 On today's Visual Studio Toolbox, we're going to look at the future of Visual Studio. We're going to look at personal productivity. We'll see things like refactoring and IntelliCode. We're going to look at Cloud Productivity. We're going to see time travel debugging and how you can keep your secrets safe. Hi, welcome to Visual Studio Toolbox. I'm your host, Robert Grain, and joining me today are Amanda Silver. Hi. And Kendra Havens. Hi. And later on, Anthony Candelosi. We're going to need a bigger desk. Yeah. And this is the 250th episode of Visual Studio. Awesome. Congratulations. Thanks. And so it makes a perfect time for you guys to be on. Yeah. Now, people might know or might not know that it build. You guys gave a talk, The Present and Not Too Distant Future Visual Studio. And if you go to the build page and try to watch the video, like I did, I wasn't able to make it to the talk, but I really wanted to watch the video. And the video's not there because there were audio or video or some issues. Some kind of capturing issues, yeah. And so I thought, hey, wait a minute. You guys did the talk and people want to watch. I got Toolbox, and it's the 250th episode. This is like a match made in heaven. It's awesome. Thanks for inviting us on. Thanks for doing it, Marina, do this. It's always a lot of work to kind of get the build presentation ready to go. And it was a little bit disappointing that it didn't get captured. OK, but we're very excited. But we're very excited. We can do it again. We're excited to do it again. And it's soon enough afterwards that it's all still working. Yeah, so we're going to look at some things in Visual Studio today, some things that are coming. Yeah, I mean, so basically what I always try to do with the future of Visual Studio Talk is to show not just what people can get on their box today, but actually what they'll be able to get on their box very, very soon. So some of the things are things that actually launched that day at build. And that was 2017, 15.7. Right, as well as 15.8, preview one, as well as some extensions that are custom that don't ship in either. But other stuff that we're going to show you are things that aren't shipping in any fashion yet, but are in progress. And we just want to show the world what we're working on. Yeah, it's pretty fun. I mean, part of this is we just have an incredibly passionate team that really takes developer productivity to heart. Myself, I've been working on it for about 17 years. So I know that every second that we can shave off of a compile it at debug loop really makes a huge difference for developers. So that's really what we focus on. So at this point with Visual Studio, we have it's like an entire category, an entire family of products with Visual Studio, with VS for Mac, with Visual Studio Code, App Center, and Team Services. And obviously, the connection to Azure. So what we were really focused on for this talk was really just talking about Visual Studio on Windows. What have we been working on there? But the momentum for Visual Studio has been pretty phenomenal. I mean, this is a quote, one of the things that we saw from the Stack Overflow survey from 2018 is that VS Code just barely edged out Visual Studio as the most popular developer environment across the board for all developers. You can see that kind of together, you know, it's pretty huge portion of the market. So a lot of people using Visual Studio or VS Code as their developer tools. The other thing, yeah, exactly. The other thing is that our kind of main languages in Visual Studio that a lot of people use, C-Sharp and TypeScript have also grown pretty dramatically over the last couple of years. But this is just from the Stack Overflow survey. You know, at this point, we have about 6.9 million developers using Visual Studio monthly. It's pretty amazing. And we have 3.6 million users monthly using VS Code, which is just outstanding. For 2017, Visual Studio 2017, we now have 2,400 extensions that apply to that version. So the community around Visual Studio 2017 is present. It's there and everybody's excited about it and using all these extensions. Last week's episode was Justin Clairbert with his Hot Extensions. Perfect, he has a very popular one and he's also super passionate about everything that he does. But the other thing that really makes the developer community really productive is the community that has been built around it. And I just pulled one of those facts here, which is that for .NET Core, there are 19,000, more than 19,000 contributors that contribute to .NET Core. And this is just one of our many open source projects that kind of support the Microsoft developer community overall. And that's not including Microsoft developers. That's 19,000 contributors outside of Microsoft. So that's just huge. And things are more likely to be open sourced than not these days. That's kind of the default, especially. LiveShare, right? LiveShare is open source, isn't it? It's on GitHub or not. So we try to have it be as open as possible in terms of our roadmap. The VS code itself is open source. LiveShare is a service that actually runs in the cloud. So that service is not open source. Okay, okay. So, since Visual Studio has launched, I can't even go back in history, long enough to kind of cover the entirety of Visual Studio just because there are so many things that have shipped since then, they wouldn't fit on one slide. So I just went back five releases just to cover a bunch of the main features that have shipped in the last releases. And this is just since October. This is since October. So we've just continued to bring out new value, new functionality in every subsequent version of VS. And the other thing that we've really tried to do is to make it so that it's easier than ever to adopt the previews. So a lot, what we've tried to make possible is that you can install the released version of Visual Studio side by side with the preview version without impacting your productivity of your day-to-day job. So if everything is working with the released version, fantastic, but if you wanna test out a new feature that we're talking about today, then you can install the preview. No, it can strike this disk space. Exactly, and kind of see what's going on. The two will sit side by side on your machine and they won't interact with each other. And we've also really tried to make the update process really streamlined so that it's just a click to basically update your latest version of the preview and gonna get the next version. Yeah, it's actually, it was always pretty easy, but now it's even easier because inside Visual Studio, Visual Studio will launch the installer for you and close itself down and then restart itself. That's right, exactly. So I thought it was pretty easy when you had to just close and go to the installer, now it's even easier. Yep, for sure, so definitely encourage everybody to install the preview alongside the RTM to release. So in terms of Visual Studio, what we think about is basically four different kind of areas. First is that we want any developer to be able to build any app for any platform. Hopefully it'll be another show that we'll talk about and that I can cover those demos. But then the next is we want to be faster than ever. We know that performance is one of the top requests that we have always had for Visual Studio, so it's a constant goal for us. We also know that productivity is incredibly important and so there's lots of little things around hotkeys or refactoring features or things like that that make you so productive. And then the last part is that it's connected to you, that we know what's important to you, that you can build what you need to build, but also that you can give us feedback back into the product so that we can fix bugs, so that we can address the issues and address your feature requests as quickly as possible. So with that, what I wanted to do was to invite Kendra to do the first demo, which will be all about productivity. All right, cool. Take it away, Kendra. I think we have a couple of slides first because I really wanted to show this Perf comparison video. So on either side, if we can switch that. So this is different versions of Visual Studio side by side and on the left you have 15.0 and on the right is 15.7. Now these are about a year apart. They're both loading the Roslin solution, which is huge, 162 projects, over four million lines of code. And you can see on the right side, we're done. The solution loaded in 15 seconds. That's four and a half times faster than what it used to take. And those are just a year apart in releases. So we've made huge, huge effort there. Another big thing we changed, if I can call out the attention to keep your eye on the test explorer, we changed how test discovery takes place. So now instead of needing a built assembly, it just discovers tests through your source code. So it doesn't require a build. As soon as you add tests or edit them, they just appear. So it's all essentially a Roslin analyzer, but it's so much faster than the assembly-based discovery that we had before. And you can see in the video, it'll get up to 10,000 tests. Really soon here, there it is, in just a few seconds. And if we went back to the left side in 15.0, that's still take another 90 seconds to load. So huge improvements there that I'm so excited to talk about. So that was all .NET improvements. We also wanted to call out a lot of the C++ performance improvements as well, all across the C++ scenarios. So solution open, memory usage, debugging, renaming and refactoring and incremental builds. All of those are multiple Xs times faster than they were before. And all of these benchmarks were used with the open source, the Chromium solution, which is over 4,000 projects. Yeah, that's what we found in our labs. Okay, and now I think we're ready to dive into my demo. So I'm also going to load the smart hotel 360 app. So you are using and let's, if we can try and be clear, this is preview, what features are in 7, 15.7, what are in 15.8? This is 15.8. I have a summary slide that we can view after the demo that actually will summarize, which ones are in 15.8 and which ones are in 15.7 and what's still coming. Okay, cool. Yeah, because we packed in a lot of stuff. There's a lot of experimental extensions on my machine. It makes the demos more interesting. Yeah. So I'm going to go ahead and open the smart hotel 360 solution. And it's just five projects, but again, it's going to load really quickly. And keep your eye on the test explorer. So I actually loaded in a very large test project solution with over 5,000 unit tests. So that's what it's actually discovering right now, done. 5,000 and two tests. Sorry. I know I kind of made that point twice, but I can't help it. I'm the unit testing PM. I got to call this stuff out. So I'm going to go ahead and run these tests. And you can see some changes that we made to make a more responsive test explorer during test runs. So all the tests that are pending to execute have this clock icon. And tests that are currently executing get this progress ring. As it goes. So if you have a very long test run and you want to know what test is actually holding it up, you can just look in the test explorer and it'll be called out right there in front of you. So another thing that I used but didn't call out was we added this hierarchy view in Visual Studio 2017. I think it first came into a 15.6 update. But you can get it in any update after that. So it organizes tests by project namespace and then class. That was a really highly requested feature. So I'm going to go ahead and investigate this failing test here. And looks like, oh yeah, it's this one. And it looks like I'm going to have a problem with this guest request function. So I'll go ahead and navigate there. Actually, I'm going to go ahead and turn on live unit testing as I investigate why this is failing. So I can right click in the solution explorer to only include this project of tests. Because remember I have that giant 5,000 test project solution. You could imagine that those are like integration tests and not unit tests or not relevant to what I'm changing. So I could only include a subset of tests in live unit testing to actually investigate what the problem is. So now I see the live unit testing glyphs in the editor. And I can actually go to the line where I see something interesting happening. So I know all of the tests out of the test covering this line, at least one is failing. But I know this line is good. So I'm thinking my problem is over here. So if I open the glyph of live unit testing and I hover over the test that's failing, I can also see the error message. And it says I'm getting a null reference exception. So I'll actually go ahead and debug that test from the live unit testing glyph. And that means, again, just super helpful. I don't actually need the test explorer open to debug the test that's covering my production code, which is very helpful. So the exception helper popped up. I'm getting a null reference exception. This is super helpful because it's actually telling me what variable I'm getting it on. So I'll go ahead and add a null check to this. One of the many refactorings that we added in update 15.7 is to suggest that would make an interesting extension. Really? Null checks. Yes. Well, I would agree with you. But it's going to go into the product. That's even better. Absolutely. So I'll go ahead and add that. And that's actually, that's in the product. That's not a special one that is in an extension or review. That's baked in, for sure. You get 15.7, it'll be in there. How about making it a default property that any time I create a method with arguments, it automatically adds null checks for me? That would also be cool. I'm wondering what Casey is planning for that. I'll have to get back to you on that one. Wouldn't be surprised if she was actually looking into it. So you can see, as I'm making changes to this method, live unit testing, rerunning tests in the background as I type. OK, cool. So now you can see all of my tests are passing. So I'll scroll down a little bit and show you one of the newest coolest refactorings that we added. Sorry, coolest is the strong term, but I'm a huge geek. So anyway, so this is my method for, this is my calculate chocolate method. This is as if, let's say the guest is leaving comments in our hotel app. So I can use Azure Cognitive Services to analyze the sentiment of the comments that they leave and figure out if they're negative or below a certain score, I can text housekeeping, hey, we should leave extra chocolates on their pillow to kind of sweeten the deal. Hopefully they're complaining about there's too many chocolates being left. We should probably add a check for that. Yeah, no one would complain that. What are you saying? So notice I'm using a for each loop to iterate through my sentiment batch. The refactoring we added was for each to for loop. So as soon as I add that, it asks if I want to rename the variable that I'm iterating through, and I can apply it and I can also go back from for loop back to for each. Nice. Just one of those lovely little things that people want. So we've now in a handful of minutes seen a couple things that are in the product that are cool to know. They may have appeared recently, they may have appeared three years ago. Who knows? Do we do a good job of docking these types of things? I mean, are the refactorings all listed somewhere so that I could easily go see what's in there? I would point you first to, we do have a documentation page on its, I think, .NET tips and tricks, or tips and tricks for .NET developers on docs.microsoft.com. We always update that with the latest sort of tips and tricks that people really want to know and they were really good at calling out exactly what update things are in. The other thing is we also publish our release notes. So for every version of Visual Studio that has an update, we will have a release notes that is associated with that update so you can actually go back and look. And they're generally categorized. If you want to go look back and look at all of the refactoring things, you can look at what's there for refactoring, or for a particular language, you can look at that as well. Right. Like the screw driver, which I noticed last week when Justin was on doing extensions, that was the first time I'd ever seen the screw driver. It's been a light bulb. Yeah. Is that new? Is that in the preview? Is that in seven? When did that appear? It's been in a while. It's been in there a while. Yeah. I think it was at least earlier this year. Okay. Yeah. I guess I need to do more code. I think it's to call out when a code fix is there, when in tele-sense with the light bulb. When it's a light bulb, it's like, maybe it needs to be a refactoring or some other warning, but when it's a screw driver, it's actually a code fix. Yes. Okay. Cool. So think tool, fix, light bulb suggestion. Okay. Yeah. Got it. Cool. So I know I have a test that's actually covering this method, so let's go take a look at it. And I can navigate to that test. I know it's called chocolate sentiment test and I can use camel casing in my search. So that's control T to open the search box or navigate to box. And then I can, yeah, use camel casing. I can also search by line, files, member, types, all of that. All that jazz. So that'll take me right to the chocolate sentiment test and here are the guest messages that I'm inputting to make sure my Azure cognitive service is finding the right stuff. A lot of these actually seem really positive. Let's go ahead and add some more negative ones to see if it'll still catch the negative sentiment. So I can hit control D to duplicate that line. Oops, that I had selected, as long as I don't then delete it when I'm trying to add a comma. There we go. And one new feature that people are incredibly excited about, this isn't, I don't think this is even in the 15.8 preview. It is. Multi-cursor. It is. It's multi-cursor in the 15.8 preview. So I can hold Alt and select multiple lines and now I can type in them. So very. Right? Oh, nice. So that needs more chocolate. Okay. Cool. So I just added, let's see, four sort of more negative sentiment lines. So I'll go ahead and bump that up to eight and I'll go ahead and rerun that test to see if my Azure cognitive service catches it. And I get my little pending clock icon. And yeah, it worked out. Okay. So I actually wasn't super familiar with Azure cognitive services when I started using it. I can go back to my calculate chocolate method and when I call the cognitive service, I actually say, okay, I needed to create a language batch to figure out what the sentiment is and all of the multiple languages that I inputted it and then I needed to find the sentiment on each of those. And it was actually, it's only about 30 lines of code, but since it was just an API I wasn't familiar with, a super helpful feature for exploring a new NuGet reference that I was using was using control click to navigate to the decompiled sources of my reference. So this is the feature, it's a navigate to decompiled source. So we actually partnered with IELTSBI, I think to help us kind of figure out what this would look like. And I know this is Azure cognitive services, so I know it's fine for me to decompile it. So that warning message that you first see is kind of warning the user that, hey, you should check the ULU. It's a bit of legal use. It's a legal use. Yeah, you're basically looking at, you're decompiling some of those source, but this is Microsoft source, so we're okay. So we're good. And I checked with Azure Cognitive Services guys, they were like, okay, good job. So yeah, I needed multiple different strings and it was just really helpful to know what order they needed them in. So it's great to navigate to decompiled sources, but what if I could actually navigate to a source that's open source on my machine and try to figure that out? That's the next thing I wanna show you. I'll go to, so this is my, let's say a hotel guest wants to request a shuttle to the airport. I'm using Casey Ulin Hoot's bus helper class that she published to Nougat using the latest.net core preview. And the way you can, the way these Nougat package creators can publish them enables them to embed a source link. So when I call this function, I can actually control dot and navigate to it. But this is still decompiled source. What if I wanted to actually debug through it? No way. So I can set a break point. And let's see how this works. So as I step into this function, it can actually step into the bus info helper class. Now, when I first ran this, it said, hey, you're using source link. Do you wanna pull this source onto your machine? And now you can see when I hover over this bushelper.cs of the top of my file, it shows that this is a Nougat reference in my app data local. This is kind of like web front end developers might be familiar with what the browser does where basically if I have a JavaScript file or a CSS file that's loaded at runtime for my client application, you'll see in a browser debugger that you're gonna have basically the files that were inferred at runtime. So you'll actually see kind of the runtime version of those files. This is very similar to that, but for .NET where basically we're using Nougat to actually figure out what's executing and then loading that in Visual Studio. And then I can step through it and see how my Nougat reference is actually handling the data that I give it, which is just super fun. And the package developer has to enable that. Is that correct or not? They have to specifically publish it with the latest .NET Core preview. And I think there's some configuration that they will have to do in their CSS project, but it's all documented and we've had a lot of interest as soon as we announced this with people figuring it out and asking if it can work with VSTS, it can. And get and everything, so. Nice. It's really exciting. The next super cool thing I want to show you is back in my airport shuttle request, here I'm, well, how much have we heard about IntelliCode in the past week? Because when we announced it at build, it was like, phew. Okay, so this is IntelliCode. Sorry. This is IntelliCode. So for people that missed that, what is IntelliCode? IntelliCode is, thanks for asking that question. I'm sorry, I got too excited. IntelliCode is a machine learning algorithm that we ran over 2,000 .NET repos up on GitHub that were open source with over 100 stars. And it learned what code patterns and practices are expected in certain contexts. And now it's able to reorder, for example, your .completion. So normally we would load an alphabetized static list. Now we can say in certain scenarios, oh, people are going to use .length or .split, .trim. Those are the more popular functions used. So this is saying that over, we're noticing that when people are working with strings, these are the things that people are most likely to use. Yeah, so basically in IntelliCode, what we were trying to do is to say, well, how could AI make a developer more productive, right? And so one of the applications is IntelliSense, where by looking at all of these open source code repositories, we can see the code patterns that are in there. And the important thing is that it's not just what's kind of most popularly used, most frequently used, or most recently used. It's actually looking at not just the patterns of those open source repositories, but also the context of the code that you're writing. So pay close attention, super close attention to the completion list of what Kendra's gonna show you. Yeah, so you can see at the top I've got length and replace. What if I changed this variable instead of var, I actually used a string array. It automatically bubbles up split. Not only does it do that, but it also tells me what overload I most likely want to use. Just very helpful. And split has like 10 overloads, which is super nice. Oops. That is cool. So it's basically taking the model of the open source repositories that it grokked, and then combining it with the context of the code that you're writing to figure out what's the smartest completion list we could possibly provide to you. Cool. And the next thing also, cool things. I've changed these both back to var, but now it knows to also put split at the top here because I just used it in this context. So it's also suggesting a split. So how much is it looking at what lots of people do versus what you typically do? Is it taking that into account? It's taking both of those things into account. So it's not just a most frequently used list. It's also taking the context of the code that you're writing. So if she used split previously, then you're gonna have a different completion list than if she hadn't used it yet. Yeah. You can show me. You can imagine that ultimately, eventually Visual Studio would say, well, the code you're writing is going to work, but most people do it differently. Do you wanna change, right? Yeah, I mean we certainly could. So one of the things that we're looking at is other kinds of code analysis that could indicate, for example, that you're using an unconventional calling pattern for an API. Yeah. This actually leads really well into Editor Config, which is exactly what I was going to show off next, because you're kind of talking about how to customize what suggestions we're getting. So and Editor Config is already a great way to, here I have it in the solution explorer at the top of my project. It's already a great way to document and enforce your code style across your teams. So when you combine Editor Config with IntelliCode, you can actually do some really interesting stuff. So we've now added, let's say I right click specifically on my test project, and I'm using different code styles within my test project. So I want to actually hone what suggestions people are seeing. I can right click on specifically my test project and go to add new item. And now when I try to add an Editor Config, there's actually an IntelliCode Suggested Editor Config that learns from this project that I'm working in. I feel like I'm making your day, it feels so good. So I'll go ahead and add that. And you can see I had a bunch of dots underneath my bars. You can go back there. And as soon as I re-rank code analysis on that, it'll actually say, oh, this is an expected pattern now. So I'm not getting the suggestions there. So I could go ahead and edit this local Editor Config. Now this is still inheriting from the root one, except for where it disagrees. So I could promote these warnings on using var instead of explicit type to errors. And as soon as code analysis reruns on this, I'm now going to get some red squigglys saying, hey, you got a lot of problems with this document. This is like the new April Fool's gag as you go into somebody's machine and invest a little bit of your config. So when they launch Visual Studio, all of a sudden they have 3,500 errors when yesterday everything was fine. Yeah, I mean, this is really. It's hours of fun. So not just for gags. This is actually kind of important for productivity because if you think about it, actually we know that about 18% of the comments on a typical PR are actually style-related. So if you can get a developer at the point at which they're typing the code to write the right code so that they don't have to have somebody review it and then have a comment and then respond to that comment, that could save a huge amount of time for your team. The other thing that we find is that for new developers joining a team, often what happens for junior developers is they kind of wad up like a large PR pull request. And then they check it in. And then because they didn't get it reviewed kind of leading up to that, they end up with a huge long list of comments that then makes them gun shy for the next subsequent PR. So with this and having styles be inferred and then explicitly kind of enforced, you can actually get the developer to be much more productive. The other thing that we find, and you know, people make jokes out of this, but it's funny because it's true. I think all jokes are kind of funny because they're a little bit true, is that people fight over styles. Yes. And you might have a particular, sorry about that, you might have a particular perspective on whether or not you should use var versus explicit type. What's cool about the editor config inference. Tabs versus spaces. Yeah, exactly. What's cool about this though is you don't actually need to have a debate over style without having data. This now actually looks at your code base and says this is the dominant style in your code base. So whether or not you disagree with the dominant style, that's still maybe an interesting conversation, but you can actually take the dominant style and have it be inferred and then explicitly written out and then have it debate over that. You can use editor config to basically enforce it because you can decide var versus not var. On this particular bunch of code, we never use var and that's our rule. You can set it to an error in the editor.config and basically lay down the law. Or we prefer var so then maybe it's just a squiggly. You can use that in the editor config. Right, I didn't think about in telecode reading what the pattern is actually solving these arguments for people. Well, I mean, it might start the arguments in some ways, but I think in terms of making it, making what your styles are explicit with explicit rules that you can then debate, like that hopefully will save time. But it is cool that you'd come into a big bunch of code and you're now new to this project and you don't know do we use var or not to have in telecode gently lead you down the path. Yes, the vast majority of times in this project people are using var, maybe you should consider that. Right. It would be a nicer way then enforcing it. That we often find is that like your local style might be consistent, right? Because you're working on one particular file or a couple of methods and you're consistent in that style. But other files in the project have a different style and you might not ever see those because you just don't interact with those files. This allows you to kind of get the complete project style to be explicitly codified. Cool, very cool. The last thing I wanna do in this is code cleanup, control KD, so automatically applying all of the little style rules and code fixes in your editor config. So that shortcut is just control KD for code cleanup and now I can breathe. Okay, sorry. Yeah. So what that did. Is it new? This is a brand new pretty new. Yeah. So now that your style rules are explicit and enforced by editor config, you now have little dot, dot, dot or squiggles or whatever throughout your code base and this can now fix it all up. It also fixed where my curly braces are. So you can see for this particular file. Watching. I mean this made changes throughout the entire file. And you don't, she didn't actually have to visit all of those places with her cursor. Cool. Yeah. So Robert, you asked me earlier what's in which version of Visual Studio. This slide kind of summarizes it. A lot of the newest code refactorings I showed, so four loop to four each. It's brand spanking new and 15.8 and telecode is in 15.8. But you do need to grab a preview that I think is private right now and you need to sign up. I'll talk about it in the next slide. Oh, sure. Okay. And multi-cursor that's very new as well. Code cleanup and debugger stepping is all in the latest. Everything else, live unit testing, the test explore, fast test discovery. Go to definition with control click. Navigate to decompile disassemblies. All of that is in the Visual Studio 2017. Cool. All right. And we talked a little bit earlier about some of the performance improvements that we've made. Another one that we didn't show off but it's worth mentioning because it's such a big deal is get branch switching. That used to take so long in Visual Studio and now it's a lot, lot, lot faster. So hopefully people will enjoy that as well. But Kendra showed a little bit of in telecode. She showed basically two features out of many of what we're working on. But the idea here is that we wanna figure out how AI can help the individual developer and developer teams be more productive. And so she showed how we can have a more productive intelligence experience and also have inferred styles. So you can kind of have enforcement and consistency in your code base in her productivity demo. But one of the things I hope we can show you next time when we talk about team productivity is how it can help you find issues faster and actually identify bugs in your code base and also make your code reviews more productive. Well, I love the whole concept behind the telecode. Because you could do a whole bunch of surveys and find out what do you prefer or blah, blah. Or you could just look to see what people are doing and then have Visual Studio in the background when it's appropriate, kinda nudging you in the right direction. Right, exactly, yeah. So if people wanna get the intelligence completion stuff that she just showed, all they have to do is go to aka.ms forward slash in telecode and they can download an extension that will provide the IntelliSense completion experience that she just showed. Okay, and then it's appearing in a future Visual Studio? Yeah, so right now it's an extension and then we will figure out how in the future, this is the Visual Studio Futures talk, right? We'll figure out how it makes it into mainline product. Cool, yeah. Very, very cool. So that was an amazing amount of cool stuff coming in the product in the area of personal productivity. I can't wait to try all that stuff. What else we got? Well, cloud productivity. We have a lot of people migrating their apps to the cloud and there are some things that are a little bit different in the cloud. Number one. That's an understatement. That's right. We try to make it as symmetric as possible. But one of the things that people get a little concerned about is thinking about security. If you wanna take your source code and host it in the cloud and run it from the cloud, what do you have to think about with respect to security? So when you guys are thinking about this, are you thinking about features in Visual Studio to help that? Are you doing it in the whole realm of DevSecOps or both? We always approach all of our product development based on what are the pain points that our customers are experiencing and how can we address those pain points? So it's never like a, hey, we have a really cool technology that we'd like to bring to the world. It's always like our customers are really having a hard time with something and how can we help them. And so we have some stuff around security in the cloud. And then the other piece that we've tried to look at is sometimes as much as we try to make them as symmetric as possible, sometimes your on-premises app is different than what's running in the cloud. And so we've tried, we've had situations where people report that they have production issues that just won't repo on their machine. And so how can they diagnose and address those issues? So that's the next demo that we want to show you is security and reproducing issues that happen in production. Excellent. Cool. So I've invited Anthony Cangellosi to come and show us what he's got. Thank you, Anthony. Yeah. So Robert, you've probably heard the story before. Dev goes and wants to share some of the work that he's done out with the community, puts it up on a public repository, pick your favorite one, remembers, man, I just remembered I left the storage key for my cloud account sitting inside of my source code when I published it, oh, dummy me. I've heard of that happening. You've heard of that happening. It wasn't you though, right? No, never you. So, well, anyway, some folks have made that mistake before and you go, you pull the repository down, you think you're fine, you wake up the next morning, what do you find? You think you're fine, but there's actually bots that crawl through GitHub looking for these things. Exactly. So it's way worse than you think it is. You wake up and you find thousands of dollars because those bots find them like that. You don't have any time to get it down. And so really, at the heart of this, you shouldn't have any secrets in your source code. But unfortunately, it gets really difficult, particularly if you're working in a team account or with a bunch of other dev, trying to manage secrets across your team. And so we've been working on some tools that will both help make it easier to find those secrets when they are in your source code so you can catch them and get them out before they end up in a public repository as well as to make it easy for you to pull them out of your source code and put them into something like Azure's Key Vault without actually adding any new source code into your app. So you can do this without changing any of your code. I think that's the key part there because Visual Studio today will notice and give me squigglies in my config file that says, hey, dummy, you've got a password in here. It doesn't actually call me dummy, although it should. But now I think, oh yeah, I should do something about that. But how do I do something about that? We'll make a Visual Studio theme that has those kind of like extra personal squiggles for it. So let me show you kind of in the context of a sample app that we've been working on about kind of how this will work. So I've got the app here is the smart hotel 360 demo app that we've been using at Build and for some of our scenarios, it's a pretty full-fledged app about this. We did six episodes of this show on recently. You know this app really well. Well, so you should know that in this app here, when I go to book a reservation, say I'm staying in Seattle for a couple of days, I can set the dates I want and then I can decide if I want to bring a pet with me. And when I decide whether I want to bring a pet, I can upload a photograph of my pet, make sure, one, it's a pet that meets the policies for the whole time. It's a dog, exactly. The hotel is still cat unfriendly. No cats allowed. No, those guys will go and tear up the curtains. So we can't have that. But I guess, so anyway, I'm not gonna go there. Dogs are fine. Anyway, this will make sure it's a dog for us, but we'll also store that picture in a storage account so that we can personalize your experience later, a little personal picture of the dog next to the pillow, et cetera, and we know who's visiting us. Great, so my dog is fine to visit. So let's, I've gone and created a PR for this work and I've submitted it into Team Services and that's gone off and kicked off a build for me. So I should get some feedback soon telling me about whether or not that build has passed or succeeded. And what we have now is we have been working on some integration to bring more of that information into the IDE so you don't have to keep track of it and switch back and forth between Team Services and Visual Studio. We have a notification here telling me that actually the builds that got kicked off from my PR has failed. So now I can, I was working on some other work, I can pause what I'm doing and switch contacts and figure out what's going on there. So let's see what's going on. All right, so this is taking me now into the build that failed on Team Services and yep, that last build that I kicked off or that was actually kicked off for me failed. Let's see what task it landed on. So here we're getting as far as this task called cred scan, analyze cred scan. Have you heard of cred scan before? Yes I have, this is very cool. Isn't it really cool? Yeah. So this is cred scan integrated as a build task into my build automation system. Nice. For the other folks who don't know what cred scan is, cred scan is a utility that scans, you were actually talking about at the very beginning of the segment, scans your source code for any kind of secrets, passwords, credentials, it'll find them and warn you about them before they end up a permanent party repository. So you can pull them out, roll them, change them, et cetera. So in fact, I do have a secret, I have the cloud key for my storage account that I was using in my source code. So let's figure out how I can actually take that out of the app and put it into an Azure Key Vault where it should be in the first place. So this is awesome, the build failed because you had that in there. So now builds fail not because unit test failed. This brings a whole new meaning to break the build. It's because you're publishing security. Yeah, we don't mess around with this. We don't want this going through at all. So we will stop the build right there. Now we want to do even more to bring this even sooner. We don't even want you to get to the point that you've submitted a PR. So we're looking even further at how we can bring this even closer to the dev experience. But right now we've got a build task. Now that build task is something that right now is in development so your viewers can expect to see this in the next few months or so as we start to make it available for customers to try it out. But this is the kind of thing that we want to bring to make sure that we're keeping our customer apps as secure as possible. But let me show you some things that are actually in Visual Studio, what we call 15.7 or Visual Studio 2017's latest update. We have some tools that make it possible if you take that secret out and put it into a Key Vault without actually changing any of the source code. So let's see how that magic happens. All right, so I've got my app here and that secret that I was detecting is the storage key that you see here from my app. And the storage key is getting read in and this is what it's using for storing in those pictures. What I'm going to do is I'm going to go over this node here, connected services. And what connected services are is basically some tools inside of VS that make it easier to integrate Azure services. It's already got a bunch of the popular ones that you've probably been talking about in the show, things like cognitive services, old classics like storage is available and we're adding more and more services into it. One of the ones we just added in was this secrets key vault or managing secrets through Azure Key Vault. And what this is going to do is it's going to go and look up the subscriptions that I have under my identity. Let me switch over to my demo subscription that I'm using for this. And with that subscription now it's going to go and see any key vaults that I might already have because I can take my secret and put it into say my team's key vault that they might be sharing for all of their keys or as the key vault team themselves would ascribe they generally recommend one key vault per application. And so by default, when you click add here it's actually going to go and create a new key vault for me on my subscription. I'm just about to ask if you had to have a key vault or will it create a new one? You have to have one. So if you don't already have one you have to create a new one but this will go and create one for you. So you don't have to worry about figuring out what all the right settings are on the portal. It'll pick kind of the most popular, most common ones particularly for someone who's getting started. This is the right place to start. It'll go and create that key vault in my subscription for me. It'll also bring up this kind of tutorial that walks me through exactly how to go and use that key vault to my app. And this is in 15.7 now. Yeah, it's available today. Go download the latest update. You'll get it. It's there. Yeah, so with that now I've got a key vault set up in my app and this is the one that is created and we're going to see it in a second. Now I want to go and grab that secret from my application. Now all I'm going to do is I'm going to cut it out of my application. Now if I were to run my application what do you think would happen at this point? Probably fail because you don't have a storage key. There you go, right? So we've got to get that to work. So let's go back into the connected service and I want to manage the secrets in my key vault. So this is going to bring me now out into the portal. There's one thing I have to do here. So take that and I have to put it into the vault. Right. Now while that's coming up, if this was a real situation we would have rolled that key. We would have changed the key obviously because at this point it's already a permanent part of our source code since it's been committed in the PR. This is demo stuff, so we're going to skip that stuff. But I've got now generating a new key. Now the important thing for me to remember here is I want to use the same name that I used for that configuration earlier. So I called that storage key over here. So I'm going to give it the same name, storage key and then I'm going to paste that value. But I copy it over and I can click create. All right. Now in that key vault that was created for me, the one that VS created on the subscription this is exactly that vault. It's got a key for me now. I can come back over to my application and then come back to where's the first place where I read that setting into a class and I've got to hear the storage key. So I'm going to go ahead and F5 that application. And we'll see what we get back. So now what Visual Studio is doing is it's obviously running my app locally and local IIS. But what it's also doing is now that I've got key vault integrated with the app it's downloaded the NuGet package. It's actually connecting to that key vault on my behalf. So the running app is actually connecting to that vault. But the way that it's doing is actually using my local identity. So I'm signing with anthonyandmicrosoft.com and it's using anthonyandmicrosoft.com to go and pull the secret down from the vault and bring it into memory. So it's available in memory the same way as any other configuration. So you don't have to write the code to go out and read the key vault. It's all taken care automatically. The NuGet package was added and that's it. And all that's available for me. Super simple. And so now when I come over here and I hover over the data tip you see that I'm still seeing that secret in memory it's available and it was pushed. But now it's coming directly from the vault. Cool. Now that works for me locally but if I was working with like Amanda and a team of other devs working on this well I've just hosed them because now they don't have the secret to run it locally on their side. So I can go back over to the key vault and or into even the connected services I could go straight to the vault but I give someone else access to this vault as well. And then from there what I can do is I can give my dev team access and I can create a resource group from them. The other really cool thing I can do is I can add an app service and give an app service an Azure access to that vault. So now the next time we publish this or more accurately the next time our DevOps pipeline publishes into our dev environment that app service already has permission to the vault. So it will continue to run even though the secret isn't available in configuration. And all of that works with the free tier of app service. So it used to be you had to get one of the higher end tiers where you needed to have certificates installed which kind of up you into the service plans. This all works with the free tier so devs can start playing around with it without having to worry about a whole lot of costs up front. And you can store anything in there. Passwords, these keys. Passwords, certificates, any kind of credentials can get stored inside there. Sweet, cool. Yeah, so that's kind of thing one we talked about the security challenges kind of moving to the cloud. Thing two is reproducing issues that you find when in production that don't reproduce locally on your machine. So the next chapter of what we want to show you around cloud productivity is just around that problem kind of reproducing issues that you found in production. Yeah, cool. All right, so for this one now I've got a bug here that Kendra logged on me earlier where she said customer who's trying out another feature we've been working on called Best Hotels where it's meant to try and find some of the four and five star hotels doesn't seem to be working for this customer. And when I look at this over here on my local environment I'm actually seeing that the Best Hotels is actually bringing me some results back. So it's really, really bugging me. And I don't know about you but probably the worst bugs to deal with are the ones where the customer can reproduce and you can't get it to reproduce locally. Drive me crazy. So what Kendra was able to do was Usually just call that user ever and move on. Yeah, move on. Yeah, it's his fault. Well, when it's several of your customers or when your boss is calling you and Amanda saying deal with it, you kind of have to give it a little air time. So what Kendra was able to do was she was actually able to take a trace at the time that the customer was reproducing the environment by reproducing the problem. And she was actually able to trace the exact customer experience in production and she's shared that trace with me so that I can debug it locally. So let's see what the customer was seeing instead of what I'm seeing locally. Switch over to Visual Studio here. And now this also we're doing a lot of stuff that's yet to come but really exciting in development stuff. So this is these traces that we're going to show you here. You're going to show some really cool experiences but they are on their way. Now I'm going to start with loading up the trace that Kendra sent me. So I'm going to go over to debug a recorded process as a new command we're working on adding. And I'm going to pick out that trace that I had run earlier. Here's some other traces I've read earlier. Actually before I do that, I want to set a break point just at the point where I kind of want to start stepping through the code where I think this is kind of the get method for that page. And so I want to set that break point ahead of time. Excuse me. Let's debug that recorded process. And then do what we do naturally. I'm going to start stepping through the code here and see what happens. All right, so we've landed on the get method. We've got how we're loading. And so let me do a step over. I've got this method call here that calculates our best hotels. When we got all hotels, you see down here that there were three hotels that came back in our results. And if I step over again, best hotels. Okay, that's interesting. I didn't get any hotels that matched the best hotels. All right, starting to get a little closer to my problem. Now, if this was a real bug or that I was trying to reproduce locally, I might have to stop debugging to really get the environment and exactly, you know, to really dig into it without having any side effects to kind of resetting my statement back. I'd have to stop debugging, kind of reset up the repro again and come back to it. Instead of doing that, what I'm going to do is I'm actually going to step back into, so I'm actually reversing. Yeah, reversing in the debug or in reverse because I've got a trace here. Can it make sense because that trace file is start to finish so all of the steps are in there, but now we're giving you the ability to walk backwards through that. Navigate them in either direction, forwards or backwards. And so I can step back into, and so this method is already executed. So I'm going to keep stepping and as I step, where is it going to land me? It's actually going to land me at the end of the method since I'm stepping back in reverse time through this method. Hard to follow, but kind of come with me here. I'm going to keep going. I'm going to step back into the method before that. And you see that all of my locals and memory windows are all updating along the way. I'm going to step back into that method as well. And so here, now this is the method that actually does the calculation of the best hotel trying to find the ones that meet. And so I've got this loop here. Now I don't want to step through the three or four so hotels that came back in the results. So when you hit a loop and you want to cross it and you want to get to the other side of it, what do you do? Maybe set a break point on the other end of it and then run to the break point. Let's do that, but let's do it in the other direction. So I'm going to set a break point over here and I'm going to do something called reverse continue. Does run to cursor work the same way? Run to cursor works just the same way. And so now I've reversed all the ways back past all of that loop and now from here I can start stepping forward again. And let me actually step through and see what's happening inside of this bug along the way and figure out exactly what's happening. This is cool. Very, very cool. Pretty awesome. Yeah, so I mean with this, you don't need to be worried about having your debug state kind of explore a different execution path than what actually happened in production because you're actually only debugging the piece that actually happened in production. You also don't need to figure out what was all the environment conditions that could have caused the situation that happened in production because again, this is the actual execution state that happened in production. So this is a feature that we're working on. It's not something that you can download right now but it's one of the things that's coming up. I know we're talking about this in the context of cloud productivity but this seems to be something I could use personally as well, right? I'm stepping through my code locally and I'm done with that loop but I wanna go back to the beginning of that loop. Yeah, for sure. Can I use that right? Can I do that? So we have had kind of historical debugging that capability for a while so as long as you are running locally and you've been part of that debug process then you can have that capability but what really is unique here is being able to capture a trace and then attach a debug session to that and that's kind of a unique thing for what happens in production versus what happens locally. Very cool. Yeah, cool, cool, cool. Cool. Well, so I think with that we've gone through personal productivity and then cloud productivity and then the next chapter I wanna show you next time is team productivity. That'll be awesome. Yeah, cool. All right. So I hope you guys have enjoyed this amazingly cool stuff and we'll pick up again in the future. See you next time on Visual Studio Toolbox.