
    vaultName="keyVault1"

Authentication Modes

The connectionString attribute allows you to specify the authentication mechanism with Key Vault. By default when using the Connected Service to create the key vault it adds the Visual Studio user to the access policies of the Key Vault. When connecting it uses the same. But this does not help you in a large team scenario. Most likely the Vault will be created under your organization subscription and you might want to share the same vault between all developers in the team. You could add the users individually and give them the appropriate access policies, but this might soon become cumbersome for a large team. Instead of using the Client Id/Secret or Certificate authentication along with Managed Service Identity configuration for localhost works the best. The configuration provider will then use the AzureServicesAuthConnectionString value from environment variable to connect to the key vault.

Local System
1
2
3
4
Set AzureServicesAuthConnectionString Environment variable
RunAs=App;AppId=AppId;TenantId=TenantId;AppKey=Secret.
Or
RunAs=App;AppId=AppId;TenantId=TenantId;CertificateThumbprint=Thumbprint;CertificateStoreLocation=CurrentUser

As you can see the AzureKeyVaultConfigBuilder does provide good integration with Key Vault and makes using the Key Vault seamless. It does have a few issues, especially around handling different Secret versions, which might be fixed in future releases.

PS: At the time of writing there were a few issues that I had found while playing around. You can follow up on the individual issues on Github. Fingers crossed hope at least one of my PR’s makes its way through to master!

Visual Studio (VS) now supports adding Azure Key Vault as a Connected Service, for Web Projects ( ASP.NET Core or any ASP.NET project). Enabling this from the Connected Service makes it easier for you to get started with Azure Key Vault. Below are the prerequisites to use the Connected Service feature

Prerequisites

  • An Azure subscription. If you do not have one, you can sign up for a free account.
  • Visual Studio 2017 version 15.7 with the Web Development workload installed. Download it now.
  • An ASP.NET 4.7.1 or ASP.NET Core 2.0 web project open.

Visual Studio, Azure Key Vault Connected Services

When selecting ‘Secure Secrets with Azure Key Vault’ option from the list of Connected Services provided it takes you to a new page within Visual Studio with your Azure Subscription associated with Visual Studio Account and gives you the ability to add a Key Vault to it. VS does generate some defaults for the Vault Name, Resource Group, Location and the Pricing Tier which you can edit as per your requirement. Once you confirm to the Add the Key Vault, VS provisions the Key Vault with the selected configuration and modifies some things in your project.

Visual Studio, Azure Key Vault Connected Services

In short, VS adds

  • a bunch of NuGet packages to access Azure Key Vault
  • Adds in the Keyvault Url details
  • In ASP.NET Web project VS modifies the configuration file to add in the AzureKeyVaultConfigBuilder as shown below.
Web.config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<configuration>
<configSections>
<section
      name="configBuilders"
      type="System.Configuration.ConfigurationBuildersSection, System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
      restartOnExternalChanges="false"
      requirePermission="false" />
</configSections>
<configBuilders>
<builders>
<add
      name="AzureKeyVault"
      vaultName="webapplication-47-dev-kv"
      type="Microsoft.Configuration.ConfigurationBuilders.AzureKeyVaultConfigBuilder, Microsoft.Configuration.ConfigurationBuilders.Azure, Version=1.0.0.0, Culture=neutral"
      vaultUri="https://WebApplication-47-dev-kv.vault.azure.net" />
</builders>
</configBuilders>

To start using Azure Key Vault from your application we first need to add some Secrets to the Key Vault created by Visual Studio. You can add a secret to the portal using multiple ways, the most straightforward being using the Azure Portal. Once you add the Secret to the Key Vault, update the configuration file with the Secret names. Below is how you would do for an ASP.NET Web Project. (MySecret and VersionedSecret keys)

Make sure to add configBuilders=”AzureKeyVault” to the appSettings tag. This tells the Configuraion Manager to use the configured AzureKeyVaultConfigBuilder
1
2
3
4
5
6
7
8
<appSettings configBuilders="AzureKeyVault">
      <add key="webpages:Version" value="3.0.0.0" />
      <add key="webpages:Enabled" value="false" />
      <add key="ClientValidationEnabled" value="true" />
      <add key="UnobtrusiveJavaScriptEnabled" value="true" />
      <add key="MySecret" value="dummy1"/>
      <add key="VersionedSecret" value="dummy2"/>
</appSettings>

The values dummy* are just dummy values and will be overridden at runtime from the Secret Values created in the Key Vault. If the Secret with the corresponding name does not exist in Key Vault, then the dummy values will be used.

Authentication

When VS creates the Vault, it adds in the user logged into VS to the Access Policies list. When running the application, the AzureKeyVaultConfigBuilder uses the same details to authenticate with the Key Vault.

If you are not logged in as the same user or not logged in at all the provider will not be able to authenticate with the Key Vault and will fallback to use the dummy values in the configuration file. Alternatively you could specify connection option avaiable for AzureServiceTokenProvider

Visual Studio, Azure Key Vault Connected Services

Secrets and Versioning

The AzureKeyVaultConfigBuilder requests to get all the Secrets in the Key Vault at application startup using the Secrets endoint. This call returns all the Secrets in the Key Vault. For whatever keys in the AppSettings that has a match with a Secret in the vault, a request is made to get the Secret details, which returns the actual Secret value for the keys. Below are the traces of the calls going out captured using Fiddler.

AzureKeyVaultConfigBuilder Fiddler Traces

It looks like at the moment the AzureKeyVaultConfigBuilder get only the latest version of the Secrets. As you can tell from one of my Secret names (VersionedSecret), I have created two versions for the Secret, and the config builder picks the latest version. I don’t see a way right now whereby I can specify a specific secret version.

The Visual Studio Connected Services makes it easy to get started with Azure Key Vault and move your secrets to a more secure store, than having it around in your configuration files.

Code Formatting is an essential aspect of writing code, and I did write about this a while back on introducing code formatting into a large code base. It’s not about what all rules you and your team use, it’s about sticking with the conventions and using them consistently. Code Formatting rules are best when applied automatically, and the developer does not need to do anything in particular about it.

Prettier is an opinionated code formatter, which supports multiple languages and editors and easy to get started. Getting set up is as easy as just installing the prettier package using yarn/npm. There are multiple points at which you can integrate Prettier - in your editor, pre-commit hook or CI environments.

Most of the IDE’s have plugins for Prettier which makes it easy to get it into the code right from the beginning. You might need to update your IDE settings to run prettier when you save a file. For VS Code I have to set editor.formatOnSave to true to turn on this behaviour.

As the title says, Prettier is opinionated, which is useful in many ways and removes much time wasted on unnecessary discussions. However, it does provide some configuration options. Check if it provides enough for you to call a meeting to decide on one of them :).

Write prettier code!

https://pixabay.com/en/data-security-keyboard-computer-1590455/

With more and more data breaches happening it is possible that your personal information and passwords are already compromised. If you have been lazy and reusing passwords (just like me until a while back) across multiple sites then it is good to check if your password is already compromised. It necessarily need not be one of your social media account or bank account that needs to be compromised for an attacker to get your credentials. If you have been reusing passwords across sites, it might be that one site where security is not given much importance for that gets breached, exposing your credentials to the attacker or anyone who has the breached data. Often hackers use this information to try and enumerate other sites, social network, bank logins to try and login assuming the behaviour of password reuse.

Check your email or password to see if any has been part of a data breach.

To check if you have been part of a data breach you can use the service haveibeenpwned. If you have been part of any data breaches, then it will show you the details. In addition to that, you can also use the Pwned Passwords list to check if the password that you use has been part of any data breaches. It’s good to change your password if you find yours in there. If you are worried about entering your password in haveibeenpwned site, the good thing is that it uses k-anonymity model, which means that your full password is not sent across the wire.

Next Steps

  • Update your passwords on all sites that you use if you have been reusing passwords. If you don’t have much time to do this in one shot, you can do this incrementally as and when you next visit them.
  • Make sure you have unique passwords for each of the site. A good password is one that you cannot remember. So if you are not using a Password Manager it’s a good idea to start using. If you don’t want to spend money on a password manager, you can always use a random password generator to generate one for you. Remembering that password might be hard, you could either write it down or save it in the browser (not that I am recommending it over getting a Password Manager, but better than reusing passwords).

While in Sydney I was lucky enough to have attended the first and second NDC Conferences. After moving up to Brisbane, did not think I could attend one of these soon. However, then comes a nice shorter version of NDC specific to Security - NDC Security. As the name suggests, this conference is particular to security-related topics with a 2-day workshop and 1-day conference, as was held in Gold Coast, Queensland.

The Workshop

Troy Hunt and Scott Helme ran two workshops and I attended Hack Yourself First by Troy. The workshop covers a wide range of topics and is perfect for anyone who is into web development. The best thing is that you only need to have a browser and Fiddler/Charles Proxy (depending on whether you are on Windows or Mac land). One of the interesting thing about the workshop is that it puts you first into the hackers perspective and forces you to exploit existing vulnerabilities in the sample site designed specifically for this. Once you can do this, we then look at ways of protecting ourselves against such exploits and other mechanisms involved.

Hack yourself first, Troy Hunt

The workshop highlights how easy it is to find and exploit vulnerabilities in applications. Some tools detect vulnerabilities and exploit them for you if you input a few details to them. You necessarily need not know the vulnerabilities itself or how exactly to exploit them. Such tools make it easy for people to use them on any website that is out there on the web. Combined with the power of search engines it makes it quite easy to make your site vulnerabilities to be easily discoverable.

The Conference

There were six talks in total and below are the ones that I found interesting.

NDC Securtiy, 2018 - Conference

The whole web is on a journey towards making it more secure. So it is an excellent time to move on to HTTPS if you are not already. Even after enabling HTTPS, it is a good idea to make sure you have got all the appropriate security headers set. Making sure that the libraries that you depend on are patched and updated is equally essential. There are incidents of massive data breaches because of vulnerabilities in third-party libraries and not keeping them updated.

Functionality need not be the only reason to upgrade third-party libraries. There might be security vulnerabilities that are getting patched which is an equally good reason to update dependent packages

The harder thing is to keep track of the vulnerabilities that are getting reported and always checking back with your application’s dependencies. There is a wide range of tools that help make this easy and seamlessly integrate within the development workflow. It can be included as early as when a developer intends to include a library into the source code, or in the build pipeline or even for sites that are up and running. The earlier such issues get detected in the software development lifecycle, the less costly and impact it has on time and cost.

Tools

The conference ended with a good discussion between Troy and Scott on how everything is Cyber broken. It touches upon the value of Extended Validation (EV) Certificate and how CA’s are trying to push for them while browsers are more and more going away from them. It also touches on various proponents of HTTP and the wrong messages that are getting spread to a broader audience and also about certificate revocations and a lot more. It was a fun discussion and a great end to the three-day event.

Location and Food

NDC Security was held at QT Gold Coast, Queensland and well organized. Coffee and drinks were available all throughout the day with a barista on the last day (which was cool). Food was served at start, breaks, and lunch and was good. The conference rooms were great and spacious and had reasonable good internet. Did not face much connectivity issues and everything ran smoothly.

NDC Securtiy, 2018 - Food and Location

One of the things I first did after coming from the conference was to move this blog over to HTTPS. I had been procrastinating long on this, but there were enough reasons to make a move now. Also, there are a bunch of things that catch my eye at client places and other web sites that I visit often. Attending the conference and workshop has been a great value add and recommend to anyone if you have a chance to attend that. For the others, most of the content is available in Pluralsight.

PS: Special thanks to Readify for sending me to this conference and also providing a ‘paid vacation (accommodation)’ in Gold Coast. It was a nice three-day break for my wife and son also.

Two Factor Authentication (2FA) is becoming more and more common these days and is a good way to protect your accounts from getting into the wrong hands. SMS and App based 2FA are more common with the day to day services that we use, like Gmail, Outlook, Facebook etc. Enabling 2FA the user is prompted for a number that gets sent to them via phone or generated using an application, in addition to the username and password, when logging in. Enabling 2FA protects your account a level further. Even if an attacker has your credentials from a data breach, they would still need access to your phone to log in to your account. Using an app to generate the codes is more preferable than using SMS as it does not require internet connectivity or mobile service.

Until lately I have been using Google Authenticator to generate codes for all the accounts that I have 2FA enabled. The app does work well on a single mobile device but becomes a pain when you want to switch phones or lose the phone. You could potentially be locked out of your accounts if you lose the phone and don’t have the backup codes available.

Authy

Authy is one of the best-rated 2FA application which targets exactly the issues with Google Authenticator. It is easy to setup, can be secured via TouchId/Password, supports encrypted backups and syncs across multiple applications and devices. Once setup any code that you add to your app gets synced through Authy servers and is all encrypted and secured. Authy has applications for the mobile, desktop and also has a plugin for Chrome browser. You can also manage devices from the account and revoke a device if it gets lost or is not used anymore. Authy vs Google Authentication post covers in detail all the differences between the two and the advantages of using Authy.

Check out Authy and do setup 2FA if you are not already!

If you are here and reading this probably you have a website and is serving it over HTTP. If you are unsure of whether your site needs HTTPS or not, don’t think twice - YES, YOUR SITE NEEDS HTTPS.

If you are not convinced check out https://doesmysiteneedhttps.com/. One of the main reasons that I have seen (including me) why people have shied away from having HTTPS on sites was cost. And this post explains how to get HTTPS for free. But make sure you are getting it for the correct reasons and you know exactly what you are getting

Depending on how you are hosting you could possibly take two routes to enable HTTPS on your site. Let’s look at them in detail.

Option 1 - Get your Certificate and Add to Your Host

If your hosting service already allows you to upload a custom domain certificate, but you were just holding back because of the extra cost of getting a certificate, then head over to Let’s Encrypt to get your free certificate. Again depending on your hosting provider and the level of access that you have on your web server, Let’s Encrypt has muliple ways on how you can get a certificate.

What does it cost to use Let’s Encrypt? Is it really free?
We do not charge a fee for our certificates. Let’s Encrypt is a nonprofit, our mission is to create a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS. Our services are free and easy to use so that every website can deploy HTTPS.

We require support from generous sponsors, grantmakers, and individuals in order to provide our services for free across the globe. If you’re interested in supporting us please consider donating or becoming a sponsor.

In some cases, integrators (e.g. hosting providers) will charge a nominal fee that reflects the administrative and management costs they incur to provide Let’s Encrypt certificates.

Option 2 - CloudFlare

If you are like me on a shared/cheaper hosting service it is more likely that your hosting plan does not support adding SSL certificates. You will be forced to upgrade to a higher plan to upload a certificate, which in turn will cost you more. In this case, you can use Cloudflare, to enable HTTPS for free.

Cloudflare provides lots of features for websites, but in our case, we are more interested in what the Free plan gives us. It gives us a Shared SSL Certificate and also added benefits of Global CDN.

Cloudflare acts as a reverse proxy between you and the server hosting this web page, which simply means that all requests now go through Cloudflare which in turn reaches out to the web server, if it cannot find a locally cached copy. So this also means that there are now reduced number of calls to the web server as Cloudflare would serve it from its cache if already available.

Shared SSL is what is more interesting for us as part of this blog post. What shared SSL gives us is free HTTPS for our website. We get a Domain Validated (DV) certificate, with a small catch. It is not issued to our domain but to a shared Cloudflare domain server (sni154817.cloudflaressl.com in my case). If you want a custom SSL certificate then you need to be on a paid plan.

Cloudflare supports multiple SSL settings - Off, Flexible SSL, Full SSL, Full SSL(Strict). Depending on how your host is setup you can choose one of the options. Since I am using Azure Web Apps to host, it supports https over *.azurewebsites.net subdomain. But since the certficate is not for my custom domain name (rahulpnath.com), I have set the SSL setting to Full SSL. Cloudfare in this case will connect over HTTPS but not validate the certificate. If your host does not support HTTPs connection (for free) you can use Flexible SSL.

You can also choose to enable Cloudflare with Full SSL(Strict) if you have followed Option 1 and have a custom SSL certificate for the domain. This will give you the added benefits that Cloudfare provides.

Enabling HSTS Preload

Now that you have HTTPS setup on your domain with either of the options above, we can see that the website is now accessible over HTTPS. However, when you make the very first request to the website, the request goes over HTTP which then redirects over to HTTPS, after which the communication happens over a secure channel. However, there is a risk where the very first request can be intercepted and cause undesired behaviour.

Trust on first use (TOFU), or trust upon first use (TUFU), is a security model used by client software which needs to establish a trust relationship with an unknown or not-yet-trusted endpoint.

By setting the STS(Strict-Transport-Security) header along with the preload directive, we can then add our domain to the HSTS Preload list. By adding your domain into this list it is literally getting hardcoded into source code of browsers (like for e.g Chrome here). So anytime a request is made to a site it is checked against this hardcoded list available in memory and if present the request goes as HTTPS from the very first. You can set all subdomains for your domain as well as HSTS preloaded. Make sure you have all subdomains are served over HTTPS so that you do not lock yourself out on those sites. You can find more details on HSTS here.

Now that the cost factor is out of making your site support HTTPS, is there anything else that is holding you back? If speed is a concern and it worries that encryption/decryption at both ends of communication is going to slow you down take a look at this post on HTTPS’ massive speed advantage. If you are still not convinced let me give it one last shot to get you on board. Going forward most modern browsers are going to default to the web as a secure place. So instead of the present positive visual security indicators, it would start showing warnings on pages served over HTTP. That means soon your sites would start showing Not Secure if you are not moving over to HTTPS.

I don’t see any reason why we should still be serving our sites over HTTP. As you can see I have moved over to the HTTPS and have added this domain to the preload list as well. Let’s make the web secure by default!

When I started this blog around nine years back, my only intention was to share technical posts. But over period of time I started writing about a variety of things including productivity tips that I found useful, travelogues, random thoughts, personal goals, blogging etc. One of the things that I have noticed is that a lot of people have been inspired by these various posts and photos that I post online and have triggered them to do similar things.

Share and Inspire, Image Source https://www.saylor.org/2015/04/blog-saylor-student-stories/

I’ve had my own similar inspirations to start the various things that I do today. Like for instance, I started running after being inspired by my friends, Satish, Suresh and Thiru. I reached out to them for various tips when I started running a year ago. From running I moved on to cycling and a bit of swimming after seeing my friend Rahul. For travel, my inspiration has been Arun Sudheendran and Deepak Suresh who do a fair bit of exploration. I tend to reach out to them for travel ideas and places to visit. Similarly, there have been inspirations from people that I have never met or met just once or twice.

Below is a transcript of a chat with one of my readers whom I have never met. It’s a great feeling to wake up to such messages and it boosts your own motivation to continue what you are doing.

Share and Inspire

Social media plays a great role in spreading information these days. When you see people in your own friend’s circle start doing things that you have always wanted to, it gives you an extra push to give it a try. There might be some people who feel you are sharing too much of things that don’t interest them. For those, there is always an option to un-follow, mute, filter etc. Don’t let that thought stop you from sharing things that you do.

Such a small act of sharing, even things that you might have seen someone do could add up and be of big impact to someone else, often referred to as the Butterfly Effect.

The Butterfly Effect: This effect grants the power to cause a hurricane in China to a butterfly flapping its wings in New Mexico. It may take a very long time, but the connection is real. If the butterfly had not flapped its wings at just the right point in space/time, the hurricane would not have happened. - Chaos Theory

Share things that you do, share positive things and inspire others!

Of late I have been working for multiple clients at the same time. Different clients have different development environments, which has forced me into using Virual Machines (VM’s) for my day to day work. I will cover my actual setup and new way of working using VM’s in a different post.

When working on VM’s I often have to switch to the host machine for email, chat and a few other programs that I have just on my host machine. Minimizing the VM host is time consuming and context breaking if you are working off a single screen. On a multi monitor setup you can always have VM on one screen and host on the other. This can still get tricky if you have more than one VM’s connected.

The Virtual Desktops feature in Windows 10 is of great help in this scenario. We can move between desktops using keyboard shortcuts (Ctrl + Win + Right/Left Arrow). But with the VM running on separate Virtual Desktop any key presses gets picked up by the VM operating system and not by the host. This means that you cannot use the keyboard shortcuts to switch host desktops from inside a VM. However you can move between desktops using the Four Finger swipe gesture on your touchpad (if that is supported). These swipe gestures are picked up only by the host machine OS, unlike the keyboard shortcuts. So even when you are inside a VM, doing the four finger swipe gesture tells the host OS to switch desktops. This allows you to easily navigate between VM’s running on different Virtual Desktops.

Hope this helps!