I have met many developers who think they know everything (and are happy to tell you that they do); they found a way to write some functions and they have used that pattern ever since (because it is the best). Professional Development is an alien topic to them; why would they spend hours watching videos or reading articles when they have work to do?

As a developer I feel that continual professional development is key; not only to your ability as a coder but also to any projects which you may already be working on. There is always a better way to do something (not that is always a reason for refactoring!).

As part of my continual professional development (CPD) I spend several hours a week watching training videos on new subjects, reading blog articles, and looking at other’s code for inspiration.

This page exists to list some training resources that I have found particularly useful (I am not professionally linked to any of these sites or services, I just found them useful); in addition to these you can also find a list of most of the training videos I have watched here.

Development Practices

• SOLID Principles of Object Orientated Design
• Getting started with Asynchronous Programming in .NET

Security

• OWASP Top 10 Web Application Risks for ASP.NET
• What every developer must know about HTTPS
• Play by Play: Ethical Hacking
• Modern Browser Security Reporting

ASP.NET MVC

• The MVC Request Life Cycle

SQL Server

• Practical SQL Server High Availability and Disaster Recovery

Read more

Over the years we all collate a list of sites/blogs/etc that we keep an eye on (or that form our morning coffee reading list); personally I used to use Google Reader to aggregate all my rss feeds. Unfortunately Google decided for some unknown reason to shut it down; since then I have been using “the older reader” to group together my feeds; it is perfect!

Out of my morning coffee link list I feel these are worth visiting, reading, and subscribing with, you may or may not agree (but isn’t that the joy of the internet?):

• Troy Hunt – https://www.troyhunt.com/
• Cloudflare Blog - https://blog.cloudflare.com
• Brent Ozar – https://www.brentozar.com/blog/
• Scott Hanselman – https://www.hanselman.com/blog/

You can also find me on the web at:

• Twitter @melodiouscode
• Instagram melodious_code
• Flickr melodiouscode

Blogs etc

• Coding Horror Programming and the human factor
• Daily .NET Tips As the title says, daily .NET tips
• John Skeet John Skeet’s Coding Blog
• Mark Zhou Mark Zhou – A developer who develops for developers
• Scott Hanselman Scott is a programmer, teacher and tech speaker who writes some very interesting articles.
• Scott Helme This Scott is a security researcher and speaker from the UK; if you are interested in web security (HTTPS, CSP, SRI, etc) then Scott’s blog is a must.
• Troy Hunt An Aussie MVP Security Expert who also writes some great PluralSight courses
• Lars Klint Lars is a Microsoft MVP, PluralSight Author, and speaker. He knows alot about mobile development and according to his bio is a part time crocodile wrangler!
• Cloudflare Cloudflare basically run the internet, so read!

Development

• .NET Blog The .NET Blog; written by the .NET team.
• Brent Ozar Brent Ozar are the experts on most things SQL
• Daily .NET Tips As the title says, daily .NET tips
• JetBrains Company Blog JetBrains make many useful .NET tools, one (resharper) that I use on a daily basis
• Scott Hanselman Scott is a programmer, teacher and tech speaker who writes some very interesting articles.
• MSSQL Tiger Team MSSQL Tiger Team This is the official team web log for SQL Server engineering (TIGER) team

Other Useful Sites

• Have I Been Pwned? HaveIBeenPwned.com is a project by Troy Hunt; he collates many of the data leaks online and presents them in a way that can be searched for your own protection!
• Report-Uri A great resource run by Scott Helme allowing you to track the effectivnes (and any problems with) your Content Security Polices and the like.

Web comics

• CommitStrip A web comic about the daily life of some web developers
• Dilbert You must know who dilbert is? You don’t, then go start from comic #1
• Hi, I’m Liz Quick and simple web comic that always creates a laugh!
• Questionable Content I have read QC from start to now; I own the print books, need I say more?
• XKCD Would any list of web comics be complete without the genius that is XKCD?

Photo by Thomas Kelley on Unsplash.

Read more

I have been watching a lot of the TV show Criminal Minds recently (blame my wife); in the show there is a technical wizard known as Penelope. She is the teams super hacker and data manipulation extraordinaire. In some of the episodes Garcia (her surname, it’s an American show they all call each other by their surnames because its more dramatic) delves deep into an unsub’s (Unknown Subject, the bad guy serial killer crazy person they are trying to catch) digital life and comes up with all the answers

Very little effort seems to be put in to the hacking, she just gets into their social media accounts, or their emails and finds out the address of their secret death dungeon thanks to an invoice from the power company stored under “Super Secret Death Documents” in their gmail folders. This got me thinking (the security bit, not the super-secret-death-dungeon bit) about how easy some forms of “hacking” are, and how you can protect yourself online.

It isn’t hard to work out the basics about a person these days; there is so much Open Source Intelligence (OSINT) available to the casual social engineer (for more information about OSINT and Social Engineering check out one of Troy Hunt’s courses on Plural Sight or his blog). Facebook, LinkedIn, and twitter are generally a good starting point to find out all sorts of information about your “target”.

Last time you signed up for an email account (or similar) do you remember those questions about your first pet, or your mothers maiden name? Those tiny bits of knowledge can be used to reset the password to your email account; once you are in there (as Garcia was) you can access almost everything a person has online (resetting passwords via their inbox as you go). From my generation on-wards (and more so for younger generations) you will almost certainly find someones mother on their Facebook wall (liking everything they post as mine does), and then from their profile you may find their maiden name (or even their parents posting on their wall!). How many people list their dog on Facebook, posts about how nice it looks in its Christmas jumper, that’s another tick box covered!

One source of data that I haven’t seen Criminal Minds use yet is the data breach; why bother hacking someones account when the password they use for everything is in a leaked data-set? Surely Garcia must have them all downloaded so she can search for the unsub’s passwords? Coincidentally if you haven’t already go and check out haveibeenpwned and see if you have been breached (I bet you have). There seems to be a new data breach every few days so if you haven’t been “pwned” yet you will be!

Protect yourself, don’t wreck yourself!

So what can you do to protect yourself online and your accounts against Garcia (or some script kiddo from a far flung country)? Well there are a few things, some simple, some more complex (but still worth doing).

Stop using the same password

No seriously stop, just stop using the same passwords everywhere. All it takes is for that basic little website about how much you like cats to get breached (rather likely considering they run as a vBulletin forum) and your password for Gmail/your bank/your government login/etc to be leaked (along with your email address as you used that to sign in). But “how can I remember hundreds of passwords” I hear you scream, simple just don’t!

Use a password manager

In the past I would not have recommended a password manager; giving someone else all your passwords seemed like crazy talk. However that was before all the breaches started; companies were not storing user passwords securely so each breach leaked credentials (often in plain text). Remembering a unique and secure password for each system you use is unlikely to work; however learning one long, complex, and strong password is easy, using that password to secure a highly encrypted vault is even easier!

There are many password managers out there, depending on your preference (offline or online) I suggest looking at KeePass or 1password. Which ever password manager you choose please do you research first; I am not saying that the smaller firms are not trust worthy but the larger and more public a firm the more likely it is to be secure (password managers get a lot of attention from white and black hats alike) due to the coverage it receives.

Look into Multi-Factor Authentication

Google recently stated that over 90% of Gmail users still don’t use two factor authentication (also known as Multi-Factor) to secure their accounts. Two Factor Authentication (2FA) is just what it sounds like; your password is the first factor, a single use code (from a mobile device for example) acts as the second. Services which offer 2FA provide an enrolment code which an app on your mobile device can understand; allowing it to display random codes over time which the server can validate.

When you log in you have to provide both your password and the 2FA code; this means that if someone obtains your password (from a breach for example) they can not log into your account without having access to your 2FA device. It is a quick and simple way to improve your security substantially.

Some sites (such as twitter, amazon, and google) allow you to receive an SMS with the 2FA code; there is currently a debate around how secure the use of mobile for 2FA is. However it is important to note that any form of 2FA is more secure than no form; so unless you are securing your massive crypto-currency reserves (we all have those right?) mobile 2FA will be fine for now!

Turn on Alerts

A well written system will allow a user to review audit logs; or obtain alerts of unusual activity (think about how your bank informs you of strange activity). Check out the security settings on the websites you use; many will likely allow you to receive an alert for login from new devices.

On top of these active alerts; don’t forget to subscribe to a service such as HaveIBeenPwned which does it’s best to inform you if and when your email accounts (or even entire domains if you own them) appear in data breaches online.

##tldr; How do you protect yourself online? This post has grown longer than I intended it to; so here are a few quick action points you can use to protect yourself online:

1. Stop using the same passwords on different services; invest in a password manager such as KeePass or 1password.
2. Enable 2FA/MFA protections on as many accounts as you can; check out twofactorauth.org for a list (and instructions) of many sites which support it.
3. Review security settings on the sites you use; enable alerts and check logs.
4. Sign up to HaveIBeenPwned.

Read more

Are you new to the internet (is anyone?) or are you taking the first steps on your businesses digital journey? Do you know your search engine optimisation from your organic search results (no they aren’t what hippies do around the veg section at the supermarket)? Google have come out with a new free certification (yep you get a nice certificate) to help you and your business find the right path online.

The course teaches you everything from the basics of content creation (pages, blog posts, etc) all the way through to creating an effective and successful social media marketing campaign. The course is laid out in small subject sections with video instructions followed by knowledge checks; each subject then has a small multiple choice test before you move onto the next subject. At the very end of the subject list is a 40 question multiple choice test which ends in your free certification in Digital Marketing from Google!

The subjects start off with “Taking a business online” followed by a set of subjects on “Reaching your target audience” and “eCommerce” ending with pointers on taking your now successful business global!

The certification is free and completely self paced and online; you can take a look and if its not for you give up and no one will ever know (or you can come back later). So why not take a look; even if digital marketing or social media campaigning isn’t part of your job (it isn’t part of mine, but knowing what people want helps me to design better products as a developer) it is another skill to list on your CV! Check out the Google Digital Garage now!

####The image at the top of this page is owned by Google and has been used to relate to their product; you can also check out my certificate over on my Courses & Certifications page.

Read more