Day 534. When you read the #Azure Service Principal of the Microsoft Graph application as data source in Terraform, the complete output is around 16000 lines and this data source alone will add approximately 760kB to your Terraform state. That is because this data source contains all of these application's app roles and all OAuth2 permission scopes including their descriptions.
Dew Drop Weekly Newsletter 474 - Week Ending March 13, 2026
#dewdrop #newsletter #javascript #azure #aspnetcore #windowsdev #xaml #csharp #dotnet #ai #mcp #copilot #python #devops #agile #IoT #appdev #podcasts #m365 #sqlserver #powershell #cli
Day 533. Hey, that's a cool diagram we found there in the #Azure Virtual Network DNS resolution docs.
⚠️ CRITICAL: CVE-2026-31957 in himmelblau-idm (3.0.0-<3.1.0) lets attackers bypass Azure Entra ID tenant isolation if tenant domain isn't set. Upgrade to 3.1.0+ & enforce config! Details: https://radar.offseq.com/threat/cve-2026-31957-cwe-1188-insecure-default-initializ-e7809765 #OffSeq #Azure #CVE202631957 #InfoSec
I spent a bit of time poking around with the #Azure CLI and running it in a container.
https://blog.scottlowe.org/2026/03/02/running-azure-cli-in-container/
Day 532. Does this combination of 'failed' provisioning state and 'all succeeded' status of our #Azure Virtual Machine Scale Set make any sense to you?
Dew Drop Weekly Newsletter 473 - Week Ending March 6, 2026
#dewdrop #newsletter #javascript #aspnetcore #azure #xaml #windowsdev #dotnetmaui #csharp #dotnet #winui #ai #mcp #devops #agile #python #appdev #podcasts #m365 #sqlserver #data #powershell #cpp
Age verification for OS installation.
This law was written and passed by people who have no idea how computers or the internet works.
Gavin Newsom should be repeatably kicked in the nuts, run out of town covered in tar and feathers for signing this.
Easy - Windows, Mac, Stock Android (Google).
Hard / Impossible - Linux, legacy OS, Smart Devices, Automation aka Cloud formation? Am I to tell my clients that if they scale up new OS on the fly that each needs to be ID verified?
Very Impossible - Hardware / Low Level OS (network gear, IoT devices, medical devices). You need a local account setting up a Cisco router or switch.
What about air gaped / no internet situations? Would I be prevented from installing an OS if I do not have the internet?
I have a Proxmox cluster full of VMs and containers in my basement. Do I need to get ID verified for each LXC container that has a user account?
What about the rest of the world? So fucking stupid and myopic.
https://www.tomshardware.com/software/operating-systems/california-introduces-age-verification-law
#ageverification #california #newsom #gavinnewsom #privacy #stupidity #azure #aws #selfhosted
About time I did my #introduction
I'm a husband of 1, father of 3, also caretaker of 4 chooks and 1 turtle.
I live in #Adelaide, South Australia.
I work for SixPivot as a Senior Developer, mostly on #Azure and #dotnet for our clients.
I help organise the Adelaide .NET User Group and DDD Adelaide conference.
I am a Christian and attend Seeds Uniting Church.
I'm in a band 'Sevenfold' with some friends (elec. bass, 'cello and vocals).
I like dad jokes, gardening, cycling and desserts 😀
Thread 1/3
Mein AG aus #eu verdient Geld mit #aws #gcp und #azure, ist voll #microsoft Arschkriecher und rät auch noch zu der #spyware verdient am #windows11 rollout.
Intern sind wir im Falle von #ai Nutzung dazu angehalten, unseren "eigenen" Chatbot zu nutzen, der auch nur eine hauseigene WebUI vor #openai #chatgpt in einem Azure Tenant ist. Weil der spioniert ja nicht unsere Geschäftsgeheimnisse aus, das normale ChatGPT oder der #copilot in Windows schon.
Wow, moving an IP address between two #Azure subscriptions takes over an hour (and counting) and it has to be disconnected from a VM while doing so. How on Earth do you design infrastructure where an operation that should be updating one table in a database takes so long? Even manual telephone exchanges could do the equivalent operation faster.
Fix the Missing NuGet Packages Folder in #Azure #DevOps - #dotNet
https://improveandrepeat.com/2026/02/fix-the-missing-nuget-packages-folder-in-azure-devops/
Well, now I feel stupid. I finally figured out why, since upgrading to Debian 13/trixie, there are some websites I couldn't connect to, but only over IPv6, they work fine on their IPv4 address.
Fucking MTU.
I'd for a long time had an IPv4 iptables rule to force the MSS (maximum segment size) on outbound packets to `1400`. But I never put in an equivalent for IPv6.
I use 'jumbo packets' on the LAN between desktop and server, which means an MTU of 4088 (for that pair of NICs). So anything forwarded out was using an MSS of 4088 as well.
The issue only showed up for *some* sites, and only for IPv6, and only on 13/trixie because:
1. 13/trixie uses openssl 3.x, not the older version, which has slightly different cipher suites etc in the default config.
2. IPv6 addressing makes packets that little bit bigger.
3. I've only ever observed the issue with MS Azure/Edge hosts.
What was happening was that the first part of the "Server Hello" after a "Change Cipher Spec, Client Hello" from my end was being lost, as the TCP level packet was too large and fragmented... but the first fragment was too large for my PPP link.
So, added an ip6tables rule to do the set-mss thing as well, and now it works.
Day 531. Once you have enabled a Web Application Firewall on your #Azure Application Gateway by associating a WAF policy, there is no way to disable the WAF again. The only way to get rid of the WAF is to delete the Application Gateway and recreate it again. That seems like a completely arbitrary limitation and will hit you hard once you decide you no longer want to use the WAF feature.
Day 530. When creating an #Azure Log Analytics Workspace data export rule through #Terraform and you use a name that does not comply with the naming constraints, the Azure provider will tell you that this name is not allowed, but won't tell you what's wrong.
Tip: The names are not allowed to have an underscore.
Day 529. When you click on this "Copy to clipboard" in the #Azure Portal in the Application Gateway overiew, it doesn't only copy the gatway's Public IP address but also the name in the brackets. How is that helpful?
Day 528. On day 425 we showed how #Azure finally introduced a workaround for a limitation in their Private Link DNS integration concept by allowing the Azure DNS resolver to fall back to Public DNS in case a Private Link DNS zone does not have a corresponding DNS record. This could be a really useful feature for Private DNS zones in general, but for some reason you are only allowed to use it for Private Link DNS zones.
Day 527. The only documentation you can find about supported log categories for the #Azure Application Gateway uses log table names which are for some reason different than the actual log category names. How do you find the names of these log categories to enable them using Terraform when there is no documentation? Easy, just look into the API requests the Azure Portal is doing when you enable them through the GUI.
Part 3 of "A Guide to Implementing ActivityPub in a Static Site (or Any Website)" is just out the oven!
In this blog post, I explain how to make your blog discoverable in the Fediverse as an account, and also address some of the annoying pitfalls I encountered.
Full article here: https://maho.dev/2024/02/a-guide-to-implementing-activitypub-in-a-static-site-or-any-website-part-3/
If you like it don't forget to follow the @blog !
#fediverse #activitypub #static-sites #hugo #azure #mastodon #web-development #social-web #webfinger #http
Day 526. Following up on the shit from day 514 where the #Azure #Terraform provider tries to read registered Azure providers even though you tell it not to. #Microsoft's response: This is expected behavior and how about you disable enhanced provider validation for ALL of your Terraform providers by setting an environment variable?
Hi, I'm Kurt! #Introduction time! I love Mastodon & you'll find me posting about #StarWars, #Microsoft, #UCLA & #squirrels. I love discussing #dogs, #xbox, #Hawaii #sake, #Azure, #LasVegas, #sushi, #StarTrek #StrangeNewWorlds, #TheLastOfUs, #Fallout, #Andor, #Firefly, #Peacemaker, #GalaxysEdge & #Disney. I'm into details, have a strong sense of empathy & dislike bullying & thoughtlessness. You'll find me instablocking pedants, trolls, & ReplyGuys. I'm a Technology Strategist for Microsoft.
Day 525. With 91 characters, the error "ThirdPartyPrivateLinkServiceProvidedDuringPrivateEndpointCreationDoesNotExistOrIsNotVisible" takes the record for the longest #Azure error name we have seen so far.
Day 524. Deleting this #Azure VM disk just failed with HTTP error code "undefined".
Hi! I’m Moof! And as I’ve changed to this server, an #introduction is in order
I'm #British-ish, and speak (and write in) #en, #es, #fr & #cat. I live in #Barcelona, and I'm #queer (he/him)
I programme boring things for interesting businesses centring around #Logistics, mostly in #Python on #Azure these days.
I filter my life through #ADHD. I am an #introvert, and I drink oodles (and oolongs) of #tea both in mugs and #GongFu style.
