Subtopic: Software Development

Picture this: your mission-critical software project is in full swing. Timelines are tight and deliverables are complex. Then, out of nowhere, your lead developer needs extended time off, or perhaps moves on to a new opportunity. On small projects, this is a headache—but on mid to large software projects it can be a full-blown crisis. But you were proactive. You had your software development partner cross-train a backup. Crisis averted.

On larger projects, the complexity of the codebase, the number of integrations, and the coordination required across teams make it essential to have more than one person deeply familiar with its inner workings. A backup developer isn’t just a safety net—they’re a critical part of maintaining project velocity and quality when team members are unavailable. With cross-training there’s always someone who can step up and keep the project moving, ensuring that timelines and business goals are met.

Plus, the benefits extend beyond risk management. Backup developers help foster a culture of collaboration and accountability. When multiple developers understand the system, it encourages better documentation, smarter code reviews, and provides a larger base of technical knowledge. Ultimately, for appropriately sized and mission critical software app and platform projects, investing in a backup developer will protect your investment. It’s peace of mind that your project won’t grind to a halt over a single absence.

But how?

Adding one or more backup developers doesn’t have to double your costs or slow down the team. Just be smart about it. Cross-training can be done efficiently by including backup developers in meetings, writing thorough documentation, and pairing them with leads during onboarding and major feature development. This approach ensures knowledge transfer without disrupting velocity or exceeding the budget.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

Blazor is a powerful framework from Microsoft used for building interactive web UIs with C# instead of JavaScript. A key feature of Blazor is its flexibility in how applications are hosted and run. The choice of hosting model—Server, WebAssembly, Interactive Auto, or Hybrid—depends entirely on the specific needs of the application, such as scale/performance requirements, offline capabilities, and access to native device features.

But which flavor of Blazor should you use? Well, that depends...

Blazor server

The Blazor Server hosting model is the easiest to set up and use. It runs your application on the server, and when a user interacts with the application, UI events are sent to the server over a real-time (SignalR) connection. The server processes these events, calculates the necessary UI changes, and sends only those small changes back to the client to update the display. This results in a very thin client and a fast initial load time, as almost no application code is downloaded to the browser.

Best reasons to use this hosting model:

• internal business applications or other scenarios where a constant, low-latency connection to the server is guaranteed
• applications that need direct access to server-side resources, databases, or protected services that shouldn't be exposed to the client
• applications that don't have enterprise-scale traffic needs, or where the cost of hosting those resources is not prohibitive (e.g. regional instances for best performance)
• when the development cycle "inner loop" must be as fast and efficient as possible

Blazor WebAssembly (WASM)

In contrast, Blazor WebAssembly runs your entire application directly in the web browser using a WebAssembly-based .NET runtime. The application's C# code, its dependencies, and the .NET runtime itself, are all downloaded to the client. Once downloaded, the application executes entirely on the user's machine, enabling full offline functionality and leveraging the client's processing power for a rich, near-native user experience.

Best reasons to use this hosting model:

• for public-facing websites, progressive web apps (PWAs), and applications that require complex, desktop-like interactivity without constant server communication
• when a larger initial download size and longer first load time are not a concern
• when hosting cost is a concern; WebAssembly apps can be hosted on inexpensive file-based hosting platforms, like Amazon S3
• if your web application needs to support large amounts of traffic or will service an international audience
• when development cycle "inner loop" iteration time is not a concern

Blazor interactive auto

The Blazor interactive auto mode allows you to use both server and WebAssembly components in a single project, giving you precise control over how your app behaves.

Best reasons to use this hosting model:

• applications that are ideal for server hosting but also have some user experiences that need higher performance or support larger audiences
• when the complexity of configuring a WebAssembly project is not a concern
• when development cycle "inner loop" iteration time is not a concern

Blazor hybrid

Blazor hybrid is a bit different. It's not used for building web applications. It's allows web developers to use their skills to build mobile apps that run on devices at close to native speed. Microsoft Maui is the core platform, which is native and cross-platform. It normally uses XAML for coding user interfaces. When using Blazor Hybrid, however, you can also use Blazor web components alongside XAML or in place of it.

This model provides the best of both worlds: the ability to build a rich, cross-platform UI with web technologies while having full access to the native capabilities of the device, such as the file system, sensors, and notifications.

Blazor hybrid is the perfect solution for developers looking to create desktop and mobile applications that can share UI components and logic with an existing Blazor web application, or for new mobile app projects.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

Many organizations are eager to adopt microservices, sometimes before they even know if they need them. Knowing when they fit a need makes all the difference, and sometimes, not using them is the smarter move.

There are some cases where a microservice architecture is your best bet:

1. When you need to combine incompatible technologies

If your project has to support multiple technologies that don’t naturally work together, microservices are a natural fit. Take my experience with the Whitelist Sync Web project:

Originally, this project ran on a 100% .NET backend with a Vue frontend. Later, I migrated to a Node backend with a React frontend. However, I still needed to support SignalR—Microsoft’s real-time communication technology—because client applications in the field were dependent on it. The challenge? SignalR server-side hosting is only supported in C#. Node cannot host a SignalR hub.

Removing SignalR from the project wasn’t an option (unless I was willing to rewrite and redeploy all the client apps—which was out of scope). The solution was to create a separate SignalR microservice: a C# project dedicated to SignalR, communicating with the Node backend through JWT auth and REST endpoints. A reverse proxy routed /hubs/ requests to the SignalR service, while all other traffic hit the React app. The entire setup was managed using Docker Compose.

2. When extending legacy projects

Microservices can be helpful for extending existing applications. If you want to add new functionality using a different tech stack—or isolate new features for a big team—they let you do this without rewriting your monolith.

3. High availability and fault tolerance

Splitting your app into smaller, independently hosted pieces means a failure in one service won’t crash the entire application. Of course, you can build robust error handling into a monolith, but microservices can make fault isolation easier.

4. Better load balancing

Cloud providers offer load balancing for monoliths, but microservices can provide more granular scaling. Just keep in mind, if you don’t have heavy load or growth requirements, this might not be worth the extra complexity and cost.

5. Technology flexibility

Microservices let you mix and match tech: imagine a Node backend, a React frontend, and a Python microservice for AI features. Each part of your app can use the best tool for the job.

The downsides of microservices

While microservices have their place, they also come with significant downsides:

1. High cost

Running multiple services means more infrastructure, more devops, and more cloud spend. If your application has low demand, this cost is often unjustified. Starting new projects with a single stack keeps things cheaper and simpler.

2. Operational overhead

Multiple services means more to manage: logging, monitoring, orchestration (hello, Kubernetes), and maintenance. All of this adds to the operational burden.

3. Vendor lock-in

Using cloud-specific services like Azure Functions ties your app to one provider. Migrating later is possible, but few businesses want to refactor dozens of microservices just to escape rising costs.

4. Deployment complexity

Deploying a monolith is straightforward. Microservices require complex CI/CD pipelines and orchestration. Tools like Fynydd fdeploy can help, but they add yet another layer of infrastructure.

5. Development complexity

With more moving parts, it’s harder to add features, fix bugs, and onboard new team members.

6. Authentication challenges

Microservices make authentication harder. Instead of just handling user auth, you now need to manage service-to-service authentication, which can be complicated and error-prone.

When not to use microservices

Given all these costs, it’s clear: Start simple. For most projects, especially those with low load or a single technology stack, a monolith is the best starting point. Design your application with modularity and future growth in mind, so you can break it into microservices if you ever need to. But don’t jump into microservices unless you’re solving real problems that require them.

Further reading: You Don’t Need Microservices (itnext.io)

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

Tools like Google NotebookLM and custom generative AI services are fundamentally changing how users interact with information. We're seeing a transition from static reports and interfaces to dynamic chat-based tools that give users exactly what they need, and even things they didn't know they needed.

If you're not familiar with NotebookLM, it's a tool that allows you to provide your own documents (like PDF, text files, audio), and then chat with the data. You can even listen to an AI-generated podcast that explains all the information. For example, I had loaded a project with PDF documents containing the rule book, technical rules, and officials briefing information for USA Swimming, and was then able to get answers to questions like "how is a breaststroke turn judged?"

It was kinda magical.

We've been working with clients on permutations of this scenario for some time. For example, we partnered with a client in the life sciences space to build a chat-based tool that connects various third party API services with disparate information, providing account managers with a single source for helping their customers recommend products and services to ensure better health outcomes.

This is no small feat when the goal is a best-of-breed user experience (UX) like ChatGPT. It can involve multiple service providers like Microsoft Azure and Amazon Web Services, as well as various tools like cloud-based large language models (LLM), vector search, speech services, cloud storage, charting tools, location services, AI telemetry, and more. But when it's done right, the result is amazing. You can ask questions that span disciplines and contexts and see results you may not have ever seen before.

Most organizations can really benefit from exploring how generative AI can positively impact their offerings and give them a competitive advantage. Like we always say, it's not about the organizations that use AI, it's about the ones that don't.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

There is a world full of "build your own website" services that allow just about anyone to stand up a new website in a few hours. Even organizations can leverage the simplicity offered by these services to set up an online store, community, and more. Here are a few examples of why people typically choose these services.

• Quick setup and time to market
• Reasonable up-front pricing
• Design templates
• Integrated services, like shopping carts and email
• Managed hosting

Sounds great! But as with everything in life, there are tradeoffs.

• Quick setup and time to market means giving up control over things like your domain name, web app design, email provider, and more
• Reasonable up-front pricing usually means a tiered pricing model with add-on pricing for essential features like a custom domain name, additional bandwidth, and increased storage
• Design templates mean your web app will largely look like a lot of other web apps that use the service, and may not match your vision, and custom designs can require service-specific web development
• Integrated services also means no choice over the provider of the service, which could be missing features you need
• Managed hosting means scaling (growing) is significantly more expensive, network bandwidth caps can apply, and true customer and data ownership are dubious

Regardless, these services can be a great way for individuals and small organizations to bootstrap their web presence, and in many cases, you can happily continue to use the service for years.

But there are also long-term lock-in issues that can be more serious, potentially impeding your growth, for example:

• You may contractually own your data, but extracting it to migrate to another platform is usually not practical or possible at all; they don't want you to leave
• When the service changes (features, pricing, etc.) or if the service is purchased by another entity, you usually have no choice other than rolling with it, for better or worse
• If the service shuts down, you're going to struggle to replace everything they offered to your visitors in a relatively short period of time
• Most successful businesses will outgrow these services anyway, so you could be missing out on long-term savings

Custom websites

If the tradeoffs are too much to swallow, fear not! You can also go with a custom web app tailored specifically to your needs and budget. It can match your vision without compromises and scaling can be managed more easily as your business or traffic grow.

So how do you get started? With a builder service you first have to find one with the price and features you need, and then create an account and dig into their control panel to start configuring your website. Whereas for a custom website the first step is to find a web development partner you can rely on for advice and technical expertise, like Fynydd. Your partner can help gather your ideas, come up with a plan, and build your web app, all within your budget and timeline. They're usually experts in both new web app projects and migrations from other platforms and services. Most importantly, they fill the knowledge gap left by the "build your own website" service.

A web development partner will choose technologies that have a proven security track record. One way we do this is by consulting the CVE database; a publicly funded global resource for tracking common vulnerabilities and exposures. For example, a CVE search quickly reveals that WordPress has historically been a security nightmare.

Your development partner will help you with a design that matches your vision, a hosting service that meets your needs and budget, a security review, a backup plan and disaster recovery strategy, and more. When the time comes to grow your platform, they can help with that too. And throughout the journey you maintain full control over your brand, your website, your data, and your customers.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

When it comes to offshore software development teams, managing quality and risk creates value. But you also need experienced leadership and oversight for long-term success. Simply adding offshore bodies to a project rarely works, and has diminishing returns.

Here are some process tips for mitigating risk and getting the most value from an offshore team.

• Also leverage an onshore development partner for leadership and critical systems design. They can create and direct strategy, ensure developers follow patterns, address compliance and security concerns, and perform code reviews to ensure quality. They can also write better code faster, which best suits critical systems development. This is what we do at Fynydd and it works.
• If possible, your offshore team should mirror your operating hours. Otherwise communications, troubleshooting, and overall progress will lag. It can be beneficial to have expanded availability for handling off-hour requests, but that means the offshore team needs decision-making authority. Otherwise someone in the organization will also need to be available during those hours.
• Try to get dedicated resources for the long term. When there are offshore staff changes, require that they fully train the replacement(s) before additional staff are brought in. It takes time! New developers, even when they are superstars, need to learn a platform's ins-and-outs before they can meaningfully contribute.
• Be explicit about who is running the project, give them the appropriate decision-making authority, and enforce a workflow that puts them between ideas and action. Ideally this would be a lead developer from your onshore partner.
• If the offshore team has novice developers or otherwise low-performers, make sure they are in a learning role and not expected to work on key infrastructure.
• Perform code reviews. Bad or inefficient code should not be tolerated and is a learning experience that can make your offshore team better.
• Rely on your lead development partner to facilitate communication. If you find it difficult to communicate with your offshore team, your lead development partner has experience in picking up the nuance, including technical jargon that's hard to understand in any language.

Avoiding the big problems

Some of the issues you'll encounter can be avoided by engaging with an onshore development partner. Here are some tips for keeping the app or service quality high and the risk low.

• A proper architecture and coding patterns are critical to long-term success. Without a good evolving architecture and consistent coding patterns maintenance is difficult, code readability suffers, and security vulnerabilities are harder to avoid.
• Compliance is a bear, even with experienced developers. This can range from ensuring organization brand standards, to complying with regional legal requirements (like GDPR), and avoiding copyright violations. There needs to be a focus on these concerns which yields appropriate strategies and resolutions on a consistent basis.
• Bad code quality is a risk. It's not just about performance and user experience. Bad code could leak information or have vulnerabilities. It could allow bad actors to misuse your app or service. Worse yet, it could facilitate the abuse of your customers.
• A focus on security is not optional. Properly securing an app or service requires a development team that not only has a security focus, but also the experience and awareness required to implement and maintain a solid security posture. The team members have to be vetted resources with no geopolitical encumbrances and a level of trust commensurate with the app or service in question. For example, bank or government clients may require background checks.
• Maintaining intellectual capital is crucial. You invested time and money into building a knowledge base as well as an app or service. You need to ensure that the knowledge gained building your app or service will not vanish into the ether.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

Planning out a long-term strategy for your web project can really pay off. We were recently reminded of that when we were asked to create a mobile app (iOS and Android) for a web-based platform we designed and built several years ago. The platform is Coursabi, a learning platform that ensures growth at each milestone for everyone on your team. You can check it out at https://coursabi.com.

When we created the technical strategy we knew that a mobile app was a likely roadmap item. So we chose ASP.NET Blazor as the core platform technology. It allowed us to build a web app that felt like a single page app (SPA). And it gave us several hosting models: server, WASM (WebAssembly), and hybrid mobile. The most intriguing aspect of the Blazor Hybrid model is that unlike hybrid apps of the past, there is no web server running on the mobile device. Instead, all the C# code is compiled to native .NET code, and the web view (an embedded web browser) is only used to render the user interface. So the app runs as a native mobile app!

We knew that some features of the platform would have to be altered, since the mobile app has no web server. For example, Coursabi supports the SCORM format for external learning content. And due to security restrictions, they needed a host with a trusted root certificate. So moving that out of the platform and handling the routing changes were both necessary, but totally doable.

Another benefit of a mobile app version of the platform is that in many ways it also simplifies the security model, since the app is only running on the local device, whereas a hosted app needs to manage user state, among other concerns.

If you have an ASP.NET-based web application, you can still leverage Blazor Hybrid to turn it into a mobile app. It just needs to first be migrated into a Blazor app. I'd also recommend reviewing your web app for opportunities to make it as mobile-friendly as possible. You don't want your mobile app to look or feel like a website. But those changes not only get you a great mobile app, they also improve how your app looks and feels in a mobile web browser. So you get twice the value.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

The Enigma machine is a cipher device developed and used in the early- to mid-20th century to protect commercial, diplomatic, and military communication. It was employed extensively by Nazi Germany during World War II, in all branches of the German military. The Enigma machine was considered so secure that it was used to encipher the most top-secret messages.

This project is a high performance Enigma Machine emulator that allows you to:

• Explore historical configurations using the classic 26 letter alphabet (no spaces!)
• Use for modern quantum-resistant cryptography with the full 95-character ASCII character set.

Just like the physical device, machine state is used to both encipher and decipher text with the same Encipher() method (like a text toggle). Machine state had to match on both the encipher and decipher machines. Each operator would add specific rotors in a specific order, set rotor ring positions and starting rotations, as well as set plug wire positions. This emulator provides virtual versions of all key machine components by way of a deterministic random number generator using AES in counter (CTR) mode.

The emulated components include:

• Plug board
• Entry wheel
• Rotors
• Reflector

Additionally, characters in the source string that do not exist in the cipher character set are kept as-is in the enciphered text. For example, if you encipher a string with line breaks they are maintained in-place in the enciphered text since neither the classic 26 letter character set nor the 95 character ASCII set contain line break characters.

The emulator is FAST! When using the full 95 character ASCII character set, a large 800KB text string takes about 1 second to encipher. Typical text sizes encipher in a few milliseconds.

The physical machine modified with a plug board provided 150 trillion possible settings combinations for the 26 letter character set, with a 10^16 key space for a 3 rotor configuration. 4 rotors yielded a key space of 10^19, 5 rotors yielded a key space of 10^23, and so on.

So by simply using the full 95 character ASCII character set the cipher strength will be exponentially better than the original machine, even without additional rotors or other configuration, and should meet modern quantum-resistant cryptography needs.

Example 1: historical preset

It's easy to create a new virtual Enigma Machine and encipher your own text by using one of the provided presets based on one of the provided historical machine configurations:

• Commercial Enigma (1924)
• Wehrmacht and Kriegsmarine (1930)
• Wehrmacht and Kriegsmarine (1938)
• Swiss K (1939)
• Kriegsmarine M3 and M4 (1939)
• German Railway (Rocket; 1941)
• Kriegsmarine M4 with thin reflectors (1941):

Using one of the presets is easy:

Example 2: practical usage

It's even easier to use the Enigma Machine for modern encryption, since all you need to provide are a cipher key, nonce, and the number of relevant machine components. There's no need to change rotor ring positions and rotations, or set plug board wire pair values, since your cipher key and nonce are unique and drive the creation of all machine components.

Here's an example of using the Enigma Machine without a historical preset:

You can also create a custom machine by assembling the virtual components, and more. Check out the project on Github.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

Sfumato CSS 5.1.0 has been released! This update includes the following changes:

• Update to .NET 9
• Updated nuget packages
• Update to Dart Sass 1.82.0
• @apply statements now work in SCSS @import files; the @apply statements are now processed on the final generated CSS file instead of the root SCSS file

For more information, see the Sfumato project page.

Want to know more?

There's usually more to the story so if you have questions or comments about this post let us know!

Do you need a new software development partner for an upcoming project? We would love to work with you! From websites and mobile apps to cloud services and custom software, we can help!

.NET 9 was officially released during .NET Conf. This release feels like a LTS release; full of speed improvements and quality of life features and refinements, even if you only use it as a drop-in replacement for .NET 8.