The Modern .NET Show

Hayden Barnes, a security-focused .NET developer and consultant with HeroDevs, explains a critical ASP.NET vulnerability CVE-2025-55315. He breaks down how HTTP chunk parsing and CRLF quirks enable request smuggling. He covers which runtimes are affected, why scanners can miss older installs, short-term mitigations, and options for post‑EOL patching and upgrades.

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by RJJ Software's Strategic Technology Consultation Services. If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "There's a good chance it's not gonna flag for you that, you, know your point of sale system is on .NET six and is now vulnerable, you know. So to a certain extent, companies often aren't even aware and this is something I've learned to be in this space. They're not aware. If they are aware, they know they need to upgrade. They're not sure, you know, when they're gonna find the resources, the time, the capital to upgrade"— Hayden Barnes Hey everyone, and welcome back to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. I'm your host Jamie Taylor, bringing you conversations with the brightest minds in the .NET ecosystem. Today, we're joined by Hayden Barnes to talk about HeroDevs and their Never Ending Support offering; a service where HeroDevs backport security fixes from later versions of dependencies, allowing companies to hold off on upgrading their important dependencies until they are ready to. "In some cases we simply hire the upstream developer or the upstream development team and they can continue to work on new features and the latest versions while maintaining the post-EOL versions and backporting those security updates. In some cases, we hire that library maintainer on contract."— Hayden Barnes Along the way, we talked about how the release schedule for .NET (one year per major release, with rolling support for up to 36 months) is a little to agile for some enterprise companies, and how HeroDevs can help. We also talked about how, where possible, HeroDevs actually hire the open source maintainers for packages to do the backporting, feeding funding back into the open source ecosystem. We also mentioned that this support doesn't just apply to post-end-of-life for versioned software. We also talk about the very unfortunate position where a developer is suddenly unable to support their work. An example that I bring up is previous guest on the show Jon P Smith, who in 2024 was diagnosed with dementia; meaning that at some point his libraries will need to be passed on to other open source developers. During the recording, I couldn't remember Jon's name, and for that I apologise. Jon has a very in depth blog post about the start of his journey with dementia called "How to update a NuGet library once the author isn't available." Please go read his blog post when you have the chance. Before we jump in, a quick reminder: if The Modern .NET Show has become part of your learning journey, please consider supporting us through Patreon or Buy Me A Coffee. Every contribution helps us continue bringing you these in-depth conversations with industry experts. You'll find all the links in the show notes. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-8/hayden-barnes-on-net-nes-why-we-need-a-new-approach-to-open-source-maintenance/ Useful Links: How to update a NuGet library once the author isn't available HeroDevs on X on YouTube on LinkedIn Hayden on X on LinkedIn on his blog Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show. Editing and post-production services for this episode were provided by MB Podcast Services.

Debbie O'Brien, a Microsoft engineer who builds Playwright community resources, breaks down Playwright and the MCP server. Short, clear takes on browser automation, CodeGen recording, and natural-language agents that drive browsers. Hear how AI uncovers edge cases, recreates bugs, and uses accessibility snapshots to find elements reliably.

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by RJJ Software's Strategic Technology Consultation Services. If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "And we talk about that contract. We say, "this is your contract. This Open API definition that you have is the contract for your service." And in the end, that's how customers interact with Azure is through APIs. And so it's important to have that contract so that customers know how things work, how to use them, hopefully how to use them easily, right?"— Mike Kistler Hey everyone, and welcome back to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. I'm your host Jamie Taylor, bringing you conversations with the brightest minds in the .NET ecosystem. Today, we're joined by Mike Kistler to talk about two topics (we usually only tackle one topic per episode, so you're getting a bonus with this episode): Open API and both MCP and the MCP SDK for C#. We started our conversation by focussing on Open API, as this is a passion of Mike's. We talked about what it is, how you've likely already been using it with any ASP .NET Core WebAPIs that you've worked on, and how the latest versions of ASP .NET Core can generate a lot of the Open API specification for you without having to add lots and lots of metadata an attributes. Pro tip: If you've been using the Swagger UI in your applications, you've been using Open API. "And when the LLM decides that it wants to use an MCP tool or access an MCP resource, it doesn't go and do that directly. It comes back to the MCP host and asks the MCP host to call a tool with a particular set of parameters, or to access an MCP resource. And at first, when I saw this in the MCP architecture, I thought, "boy, that's clunky. Why not have the LLM just call these things directly?" And there's a deliberate reason why it was done this way."— Mike Kistler We then pivoted over to talking about MCP (or Model Context Protocol) which is a rapidly evolving standard for creating your own agents and applications which can communicate with or be instructed by, LLMs. We talked about how the MCP standard works, and how the standard is written in such a way that there's always a human in the loop. We also talked about how you can build your own MCP servers using the MCP SDK for C#. It's worth pointing out that both MCP and Open API are evolving standards. While Open API tends to evolve with a much more relaxed pace, the MCP standard (having not even reached a year old when we recorded) uses the date as it's version number. And Mike actually references the latest version of the MCP spec in our conversation, which will give you a clue as to when we recorded it. Before we jump in, a quick reminder: if The Modern .NET Show has become part of your learning journey, please consider supporting us through Patreon or Buy Me A Coffee. Every contribution helps us continue bringing you these in-depth conversations with industry experts. You'll find all the links in the show notes. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-8/building-the-future-of-apis-mike-kistlers-insights-on-openapi-and-mcp Useful Links: OpenAPI API Blueprint RAML ProducesResponseType attribute Minimal API TypedResults S07E16 - From Code to Cloud in 15 Minutes: Jason Taylor's Expert Insights And The Clean Architecture Template GitHub MCP Server MCP Transports MCP C# SDK Current version of the MCP spec as of the date of recording (aka version 2025-06-18) Microsoft MCP Servers List Mike on LinkedIn .NET Community Standup Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show. Editing and post-production services for this episode were provided by MB Podcast Services.

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by RJJ Software's Strategic Technology Consultation Services. If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "What do I mean by compute? Compute is whenever you want a computer to do a thing, okay, it requires the CPU to exist and I want the CPU to do a thing. How well it can do it Is based upon what kind of CPU you have. What kind of CPU they have since have it in miniature chip. So, if you have an NVIDIA chip, it does a lot of really good things, but as we know, they're very expensive, and that's why NVIDIA is like what, I guess, the largest company in the world right now."— Michael Washington Hey everyone, and welcome back to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. I'm your host Jamie Taylor, bringing you conversations with the brightest minds in the .NET ecosystem. Today, Michael Washington joined us to talk about his open source project "Personal Data Warehouse", what a data warehouse is, and the why we collect data in our applications. We also talk about the differences between storing data in the database and storing it in a data warehouse—one of the biggest differences, as you'll find out, is the difference in cost. "The only reason why we collect any data is because at some point a human being needs this data to make a decision. Seriously, and I challenge anyone to come up with any exceptions to that."— Michael Washington Along the way, we talked about the benefits and pitfalls of leveraging AI (particularly LLMs) in your applications. Both Michael and I agree that there is little "intelligence" in LLMs in the traditional sense, and Michael brings up the most important point when deciding to an LLM in your application: that a human must always make decisions based on what data they have and what the LLM can provide. We must never hand over decision making to LLMs. Before we jump in, a quick reminder: if The Modern .NET Show has become part of your learning journey, please consider supporting us through Patreon or Buy Me A Coffee. Every contribution helps us continue bringing you these in-depth conversations with industry experts. You'll find all the links in the show notes. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-8/data-ai-and-the-human-touch-michael-washington-on-building-trustworthy-applications/ Useful Links: Apache Parquet Personal Data Warehouse on: Windows App Store GitHub Michael on: Find an MVP GitHub Bluesky Blazor Help Website blazordata.net AI Story Builders Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show. Editing and post-production services for this episode were provided by MB Podcast Services.

Jerry Nixon, Principal Product Manager at Microsoft focused on Azure SQL and developer tooling, and lead on Data API Builder. He discusses simple, pragmatic API design and when to choose GraphQL versus REST. He explains the difference between app APIs and data APIs, designing for maintainers, stateless scalability, caching and queues, and how Data API Builder exposes databases via REST/GraphQL.

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by RJJ Software's Strategic Technology Consultation Services. If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "I think, regardless of how technology evolves, it's very important and us the most important thing is for us to be decent and understanding of each other and to be willing to like work towards a common goal."— Safia Abdalla Hey everyone, and welcome back to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. I'm your host Jamie Taylor, bringing you conversations with the brightest minds in the .NET ecosystem. Today, we're joined by Safia Abdalla. Safia is one of the engineers at Microsoft who works on ASP .NET Core, meaning that most of her work is in the open. We talk about Safia's journey in development, what it means to work entirely in the open, and what it's like to read through and triage issues on the ASP .NET Core repo. "I have certain people in my open source career who I have met and interacted with on a number of different projects, And the ones that stand out as great mentors and role models for me were people who were so good at creating psychological safety in open source spaces so that people could present their ideas. And they were really good at uplifting other people's ideas and pushing them further."— Safia Abdalla We also talk about the importance of interpersonal skills in modern software engineering (whether you're working in open source or not), psychological safety, and the importance of self-reflection in our day-to-day work. Before we jump in, a quick reminder: if The Modern .NET Show has become part of your learning journey, please consider supporting us through Patreon or Buy Me A Coffee. Every contribution helps us continue bringing you these in-depth conversations with industry experts. You'll find all the links in the show notes. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-8/compassionate-coding-safia-abdallas-insights-on-empathy-in-open-source-development/ Useful Links: Safia on GitHub Safia on Bluesky Safia's website ASP .NET Core issues on Github Podcast editing services provided by Matthew Bliss Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show. Editing and post-production services for this episode were provided by MB Podcast Services.

Strategic Technology Consultation Services This episode of The Modern .NET Show is supported, in part, by RJJ Software's Strategic Technology Consultation Services. If you're an SME (Small to Medium Enterprise) leader wondering why your technology investments aren't delivering, or you're facing critical decisions about AI, modernization, or team productivity, let's talk. Show Notes "From the first engagement with any from Umbraco, it's been a friendly approach. We are friendly. It's a part of our DNA. Professional. We take our work dead seriously, but we want to have fun, but we are friendly."— Mats Persson Hey everyone, and welcome back to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. I'm your host Jamie Taylor, bringing you conversations with the brightest minds in the .NET ecosystem. Today, both Emma Burstow and Mats Persson of Umbraco are here to share their expertise on building Umbraco—a completely open source CMS, known as the friendly CMS. Emma is Umbraco's Director of Developer Relations and Mats is their newly appointed CEO. "One of our values is openness. And once again, I'll say we really walk the walk. So we alert people early. We work in public, truly. We don't just, you know, update things on git as in terms of code. We write words around it. We have discussion boards We have ongoing issues that are open, and we talk to people that are working with the product"— Emma Burstow We also dive into what it's like to build Umbraco completely in the open, which led to some fascinating insights into how to build and manage a world-wide community of contributors, but also how to help manage expectations of those developers and technologists. Before we jump in, a quick reminder: if The Modern .NET Show has become part of your learning journey, please consider supporting us through Patreon or Buy Me A Coffee. Every contribution helps us continue bringing you these in-depth conversations with industry experts. You'll find all the links in the show notes. Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-8/umbraco-unplugged-emma-burstow-mats-persson-on-umbraco-the-friendly-cms/ Useful Links: Umbraco homepage Umbraco Community Umbraco on LinkedIn Emma on LinkedIn Mats on LinkedIn Podcast editing services provided by Matthew Bliss Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show. Editing and post-production services for this episode were provided by MB Podcast Services.

Jonah Andersson, Azure MVP and senior cloud DevOps lead who wrote Learning Microsoft Azure, walks through starting cloud migrations and modernizing .NET apps. He highlights using the Cloud Adoption and Well-Architected frameworks. He talks about AppCAT for Visual Studio, CI/CD and IaC, choosing between containers and app services, hybrid strategies like Azure Arc, and free learning resources.

In this engaging discussion, Mark Fussell, CEO of Diagrid and the original lead on the Dapr project, shares his experience at Microsoft and how it shaped Dapr. He explains how Dapr simplifies building distributed applications with features like service discovery and Pub/Sub messaging. Mark highlights Dapr's integration with various languages and its capability to modernize existing monoliths into microservices. He also introduces Dapr's workflows for durable orchestration and the exciting potential of AI integration.