Loading...

Gal Ratner

I blog about all things technology. Especially Software Development.

Latest Posts

Corporate MCP Cybersecurity Explained

2. The Corporate MCP Threat Model Before designing defenses it helps to be precise about what you are defending against. An MCP server that exposes internal data — customers, schedules, payments, source code — is a much more attractive target than an arbitrary REST API, because it advertises a typed catalog of operations to anyone who can list its tools. The discoverability that makes MCP useful for an LLM also makes it useful for an attacker who has stolen a token. 2.1 Who is on the other end of Bearer ...? Every authenticated MCP request arrives with an Authorization header. Your server has to answer two questions before doing anything: is this a real token issued by an identity provider you trust, and which human does it represent? Skipping either answer collapses authent

Context Windows Explained: Why Your LLM’s “Memory” Costs More Than You Think

How an LLM Actually Works Strip away the chatbot UI and an LLM is doing something surprisingly mechanical. Tokenization. Text goes in. The first step breaks it into tokens — sub-word units the model was trained to recognize. A token averages roughly four characters or three-quarters of a word in English. Code tokenizes less efficiently, closer to two tokens per word, because identifiers, operators, and whitespace are treated differently. CJK languages consume 2–8x more tokens than English for equivalent content. Different models use different tokenizers, so 1,000 tokens of GPT-5 input is not the same string as 1,000 tokens of Claude input. Embedding. Each token is converted into a high-dimensional vector — typically 4,096 to 16,384 dimensions in modern frontier models.

I Shipped AI Features on .NET 10 Across 9 Production Apps — Here's the Playbook

Start with the Mental Model: LLMs Are Stateless Functions If you're a .NET developer encountering generative AI for the first time, here's the framing that clicked for me: an LLM is a very expensive, stateless function. It takes text in, breaks it into subword units called tokens, maps those tokens to high-dimensional vectors (embeddings), finds patterns, and predicts what comes next. There's no memory between calls. There's no session state. Every invocation is independent unless you provide the context. Three concepts drive everything else. First, tokens — not words, but subword fragments that govern both pricing and context limits. "Unhappiness" might consume three tokens. Second, embeddings — numerical vectors that capture semantic meaning. T

Building an AI-Powered Image Search Engine with Ollama, Gemini, and Microsoft SemanticKernel

Introduction: The Problem with Traditional Image Search We've all been there. You have thousands of photos scattered across your hard drive, and you're trying to find that one specific picture. You remember it was taken at a beach, there was a person wearing a red jacket, but you can't remember the filename or exactly when you took it. You end up scrolling through hundreds of images, hoping you'll recognize it when you see it. Traditional file systems organize images by name, date, or folder structure. But our memories don't work that way. We remember images by their content: "the photo of my friend at the coffee shop" or "that sunset picture with the mountains." What if you could search your photo library the same way you remember it—by describing what's actually in the image? In

How Google's PageRank Works

Ever wonder how Google sorts through billions of pages to give you the most relevant ones in a fraction of a second? It feels like magic, but a big part of the original "secret sauce" is a brilliant application of a mathematical concept called a Markov chain. This is the core idea behind Google's famous PageRank algorithm. Let's break down how it works. Meet the "Random Surfer" To understand PageRank, imagine a person—let's call them the "random surfer"—who just clicks on links aimlessly. They start on a random webpage and follow a simple rule: they click on any link on that page with equal probability. When they get to the next page, they do the same thing, and so on, forever. This process is a perfect example of a Markov chain. A Markov chain is a mathematical model that

There is More to Software Than Just Making it Work

“I hired a software development company from India. They outbide all the US based companies I contacted and offered developers at a cheap price.Two years later they are still working on my systems. The number of hours I been billed is staggering and the system is buggy and barely usable.” The above quote is a real customer that ended up at our office. At Inverted software we know and have seen this all too often. Cheap is always more expensive. We don’t just make software work; we make it shine! The art of writing quality software is something we have been practicing successfully since 2001 and during this time, have acquired hundreds of customers that understand the Inverted Software difference. So what makes good software? What differentiate truly

The Soft Science of Being a Part of a Team

"Talent wins games, but teamwork and intelligence win championships." – Michael Jordan You often hear the term “team player”, but what does it really mean? Teams can achieve magnificent things if everyone on the team is working towards the same goals, or they can fail miserably when team members are divided.Starting with the smallest family unit or military squad and ending with your company, great teamwork is the basis for success. What do great teams all have in common? What makes them so special? Here are 5 things great teams do extremely well and that you can start implementing in your team today. Listen to each other Great teams value each member of the team and listen to what they have to say. From new ideas to better ways of implementing p

How to Think Like a Decision-Making Ninja

We've all been there. Staring at a to-do list that stretches to infinity, feeling overwhelmed by the sheer volume of tasks, and wondering how we'll ever get it all done. The truth is, we probably won't get it all done, and that's perfectly okay. Because hidden within that mountain of obligations lies a powerful secret: the 80/20 rule, also known as the Pareto Principle. This principle, once understood and applied, can revolutionize your productivity, your decision-making, and ultimately, your life. It's not about working harder; it's about working smarter. This article is your guide to doing just that. Part 1: The 80/20 Rule – Your Secret Weapon for Maximum Impact What is the 80/20 Rule, Really? The 80/20 rule, in its simplest form, states that roughly 80% of your results come fro

I am a CTO Here are my 4 Hacks to Make Your Company love You

As a chief technology officer (CTO), I am responsible for leading the development and implementation of innovative solutions that drive our organization's growth and success. However, I cannot do this alone. I rely on a team of talented and motivated professionals who share my vision and passion for excellence. That is why human capital and talent strategy are essential aspects of my role as a CTO. In this post I am going to try and give you my 4 essential hacks to make your organization as sucessful as in can be. Human Capital and Talent Strategy Human capital refers to the collective skills, knowledge, abilities and potential of our employees. Talent strategy is the process of aligning our human capital with our organizational goals and objectives, ensuring that we have the right peop

The Inverted Software DataBlock Quick Start Tutorial

The Inverted Software DateBlock has been recently enhanced, so I thought I would take the opportunity to write a short quick start tutorial that would help you get started with incorporating it into your application:Getting objectsCRUDHelper.GetObject<Category>(() => new Category(), "GetCategory", mainConnectionString, new SqlParameter("@categoryCode", SqlDbType.VarChar, 200) { Value = "myValue" }); Getting collectionsCRUDHelper.GetObjectList<Category>(() => new Category(), "GetCategories", mainConnectionString); For a paged list use:CRUDHelper.GetObjectList<Category>(() => new Category(), 0, 10, "GetCategories", mainConnectionString, out virtualTotal); Getting parent child collectionsIf you use a single stored procedure to retrieve parent / child objects you

Use TcpClient with SslStream to request an HTTPS URL (And add your own headers!)

You can use a Socket to request any http URL on the web just by sending your own HTTP formatted request, but what about https URLs?To programmatically request a secure URL over SSL we will need to use an SslStream stream and negotiate the exchange od certificates.First lets construct the request we will be sending to the remote server over port 443.string host = "www.76psychics.com"; string path = "/Psychic/lucinda"; int port = 443; string request = "GET "+ path + " HTTP/1.1\r\nHost: " + host + "\r\n" + "Referer: Gal Ratner's Blog\r\n" + "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36&nb

Pagination in .NET Core / 5 / 6 MVC with Entity Framework Core

Pagination is useful with large results sets. There are plenty of solutions out there to create next and previous buttons, but I couldn’t find anything that creates a nice Bootstrap paginator so I just wrote my own:To use it first add a The PaginatedList class to your code. This is a Modified version of the one found on MSDN.using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; using Microsoft.EntityFrameworkCore; namespace Messages.Utilities { public class PaginatedList<T> : List<T> { public int PageIndex { get; private set; }

Record Your Webcam with HTML5 and Javascript

If you ever wanted to record your webcam without any special plug in or software, HTML5 has MediaRecorder built in functionality.Its pretty simple:First you need to request access to the the user's camera and microphone:navigator.mediaDevices.getUserMedia({ audio: true, video: true }).then(startPreview); Then set a preview stream to your own video element:player.srcObject = stream; and start a MediaRecorder with the same stream using your desired encoding - as long as your browser supports it:if (MediaRecorder.isTypeSupported('video/webm;codecs=vp9')) { options = { mimeType: 'video/webm; codecs=vp9' }; } else if (MediaRecorder.isTypeSupported('video/webm;codecs=vp8')) { options

Logging To a File or Database in .NET Core and ASP.NET Core

NET Core’s architecture supports a logging API that works with a variety of built-in and third-party logging providers. This article will explore using a provider in order to log into a file or a database.The default Logging Providers included in .NET Core are:ConsoleDebugEventSourceEventLog (only when running on Windows)Which only partially cover most logging use cases.By adding PLogger from Inverted Software, you can add file and database logging capability to your application.To add PLogger, add the following Nuget Package.Once the package is added, change your CreateHostBuilder method to something like this:public static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args) .ConfigureLogging((hostingContext, logging)

Record Movies with Java Media Framework (JMF)

While I was writing my own instant messenger using JMF (Java Media Framework), I had to figure out solutions to many challenging obstacles.The most difficult aspect of recording a movie from a webcam was making sure the proper ingredients were put in the correct order.Through my experience, I gained a higher level of mastery of JMF.If anyone is learning or exploring JMF, this tutorial will improve his or her working knowledge of the framework.To begin, JMF is Sun's API for processing audio, video, and other time-based media. This is an optional package and can be downloaded from java.sun.com.In this tutorial, we are going to learn how to utilize JMF in order to record movies captured by a webcam connected to your computer.Streaming MediaStreaming Media, or time-based media, is a term used