Jamie Taylor
@gaprogman.com
Technology consultant & fractional CTO specializing in .NET architecture & security. Microsoft MVP | Host of The Modern .NET Show | Open source contributor
Pinned
Jamie Taylor
@gaprogman.com
· Jan 2
By way of a sort of introduction:
- I host The Modern .NET Show (dotnetcore.show)
- I also host Waffling Taylors (wafflingtaylors.rocks)
- I run a company (rjj-software.co.uk)
- I do open source things, including OwaspHeaders.Core (www.nuget.org/packages/Owa...)
- I host The Modern .NET Show (dotnetcore.show)
- I also host Waffling Taylors (wafflingtaylors.rocks)
- I run a company (rjj-software.co.uk)
- I do open source things, including OwaspHeaders.Core (www.nuget.org/packages/Owa...)
𝗣𝗼𝘀𝘁 𝟭/𝟰: Security week reflections: prevention beats panic, verification beats discovery.
Two sides of modern application security explored this week—proactive pentesting and supply chain trust.
Both require continuous verification, not one-time checks.
Two sides of modern application security explored this week—proactive pentesting and supply chain trust.
Both require continuous verification, not one-time checks.
January 25, 2026 at 11:30 AM
𝗣𝗼𝘀𝘁 𝟭/𝟰: Security week reflections: prevention beats panic, verification beats discovery.
Two sides of modern application security explored this week—proactive pentesting and supply chain trust.
Both require continuous verification, not one-time checks.
Two sides of modern application security explored this week—proactive pentesting and supply chain trust.
Both require continuous verification, not one-time checks.
I was wondering how I was going to get Ethernet into my home office, then suddenly
thehftguy.com/2026/01/22/d...
thehftguy.com/2026/01/22/d...
Doing Gigabit Ethernet Over My British Phone Wires
Disclaimer: None of this is written by AI, I’m still a real person writing my own blog like its 1999 I finally figured out how to do Gigabit Ethernet over my existing phone wires. Powerline adapter…
thehftguy.com
January 24, 2026 at 11:20 AM
I was wondering how I was going to get Ethernet into my home office, then suddenly
thehftguy.com/2026/01/22/d...
thehftguy.com/2026/01/22/d...
𝗣𝗼𝘀𝘁 𝟭/𝟱: This week's security incidents—reputation hijacking on NuGet, preventable pentest failures—reveal a pattern:
Security requires both technical controls AND cultural shift.
Tools catch vulnerabilities. Secure design prevents them.
The security mindset matters as much as the tools.
Security requires both technical controls AND cultural shift.
Tools catch vulnerabilities. Secure design prevents them.
The security mindset matters as much as the tools.
January 24, 2026 at 9:30 AM
𝗣𝗼𝘀𝘁 𝟭/𝟱: This week's security incidents—reputation hijacking on NuGet, preventable pentest failures—reveal a pattern:
Security requires both technical controls AND cultural shift.
Tools catch vulnerabilities. Secure design prevents them.
The security mindset matters as much as the tools.
Security requires both technical controls AND cultural shift.
Tools catch vulnerabilities. Secure design prevents them.
The security mindset matters as much as the tools.
𝗣𝗼𝘀𝘁 𝟭/𝟱: This week's security incidents—reputation hijacking on NuGet, preventable pentest failures—reveal a pattern:
Security requires both technical controls AND cultural shift.
Tools catch vulnerabilities. Secure design prevents them.
The security mindset matters as much as the tools.
Security requires both technical controls AND cultural shift.
Tools catch vulnerabilities. Secure design prevents them.
The security mindset matters as much as the tools.
January 24, 2026 at 9:30 AM
𝗣𝗼𝘀𝘁 𝟭/𝟱: This week's security incidents—reputation hijacking on NuGet, preventable pentest failures—reveal a pattern:
Security requires both technical controls AND cultural shift.
Tools catch vulnerabilities. Secure design prevents them.
The security mindset matters as much as the tools.
Security requires both technical controls AND cultural shift.
Tools catch vulnerabilities. Secure design prevents them.
The security mindset matters as much as the tools.
This.
I once had an entire PR trashed by someone because, and I kid you not, I'd uncapilatlised the name of a frame work on a comment.
It wasn't this, but something like:
"// Need to use nlog for the following reason..."
I once had an entire PR trashed by someone because, and I kid you not, I'd uncapilatlised the name of a frame work on a comment.
It wasn't this, but something like:
"// Need to use nlog for the following reason..."
This image is a perfect example of everything that is wrong with the usual code-review process. People debate the grammar, even though there's no universe in which the prepositional phrase "of cell phones and earbuds" can be the subject of a sentence.
1/9
1/9
January 23, 2026 at 9:27 PM
This.
I once had an entire PR trashed by someone because, and I kid you not, I'd uncapilatlised the name of a frame work on a comment.
It wasn't this, but something like:
"// Need to use nlog for the following reason..."
I once had an entire PR trashed by someone because, and I kid you not, I'd uncapilatlised the name of a frame work on a comment.
It wasn't this, but something like:
"// Need to use nlog for the following reason..."
Some fun Japanese language stuff I leanred just now:
ものつくり (monotsukuri) "craftsmanship", and"making things by hand"
ものつくり大学 (monotsukuri daigaku) "Institute of Technology"
ものつくり (monotsukuri) "craftsmanship", and"making things by hand"
ものつくり大学 (monotsukuri daigaku) "Institute of Technology"
January 23, 2026 at 8:04 AM
Some fun Japanese language stuff I leanred just now:
ものつくり (monotsukuri) "craftsmanship", and"making things by hand"
ものつくり大学 (monotsukuri daigaku) "Institute of Technology"
ものつくり (monotsukuri) "craftsmanship", and"making things by hand"
ものつくり大学 (monotsukuri daigaku) "Institute of Technology"
S08E11 - From Chaos to Control: Anton Moldovan on Load Testing with NBomber
Join Jamie Taylor and Anton Moldovan as they delve into the world of load testing with NBomber! This episode explores how to effectively test the performance and scalability of your .NET applications, moving beyond basic
Join Jamie Taylor and Anton Moldovan as they delve into the world of load testing with NBomber! This episode explores how to effectively test the performance and scalability of your .NET applications, moving beyond basic
S08E11 - From Chaos to Control: Anton Moldovan on Load Testing with NBomber
Join Jamie Taylor and Anton Moldovan as they delve into the world of load testing with NBomber! This episode explores how to effectively test the performance and scalability of your .NET applications, moving beyond basic button-clicking with a code-first approach. Anton shares his experiences building high-load systems and explains the benefits of NBomber’s native .NET integration, extensibility, and support for chaos engineering. They discuss pragmatic functional programming, isolated vs end-to-end testing, and the importance of simulating realistic user journeys. Learn how to identify bottlenecks, validate your system’s resilience, and ensure your applications can handle the demands of production!
dotnetcore.show
January 23, 2026 at 7:10 AM
S08E11 - From Chaos to Control: Anton Moldovan on Load Testing with NBomber
Join Jamie Taylor and Anton Moldovan as they delve into the world of load testing with NBomber! This episode explores how to effectively test the performance and scalability of your .NET applications, moving beyond basic
Join Jamie Taylor and Anton Moldovan as they delve into the world of load testing with NBomber! This episode explores how to effectively test the performance and scalability of your .NET applications, moving beyond basic
I paid, like, 500 and something GBP for a device so that I can run the PC versions of the original #ResidentEvil trilogy on the go, and I'm loving it.
And today I found that I could replace the tile images in SteamOS (yes, I'm that far behind the times).
And today I found that I could replace the tile images in SteamOS (yes, I'm that far behind the times).
January 22, 2026 at 10:22 PM
I paid, like, 500 and something GBP for a device so that I can run the PC versions of the original #ResidentEvil trilogy on the go, and I'm loving it.
And today I found that I could replace the tile images in SteamOS (yes, I'm that far behind the times).
And today I found that I could replace the tile images in SteamOS (yes, I'm that far behind the times).
𝗣𝗼𝘀𝘁 𝟭/𝟱: "But we don't have a security team!"
You don't need one to start building security into your development process.
The same tools external pentesters use are available to you—and should be running continuously, not once before release.
You don't need one to start building security into your development process.
The same tools external pentesters use are available to you—and should be running continuously, not once before release.
January 22, 2026 at 1:01 PM
𝗣𝗼𝘀𝘁 𝟭/𝟱: "But we don't have a security team!"
You don't need one to start building security into your development process.
The same tools external pentesters use are available to you—and should be running continuously, not once before release.
You don't need one to start building security into your development process.
The same tools external pentesters use are available to you—and should be running continuously, not once before release.
A) thank goodness Fireship is back on form
B) It's fill of jokey memes, but also the idea that "typing was never the problem" is something I've been saying for the last year
www.youtube.com/watch?v=9uW6...
B) It's fill of jokey memes, but also the idea that "typing was never the problem" is something I've been saying for the last year
www.youtube.com/watch?v=9uW6...
A brief history of programming...
YouTube video by Fireship
www.youtube.com
January 22, 2026 at 9:34 AM
A) thank goodness Fireship is back on form
B) It's fill of jokey memes, but also the idea that "typing was never the problem" is something I've been saying for the last year
www.youtube.com/watch?v=9uW6...
B) It's fill of jokey memes, but also the idea that "typing was never the problem" is something I've been saying for the last year
www.youtube.com/watch?v=9uW6...
𝗣𝗼𝘀𝘁 𝟭/𝟲: Supply chain attack alert for .NET developers:
Over the weekend, NuGet package owners received suspicious invitations to become co-owners of "TestPackage.Security.Research" or join organisation linked to user "darklord."
Over the weekend, NuGet package owners received suspicious invitations to become co-owners of "TestPackage.Security.Research" or join organisation linked to user "darklord."
Reputation Hijacking Attempt on NuGet: What Package Owners Need to Know | Jamie Taylor - Fractional CTO & Technology Consultant
A large-scale reputation hijacking attempt targeted NuGet package owners yesterday. Thousands of maintainers received invitations to co-own a package or join an organisation. The package has been removed, but the incident highlights critical security practices every package owner should follow.
rjj-software.co.uk
January 20, 2026 at 2:21 PM
𝗣𝗼𝘀𝘁 𝟭/𝟲: Supply chain attack alert for .NET developers:
Over the weekend, NuGet package owners received suspicious invitations to become co-owners of "TestPackage.Security.Research" or join organisation linked to user "darklord."
Over the weekend, NuGet package owners received suspicious invitations to become co-owners of "TestPackage.Security.Research" or join organisation linked to user "darklord."
𝗣𝗼𝘀𝘁 𝟭/𝟳: "The pentest report just came back. We have 47 critical vulnerabilities. Release is tomorrow."
If this panic sounds familiar, you're treating pentests like final exams you can cram for.
rjj-software.co.uk/blog/stop-tr...
If this panic sounds familiar, you're treating pentests like final exams you can cram for.
rjj-software.co.uk/blog/stop-tr...
Stop Treating Pentests Like Final Exams: Why Security Can't Be Your Last Step | Jamie Taylor - Fractional CTO & Technology Consultant
Scheduling a pentest right before release is like studying the night before finals. Here's how to build security into your SDLC and make pentests confirmations, not revelations.
rjj-software.co.uk
January 19, 2026 at 12:30 PM
𝗣𝗼𝘀𝘁 𝟭/𝟳: "The pentest report just came back. We have 47 critical vulnerabilities. Release is tomorrow."
If this panic sounds familiar, you're treating pentests like final exams you can cram for.
rjj-software.co.uk/blog/stop-tr...
If this panic sounds familiar, you're treating pentests like final exams you can cram for.
rjj-software.co.uk/blog/stop-tr...
𝗣𝗼𝘀𝘁 𝟭/𝟰: Week's explorations revealed a pattern: sustainable success requires both rigorous measurement and human connection.
Technical excellence alone burns people out. Pure culture focus without quality standards creates mediocrity.
Integration creates sustainable high performance.
Technical excellence alone burns people out. Pure culture focus without quality standards creates mediocrity.
Integration creates sustainable high performance.
January 18, 2026 at 11:01 AM
𝗣𝗼𝘀𝘁 𝟭/𝟰: Week's explorations revealed a pattern: sustainable success requires both rigorous measurement and human connection.
Technical excellence alone burns people out. Pure culture focus without quality standards creates mediocrity.
Integration creates sustainable high performance.
Technical excellence alone burns people out. Pure culture focus without quality standards creates mediocrity.
Integration creates sustainable high performance.
Be careful out there friends.
If you can, pin to specific known-good, untouched, versions of your dependencies.
If you can, pin to specific known-good, untouched, versions of your dependencies.
There seems to be an ongoing supply chain attack or suspicious activity on NuGet .org, where a user called darklord is trying to gain legitimacy or something by sending thousands of become owner of their packages requests, don't accept, report to @nuget.org
#dotnet #nuget
#dotnet #nuget
January 17, 2026 at 12:06 PM
Be careful out there friends.
If you can, pin to specific known-good, untouched, versions of your dependencies.
If you can, pin to specific known-good, untouched, versions of your dependencies.
Reposted by Jamie Taylor
There seems to be an ongoing supply chain attack or suspicious activity on NuGet .org, where a user called darklord is trying to gain legitimacy or something by sending thousands of become owner of their packages requests, don't accept, report to @nuget.org
#dotnet #nuget
#dotnet #nuget
January 17, 2026 at 10:27 AM
There seems to be an ongoing supply chain attack or suspicious activity on NuGet .org, where a user called darklord is trying to gain legitimacy or something by sending thousands of become owner of their packages requests, don't accept, report to @nuget.org
#dotnet #nuget
#dotnet #nuget
Reposted by Jamie Taylor
Attention NuGet package owners!
There is highly suspicious activity. Many users are receiving invitations to become co-authors of TestPackage.Security.Research from a user named darklord, or to join an organization.
Do NOT accept these invitations under any circumstances.
#dotnet #nuget #mvpbuzz
There is highly suspicious activity. Many users are receiving invitations to become co-authors of TestPackage.Security.Research from a user named darklord, or to join an organization.
Do NOT accept these invitations under any circumstances.
#dotnet #nuget #mvpbuzz
January 17, 2026 at 10:19 AM
Looks X just wiped itself off of the Internet. And I'm sure that all 4 of the bots that are left there are sorrly missed.
January 16, 2026 at 4:33 PM
Looks X just wiped itself off of the Internet. And I'm sure that all 4 of the bots that are left there are sorrly missed.
𝗣𝗼𝘀𝘁 𝟭/𝟱: Two conversations this week—one on code quality tools, one on leadership— revealed complementary truths.
Technical excellence requires both rigorous measurement AND psychological safety.
Neither alone creates sustainable high-performing teams. You need both.
Technical excellence requires both rigorous measurement AND psychological safety.
Neither alone creates sustainable high-performing teams. You need both.
January 16, 2026 at 2:00 PM
𝗣𝗼𝘀𝘁 𝟭/𝟱: Two conversations this week—one on code quality tools, one on leadership— revealed complementary truths.
Technical excellence requires both rigorous measurement AND psychological safety.
Neither alone creates sustainable high-performing teams. You need both.
Technical excellence requires both rigorous measurement AND psychological safety.
Neither alone creates sustainable high-performing teams. You need both.
Bought a @dbrand.bsky.social Killswitch case, skin, and stick grips for my Legion Go S.
You're encouraged to watch the installation video before installing (parts of it are non obvious), and suddenly
www.youtube.com/watch?v=NPYy...
(Should jump directly to 374 seconds)
They get me, they really do.
You're encouraged to watch the installation video before installing (parts of it are non obvious), and suddenly
www.youtube.com/watch?v=NPYy...
(Should jump directly to 374 seconds)
They get me, they really do.
How to Install a dbrand ROG Ally X / Legion Go S Killswitch
YouTube video by dbrand
www.youtube.com
January 16, 2026 at 10:58 AM
Bought a @dbrand.bsky.social Killswitch case, skin, and stick grips for my Legion Go S.
You're encouraged to watch the installation video before installing (parts of it are non obvious), and suddenly
www.youtube.com/watch?v=NPYy...
(Should jump directly to 374 seconds)
They get me, they really do.
You're encouraged to watch the installation video before installing (parts of it are non obvious), and suddenly
www.youtube.com/watch?v=NPYy...
(Should jump directly to 374 seconds)
They get me, they really do.
𝗣𝗼𝘀𝘁 𝟭/𝟲: Been reflecting on Brené Brown's "Dare to Lead" and what it means for technology teams.
Her research on vulnerability, empathy, and courage offers surprisingly practical frameworks for the modern workplace.
Full post:
Her research on vulnerability, empathy, and courage offers surprisingly practical frameworks for the modern workplace.
Full post:
Leading with Heart and Mind: Lessons from 'Dare to Lead' for the Modern Workplace | Jamie Taylor - Fractional CTO & Technology Consultant
Discover how Brené Brown's "Dare to Lead" can empower technology leaders to build stronger, more resilient teams. Learn key leadership principles like empathy, vulnerability, and connection for a more engaged and innovative workplace
rjj-software.co.uk
January 14, 2026 at 12:30 PM
𝗣𝗼𝘀𝘁 𝟭/𝟲: Been reflecting on Brené Brown's "Dare to Lead" and what it means for technology teams.
Her research on vulnerability, empathy, and courage offers surprisingly practical frameworks for the modern workplace.
Full post:
Her research on vulnerability, empathy, and courage offers surprisingly practical frameworks for the modern workplace.
Full post:
Pro tip for if Claude Code can't detect that a tool it calls has completed: hit CTRL+O to view the output.
For some reason, this tricks Claude into "seeing" that the tool has, indeed, complteted.
For some reason, this tricks Claude into "seeing" that the tool has, indeed, complteted.
January 13, 2026 at 8:51 PM
Pro tip for if Claude Code can't detect that a tool it calls has completed: hit CTRL+O to view the output.
For some reason, this tricks Claude into "seeing" that the tool has, indeed, complteted.
For some reason, this tricks Claude into "seeing" that the tool has, indeed, complteted.
𝗣𝗼𝘀𝘁 𝟭/𝟳: How do you maintain code quality across massive .NET codebases?
Patrick Smacchia joined The Modern .NET Show to discuss NDepend, the static analysis tool he's been developing since 2004.
dotnetcore.show/season-8/nde...
Patrick Smacchia joined The Modern .NET Show to discuss NDepend, the static analysis tool he's been developing since 2004.
dotnetcore.show/season-8/nde...
S08E10 - NDepend with Patrick Smacchia: Scaling .NET Code Quality
Jamie Taylor chats with Patrick Smacchia from NDepend about mastering large, complex .NET codebases. Discover how NDepend, a static code analyser, can help you identify and quantify technical debt, improve code quality, and reduce the risk associated with legacy systems. Patrick explains how NDepend goes beyond basic code analysis, offering a 360-degree view of your solution – integrating with tools like Resharper and providing actionable insights into areas needing refactoring or improved test coverage. They also discuss the role of AI in modern code analysis and how NDepend is adapting to ensure developers remain in control. Learn how to move from identifying issues to understanding their *cost* and prioritising remediation.
dotnetcore.show
January 12, 2026 at 10:36 AM
𝗣𝗼𝘀𝘁 𝟭/𝟳: How do you maintain code quality across massive .NET codebases?
Patrick Smacchia joined The Modern .NET Show to discuss NDepend, the static analysis tool he's been developing since 2004.
dotnetcore.show/season-8/nde...
Patrick Smacchia joined The Modern .NET Show to discuss NDepend, the static analysis tool he's been developing since 2004.
dotnetcore.show/season-8/nde...
𝗣𝗼𝘀𝘁 𝟭/𝟰: Week reflection as we start 2026: measurement, improvement, and what actually matters.
2025 brought achievements worth celebrating. But the real measure isn't awards or download counts—it's client problems solved and value delivered.
2025 brought achievements worth celebrating. But the real measure isn't awards or download counts—it's client problems solved and value delivered.
January 11, 2026 at 10:01 AM
𝗣𝗼𝘀𝘁 𝟭/𝟰: Week reflection as we start 2026: measurement, improvement, and what actually matters.
2025 brought achievements worth celebrating. But the real measure isn't awards or download counts—it's client problems solved and value delivered.
2025 brought achievements worth celebrating. But the real measure isn't awards or download counts—it's client problems solved and value delivered.
This. If you work in technology, you owe it to yourself to read this.
I've seen too many people who were "feature pushers" promoted before they were ready because it's not about pushing features.
Don't just jump because they said so. You need to consider everything.
elliotmorris.net/blog-a-day-3...
I've seen too many people who were "feature pushers" promoted before they were ready because it's not about pushing features.
Don't just jump because they said so. You need to consider everything.
elliotmorris.net/blog-a-day-3...
Beating the Tutorial
Most software engineer job descriptions will have a requirement like this : Has the ability to deliver ticketed tasks promptly and to a ...
elliotmorris.net
January 10, 2026 at 5:01 PM
This. If you work in technology, you owe it to yourself to read this.
I've seen too many people who were "feature pushers" promoted before they were ready because it's not about pushing features.
Don't just jump because they said so. You need to consider everything.
elliotmorris.net/blog-a-day-3...
I've seen too many people who were "feature pushers" promoted before they were ready because it's not about pushing features.
Don't just jump because they said so. You need to consider everything.
elliotmorris.net/blog-a-day-3...
1/4
I have a genuine question for the folks who consume episodes of The Modern .NET Show: Accessibility notwithstanding, do you read the episode transcripts found on the website?
Transcripts take time (and/or money) to create, and I'm happy to do it for those who need them.
#podcastQuestion
I have a genuine question for the folks who consume episodes of The Modern .NET Show: Accessibility notwithstanding, do you read the episode transcripts found on the website?
Transcripts take time (and/or money) to create, and I'm happy to do it for those who need them.
#podcastQuestion
January 9, 2026 at 2:33 PM
1/4
I have a genuine question for the folks who consume episodes of The Modern .NET Show: Accessibility notwithstanding, do you read the episode transcripts found on the website?
Transcripts take time (and/or money) to create, and I'm happy to do it for those who need them.
#podcastQuestion
I have a genuine question for the folks who consume episodes of The Modern .NET Show: Accessibility notwithstanding, do you read the episode transcripts found on the website?
Transcripts take time (and/or money) to create, and I'm happy to do it for those who need them.
#podcastQuestion