https://olegkarasik.wordpress.com/atom

This time, there will be no introduction to the new issue of .NET R&D Digest. Just an invitation to read and learn something new

This issue includes bits of computer science, AI (a lot of AI), academic papers, software development, architecture, performance, scheduling, C#, C++, .NET and .NET Internals.

1. You can beat the binary search (by Daniel Lemire)
   All software engineers (at some point of their career) learn about standard, well-known algorithms (for instance quick sort or binary search) and data structures (like binary tree or linked list). These things seem carved in stone and make an impression that nothing can beat them. However, majority of these algorithms and data structures were designed for absolutely different hardware (compared to what we have now) which had different constraints than we have today. In this post Daniel Lemire (X, BlueSky) demonstrate how you can write a “quarterly search” algorithm, which works faster than binary search. As always, the post includes of C++, SIMD instructions and interesting comments.

1. LLMs Corrupt Your Documents When You Delegate (by Philippe Laban, Tobias Schnabel and Jennifer Neville)
   Knowledge management is probably one of the most fundamental tasks humans do. Today, when AI is applied everywhere, it seems natural to also apply it to the knowledge management. However, before doing so, it makes sense to verify – is it safe to delegate such work to an AI? In this paper Philippe Laban, Tobias Schnabel and Jennifer Neville created a special framework to evaluate the effect of delegating work LLMs and performed a detailed analysis of how such delegation affects them.
2. Running AI agents safely in a microVM using docker sandbox and Running AI agents with customized templates using docker sandbox (by Andrew Lock)
   Modern AI tools (for instance GitHub Copilot CLI) can spin up an agent, which is capable of running scripts, analysing the output, invoking existing tools and so on. However, one of the major problem here is a necessity to approve each and every tool or script invocation. Of course, you can let agent to to run everything it needs but on your own risk. Wouldn’t it be cool to have a safe environment where you can just run the agent without worrying about the main system? In these posts Andrew Lock (X, BlueSky) describes an experimental Docker feature – sandboxes, which essentially allows you to spin-up an isolated microVM with an agent inside it in the “Yes” mode, without being afraid of it causing any kind of irreversible damage.
3. From Technical Debt to Cognitive and Intent Debt: Rethinking Software Health in the Age of AI (by Margaret-Anne Storey)
   Software (as all mechanisms in the world) has multiple dimensions – one is what it does and what problems it solves, the second is why it does things in this specific way, and the third is how it works internally. Before the appearance of the generative models, a lot of such context (especially, second and third dimensions) lived in the heads of developers who wrote the code. However, today the situation changed. In this paper Margaret-Anne Storey describes how shift “from developers write code” to “AI writes code” affect the long term software health, and how teams who heavily relies on AI can mitigate new “Cognitive” and “Intent” debts.
4. Introducing dotLLM – Building an LLM Inference Engine in C# (by Konrad Kokosa)
   What can one software engineer can do in two month? In general, there is no single answer to that question because it greatly depends on the task and on one’s skills and motivation. However, if you state the question like “What Konrad Kokosa can do it two months?”, then there is an answer: he can build and LLM Inference Engine in C# In this post Konrad Kokosa describes what exactly building an LLM inference engine is, why to build it in C# and how he made an efficient use of AI tools to make this happen. The post is a nice example of practical experience of using AI to build a real application.

1. Architecture Decision Record (by Martin Fowler)
   In contrast to many things around us, software has an ability to continuously change and evolve. In the practical sense, this means that software continuously (and quickly) adapts to the new requirements and constraints. Such rapid change of things makes the understanding of “why it was done like that” quite hard to understand. In this post, Martin Fowler (X, BlueSky) describe what “Architecture Decision Record” is, and how it helps to not only capture the important decision but to also preserve the context of how application changed overtime. In the end of the post, there is a link to a great post (which actually coined the term ADR) by Michael Nygard, which is definitely worth reading.

1. Removing byte[] allocations in .NET Framework using ReadOnlySpan (by Andrew Lock)
   Every year, new release of .NET brings more and more performance improvements. We get so used to the thought that “new .NET” is fast", that working with .NET Framework feels like dark ages (not without a reason). Fortunately, some of the .NET performance improvements can projected back to .NET Framework, making a situation slightly better (just a bit). In this post Andrew Lock (X, BlueSky) demonstrates how you can use ReadOnlySpan to shave some of the allocations in the .NET Framework code. As always, the post is very detailed and easy to follow.
2. Configuring contextual options with Microsoft.Extensions.Options.Contextual (by Andrew Lock)
   .NET has a well-established configuration subsystem – it supports various configuration sources, automated reloading, snapshots and of course, dependency injection. However, it turns out that someone, has thought a bit more about how options can be used and proposed an idea of “contextual options”. In this post Andrew Lock (X, BlueSky) describes what “contextual options” are, where do they came from and how you can try to use them, if you can think of a good use case. As always the post is great and full of code samples and interesting details. However, there is no 100% understanding of where “contextual options” can be applied and whether it makes sense to even try the experimental package (so this post is more about widening the views).

1. Evaluating CRON and RRule expressions in .NET (by Gérald Barré)
   Background workers are a backbone of many software products. They clean up the garbage, synchronise data, create reports, populate caches and so on and so forth. We used to define their schedule by setting the CRON or similar expressions in the orchestration systems, which support them out of the box. But what if we want to add the CRON support to our own applications? In this short post Gérald Barré (X, BlueSky) describes what CRON and RRule expressions are and shares the package, he created, to parse these expressions in .NET.
2. Suppressing Roslyn Analyzer Warnings Programmatically using DiagnosticSuppressor (by Gérald Barré)
   Roslyn analysers are great for enforcing coding standards and solution wide best practices. However, they have a small downside – sometimes they might be a bit too aggressive or generate false positive results. By default you either ignore them (and let warnings grow in the project output), or suppress them every time they mess up (and bloat your code). In this short post Gérald Barré (X, BlueSky) describes how you can write a special type of analyser to suppress warnings from other analysers

1. Let’s debug async/await in C#! and Dissecting ConfigureAwait in C# (by Sergiy Teplyakov)
   Despite of being a part of .NET for more than a decade (originated in .NET Framework 4.5) async-await still remains a confusing topic for many .NET developers: when state machine is allocated, what is the difference between awaiting the Task before return and returning the Task without awaiting it, what is ConfigureAwait and so on. In these two videos Sergiy Teplyakov (X, BlueSky) dives into the internals of async-await machinery by stepping through the code and drawing sequence diagrams. Recommended to watch if you want to solidify your understanding of async-await.

One more month has passed and with it the first quarter of the 2026 has been closed. However, it feels like a full year – everyday, technology landscape is shaken with the new developments, and it is almost impossible to keep up with everything. That is why I hope, this issue of .NET R&D Digest can narrow the gap for just a bit!

This issue includes bits (or I would rather say bytes) of AI, bits of software development, operating systems, web, diagnostics, performance, C++, C#,  and of course .NET and .NET Internals.

1. Context Anchoring (by Rahul Garg)
   Implementing custom, multi-step features tend to take a significant time. When you are working by yourself, then you keep in mind every decision and every choice you made. However, when you are working with the assistance of AI agents, the long sessions doesn’t work in the same way. AI Agents have a limit context to fit everything (decision, command, previous outputs) and when the session spans multiple day, they start to forget things. This puts you in a front of the hard choice – to restart the session and lose everything, or to keep pushing. In this post Rahul Garg describes how you can avoid such trap by “anchoring” the most critical parts of the context in something, that looks like “feature architecture decision records”.
2. Writing about Agentic Engineering Patterns (by Simon Willison)
   Software Engineers love patterns (and hate them at the same time). They are essential building blocks which help us to tie up together different parts of our systems, draw boundaries and steer our thinking. However, when it comes to agentic coding – there is no code to apply patterns to, and (to be honest) AI doesn’t really care about such things. So what to do? – identify and document new patterns! In this post (or better say – a on-going guide) Simon Willison (X, BlueSky) describes what agentic engineering is, the principles working with coding agents, what coding agents essentially are, why code became cheap and why using agents doesn’t mean writing a bad code. Highly recommended to read.
3. Harness Engineering (by Birgitta Böckeler)
   Humans and Agents in Software Engineering Loops (by Kief Morris)
   What is the place of a human in the age of AI? Should we just type our ideas and “ralph” our way to success? Or should we actually stay on lowest level acting as gatekeepers? Or … maybe we need to follow the path and start creating automated quality gates, maintaining perfect documentation, putting all system knowledge into markdown files and creating a “harness” for AI to deliver high quality product? In the first post, Birgitta Böckeler describes what “Harness Engineering” is and what we need to consider if this is the path forward to better AI development. In the second post Kief Morris describes different ways of how AI and human can work together and focus on how we can leverage better harness and change our way of work to benefit from the AI code generation.
4. Ten Months with Copilot Coding Agent in dotnet/runtime (by Stephen Toub)
   What is the real impact of AI Agents on the huge and complex codebase? Can agent autonomously fix a bug? Can agent perform performance optimisation? What is required for agents to work efficiently? How agents change the role of engineers? In this post Stephen Toub shares a ten month of experience of applying AI Agents to the dotnet/runtime repository. The post includes a lot of statistics about impact of AI (in terms of PRs), and a lot of guidance of how .NET team gradually increased the impact by better documentations (AGENT.md and friends), custom skills (to run build and performance pipelines) and by change of their workflow. Along the line, Stephen share how his role has changed since the massive adoption of AI Agents. Highly recommended to read.

1. You can use newline characters in URLs (by Daniel Lemire)
   We type (or paste?) URL in the browser’s address bar multiple times a day – sometimes by directly entering it and sometimes by just clicking on the links. In all these cases, URLs look like a long line of characters. In this post Daniel Lemire (X, BlueSky) describes why URLs aren’t bound to be single-lined and provides a set of examples of how this can be used in practice. As always, the comments section is also worth reading.

1. Writing a .NET Garbage Collector in C#  –  Part 8: Interior pointers (by Kevin Gosse)
   In the continuation of great, deep dive series about garbage collection (it is an 8th post already) Kevin Gosse (X, BlueSky) continues to share knowledge about GC internals. In this post demonstrates how you can apply writing a custom handling mechanism for interior pointers! As always the post is a great technical write up and pleasure to read. The series is highly recommended for all .NET developers.
2. YARP as API Gateway in .NET: 7 Real-World Scenarios You Should Know (by Anton Martyniuk)
   In micro-services architecture it is important to ensure that each service has the correct implementation of authentication and authorisation, supports versioning, can be scaled horizontally and so on and o forth. These are a lot of concern. One of the way to address them is to use a so-called API Gateway – a service, placed in front of the others, which is focused solely on implementation of these cross cutting concerns. In this post Anton Martyniuk describes how you can use YARP (a .NET reverse proxy) in this role. The post is very detailed and is focused on common practical scenarios. Every scenario is accommodated with code samples, visualisation and detailed description.
3. System.Diagnostics.Metrics APIs (by Andrew Lock)
   Collecting information about how your software works is, no doubts, important. Without such information it is almost impossible to understand what and how users actually use, and how application responds to these usage patterns. In this series of four posts, Andrew Lock (X, BlueSky) describes and demonstrates what metrics are embedded into .NET Runtime, what types of metrics .NET supports and how you can instrument your application with custom metrics. The series does a great job of explaining both the basics of how to get started and showing internal details of how the whole facility works. Highly recommended to read.

1. Reserved filenames on Windows (CON, PRN, AUX, NUL…) (by Gérald Barré)
   It is a common things for operating systems to have reserved file names and to prohibit some of the characters in the path. These limitations usually comes from the fact that a lot of stuff in the operating systems are actually stored and managed as files (just take a look at Windows CreateFile API, which is used literally everywhere). In this short post Gérald Barré (X, BlueSky) enumerates the reserved file names in Windows, explains their purpose and demonstrates how you can bypass these restriction and create files which can cause File Explorer to behave unexpectedly.
2. Creating case-sensitive folders on Windows using C# (by Gérald Barré)
   I believe, almost every Windows user knows – Windows is case insensitive: Work.txt and work.txt are treat as the same file name. However, in this post Gérald Barré (X, BlueSky) demonstrates how you overrule the common wisdom and actually make file names case sensitive. The post is a practical demonstration of how to enable / disable case sensitive directories by using both fsutil and Windows API.

1. Implementing RFC-compliant HTTP caching for HttpClient in .NET (by Gérald Barré)
   Caching is an effective way to eliminate the need to perform the same operation, more than required – for instance, in network scenarios, caching is used to avoid requesting the same resource twice, especially if the resource instance stored in the cache is valid. However, the correct implementation of caching mechanism is not an easy thing. In this small post Gérald Barré (X, BlueSky) describes what HTTP caching is, what RFC defines how it works and then demonstrates how you can enable it for the HttpClient using the Meziantou.Framework.Http.Caching package.

1. Keynote: AI-Powered App Development (by Steve Sanderson)
   AI-Powered application development is a hype topic. All of the web is flooded with the blog posts about how people manage dozens of agents simultaneously and write the whole SaaS product overnight. However, if you have ever wrote an application from scratch, then these stories do not sound “real”. So, how to understand what is true when it comes to AI? One of the way it to see how people really apply it practice. In this presentation Steve Sanderson (X, BlueSky) shares both his personal experience and how the GitHub Copilot CLI team uses AI agents on daily basis. The whole presentation is done as a mix of entertaining life-coding and slides. One of the interesting points of the talk is the description of how AI Agents change the workflow and what issues it brings.
2. How C++ Finally Beats Rust at JSON Serialization (by Daniel Lemire and Francisco Geiman Thiesen)
   Serialisation and deserialisation are one of the most common operations in today software development – we persist information on disks, we exchange information on the fly, and of course we transform information into intermediate formats. In some systems, this happens so often that serialisation / deserialisation speed can become a bottle neck. In this video Daniel Lemire (X, BlueSky) and Francisco Geiman Thiesen describe how they used C++ 26 reflection capabilities to create a simple API for the simdjson library, which demonstrates stunning performance, partially because a lot of processing was moved from the runtime to compile time (it is fascinating to see how the reflection capabilities in C++ and related ideas actually resemble the .NET source generators).

The February is left behind. The Spring is coming and with it, new projects, new challenges and of course a new issue of .NET R&D Digest!

This issue includes bits of AI, software development, performance, operating systems, C#, patterns, and of course a lot of .NET and .NET Internals.

1. Logits, logprobs, and temperature (by Konrad Kokosa)
   LLMs work by predicting the next word. Seems quite simple until… well, how do they predict a whitespace between words? Is it counts as a separate word? What is a “word” for the LLM? Is it possible to see the “probabilities” for the “words” or this information is internal to the model? In this post Konrad Kokosa dives into the details of LLMs, explaining how they see “words”, where the whitespace comes from, how temperature affects the results and how some of the models allows to look into the “probabilities”.
2. So whats the next word, then? (by Matthias Kainer)
   Large Language Models work by predicting the next word. The prediction is not random. It is based on the LLM training data and input context. However, can you explain (just for yourself) how the “next word” is actually gets predicted? In this post Matthias Kainer describes how LLMs “understand” the context, focus their “attention” and predict the next word. The post is a great introduction into how LLMs work, what they are capable of and why they actually hallucinate.

1. Things You Should Never Do, Part I (by Joel Spolsky)
   One of the interesting things in software development is that software has a very long lifespan. You can write an application and it will keep working for decades. At the same time, software development is a place, where everyone wants to rewrite the “old” code. In this post Joel Spolsky describes why software developers are so eager to rewrite the code, why it is risky, and why complete product rewrite is not the best decision. Despite the post being quite old (around 25 years) it remains actual in today’s world. Recommended to read.

1. Getting Started With .NET Aspire 13: Building and Deploying an App With PostgreSQL, Redis, and Docker Compose (by Anton Martyniuk)
   Regardless of whether you are planning to use .NET Aspire for deployments or not, its local development component is undoubtedly great, and can be quite easily integrated into existing projects. So, if you haven’t touched Aspire yet, then I highly recommend you to start. In this post Anton Martyniuk demonstrates how to setup .NET Aspire for a new project, how to link all project components together, how to and generate docker-compose for potential deployments.
2. 10 Reasons to Upgrade to .NET 10 (by Anton Martyniuk)
   Upgrading to the new version of the framework is never easy – sometimes there are breaking changes, sometimes there are organisation complexities. In both cases, it is great to have a short list of “what is new highlights” instead of going through all of the release notes to understand the benefits. In this post Anton Martyniuk describes 10 reasons of why it makes sense to migrate to .NET 10. The list includes performance improvements, C# syntax improvements, new ASP.NET Core features and more.
3. How to Start a New .NET Project in 2026 (by Anton Martyniuk)
   New project setup is not an easy thing to do (especially, when the project has more than one C# project). You need to define the configuration, style guidelines, include some analysers, setup package policies and so on. In addition, you need to ensure that these settings flow to all projects introduced on later stages. This is quite a challenge. In this post Anton Martyniuk shares his approach to starting new projects. The post provides a good breakdown of how you can approach project configuration, and includes practical snippets which you can use in your own setup.
4. Encrypting Properties with System.Text.Json and a TypeInfoResolver Modifier (Part 2) (by Steve Gordon)
   In the second post of the series (about how to encrypt JSON properties), Steve Gordon (X, BlueSky) demonstrates how you can implement the encryption / decryption part using .NET cryptography API. Besides moving the main idea one step forward, the post includes multiple examples of low-allocation code (using Span and ArrayPool).
5. Writing a .NET Garbage Collector in C# (Part 6 and Part 7) (by Kevin Gosse)
   In these two posts Kevin Gosse (X, BlueSky) continues an excellent series about how to write a .NET GC in C#. The posts are focusing on implementing the Mark and Sweep phase: how to mark the object, how to find roots and so on. Both posts include a lot of .NET Internals information and some nice, purely algorithmic tricks like implementation of a free list. Highly recommended to read (as well as previous posts if you haven’t read them).

1. The cost of a function call (by Daniel Lemire)
   When it comes to software, absolutely everything has a computational cost, even function calls – every time you call a function, you need to pass the parameters, jump to the function, execute it, and return the result. However, the interesting fact, is that in majority of cases, while you code, you don’t notice these things. That is because the compilers inline a lot of function calls for us (to ensure we don’t pay the penalties for having a nicely structured code). In this post Daniel Lemire (X, BlueSky) describes what function inlining is, and demonstrates how inlining of the function affects the performance. As always, the post includes a link to the code, so you can try to run the benchmark yourself.

1. How To Delete a File in Windows (by Pavel Yosifovich)
   One of the interesting things about operating systems, is that there are usually more than one way of doing the same thing (and sometimes, they even have an internal difference). In this post (and in the accompanying video) Pavel Yosifovich describes and demonstrates different ways to delete a file in Windows. In addition, to the provided explanation the post shows, how you can use tools like ProcMon to actually explore the Windows yourself.

1. The way Dispose Pattern should be implemented (by Sergiy Teplyakov)
   Today, IDisposable interface has many uses (especially with help of using keyword). However, its main purpose was to help to free resources. Besides the IDisposable interface, the Disposable pattern was introduced, which purpose was to allow ahierarchy of classes to properly release resources. In this video Sergiy Teplyakov (X, BlueSky) describes the classic way of how to implement Disposable pattern, then he describes why we should stop implementing it, and, in the end, describes how to properly implement it, if we have to

We are in the beginning of 2026. What this year will bring us? More AI? – most probably. New version of .NET? – absolutely. A lot of interesting conferences? – no doubts. However, all these great things are yet to happen.

So, while we are preparing for all these, I am glad to share a new issue of .NET R&D Digest

This issue includes bits of philosophy, AI, tools, software development, C#, performance, diagnostics, security, architecture and of course .NET and .NET Internals.

1. The Magic of the Better Software Conference (by Ryan Fleury)
   It is unquestionably that group of passionate people having the same mission can create amazing things. However, when things start to grow, the group starts to grow (not all of them become passionate), and the mission becomes more and more tied to the money and how to generate them. This is a quite common scenarios (aka Enshitification). Can this be prevented? In this quite philosophical post Ryan Fleury brings up a few examples of how growth has changed the culture and vision of closed groups, and shares his experience of attending the invites only BSC conferences.

1. Conversation: LLMs and the what/how loop (by Unmesh Joshi, Rebecca Parsons and Martin Fowler)
   Appearance of LLMs (especially in scope of code) pushed software development community reflect on how exactly software developers create products, how we iterate, how we learn new things, how we accumulate knowledge in code and how we actually manage cognitive load in the huge projects. In this post Unmesh Joshi, Rebecca Parsons and Martin Fowler discuss how the software is written based on the requirements and how LLM can become a part of the “what” – “how” loop.
2. Useful patterns for building HTML tools (by Simon Willison)
   In the Internet, there is a lot of buzz around autonomous AI agents replacing software engineers to write enterprise like applications. Some people report great success in this endeavour, while others complain that agents can barely understand what is required to do – the debate is not over yet. At the same time, autonomous AI is quite good at creating small, focused applications (aka tools). In this post Simon Willison describes how he uses AI to build HTML tools (yep, every tool is just a single .html file). The post is full of ideas, patterns and hints on why to build pure HTML tools, how to host them, and how to extend their functionality beyond simple JavaScript. The post also includes a link to the GitHub repository where you can find the tools and logs of how they were built.

1. Software Performance Engineering: The Ideas I Keep Coming Back To (by Rico Mariani)
   Performance is an important part of any application. Users want to see actions take effect immediately, reports compile quickly and of course no delays between pages. However, despite these well known and quite obvious user expectations, a lot of software is quite opposite to that. In this post Rico Mariani shares 8 things (thoughts or ideas) you should always keep in mind when it comes to software performance, regardless of whether you are just working on a “one more feature” or specifically tuning performance. The post is a dense piece of wisdom. Highly recommended to read.

1. Making foreach on an IEnumerable allocation-free using reflection and dynamic methods (by Andrew Lock)
   One of the amazing things about modern .NET is that performance is the default part of every release – so things that previously required “tricks” to work faster now can be obtained by upgrading to the latest version. Unfortunately, not everyone can be on the edge, so the art of “tricky” optimisations is still here and it is still necessary in some cases. In this post Andrew Lock describes why on previous versions of .NET the foreach loop on IEnumerable interface could be slower than on concrete type, and demonstrates how you can employ dynamic code generation to improve the situation. As always, the post is very detailed and includes links to relevant materials and code snippets.
2. Named Global Query Filters Were Updated in EF Core 10 (by Anton Martyniuk)
   “Soft Delete” and “Same Database Multi-Tenancy” are common software development concepts, which classically, were implemented on the “repository” layer, which exposed the methods to get “actual” (filtered by is_deleted and tenant) and “all” (filtered by tenant) data. Later, Entity Framework Core introduced support for Global Query Filters which allowed to move that functionality much lower into the DbContext (with some limitations). In this post Anton Martyniuk describes what “Soft Delete” and “Same Database Multi-Tenancy” concepts are, demonstrates how they were implemented in the previous versions of Entity Framework Core, and then, shows how they can be implemented now, with the newly introduced “Named Query Filters”. The post is a good introduction into the above mentioned concepts and the standard way of implementing them in .NET.
3. Encrypting Properties with System.Text.Json and a TypeInfoResolver Modifier (by Steve Gordon)
   Encryption of PII (Personal Identifiable Information) or sensitive information (for instance, credit cards) is one of the basic security requirements when it comes to data management (in addition to encryption at rest and in transit of course). However, the exact implementation greatly depends on the technologies at hand – sometimes, it is just a matter of clicking a few buttons on the dashboard and sometimes, you need to implement the whole thing yourself. In the first post of the series, Steve Gordon describes why you might want to encrypt fields of the JSON object before storing it and demonstrates how you can hook up your custom code (which would do the encryption) right into the heart of the System.Text.Json.
4. Creating a .NET CLR profiler using C# and NativeAOT with Silhouette (by Andrew Lock)
   There aren’t many use-cases when you need to create custom CLR profiler. However, if you need to do it, then it is much better to do it in C# rather than in the unmanaged language. In this post Andrew Lock demonstrates how using a Silhouette library (created by Kevin Gosse in the series) you can quickly write a simple CLR profiler in C#. The post is a great illustration of how libraries simplify and speed up development of complex, low-level applications.

1. But where is my method code? DbgHelp comes to the rescue (by Christophe Nasarre)
   Modern debuggers do a tremendous amount of heavy lifting. Many actions which feel natural (like jumping from a call stack right to the source code) are in reality an interesting exercise of writing information during compilation into the dedicated file, then extracting it at runtime, and mapping it to the user request. In this post Christophe Nasarre demonstrates how you can use DbgHelp API to extract names and locations of managed methods at runtime right from the .pdb (program database) file. As usually, this post includes quite a lot of C++ code mixed with bits on .NET internals information.

1. Retrieve method source file location at runtime using Portable PDBs in .NET (by Gérald Barré)
   Reflection in .NET is a great way to inspect and modify objects at runtime. However, besides getting information about the object, reflection can be used to get any kind of metadata about the type. In this post Gérald Barré demonstrate how you can use reflection to read method file, line and column information from the .pdb (program database) file at runtime.

1. Lesson 122 – When Should You Replace Your Architecture? (by Mark Richards)
   All software engineers know – architecture is important. If you have a bad architecture, then everything will be slow and hard to maintain. In such case, it is obvious that the architecture needs to be changed. However, if you have a good architecture, do you need to replace it? In this 10 minutes lesson Mark Richards describes how changes in the business drivers influence software architecture and how to understand what is “good architecture” at the present moment.
2. Unlocking Modern C# Features Targeting .NET Framework (by Sergiy Teplyakov)
   New .NET and C# releases usually go hand in hand, which creates a feeling that these things must be used in tandem. Well, in some cases this is indeed true – there are C# features that can’t be used without a certain .NET Runtime – but in majority of cases this isn’t because a lot of new compiler features are very tricky and cleaver syntax sugar. In this video Sergiy Teplyakov describes how you can use the newest C# features in the different versions of .NET, how this is possible, what you might need to do, and how you can simplify all these by using certain NuGet packages.

2025 is coming to its end. Usually, at the end of the year, it is customary to sum up everything but instead of doing so I think we can focus on the future, which essentially means – holidays and free time you can spend on reading something new and interesting – like this issue of .NET R&D Digest

This issue includes bits of AI, vibe-coding, DDD, performance, software development, testing, C#, MSBuild, diagnostics, DevOps, and of course .NET, .NET Internals and something to watch.

1. Vibe coding a .pdb dumper or how I became a Product Manager (by Christophe Nasarre)
   AI tools are becoming a standard part of the development workflow. They are used to find information, try ideas and (of course) to generate some code. In this post Christophe Nasarre describes his journey of using the AI to write a utility to dump information about the functions from the .pdb files. The post is very detailed and represents an interesting example of how you can use semi-autonomous AI to create an application without writing a single line of code.
2. AI Is still making code worse: A new CMU study confirms (by Rob Bowley)
   There is a lot of buzz inside the IT industry about the use of AI to write code faster, better and with minimal human involvement. Unfortunately, with all the hype it is quite hard to understand the real, long term impact of the AI on the project. In this post Rob Bowley shares the results of the latest CMU (Carnegie Mellon University) research of the impact of AI tools on software projects over time. Highly recommended to read if you are interested in apply the AI on the project.

1. No, Your Domains and Bounded Contexts Don’t Map 1 on 1 (by Mathias Verraes)
   Domain Driven Design. Saying these three words can make you a friend or foe, depending on where you say them and what you say immediately after that. Because, well, people perceive the DDD differently. However, all of them (whether willingly or not) would agree that understanding of the organisation domain and projecting it into the code to solve problem is important (but everyone also understands this part differently). In this post Mathias Verraes describes the idea that business domain doesn’t have to match one on one to bounded contexts because they are intended to be used by the different audience. The post includes a few examples and is very easy to read. Highly recommended.
2. Common Performance Tuning Advice: Some Flaws (by Rico Mariani)
   Many modern applications have at least one dependency on an external system. Usually, communication between the application and these external systems is relatively slow (compare to the communication with internal services). So, there is a quite common opinion that you should not optimise something because “the database call takes 4 seconds, so these few milliseconds from the request itself does not matter”. In this post Rico Mariani describes how you can think about the you system as systems of queues, where every performance optimisations is something that improves the processing in a queue, which in turn might affect other queue and in combination, produce a significant and measurable effect.

1. Why Do You Need To Write Architecture Tests in .NET (by Anton Martyniuk)
   Keeping the architecture right on the large project with the large team can be a quite challenging task – especially, if you don’t have a documentation, or a very rigid code-review process. However, if you think about the problem, then you might notice that it is very similar to the “how to ensure the class works after someone made changes to it or related ones”, which we, for a long time, solve by writing unit and integration tests. In this post Anton Martyniuk describes what “Architecture Tests” are, how you can write them and how they can help you to keep the architecture on the right track.
2. Pass the State (by Szymon Kulec)
   When someone speaks about performance in software – it usually comes to the hardcore, low-level or niche optimisations, which sound cool when spoken but rarely met in the day to day work. So, sometimes, we tend to forget that performance in software also comes from the good quality code – when it at least avoids unnecessary allocations. In this post Szymon Kulec describes basic but so commonly overlooked issues with absolutely unnecessary state capture, and explains how to find and fix them. As always, the post is well written and easy to grasp.
3. Creating a custom MSBuild SDK to reduce boilerplate in .NET projects (by Gérald Barré) Starting a new project is always a hassle – you need to configure the code style (thanks to .editorconfig it has become much easier), include different analysers (to keep the minimal acceptable level of code quality), configure project settings – like warning as errors and so on and so forth. All these become especially important if you are creating a new project in the environment with established guidelines. In this post Gérald Barré describes how you can create a custom Sdk project to automatically apply a set of sensible defaults to all new projects.

1. Investigating a deadlock in Visual Studio (by Kevin Gosse)
   All applications we write (even the simplest ones) stay on the shoulders of operating systems, system libraries, application libraries and so on. This makes even a simple console application a huge machine with a lot of moving parts, which sometimes can conflict with each other and stuck. In this post Kevin Gosse describes how he faced and debugged a deadlock in Visual Studio. The post provides a step by step description of how you can find the root cause of the deadlock by analysing the memory dump of target process. In addition to that, the post highlights interesting points about debugging in general and presents a very interesting situation, which probably would be much harder to understand without having a prior experience with such cases. Highly recommended to read.

1. Performance trick : optimistic vs pessimistic checks (by Daniel Lemire)
   Software performance is tricky. Mostly because the thing that is really gets executed is not exactly the thing we actually write in the code. In this post Daniel Lemire describes the difference between optimistic and pessimistic checks, and demonstrates that without a proper implementation (usually a handwritten one) even the obviously better solution might show quite bad performance.

1. Automatically Signing a Windows EXE with Azure Trusted Signing, dotnet sign, and GitHub Actions (by Scott Hanselman)
   Executing an unknown executable from the Internet is not safe. That is why Windows warns you about the potential harm and requires an explicit action to run such an executable. Which is great until you realise that any application you write and publish (without any malicious intent) will be treated in the same way. Luckily, there is a way to avoid it by signing the application. In this post Scott Hanselman describes how you can sign the application by using Azure Trusted Signing service. The post includes detailed instructions on how to configure the service and use it to sign the application locally and as part of the GitHub Actions workflow.

1. Resolving Overload Ambiguity with Collection Expressions (by Gérald Barré)
   Method overload is a great feature of modern compilers which allows us (developers) to have multiple methods with the same name but with different set of parameters. In majority of cases, the compiler selects the correct “method” by matching it against the parameters list, which makes this feature feel so naturally. Unfortunately, sometimes, the parameters might match more than one overload, and in this case, the compiler usually yields an error. The good news is – C# compiler exposes a way to specify the priority of the method overloads. In this small tip Gérald Barré describes and demonstrates how you can use the [OverloadResolutionPriority] attribute.

1. Finalizers are trickier than you might think
   How Google Broke The Internet and Why It took 3 hours to recover? (feat. .NET Aspire) (by Sergiy Teplyakov)
   In the continuation of the great video series, Sergiy Teplyakov talks about potential issues you might face when implementing the finalisers for the objects wrapping unmanaged resources (great source of .NET internals by the way) and describes why even multi-service systems built for resiliency can become a victim of cascade service failures.
2. .NET Aspire Beyond the Introduction (by Chris Klug)
   All software projects have a lot in common. Sometimes, they look so alike that it is tempting to think that they are “almost the same”. Unfortunately, in reality, all software projects have their unique moments and challenges. That is why, all great and long-living software development tools have one thing in common (pun intended) – they are extensible. In this greatly delivered presentation Chris Klug demonstrates how you can extended .NET Aspire to “natively” support development and deployment use cases. The whole presentation is a live-coding session, which is very entertaining to watch. Highly recommended.

As always, November was a huge month for .NET – release of .NET 10 and C#14, new Visual Studio 2026 and of course a lot of blog posts, videos and tutorials – some of which you will definitely find here, in the new issue of .NET R&D Digest!

This issue includes bits of AI, software development, performance, licensing, security, philosophy, something to watch and of course .NET and .NET Internals.

1. The Learning Loop and LLMs (by Unmesh Joshi)
   Wikipedia has an article for everything, so we don’t need to know everything. Google can find everything, so we don’t need to remember everything. AI can do even more. It can do things for us, so we don’t need to do them. All these advancements are great. Until they don’t. When you don’t need to know, remember and do things then you are loosing an opportunity to learn, which is a fundamental step in life and software development. In this post Unmesh Joshi describes why continuous learning through writing code is an essential part of software development expertise and why it can’t be replaced with automations or LLM. The post is a great write up on the topic of importance of writing code to really learn the system, language and the platform you are working on. Highly recommended to read.

1. Pluralistic: The real (economic) AI apocalypse is nigh (27 Sep 2025) (by Cory Doctorow)
   AI. AI is everywhere. Every company does AI, every project integrates AI, all modern IDEs, instead of release productivity features include AI. Does this AI hype lead anywhere? Why, is it still hyping? Where this hype leads us? In this post Cory Doctorow describes the difference between the AI hype and the previous bubbles (for instance – Web), what we can do with it, and what can be the consequences of it. The post is in an interesting read, highly recommended.
2. A Software Engineer’s Guide to Reading Research Papers (by Abhinav Upadhyay)
   A part of software engineer’s job is to always stay up to date. Everyone understands this differently – some would say, all you need to do is to keep in touch with the latest advancements in the frameworks, libraries and tools you use on the projects (or in the company). Some would say that it is all about reading books and blogs. Well, and some would say – research papers because this is where you can find niche and sometimes cutting edge solutions to a lot of problems. Unfortunately, reading research papers is much harder than blogs, books or C# release notes. In this post Abhinav Upadhyay describes his approach to reading research papers which ensures you won’t be overwhelmed with the complexity and won’t spent an eternity on reading things you don’t need.
3. Beyond the Cache Line: Data Access Alignment for Predictable Storage Performance (by Szymon Kulec)
   It is impossible to talk about performance without mentioning memory or storage access, because in the end, it doesn’t even matter, how fast you can calculate if there is nothing to calculate (no data). Unfortunately, efficient memory and storage access is something that requires understanding of the underlying hardware and some of its, non-obvious rules. In this post Szymon Kulec describes what memory alignment is, how computers really access memory and storage (pages and blocks), and why order of the data access operations really matters. The post doesn’t have any extremely low-level examples – in contrary, all of these complex concepts are concisely explained with just words. Recommended to read.

1. Easier reflection with [UnsafeAccessorType] in .NET 10 (by Andrew Lock)
   Reflection is one of the most powerful features in .NET. It allows you to do literally everything: load and unload assemblies, access private fields (even change them), call private methods, replace static variables and of course – emit code at runtime. Unfortunately, in majority of cases, all these things are slow and, aren’t really supported by NativeAOT (where all of the things must be known at compile time), which makes all this power much harder to use. Luckily, .NET constantly improves performance and introduces new ways of doing reflection. In this post Andrew Lock describes the extension to UnsafeAccessor  feature (the UnsafeAccessorType introduced in .NET 10) which enables more scenarios for fast access to non-public types and their properties. As always, the post is very detailed and does a great introduction into UnsafeAccessor use cases. In the comments, you can find a link to a PR which gives more details on how this feature works internally.
2. Companies complaining .NET moves too fast should just pay for post-EOL support (by Andrew Lock)
   .NET team releases a new version every year. Some of these versions are STS (Short Term Support, which gives them 2 years of support) and some of them are LTS (Long Term Support, which gives them 3 years of support). However, it is not always easy to quickly migrate to the new version (well, sometimes, two years pass very quickly). So, what to do in such case? In this post Andrew Lock describes what does “support from Microsoft” means, why it is bad to use out of support versions and what you can do, if the upgrade is not an option. As always, the post is very detailed and rises an important question of software longevity.
3. Exploring the .NET boot process via host tracing (by Andrew Lock)
   The quite traditional answer to the question “what is happening with .NET application when you launch it” is something like “well, CLR loads the assemblies, then JIT compiles the Main, which is then executed”. In general, it is an okay answer, which demonstrates that you know about CLR and JIT, and that not all code is immediately compiled. Of course, this topic can be expanded by future questions related to GC, tired compilation and so on. However, if we stop for a moment and think about this answer, we would immediately realise that the real question is “How CLR gets started?” If you are curious as I was, then this post by Andrew Lock is definitely for you. In this post Andrew describes how you can enable “host tracing” when executing your .NET application to see all of the steps taken to actually start the CLR.
4. New Features in .NET 10 and C# 14 (by Anton Martyniuk)
   Every release of .NET and C# brings new features and improvements. The release of .NET 10 and C# 14 is no exception here. In this post Anton Martyniuk describes new features introduced in .NET 10 (dotnet app.cs), C# 14 (extensions everything), Entity Framework Core (execute update with JSON columns) and ASP.NET Core (Server-Sent Events). The post includes a detailed explanation of every feature and code snippets to illustrate them. It is a great overview of what was released.

1. Agentic AI and Security (by Korny Sietsma)
   The interesting thing about security, is that you can’t just do it in one place – you need to do it everywhere: for instance, it is not enough to protect the data with password, you need to store that password somewhere, and ensure that no one (except you) can access it. That is why, every time we use applications which do things on our behalf, we put our security under a potential risk. That is why, we do this with care – we aren’t entering our passwords in the applications we don’t trust. Unfortunately, when it comes to LLMs, we seem to forget about that. In this post Korny Sietsma describes what essential security problems LLM have (including the Lethal Trifecta) and provides a set of mitigation steps to minimise the potential risks. Besides having a great content the post is also full of links which you can explore for further reading.

1. Optimize GUID creation performance in .NET applications (by Gérald Barré)
   GUIDs are unique. That is why, we use them every time we need to create a unique identifier for something. Sometimes, these identifiers are created dynamically and sometimes, we know all of the GUIDs we need in advance. In this small tip Gérald Barré demonstrates how you can shave a few microseconds from your application startup time by fast-initialising the GUID identifiers.

1. .NET Conf 2025
   Imagine a set of videos dedicated to all new things of .NET 10. Add there some deep-dives, how to’s, and of course – AI (there is no way to have something without AI these days). In the result, you will get a fresh new playlist of the .NET Conf 2025.
2. Scott and Mark Learn To… The AI Productivity Trap: Senior Boost, Junior Drag (by Scott Hanselman and Mark Russinovich)
   At the current moment, it is still too early to say how AI would transform the software development industry. However, there are no doubts it will. In this video Scott Hanselman and Mark Russinovich discuss what effect AI already had on the industry, how it changes the roles of software engineers (Seniors and Juniors), how it affects the career path and who actually gets the AI boost.

In less than two weeks, on .NET Conf 2025, we would see a new .NET (and we would be able to try all of the stuff we read about release candidates so far), new C#, new Visual Studio and a lot of talks dedicated to what you can do with all of these (and probably a lot of AI related stuff).

However, two weeks are two weeks, and while we are waiting for the most important event in .NET world, I hope you can enjoy a new issue of .NET R&D Digest

This issue includes bits of computer science, AI, software development, parallelism, security, C#, .NET and of course some of .NET Internals.

1. The smallest number that is infinite (by Daniel Lemire)
   It might sounds quite strange (especially if you have never heard of it) but computers do have a notion of infinity, and know how to work with it. In this post Daniel Lemire touches on how computers handle floating point numbers, describes how computers treat infinity and demonstrates how you can find the smallest number that is considered infinite. This post is a great example of how interesting can be some of the things we use every day when writing programs.

1. To vibe or not to vibe
   Anchoring AI to a reference application (by Birgitta Böckeler)
   “Vibe coding” is a term that, since the era of AI, started to mean “write prompt, let AI do the work, commit, push” – which to be honest doesn’t seem like a good idea. However, it would be wrong to say, that delegating work to AI doesn’t make any sense at all – it all depends on the task, and the way how  you handle it. In these two posts Birgitta Böckeler describes a mental model you can use to decide when it makes sense to “vibe code” the concrete task (by actually performing a risk assessment exercise), and describes how you can improve the quality of AI output by using a reference application. The posts (and the whole series) are recommended to read if you want to “vibe code” something from time to time.

1. Multi-Core By Default (by Ryan Fleury)
   Nowadays, all programs we write are inherently designed to run on a single core – even Web API, where every request tries to run in parallel, is still a single core program which uses a thread pool to handle incoming requests. But what if all programs we write were multi-core by default? What if instead of thinking of how to make things run in parallel we would identify things which need to be executed on a single core? In this post Ryan Fleury explores how programs could look like if they were written for multiple cores from the beginning by comparing common cases where our current programs need to go “wide” (use more cores) to where the multi-core program need to go “narrow” (use single core). The post is a very interesting reflection of the currently accepted programming model (which was designed in time when there were no multi-core processors). Recommended to read.

1. Adding metadata to fallback endpoints in ASP.NET Core (by Andrew Lock)
   Routing is a fundamental part of any ASP.NET Core application regardless of whether it is done as minimal API, Razor Pages or API Controllers. However, as it usually happens in large frameworks — not everything works the same way. In this post Andrew Lock describes what fallback endpoints are, how routing metadata works, and how to apply the metadata to fallback endpoints in minimal API, Razor Page and API Controllers. As always, the post is full of pictures and code snippets, which makes it easy to grasp.
2. Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315 (by Andrew Lock)
   Modern software development frameworks and platforms like .NET and Java do a lot to ensure our applications are secure by design. Of course, we still can introduce vulnerabilities ourselves, but in general, if you write an application according to platform standards (without using any kind of “unsafe” methods) then it ends up well secure. Unfortunately, sometimes, the vulnerabilities are introduced in the frameworks themselves and in this case, the only choice we have is to update to the new version as fast as possible. In this post Andrew Lock describes what CVE-2025-55315 vulnerability is, how request smuggling attack works and demonstrates how exactly Kestrel has become vulnerable to it. As always, the post include pictures and code snippets which makes it easy to read and understand. Highly recommended to read.
3. Measuring UI responsiveness in Resharper (by Kevin Gosse)
   In my personal experience – user interface responsiveness is the major factor of subjective “performance”. There is nothing more frustrating (well, except when the app doesn’t work at all), than an application that freezes and lags all the time. That is why, optimising the UI responsiveness is critical for great user experience. In this post Kevin Gosse describes how he approached the problem of optimising UI responsiveness in ReSharper running inside Visual Studio. The post is a great example of how knowledge of Windows operating system, possibilities of modern .NET, and creativity can lead you to creating an overlay tool which measures and visualises UI delays.
4. Preparing for the .NET 10 GC (by Maoni Stephens)
   One of the great things about .NET is that you can just get started – you write code and ship it. Since that moment, every year you can upgrade to the new version with just a few breaking changes (which in many cases won’t affect your application) and get faster and better application. However, while keeping things simple, .NET remains a complex framework with many moving parts, (like JIT and GC) each having its unique role and impact on the application runtime, which fortunately can be configured if needed. In this post Maoni Stephens describes what does it mean to have GC DATAS feature turned on (it is turned on since .NET 9), how it affects the performance and memory consumption of the application, and (what is great) how you can tweak it (or even turn it off) if you need so. The post is a great source of GC and .NET internals knowledge.
5. Red, Blue, and Purple (by Szymon Kulec)
   If you take a look at the official .NET async-await documentation you will quickly find that asynchronous programming is easy — just use async-await keywords and C# compiler will do everything for you. If you code for a living then you know — it is not that easy: async-await propagates (all methods in the async-await chain need to return Task, ValueTask or compatible type), async-await allocates, sometime a lot (every release .NET team does an enormous work to reduce allocation but they are still there), and the last but not least — async-await is quite hard to mix with synchronous code. In this post Szymon Kulec describes a helpful mental model of how you can think about synchronous and asynchronous methods in code (and how you can use it to remember which combinations you shouldn’t mix), and describes an interesting case (and demonstrates how you can code it) of how to significantly reduce async-await allocations by correctly mixing synchronous and asynchronous invocations together (don’t forget to checkout the references pull requires to see how borrowing was actually implemented).
6. Interesting new C# 14 features coming with .NET 10 (by Thomas Levesque)
   Every version of C# brings a new set of features that make language more extensible (to allow users to grow the language) and easier to use. Some of these features are focused on library authors (for instance, default interface methods from C# 8), and some of them are for performance (for instance a bunch of improvements for ref types done in C# 13) and some of them are to make the language more friendly for application developers — C# 14 comes with a few of such. In this post Thomas Levesque describes a set of new features coming in C# 14 which (if you have a suitable use cases) would make every day coding much easier. The post is very detailed and contains a code snippet explaining every feature.

1. How to Find an Available Network Port for a server in .NET (by Gérald Barré)
   Every time you launch a .NET Aspire application, the host starts dozens of services on “free” ports to ensure, they won’t conflict with already running applications (which is great by the way). But do you know how yo find a “free” port? Well, if you don’t then this short tip is for you. In this short tip Gérald Barré quickly demonstrates how you can ask an operating system to provide give you a free port.

1. Managing Native Resources in  NET
   Can Tiered Compilation Cause Memory Leaks in .NET? (by Sergiy Teplyakov)
   .NET is a very powerful framework and as all framework it has a lot of complex moving parts inside it. In majority of cases, the inner implementation of these moving parts might seem unimportant because they rarely influence the code you need to write. However, I personally always see these internal details as a source of inspiration and learning opportunity – because it is where you can find interesting and sometimes sophisticated solutions to quite obscure problems. In these videos, Sergiy Teplyakov dives into internals of .NET – in particular of what native resources are, how to properly handle them in .NET, and why usage of tired compilation might sometime “cause” a “memory leak”. These videos are a great source of .NET internals knowledge and framework best practices.
2. Inside Windows Sessions: A Deep Dive with Pavel Yosifovich (by Pavel Yosifovich)
   The one thing applications can do great is to hide their complexity and inner structure from the users by visualising things differently from what they really are. Operating Systems are the champions here. In this video, Pavel Yosifovich explains what console session in Windows is, what objects it includes and what isolation boundaries it introduces. In addition to the detailed explanation, Pavel demonstrates how you can explore Windows sessions using existing tools.

The summer is over, September is left behind and .NET 10 is coming closer and closer (in fact, it is so close that Stephen Toub has already published his amazing “Performance Improvements in .NET 10” novel), which means it is just about time to read something new about the upcoming release (for instance, the great “Exploring the .NET 10 preview” series by Andrew Lock).

However, if, by any chance, you are interested in something besides .NET 10, then this issue of .NET R&D Digest is here to provide you with various bits of software development

This issue includes bits of AI, software development, learning, C#, performance, security, C, programming languages, ruby, and of course .NET and .NET Internals.

1. Conversation: LLMs and Building Abstractions (by Unmesh Joshi and Martin Fowler)
   For many software developers, LLM’s have become an irreplaceable companion for writing code and brainstorming the ideas. However, their effectiveness greatly depends on their capabilities (well, you can’t cut well with a blunt knife) and how (and where) developers apply them. In this post (or a conversation between) Unmesh Joshi and Martin Fowler discuss the topic of how developers use (can use) LLM’s and how LLM’s influences the very topic of software development. The post is interesting to read because besides the LLM’s, Unmesh and Martin touch some of the fundamental topics related to software and software development.

1. When to Hire a Computer Performance Engineering Team (2025) (by Brendan Gregg)
   Why companies (or sometimes even projects) need performance engineers? How important could be it to shave a few seconds from the critical path in the application request? Or reduce allocations a bit? Why to hire a dedicated team of people instead of asking senior engineers to do the same? If you have ever tried to convince your boss (or a client) to spent time specifically on performance (or even worse, to hire someone who will work on it full-time) then these kind of questions probably sound familiar. In this post, Brendan Gregg describes when, why and how many performance engineers you need to hire and what outcomes you can expect from them. The post is focused on the role of performance engineers in the organisation and how their work helps to reduce costs, save development time and met required SLA’s.

1. How to (actually) become an expert in .NET (by Nemanja Mijailovic)
   How to become a …? If you would google something like that for software engineer (or programmer, or developer / web developer) you would find some “essential roadmaps” which include dozens of technologies. They create a feeling that to become a software engineer (a good one of course) you have to know (by heart) everything, read absolutely all announcements and so on (which is of course not true). In this post Nemanja Mijailovic describes his vision of how to become a good .NET engineer and provides a set of recommendations including books, blog posts, things to pay attention to, and how to stay up to date.
2. Running one-off .NET tools with dnx
   Packaging self-contained and native AOT .NET tools for NuGet
   Supporting platform-specific .NET tools on old .NET SDKs (by Andrew Lock)
   Application delivery is a complex task, especially when it comes to support of multiple platforms, operating systems, frameworks (and to add a bit more to all of these — multiple versions of dependencies). In these three posts Andrew Lock describes the changes coming to the delivery of the dotnet tools in the upcoming .NET 10 release – including an ability to one-off execution (without installing the tools) and ending with the ability to compile dotnet tools using NativeAOT. In the last post, Andrew does an in-depth analysis of how these features affect tools consumers and authors, and whether it makes sense to use them. As always, the posts are very detailed, pleasant to read and easy to understand.
3. Performance Improvements in .NET 10 (by Stephen Toub)
   Every release of .NET brings us new features, new capabilities and of course — new performance improvements and new post (or a small novel?) from Stephen Toub. Luckily, this year is not an exception. In this post, Stephen Toub describes a huge amount of performance improvements made in various areas of .NET 10 including JIT, GC, Networking, Regex search and so on. As always, the post is extremely detailed and contains links to PR’s, benchmarks and execution results. Highly recommended to read.
4. Passkey support for ASP.NET Core identity (by Andrew Lock)
   The best way to get unauthorised access to the system is not to hack it (like it is done in the movies) but to steal someone’s password. That is why attacks like fishing are so popular and so dangerous. Luckily for us, security specialists keep working on new, more secure ways of accessing the systems without having a password to enter. One of such quite new (well, relatively new) features is passkey – a way to access the system using PIN or biometrics (yeah, just like on your phone). In this post Andrew Lock describes what passkeys are, and demonstrates how you could use them in your applications (after the release of .NET 10). As always, the post is very detailed and includes many code snippets with comments, which greatly help to understand the feature.

1. How we made JSON.stringify more than twice as fast – V8 (by Patrick Thier)
   The best performance optimisation is the one that makes your application (or a procedure) to do less without loosing functionality. In majority of cases, such optimisations rely on the assumption which comes either from the business or from the little hints left by the application itself (for instance, you can flag some values as “optimisation compatible” as part of their creation / modification). In this post Patrick Thier describes an optimisation of JSON.stringify function in V8 engine, which made it few times faster by introducing a few “fast paths” based on the object structure, object size and available hardware instructions (availability of SIMD instructions). The post is a good example of how a single use case can be split into several cases each implemented with a different performance characteristics.
2. Splitting a long string in lines efficiently (by Daniel Lemire)
   Today, software development frameworks provide enormous amount of built-in functions to work with strings — you can create new strings, concat strings, split strings, join strings, search for strings and so on. These functions are included into frameworks to reduce development time (because they are so common that almost every program would need to implement them) and to perform these operations extremely efficiently. In this post Daniel Lemire demonstrate how different implementations of a simple problem (of splitting the string into multiple lines) can result in a completely different levels of performance. The code samples in the post are done in C but should be easy to understand if you know C# (which I am sure you do).

1. The lethal trifecta for AI agents: private data, untrusted content, and external communication (by Simon Willison)
   Looking at what modern LLMs can do it is quite tempting to get a MCP server and connect it to personal (or company) services to perform complex workflows using natural language instead of clicking buttons or executing CLI commands. However, while this seems very futuristic (and maybe someday this would be the way we use computers) right now, such exposure of data and actions to LLM can be a significant security risk. In this post Simon Willison describes three major security risks you must consider when planning to use “LLM with Tools” (in the post these risks are called “the lethal trifecta” which is kind of cool). The post provides a detailed explanation of why LLM’s are subjected to these risks and why they can’t be easily mitigated with simple guardrails. Highly recommended to read.

1. OOPSLA Conference: Growing a Language (by Guy Steele)
   Today, there are a lot of programming languages, with unique features and unique (and sometimes not) field of use. But why, after all these years “these” languages remained successful and other programming languages become obsolete? What makes these “survivors” successful? Well, essentially, it is their ability to grow. In this amazing presentation from almost 30 years ago, Guy Steele describes what does it mean for the programming language to have an ability to grow and why it is so important for its success. The whole talk is extremely entertaining (you need to watch it to understand why) and provides a great way to see how ideas from years ago found their way in what we have today. Highly recommended to watch.
2. Rails World 2025 Opening Keynote (by David Heinemeier Hansson)
   Looking at the title, you can ask yourself – what opening keynote from Ruby conference does in .NET related newsletter? Well, this talk is very entertaining and nicely done from the art of speaking side, and because it raises a lot of questions which we, software developers, need to ask ourselves regardless of the programming language or the platform we are on. In this talk David Heinemeier Hansson, describes some of the new and quite interesting features coming to Ruby (and related products), demonstrates that in 2025 it is possible to install operating system in 3 minutes (at last, we can see that modern hardware is better than the one in 2005) and raises a lot of important topics about current state of the industry (and why we used to cope with it). Highly recommended to watch.

The summer is left behind and we are entering the autumn part of the year, which means — another conference season, a new version of .NET and a lot of technical announcements, which would bring something new in the ever-changing landscape of software development. Besides the innovation, the autumn would bring us new blog posts, research papers and books to read (which I hope will make their way into upcoming issues of .NET R&D Digest).

So stay tuned and keep reading!

This issue includes bits of computer science, AI, software development, performance, diagnostics, Windows, C# and of course .NET.

1. How to Slow Down a Program? And Why it Can Be Useful (by Stefan Marr)
   There is a common feeling among the software users that modern software is slow and needs to be much, much faster (especially taking in account the overall progress in the hardware). Therefore, performance optimisation (to make programs run faster and consume less resources) is an important topic in both software development and academic. So why would someone want to slow down a program? In this post (by Stefan Marr) and accompanied research paper (by Humphrey Burchell and Stefan Marr) the authors describe why slowing down the programs makes sense, why it is quite hard to achieve (here I mean to achieve a predictable slow down, for instance 10% or 20%), and how to ensure, these slow downs won’t mess up with application profiles. Recommended to read.

1. How far can we push AI autonomy in code generation? (by Birgitta Böckeler)
   The idea of autonomous AI agents developing and maintaining the product code base sounds futuristic and intriguing (at least in a sense, how this would change the world around us). Unfortunately, at the moment of the writing, there are no examples of a production code base maintained without humans, so we are not there, yet. However, I think it is curious to know, how close have we come to “the future” with the latest generation of LLM? Can AI write at least a simple application? In this post Birgitta Böckeler shares results of a set of experiments where AI agents were tasked to create simple web applications using modern and well-established web framework with various degree of human intervention. The post is very detailed and includes description of the research strategy, potential mitigation approaches and very detailed summarisation of results.
2. I still care about the code (by Birgitta Böckeler) and Partner with the AI, throw away the code (by Matteo Vaccari)
   The AI hype is slowly going down and generative models and autonomous agents are finally starting to find their place among the vast set of software development tools, which means, we as developers still need to care about the code we write and own all the code we push (even, if parts of it were generated by the AI). In these two post (which are part of the great Exploring Generative AI series), Birgitta Böckeler and Matteo Vaccari keep exploring the ways where usage of the AI can be safe and beneficial (for instance, quick prototyping, experimenting, automated solution of easily verifiable problems and so on). The both posts are very interesting to read (as well as the series) because these, real world cases really help to understand how and when AI can be useful.

1. How we enforce .NET coding standards at Workleap to improve productivity, quality and performance (by Anthony Simmon)
   Coding standards are designed to ensure no matter who and when wrote the code it has the same shape, avoids common mistakes, and follows the guidelines about what to do, what not to do, and what to do instead. In past, coding standards took a form of the huge document, which developers need to learn and rigidly follow. Now we can use compiler extensions to completely integrate these requirements and guidelines into the development loop. In this post Anthony Simmon describe how they standardised “coding standards” across multiple teams (and dozens of services) by leveraging the extensibility of C# compiler and NuGet ecosystem. Besides describing the idea itself the post also focuses on the outcomes, pointing out that unified coding practices help to speed up code review, avoid common coding issues and make developers a bit happier.

1. Real-Time Server-Sent Events in ASP.NET Core and .NET 10 (by Anton Martyniuk)
   Pushing information from a server to a client was always a quite complex problem, which traditionally was solved by either pooling the server or by establishing a fully fletched bi-directional connection. The pooling results into the additional load on the server, and support of stable bi-directional connection is either complex to implement or requires support of external libraries (which should be support on the destination platforms). Luckily for us, for some time, there is a way (called Server-Send events) to push information to the client using standard HTTP connection and now, support for this approach is coming in .NET 10. In this post Anton Martyniuk describes what Server-Sent events are, when it makes sense to use them, what their advantages are, and demonstrates how you can implement them on backend (using .NET 10 release candidate) and on the front end in JavaScript.
2. Running .NET in the browser without Blazor (by Andrew Lock)
   For a long time .NET was a Windows only thing. Then, with the release of .NET Core, .NET became cross-platform and now you can write application which run on Mac, Windows and Linux (and if we include MAUI and nanoFramework then also on phones and small IoT devices). Then, with the introduction of Blazor, .NET made its way into the world of WebAssembly like a UI framework. However, .NET is capable of much more In this post Andrew Lock describes how you can use .NET 10 to write a WebAssembly component to interact with the JavaScript runtime without dependency on Blazor components. As always, the post is very detailed, and includes a lot of code snippets and information required to create, build and deploy the simple WebAssembly application.
3. Solving the source generator ‘marker attribute’ problem in .NET 10: Exploring the .NET 10 preview (by Andrew Lock)
   One of the amazing things about .NET is that every release isn’t focused on something specific. Instead, it brings improvements to almost all parts of the framework, making it simpler to use, more performance and more developer friendly. In this post Andrew Lock describes the upcoming improvements for source generators, or to be more specific — a new, simpler way of handling the “marker attribute” (the thing you usually put on classes / enums to highlight them for the source generators). As always, the post is very detailed and besides exploring the new feature, Andrew describes a few alternative approaches with their pros and cons. If you are planning to write a source generator or you have one to support, then this post is definitely for you (also, there is a great series about source generators).

1. Why do we even need SIMD instructions? (by Daniel Lemire)
   Software performance mostly depends on the complexity of the selected algorithm (which usually can be translated in a number of operations) and the way this algorithm is implemented using a programming language. The importance of the programming language here is dictated by how the high-level instruction (code) will be translated in a low level instructions (machine code) and whether the compiler (who does this transformation) is able to utilise all capabilities of the modern hardware. In this post, Daniel Lemire describes what SIMD (Single Instruction Multiple Data) instructions are, and how (and why) efficient use of them can result in an enormous program speedup. As usual, reading comments is recommended.

1. Accessing Windows Known Folders in C# with SHGetKnownFolderPath (by Gérald Barré)
   Every operating system has special purposed file system directories – some to be used as cache, some to install applications and so on. Windows is not an exception here – there a directories to save documents, music, videos, temporary files and much more. In this short tip Gérald Barré describes how you can access these special directories inside the .NET application. The post also includes a link to a package (part of Meziantou.Framework framework) which wraps all of native calls into a C# friendly interface.

1. Ryan Fleury – Cracking the Code: Realtime Debugger Visualization Architecture (by Ryan Fleury)
   Understanding application behaviour is probably one of the most complex parts of software development. We need to understand how it works from the business prospective (does it accomplish the goal?), how it actually achieve this business behaviour (what is used to accomplish the goal), and of course, how good we are in achieving the goal (what resources we need or what range of business problems we solve). To dive so deep into the application’s behaviour we might use different tools and techniques but it is hard to argue that a good debugger is probably the best choice for that. In this video Ryan Fleury describes why debugger is better than printf logging, what exactly debuggers are doing and what interesting challenges debuggers face when visualising application state.

We are in the middle of 2025. The AI keeps is still on the top with constant updates to MCP, introduction of new models and challenges conquered. The .NET world is getting for a new .NET 10 release and adoption of continuously evolving .NET Aspire (which is a great tool for local development and good descendant of Tye). Well, and software development, keeps moving forward by better understanding ideas that were invented decades ago. 

So, in this always moving world, the .NET R&D Digest is not an exception

This issue includes bits of hardware, AI, development tools, software development, software design, concurrency, C# (a lot of C#), .NET and .NET Internals.

1. The Unsustainability of Moore’s Law (by Charles Rosenbauer)
   Every year, chip manufacturers put more and more transistors on the same die, include more and more hardware features (more cache space, AI modules, etc). However, increasing density of transistors requires more and more complex manufacturing process, which in turn requires more and more money. In this post, Charles Rosenbauer does a great overview of why manufacturing chips is so expensive today, why we don’t see many companies doing it (pure economical reasons) and what can potentially await us in the future.
2. Basic facts about GPUs (by Damek Davis)
   Usage of modern GPU’s is a great way of achieving significant speed-up in calculation heavy problems. However, because of the internal architecture (which allows GPU do a lot of parallel computations very efficiently), writing GPU oriented code significantly differs from traditional, CPU oriented programming. In this post Damek Davis describes what GPU is, how it connects to the rest of the system and how it performs and organises calculations.

1. AI Tooling, Evolution and The Promiscuity of Modern Developers (by Steve O’Grady)
   If you follow the AI trend, then, most probably you have seen how it affects the industry – companies report that AI writes tons of code for them, people share how they create games and SaaS platforms over the weekend and so on. However, besides “taking the job” effect, AI has produced one more, quite interesting effect on the industry. In this post Steve O’Grady describes how emergence of AI tools has changed developer’s attitudes to purchasing development tools and started a new chapter for development tools manufacturers, when again, making development tools can be profitable.

1. On Software Design… and Good Writing (by Ivan Velichko)
   Every complex engineering system starts from a design (well, at least it should) and software systems aren’t an exception here. While designing the system, we want to minimise the number of wrong choices and ensure that the result system will function as intended. However, creating a good, well-thought design is not as simple, as it might seem and requires a bit more than pure knowledge of things. In this post Ivan Velichko shares a set of principles (inspired by Akin’s Laws of Spacecraft Design) of how to approach software design to avoid common pitfalls and get things done. The post is a great source of simple, direct and very powerful wisdom. Highly recommended to read.
2. What every systems programmer should know about concurrency (by Matt Kline)
   Today, in many programming languages, it is quite hard to predict what “machine code” will be generated from a particular block of code because compilers are extremely good in making high-level code run fast on the CPU. The same also true for “how exactly the code will be executed by CPU” because CPU pipeline is complex and designed to consume incoming instructions as fast as possible, which means, many of them will be executed in parallel. Now, if we combine these two and multiple by the number of processors, then it becomes clear why concurrency is complex – because now our code (which compiler can generate as it likes) will be executed by multiple CPU (as they like) and all of the parties would pretend that they work “sequentially”. In this document Matt Kline concisely covers the most common and important things about concurrency and concurrent programming including instruction reordering, volatile, memory barriers, cache sharing, atomic operations and some of the hardware peculiarities. While the code and examples might look a bit “low level” the document is a great source (or refresher) of the basics of concurrent programming.

1. Exploring the features of dotnet run app.cs and Behind the scenes of dotnet run app.cs (by Andrew Lock)
   .NET 10 is expected to ship in November 2025, which makes it months away from the today’s moment. However, the good news is some of the upcoming features already can be tried using .NET 10 release candidate builds. One of such feature is a so-called dotnet run app.cs – a new ability of .NET to build and run single C# files (there is a great demonstration from Damian Edwards, which you can watch here). In these posts Andrew Lock dives into the details of the feature, highlighting everything which is currently supported, and explaining internal details of how dotnet makes it work. As always, the posts are very detailed and include code snippets full of comment.
2. C# 14 extension members; AKA extension everything: Exploring the .NET 10 preview (by Andrew Lock)
   C# language and C# compiler have a long history of extensibility – from instance extension methods, custom async-await state machines, interceptors, to Roslyn analysers and source generators. All these extension points made language more fluent and natural. In this post Andrew Lock introduces a new feature coming in .NET 10 – extensible members, which makes one (big) step forward in the direction of language extensibility and allows developers (us) to write extensions as instance properties, static methods and static properties. As always, the post is very detailed and provides a great overview of both, “classic” extension methods and the new extensibility syntax.

1. Using Roslyn to analyze and rewrite code in a solution (by Gérald Barré)
   Roslyn analysers are a great way to improve code writing experience in the IDE — they can recommend refactoring, highlight common issues and provide suggestions. However, one of the greatest thing the Roslyn analysers can do is that they can be used as a separate, standalone app which just modifies your code. In this short tip, Gérald Barré demonstrates how you can create a simple console application which would load the project, go through its files and make some changes. Wonder where this might come handy? Well probably this is how we can create and apply “codemods” in C#.
2. How to Test Roslyn Source Generators (by Gérald Barré)
   In the previous versions of C# and .NET, the source generators were a cutting edge feature because they allowed to generate a real source code without reflection. Since then, source generators become an essential part of .NET – a lot of BCL functionality uses source generators to avoid reflection (for instance, System.Text.Json or Regex). A lot of community project providers custom generators to simplify and speed up the development, and of course a lot of generators were written for project uses (I also wrote a few myself). However, one of the major complexity when writing the generators is testing. In this short tip, Gérald Barré describes three ways of how you can test your source generators to ensure they really work as intended and your tests don’t break after a tiny change.

1. Dissecting Memory Leaks in .NET (by Sergiy Teplyakov)
   One of the major benefits of the managed languages like C# (and platforms like .NET) is automated memory management – you don’t need to “free” things up, all of this happens automatically. However, as it always happens, sometimes the code might create a quite unexpected connections, which prevents memory management mechanisms from “freeing” the objects, which results in a classic memory leak. In this video Sergiy Teplyakov dissects a few typical memory leak scenarios for .NET and explains how you can prevent, fix and avoid them. The video is a great piece of .NET Internals knowledge and practical wisdom.
2. A Daily Practice of Empirical Software Design (by Kent Beck)
   What is software design? Why, we (software engineers) spent time doing it? What is really hiding behind the word “coupling” and “cohesion”? All these questions are deeper than they seem on the first glance and usually there is no single answer for each of them. In this great and very entertaining presentation, Kent Beck describes why software design is needed, what issues it tries to address and how we, software developers, should think about the changes to the system. The video is really great, highly recommended to watch.