Some of the projects I work on – notably V-Drum Explorer and At Your Service – use MIDI to interact with hardware devices.
I use a couple of packages for this depending on the nature of the interaction, but the one I use most often is managed-midi, which currently has its “source of truth” at https://github.com/atsushieno/managed-midi. This is a cross-platform library using the NuGet “bait-and-switch” approach to allow a single package with multiple implementations within it. Note that unlike the use of the term in commerce etc, “bait-and-switch” is not a derogatory term when it comes to NuGet packages. There’s no deception involved. (Do let me know if you have a more recent source of documentation for bait-and-switch; the current link is from 2014, back in the dark days of PCL.)
A few months ago, managed-midi stopped working properly on Windows 11 installations that were fully updated, due to aspects of Windows MIDI Services either changing or being introduced for the first time. (I haven’t dived into exactly what the change involved.) This
has broken other apps as well as the managed-midi library.
The author of managed-midi, Atsushi Eno, has accepted patches which I believe will fix the issue – but he doesn’t have any plans to work on the .NET stack any more, so it’s unlikely that there’ll be a new release of managed-midi without someone else getting involved. (Note: I’ve assumed he/him pronouns for Atsushi, but I’m happy to edit this blog post if that turns out to be wrong.)
And that’s where I’m possibly going to come in. This blog post is going to lay out my current plans and outline a few alternatives. This helps me just in terms of making my thoughts concrete, as well as providing an opportunity for feedback. (There’s no great way of getting feedback from all existing managed-midi users, but I’m hoping my readership can provide useful thoughts without necessarily having used the package directly.)
I’ve already created a fork of the repo, but just forking the repo itself doesn’t signify much. The big questions are whether I’m going to publish a fork of the code to NuGet, and what happens after that.
I should state up-front that I’ve been in touch with Atsushi on BlueSky, and he’s been very open and constructive. He’s happy for a wholesale fork to happen, and he’d then expect to effectively redirect traffic to the fork. This is in no way one of those community bust-ups we sometimes read about.
Now, I’m not going to claim I have huge amounts of time to take on another open source project. Right now, while I’m between jobs, I have more time than normal, but I’m hoping and expecting to be employed again soonish, at which point I naturally expect the new job to take most of my focus. I’d like to get the project into a state where it’s easy enough to update dependencies, publish new versions etc – but without spending a lot of time on new features etc.
Things get slightly difficult due to the current state of the project. It hasn’t been worked on very significantly for quite a while (just the first page of the commit history goes back to October 2019). To be really clear, I’m not in any way attacking Atsushi for this. I’ve got plenty of open source projects I haven’t updated for ages – I’m sure many of us have. I’m incredibly grateful to Atsushi for the updates that managed-midi has received over the years; it’s been a very valuable library to me. However, it does mean that the solution doesn’t even build for me after a simple clone.
For most public projects, I like having a “core” repo and then my own personal fork. For example, Noda Time has https://github.com/nodatime/nodatime, and I create branches within https://github.com/jskeet/nodatime for PRs. Given that there isn’t already a suitable GitHub organization, I plan to stick with just my fork in https://github.com/jskeet/managed-midi.
Several of the platforms being targeted are either out of date or at least being deprecated. I don’t like the idea of trying to maintain code that I can’t test, or which targets platforms or toolchains which are no longer supported. It’s really easy to get into that situation, trying to avoid breaking existing users.
But if I’m creating a new NuGet package anyway, I don’t have any existing users – even if the codebase itself is forked. Where there are platforms which are out of date, I’ll bump them to more recent versions. Where there are platforms which are no longer supported at all (or are already deprecated) I’ll drop them entirely – at least to start with.
At first glance, I think this means the following changes from the current targets:
Yes, this means dropping all mobile targets for now, as well as UWP/UAP. I may be able to provide mobile targets via MAUI in the future, but I need to investigate that further. I don’t know much about the UWP/UAP world, or the Windows App SDK and WinUI. Again, I may be able to support WinUI in the future; it depends on time more than anything else.
In terms of the implementations of IMidiAccess available, I’m expecting to keep ALSA, WinMM and CoreMidiApi (dropping the latter if I can’t easily test it on my Mac Mini) and drop UWP, RtMidiSharp and PortMidiSharp. The implementations I’m dropping all come with significant caveats about the level of testing etc. I can add them back in later on if there’s demand, along with a good way of testing them. (I’m okay with running manual tests, even limited ones that just run against my drum kit, but I don’t want to ship anything that I’ve never run at all.)
The current repository uses:
This will be a voyage of discovery of techniques I’ve never used, first understanding them at least as far as I need to, then modernizing where possible.
Currently the package is called managed-midi, but all the code is in namespaces rooted in Commons.Music.Midi. Some of the directory names don’t match namespaces (e.g. code for Commons.Music.Midi.Alsa is in a subdirectory called alsaseq).
Using shared projects quite possibly makes it hard/infeasible to make namespaces entirely match folder structure, but I’d like to do what I can here.
My current plan is to use the named ManagedMidi as both the namespace root and the NuGet package name.
Benefits:
Downsides:
Commons.Music.Midi, then migrating would probably be simpler.There are various obsolete parts of the public API, most notably IMidiAccess which is being replaced by IMidiAccess2, with (I believe) a plan to then effectively rename IMidiAccess2 to IMidiAccess. (IMidiAccess2 is just IMidiAccess with one extra member.)
My plan is to initially get everything working without changing code other than in terms of the namespace… but then I think it makes sense to remove all the obsolete members. At the moment we’re in a bit of an in-between state in terms of the public API, and I’d rather not do a full GA release in that state.
Which brings me on to…
The current latest version of managed-midi is 1.10.1. My plan is to effectively ignore the current versioning, given that it’s for a different package than the one I intend to release. While I could start my versioning at 1.11.0 or 2.0.0 (modulo prerelease signifiers) I think it’ll be less confusing to just treat it as a brand new package. I’m therefore intending to create releases of:
IMidiAccess which has the extra member currently in IMidiAccess2, and all the obsolete members will be removed)I’ll probably leave things in 1.0.0-beta.x for a while, as I expect it to take some time for current managed-midi users to migrate, and they’re bound to find issues that I haven’t found with my limited usage.
I’m not intending to revisit the whole public API or overall design as part of this process. If I find myself itching to do so, I’ll consider that for a v2.0 release, but I doubt that I’ll have enough time really. This is a perfectly good package which already works, so I’m trying to keep the changes to a minimum while taking the opportunity to create a v1.0 without obsolete members.
All of the above plans have alternatives, mostly fairly obvious ones. I could attempt to support the current set of target frameworks. I could avoid changing the namespace and/or package name. I could keep the obsolete members. I could continue the versioning scheme from where it was.
Most of these either create more work before I can first get to a release, or more technical debt (in the form of supporting deprecated platforms etc, or continuing with the obsolete members).
That said, there are arguments that could be made in favour of those alternatives, and I’d rather hear them now than after I’ve made an unfortunate choice.
I don’t know how typical this is of an open source fork event. I hope I’m doing the right thing by both Atsushi and the current users. Whether it’ll go smoothly or not is hard to tell ahead of time – there’s a lot about this (including MIDI itself) that I only have minimal experience of.
Please leave comments with any thoughts, particularly if you’re already a user of managed-midi.
AZURE ARCHITECTURE BLOG · 8 MIN READ
Author: Arturo Quiroga, Senior Partner Solutions Architect — Microsoft
Two months ago I published From Prompt to Production: Building Azure Architecture Diagrams with AI, introducing the open-source Azure Architecture Diagram Builder. The response was humbling — thousands of you read it, tried the tool, and filed issues and feature requests. A follow-up on how the Well-Architected Framework scoring works went deep on validation.
You asked, and the tool grew. This post is about what’s new since May — and one change big enough to reframe the whole project: the Azure Architecture Diagram Builder is no longer just an app you click. It’s a partner you chat with, and a tool other agents can call.
TL;DR. Three arcs of new capability: (1) Architecture Chat turns diagram design into a multi-turn conversation over the live canvas; (2) Blueprint Diagrams produce hand-drawn, whiteboard-style deliverables alongside the formal topology; and (3) the app now exposes its capabilities as a Model Context Protocol (MCP) server, so AI agents can generate, validate, cost, and render Azure architectures programmatically. Plus a 13-model fleet, deployment guides grounded in Microsoft Learn, and July output enhancements.
| Capability |
What it does |
|---|---|
| Architecture Chat |
Refine a diagram by conversation — “add Front Door with WAF,” then“now make it zone-redundant.” Each turn reads the live canvas and auto-saves to history. |
| Blueprint Diagrams (BETA) |
Hand-drawn, whiteboard-style renders with nested zones and numbered flow arrows. Topology, Blueprint, or Both. |
| A fleet of 13 models |
Multi-provider roster — GPT-5.x, DeepSeek, Grok, Mistral, and Kimi — with side-by-side comparison to pick the right brain per task. |
| MCP server |
The app is now a remote MCP server. Agents can list_services, validate_architecture, estimate_costs, generate_bicep and render_diagram with typed, structured outputs. |
| Microsoft Learn grounding |
Deployment guides now cite live Microsoft Learn documentation. |
| Output enhancements (July 2026) |
Cost badges, light/dark render themes, and metadata panels in rendered diagrams. |
The single most common request after the launch post was some version of “I love the first diagram, but I want to iterate without re-writing the whole prompt.” Regenerating from scratch every time you tweak a requirement is slow and loses context.
Architecture Chat solves this. It’s a conversational panel that sits alongside the canvas and treats your diagram as a living document. Each message is a turn in an ongoing design session:
Every turn reads the current state of the canvas — not the original prompt — so refinements compound naturally the way they would with a human architect at a whiteboard. The conversation auto-saves to history, so you can step back through the evolution of a design or branch from an earlier point.
Figure 1. Architecture Chat treats the diagram as a living document. Each message refines the current canvas — adding services, changing SKUs, or reorganizing groups — and the full exchange is saved to history.
The shift is subtle but important: architecture design stops being a one-shot prompt and becomes an iterative dialogue.
Formal topology diagrams with official Azure icons are perfect for documentation and stakeholder decks. But early-stage design conversations often want something looser — the hand-drawn feel of a whiteboard sketch that communicates intent without implying finality.
Blueprint Diagrams generate exactly that: a whiteboard-style render with nested zones (subscription → VNet → subnet), numbered flow arrows, and a deliberately sketchy aesthetic. You choose the output mode:
Figure 2. The same architecture in two visual languages. Left: the formal, icon-based topology. Right: Blueprint mode — a whiteboard-style render with nested zones and numbered flow steps, plus a numbered legend explaining each hop. Use Blueprint for early design conversations and Topology for final documentation.
It’s the same underlying architecture — two visual languages for two different moments in the design lifecycle.
The launch post shipped with multi-model support. That fleet has grown to 13 models across five providers, so you can match the model to the job — fast models for iteration, reasoning models for complex designs, code-optimized models for Bicep generation:
The Compare Models feature runs the same prompt through any subset of these in parallel and ranks them on service count, token usage, latency, and cost — with Fastest / Cheapest / Most Thorough badges — so you can make an evidence-based choice rather than a guess.
Figure 3. Multi-model comparison across the full 13-model fleet. Top: the results grid ranks every model on service count, connections, token usage, latency, and cost, with Fastest / Cheapest / Most Thorough badges. Bottom: an optional AI Critique uses a critic model to rank the outputs and explain each model’s strengths and gaps.
Adding a model is now a small, well-understood change — a testament to how the multi-provider abstraction has matured since May.
Here’s the change that reframes the project. Everything above is about a person using a web app. But the same capabilities — generating a diagram, validating it against WAF, estimating its cost, producing Bicep — are exactly the things an AI agent needs when it reasons about Azure architecture.
So we exposed them. The Azure Architecture Diagram Builder now runs as a Model Context Protocol (MCP) server. Any MCP-capable agent can call its tools with typed inputs and structured outputs:
| Tool |
What the agent gets |
|---|---|
list_services |
The catalog of supported Azure services and categories |
validate_architecture |
A WAF assessment with pillar scores and findings |
estimate_costs |
Multi-region cost estimates from the Azure Retail Prices API |
generate_bicep |
Infrastructure-as-Code templates for the design |
render_diagram |
A rendered diagram (topology or blueprint) of the architecture |
This means an agent can hold a conversation like “design a HIPAA-compliant platform, check it against the Well-Architected Framework, tell me the monthly cost in West Europe, and give me the Bicep” — and the Diagram Builder answers each part programmatically, returning structured data the agent can reason over and chain.
Figure 4. The Diagram Builder as an MCP server inside Microsoft Scout. Top: from a natural-language request, the agent calls the
render_diagramtool with structured parameters (title, format, direction, theme, region) and saves the returned SVG to its workspace. Bottom: the rendered architecture — grouped zones, labeled flows, and cost badges — appears inline in the conversation, generated entirely through agent tool calls.
The tool that started as a canvas for humans is now also a building block for agents. That’s the arc: from an app you click, to a partner you chat with, to a tool other agents call.
Two smaller-but-meaningful improvements round out the release:
Since the May launch, the Azure Architecture Diagram Builder has grown from a design tool into an agent-ready platform:
If you read the first post and tried the tool — thank you. The features above exist because you told me what you needed. Keep the feedback coming via GitHub Issues.
Tags: artificial intelligence · application · apps & devops · well architected · infrastructure
Keeping the UI thread free is always the best option. Unfortunately, there are situations where this is not entirely possible. Here’s a small progress spinner which keeps animating when the UI thread is busy.
This new alpha build has a quality of life improvement for the Move tools, support for CICP metadata, and good quality HDR->SDR tone mapping when opening HDR images with supported file types (including plugins).
You can read more about the CICP and HDR tone mapping support at https://x.com/rickbrewPDN/status/2072357433390047252 or https://bsky.app/profile/rickbrew.bsky.social/post/3mplx7ujotk2a
You can read more about 5.2 and what it includes by reading the release notes for the first alpha.
Change Log
Changes since 5.2 Alpha (build 9650):
Download and Install
This build is available via the built-in updater as long as you have opted-in to pre-release updates. From within Settings -> Updates, enable “Also check for pre-release (beta) versions of paint.net” and then click on the Check Now button. You can also use the links below to download an offline installer or portable ZIP.
You can also
download the installer here (for any supported CPU and OS), which is also where you can find downloads for offline installers, portable ZIPs, and deployable MSIs.
Hello Folks!
Welcome Back to AZ Update
A few years ago, Antony Bartolo and I launched a simple idea called AZ Update.
The goal was to provide a place where IT professionals could quickly understand what was changing in Azure, why it mattered, and what they should pay attention to next. The show became a weekly conversation focused on Azure news, infrastructure, operations, security, and the real-world impact of Microsoft's latest cloud updates.
Today, Azure is moving faster than ever.
Every week brings new services, platform capabilities, operational improvements, AI innovations, and architectural guidance. Keeping up is a full-time job. Most of us don't have time to read every blog post, release note, announcement, and documentation update.
That's why I'm bringing AZ Update back.
This time, as a weekly LinkedIn newsletter and this blog. To be completely transparent I am using an AI Agent to parse the update list for any in the last 7 days, filter for Infra/Ops content and research product docs and help with the draft. I do review content and write the post myself.
Each edition will cut through the noise and focus on what matters most for cloud architects, platform engineers, infrastructure teams, SREs, security professionals, and IT operators. I'll share the Azure announcements worth your attention, explain why they're important, highlight practical implications, and point you to the resources that can help you go deeper.
Just a concise weekly briefing from one ITPro to another.
If your day-to-day involves building, operating, securing, or modernizing infrastructure in Azure, Azure Arc, AKS, hybrid environments, or the growing world of AI-powered operations, this newsletter is for you.
Welcome to the next chapter of AZ Update.
This week’s Azure infrastructure updates bring practical operational gains for security, platform reliability, disaster recovery, and identity-driven access control. Here is a detailed ITPro breakdown with implementation guidance you can use in production planning.
Network Security Perimeter for Event Hubs changes how ITPros enforce connectivity boundaries around mission-critical event pipelines. Instead of depending only on isolated firewall rules per namespace, you can apply perimeter-aware controls that are easier to govern consistently across multiple services.
From an operations perspective, this is a service-level hardening improvement. It helps reduce accidental exposure and supports better audit conversations when security teams ask for clear evidence of allowed and denied paths.
The operational value is stronger day-two control. You can standardise network access policy patterns for producer and consumer applications, reduce policy drift, and simplify incident investigations when unexpected traffic appears.
For production rollout, validate all dependencies first: private endpoints, DNS resolution, trusted service exceptions, managed identities, and cross-subscription network paths.
Use the following sequence when validating that perimeter onboarding did not break data plane operations. The first command confirms your active Azure context, the second verifies endpoint reachability, and the third validates Event Hub metadata retrieval.
Run this safely in a test window before production enforcement. If connectivity and control-plane checks pass in test, repeat with production namespace read-only checks before enabling stricter policies.
az account show --output table Test-NetConnection <namespace>.servicebus.windows.net -Port 5671 az eventhubs eventhub show --resource-group <rg> --namespace-name <namespace> --name <eventhub> --output tableExpected outcome: TCP probe to port 5671 succeeds, and Event Hub metadata query returns without auth or network timeout errors. If probe fails, check DNS, NSGs, route tables, private endpoint linkage, and perimeter rule assignment scope.
Confidential Computing support for Event Hubs Dedicated matters when ITPros operate regulated or high-sensitivity event streams. It extends protection expectations beyond encryption at rest and in transit, into stronger assurances during processing.
Compared with older architectures, this reduces the need for some compensating controls and helps security and operations teams align on platform-native protections for streaming workloads.
Operationally, this strengthens trust boundaries for event ingestion platforms that feed analytics, SIEM, and business-critical automation. It also improves evidence posture for compliance reviews where data handling controls must be demonstrated end to end.
Before rollout, validate throughput impact, partition behaviour, client compatibility, and observability baselines so confidentiality controls do not create unexpected SLO regressions.
This validation example confirms namespace details and metrics health so you can compare baseline vs post-change behaviour. The metrics query focuses on ingestion, egress, and throttling signals that commonly surface operational risk first.
Run with a least-privileged operations identity that can read namespace configuration and metrics. Avoid making unrelated changes while collecting baseline evidence.
az eventhubs namespace show --resource-group <rg> --name <namespace> --output jsonc az monitor metrics list --resource /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.EventHub/namespaces/<namespace> --metric IncomingMessages OutgoingMessages ThrottledRequests --interval PT5M az account show --query user.name -o tsvExpected outcome: namespace query succeeds, metrics return consistently, and no abnormal throttling spike appears after control changes. If results diverge, review dedicated capacity planning, partition strategy, RBAC scope, and workload profile fidelity.
Higher churn support in Azure Site Recovery is directly relevant for ITPros protecting write-intensive systems. It expands what can be replicated reliably, reducing DR exceptions for fast-changing workloads.
Compared with the previous operational envelope, this gives more room for modern transactional applications while still requiring disciplined capacity and replication health management.
Operational value is improved DR coverage and better alignment between production write behaviour and recovery plans. Teams can protect more workloads without bespoke workaround architecture.
For production rollout, validate process server sizing, bandwidth headroom, cache storage performance, and sustained replication lag during peak change windows.
These commands are relevant for validating actual recovery readiness instead of configuration-only status. They expose protected item health and support controlled failover rehearsal.
Use a non-production network for test failover and document outputs so operations and business continuity stakeholders share the same readiness evidence.
az site-recovery fabric list --resource-group <rg> --vault-name <vault> -o table az site-recovery protected-item list --resource-group <rg> --vault-name <vault> --fabric-name <fabric> --protection-container <container> -o table az site-recovery recovery-plan test-failover --resource-group <rg> --vault-name <vault> --name <recoveryPlan> --network-id <testNetworkId>Expected outcome: protected items remain healthy, lag remains within target, and test failover completes without consistency errors. If failures occur, inspect connectivity, process server capacity, cache throughput, and policy mappings.
This launch modernises SFTP access for Azure Blob Storage by bringing identity control closer to Microsoft Entra. ITPros gain stronger governance options than local-account-only models for many enterprise scenarios.
Operationally, the key change is identity lifecycle alignment: provisioning, review, and revocation can be managed with central identity processes instead of fragmented local credentials.
The value is reduced credential sprawl, better auditability, and clearer access accountability across teams and external partners exchanging files over SFTP.
Before production, validate client compatibility, RBAC scope, network restrictions, access review cadence, and emergency break-glass procedures.
This sequence verifies account capability and role assignment posture before user acceptance testing. It is useful for catching scope mistakes that often cause authentication-success/data-access-failure patterns.
Run safely by using a dedicated test identity and non-production storage account first; then repeat read-only validation in production before broad enablement.
az storage account show --name <storageAccount> --resource-group <rg> --query "{name:name,isSftpEnabled:isSftpEnabled,allowBlobPublicAccess:allowBlobPublicAccess}" -o jsonc az role assignment list --assignee <principalObjectId> --scope /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Storage/storageAccounts/<storageAccount> -o table az account show --query user.name -o tsvExpected outcome: SFTP capability is enabled, expected role assignments are present, and test identity can perform allowed operations only. If sign-in works but file actions fail, inspect RBAC propagation delay, ACL/permission scope, and storage network restrictions.
If you are planning adoption, start with one workload per update area, collect operational evidence, and standardise the validated pattern in your runbooks and IaC modules. That approach keeps change safe while accelerating delivery.
Cheers!
Pierre