Create an Azure Container Registry and publish a docker image

Microsoft has just released Azure Container Registry preview at Connect(). It is a private Docker container registry service like Docker Hub, GCR, and AWS ECR. I have a test run of ACR.

Creating an Azure container registry

As usual, I sign in to the Azure Portal to add a new object. Here is the information I use to create the registry. Please note that I forgot to enable Admin User during creation. So I would need to change the registry settings later.

screen_shot_2016-11-19_at_5_16_56_pm

After the registry is created, I open the container registry overview.

screen_shot_2016-11-19_at_5_31_09_pm

Please note that the registry settings are actually under “Access Key“, which is an odd language choice – still in preview. I could enable the “Admin user” option in Access Key.

screen_shot_2016-11-19_at_5_39_42_pm

The ACR is then usable. Here is the important information one could use for the Docker images:

  1. Logon server — This is my private Docker registry.
  2. Username and password — These are for docker login command.

Push a Docker image to ACR

I have an image built for Alpine version of NGINX Docker image with libressl and luajit.

screen_shot_2016-11-19_at_5_44_19_pm

Please note that I have the image built already. However, I still need to tag the image to use my ACR.

screen-shot-2016-11-19-at-5-48-35-pm

Now log in to my private ACR with docker login.

screen-shot-2016-11-19-at-5-53-42-pm

Then push the Docker image.

screen-shot-2016-11-19-at-5-54-07-pm

Viola! Now I have the Docker image available in my private ACR. I can pull the image from ACR easily.

screen-shot-2016-11-19-at-6-05-55-pm

Use a Message Handler to Set ASP.NET Web API’s Current Thread Culture

ASP.NET Web API provides very streamlined support in the framework to handle content negotiation. In HTTP specs, following Accept series of headers are used in a HTTP client to set in the request for content:

ASP.NET Web API supports first two headers out of the box. The framework itself would select the right MediaTypeFormatter class based upon the Accept header, and a selected MediaTypeFormatter is able to handle Accept-Charset to return the result in the right character set. For example, when a HTTP client sends

The Web API framework will select JsonMediaTypeFormatter as the media type formatter for the response of this request. In turn JsonMediaTypeFormatter is able to take advantage of the backing library JSON.NET and returns the JSON serialization result in the right character set.

As stated in the link above, Accept-Language is not yet automatically supported in the framework. Web API provides several nice extension points to solve such a problem.

Checking the Pipeline

Picking an extension point of such a feature may not be the easiest thing to do. The Web API has the following extension points in the order of execution when the HTTP server receive a request:

  • Global message handlers
  • Per-route message handlers
  • Authorization filters
  • Action Filters

If we consider the importance of current thread’s Culture — when we choose to change the current thread’s culture, all subsequent calls to format dates, numbers, currencies and retrieving resources will return different results — I would like changing current thread’s culture to be as early as possible.

Here is a snapshot from the following chart:

Screenshot 2014-04-25 20.34.45

The chart shows very clearly that the earliest extension point to an incoming request is the global message handler queue. We can certainly implement a custom message handler, insert it into this queue and ask Web API to use this custom message handler to process the HTTP header first.

Implementing the Message Handler

Here is the message handler:

As stated in the HTTP protocol, Accept-Language uses quality values to note the request’s preferences of languages. The first part of code above prioritizes languages based upon quality. The second part finds an available language. The third part sets the thread culture.

Now we have the message handler ready, we can insert this message handler into the pipeline:

This should be implemented in your WebApiConfig.Register() method, and get called when the Web API application starts.

Using TransactionScope with async/await

In .NET Framework 4.5, Microsoft introduced async and await keywords in C# to simplify non-blocking programming. Microsoft has a very nice article about asynchronous programming on MSDN. However, transactions were not aware of async/await in .NET 4.5 (perhaps that would also be the reason EntityFramework did not come out with async support that time.)

In .NET Framework 4.5.1, Microsoft addressed the async issue. TransactionScope is now aware of async/await and it has now an option to enable an ambient transaction to “flow across thread continuations.” The usage is very simple:

 

How Secure is Your Server-Side SSL Configuration?

Among all the debates about mass surveillance and NSA intercepting and spying the Internet traffic, do you really know how secure your server-side SSL configuration is? Qualys SSL Labs provides a very detailed analysis tool that checks almost all aspects of the SSL configuration of a web server. This blog’s report is here.

In SSL Labs’ overview about deploying SSL forward secrecy,

In the context of mass surveillance, however, the RSA key exchange is a serious liability. Your adversaries might not have your private key today, but what they can do now is record all your encrypted traffic. Eventually, they might obtain the key in one way or another…

To mitigate the RSA key exchange weakness, SSL servers can implement forward secrecy using two algorithms, “the standard Diffie-Hellman (DHE) and the adapted version for use with Elliptic Curve cryptography (ECDHE).” These two key exchange algorithms guarantee that all SSL session keys are generated, exchanged, and destroyed in one session. If attackers record communications between two parties, they need not only to obtain the server’s private key, but also compromise the keys of every session.

To configure forward secrecy on web servers, SSL labs provides two example configurations for Apache and Nginx respectively:

For Nginx:

For Apache:

 

A Short Introduction of BookSleeve Redis Client

BookSleeve (project site, author blog post) provides a native async Redis client for .NET with effortless multiplex support, as an alternative to the famous ServiceStack.Redis.

In BookSleeve Redis commands are always pipelined and handled by async tasks. One single BookSleeve connection can handle numerous commands in one go. For example,

In this example,  the three commands to set three keys with a single connection are multiplexed and put into a single pipeline to execute on the Redis server. The tasks end when the commands complete.

Without pipelining, on Redis these commands are individual requests. Each request has to wait for the response to come back and they incur a round trip each time to the Redis server.

With pipelining,  these commands are grouped together as one request and sent to Redis in one go. So the network wait time is much less than the previous scenario by cutting 2/3 of the network round trip wait time.

If a separate method executes different Redis commands with the same connection simultaneously,

All the commands are then multiplexed together and executed on Redis in one of several possibilities of execution order,

In this scenario, the network wait time is cut by 4/5 of requests being sent individually, with a slight bigger request sent to the Redis server in one go.

On .NET side, since BookSleeve’s connection is always async and returns tasks, the caller can await the tasks to get the actual results, while the tasks are executed without blocking each other. Commands from different method calls and different threads can be multiplexed together and sent to Redis in one request. Above all, this approach should improve Redis performance by cutting the round trip time of individual requests with less connections to Redis.

64-bit iOS7 and ARMv8: What Does It Mean?

Daniel Eran Dilger provides an inside look into the 64-bit iOS 7 and ARMv8, and compares a possible 64-bit Android environment.

In short, the benefits of moving iOS apps to 64-bit include the
hardware advantages of the A7’s 64-bit cores (including more
registers, and likely more cache), the improvements and optimizations
inherent in the new 64-bit ARMv8 instruction set, and the requisite
API enhancements that come along with iOS 7.

The primary downside to the transition is additional system memory
consumption in cases where iPhone 5s users can’t transition all their
apps to 64-bit. This makes moving Apps Store titles to 64-bit a big
priority for Apple and, subsequently, a something it will push its
third party developers to support.

Ballmer’s Retirement

In the past 15 years, Microsoft grew from an operating system and office software company, to an enterprise software company (Windows Server systems, Dynamics, Sharepoint), a consumer electronic company (Xbox), an online service company (Bing), and more recently, a cloud computing company (Azure). Microsoft did what most companies do when they grow – diversifying their businesses and entering a great variety of markets in order to cultivate their revenue.

No company is like Apple – a more focused, dedicated, and passionate functional organization that produces only a dozen of consumer electronic devices and creates an entire industry of its own. Ballmer did a great job within his own limits. Yet Ballmer was not capable of capturing the trends that Apple created on its own. He did not see Blackberry’s coming in the enterprise market. Neither did he embraced Apple’s consumer device approach to computing. Ballmer was an old overconfident salesman folk that could not realize the future.

Microsoft chose the worst timing to force Ballmer’s retirement. As Ballmer said,

“There is never a perfect time for this type of transition, but now is
the right time,” Ballmer said. “We have embarked on a new strategy
with a new organization and we have an amazing Senior Leadership Team.
My original thoughts on timing would have had my retirement happen in
the middle of our company’s transformation to a devices and services
company. We need a CEO who will be here longer term for this new
direction.”

If Ballmer’s words were not doctored, and Ballmer’s retirement was his own plan during the Microsoft reorganization, his intention could be detrimental. On the other hand, if Ballmer’s words were indeed doctored in the press release, and he “would have not had my retirement happen”, Microsoft’s board made the worst decision in the worst timing. The odds are not in Microsoft’s favour.

In Microsoft searching for the new CEO, Peter Bright of Ars Technica contends that,

A better route might be to look for another Steve Ballmer, but without
that salesman’s overconfidence. This CEO would be someone willing to
appoint and listen to a consumer-oriented, product-focused visionary
who could be empowered to guide the company’s consumer-facing
products. This could be every bit as effective as a “classic”
visionary CEO in the Bill Gates or Steve Jobs mold, while being
somewhat easier to find.

The last CEO we heard capable of listening to a visionary is Tim Cook. And unfortunately, he is with Apple.