I'm not a tease so here it is, tested with what's currently available as of this post. Following the previous post, you now have Kudu so it's time to use it!  

Go ahead and create a new app in kudu-admin.
Notice that the Application URL isn't bound to localhost on a port, I removed the binding but remember the port as we'll need it later.

Now to get the Azure Functions host/runtime, naming things is hard so we'll assume FunctionsInProc8.4.839.400.zip means In-Process v4 using .NET 8 LTS. I also tested the non-in-proc version and it did work, note all my testing was x64.
Extract the zip file as we'll be using the contents of the 64Bit folder.

First we need to set some user environment variables.
Who is the user? Your app is the user. Remember everything runs in the context of your application pool.

Go to your app's Service/Kudu/SCM url, using the Kudu debug console run the following in the command prompt.

setx AZURE_FUNCTIONS_ENVIRONMENT Development
setx FUNCTIONS_WORKER_RUNTIME dotnet
setx AzureWebJobsScriptRoot %home%\site\wwwroot

Then stop & start your app's application pool.

I won't be explaining everything about Web Jobs, better docs exist.
We just need to create one continous job which requires 2 files, that will start our Azure Functions host.

settings.job

{
    "is_in_place": true,
    "is_singleton": true
}

run.cmd

call .\Microsoft.Azure.WebJobs.Script.WebHost.exe --urls "http://localhost:{Application URL ORIGINAL PORT we unbound}"

Your app's site dir should have a structure like below, I redacted the other files but don't remove them.

C:\kudu\apps\wtfunc\site
├───deployments
├───jobs
│   └───continuous
│       └───FunctionsInProc8.4.839.400
│           │   Microsoft.Azure.WebJobs.Script.WebHost.exe
│           │   run.cmd
│           │   settings.job
├───locks
└───wwwroot
    │   hostingstart.html

Kudu will pick up the job & start the Azure Functions host.

You can now go to http://localhost:{Application URL ORIGINAL PORT} but we still need to point the new Application URL hostname to the Azure Functions host.

To do this, we'll be using the IIS URL Rewrite Module with Application Request Routing for a simple web.config to act as a reverse proxy.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <location path="" allowOverride="false">
        <system.webServer>
            <handlers>
                <clear />
            </handlers>
            <rewrite>
                <rules>
                    <rule name="ReverseProxyInboundRule" enabled="true" stopProcessing="true">
                        <match url="(.*)" />
                        <conditions>
                            <add input="{CACHE_URL}" pattern="^(https?)://" />
                        </conditions>
                        <action type="Rewrite" url="http://localhost:YOUR_HOST_POST/{R:1}" />
                    </rule>
                </rules>
            </rewrite>
        </system.webServer>
    </location>
</configuration>

Note the clearing of the handlers. The Azure Functions host should be executing binaries not your app's site. You can also create a new app pool for your app's site aspect with the .NET CLR version set to No Managed code
You can remove hostingstart.html from wwwroot so that web.config is the only file. Deployment is the same as Azure, you'll have a structure like below.

C:\kudu\apps\wtfunc\site\wwwroot
│   host.json
│   web.config
└───TestHttp
        function.json
        run.csx

or

C:\kudu\apps\wtfunc\site\wwwroot
│   extensions.csproj
│   host.json
│   web.config
├───bin
│       Aliencube.AzureFunctions.Extensions.Configuration.AppSettings.dll
│       Aliencube.AzureFunctions.Extensions.OpenApi.Core.dll
│       Aliencube.AzureFunctions.Extensions.OpenApi.dll
├───HelloWorld
│       function.json
│       function.proj
│       project.assets.json
│       run.csx
│
├───RenderSwaggerUI
│       function.json
│       function.proj
│       project.assets.json
│       run.csx
│
├───Shared
│       IOpenApiHttpTriggerContext.csx
│       JsonContentResult.csx
│       SwaggerGen.csx
│       SwaggerLoad.csx
│
└───Swagger
        function.json
        function.proj
        project.assets.json
        run.csx

That's it, your're good to go! My code examples are on GitHub. If you have issues, logs are in the data dir i.e. C:\kudu\apps\wtfunc\data.

Lastly my soapbox diatribe.
I wish MS invested 1/10th of what they did for co-pilot into C# scripting, csx is a different form of expression that allows you to be creative when solving dynamic problems.
Functions + csx align with the words of Dijkstra "The purpose of abstracting is not to be vague, but to create a new semantic level in which one can be absolutely precise."

Once upon a time before Functions, we had Web Jobs on Azure App Services and the 'engine' behind it was Kudu. I originally planned to detail this out last year but with the project now archived by MS it was now or never.

Kudu is not dead, the repo and Azure were never like for like. The addition of support for Linux & containers, means it's evolving. On Windows it was truly a showcase for the capabilities of IIS.

Now for the disclaimer. Kudu was built to support Azure PaaS and work within the Azure App Service's sandbox so somethings may not work without tweaking or never work such as RUN FROM PACKAGE/ZIP which I wish came to IIS as my anecdotal observation is that the read-only aspect provides a perf improvement across tech stacks & platforms.

One of Kudu's initial developers, David Ebbo did a post on running Kudu locally. The other David Fowler, needs no introduction.
The gist is you need Node.js & Git on the Windows instance where Kudu is going to be deployed.

The next step is to clone the repo & build it, but if you're lazy and run random things from random people, I've already done it for you. You do you boo.
Now we have to create the folders for Kudu, you can customise the path but we are just going with the defaults.

C:\kudu\apps
C:\kudu\Kudu.Services.Web
C:\kudu\wwwroot
Assign IIS_IUSRS full control for C:\kudu\

From the S100 archive copy the contents from:
\KuduWeb to C:\kudu\wwwroot
\SiteExtensions\Kudu to C:\kudu\Kudu.Services.Web
The apps dir is where new sites will be created.
You should have a structure like

C:\kudu
├───apps
├───Kudu.Services.Web
│   │   commit.txt
│   │   Default.cshtml
│   │   Env.cshtml
│   │   favicon.ico
│   │   package-lock.json
│   │   package.json
│   │   scmApplicationHost.xdt
│   │   updateNodeModules.cmd
│   │   Web.config
│   │   WebHooks.cshtml
│   │   _Layout.cshtml
│   ├───bin
│   ├───Content
│   ├───DebugConsole
│   ├───Detectors
│   ├───node_modules
│   ├───ProcessExplorer
│   ├───SiteExtensions
│   ├───Support
│   └───ZipDeployUI
└───wwwroot
    │   Global.asax
    │   packages.config
    │   Web.config
    ├───App_Data
    ├───bin
    ├───Content
    ├───fonts
    ├───images
    ├───Scripts
    └───Views

The script for updateNodeModules.cmd which will create the node_modules dir under Kudu.Services.Web

@echo off
setlocal enabledelayedexpansion

pushd %1

set attempts=5
set counter=0

:retry
set /a counter+=1
echo Attempt %counter% out of %attempts%

cmd /c npm install https://github.com/projectkudu/KuduScript/tarball/aadbe2bd33543483dd9659d35fc591a992e7aa6f
IF %ERRORLEVEL% NEQ 0 goto error

goto end

:error
if %counter% GEQ %attempts% goto :lastError
goto retry

:lastError
popd
echo An error has occurred during npm install.
exit /b 1

:end
popd
echo Finished successfully.
exit /b 0

Now to tweak the web.config files. You can read the wiki to know what these configs do as they're not there by default

C:\kudu\Kudu.Services.Web\web.config

  <appSettings>
    <add key="SCM_SKIP_SSL_VALIDATION" value="1" />
    <add key="SCM_TRACE_LEVEL" value="4" />
    <add key="SCM_NO_REPOSITORY" value="1" />
    <add key="SCM_DO_BUILD_DURING_DEPLOYMENT" value="0" />
    <add key="WEBSITE_DISABLE_SCM_SEPARATION" value="1" /> 
    <add key="WEBJOBS_HISTORY_SIZE" value="100" /> 
    
    <add key="webpages:Version" value="3.0.0.0" />
    <add key="webpages:Enabled" value="true" />
    <add key="webactivator:assembliesToScan" value="Kudu.Services.Web" />
  </appSettings>

C:\kudu\wwwroot\web.config

  <kudu.management enableCustomHostNames="true">
    <serviceSite path="..\Kudu.Services.Web" />
    <applications path="..\apps" />

Time to create Kudu's admin app pool in IIS.
Note the identity is LocalSystem and recycling has been 'disabled' so that aspects like Web Jobs can run without issues based on your cron config.

After the app pool is created, we need to create the website.
The physical path being C:\kudu\wwwroot, you can bind a random port on localhost

Afterwards we can browse to kudu-admin to create an app.

Kudu when creating an app will create the website and the scm aspect.
website => contoso.azurewebsites.net
website kudu => contoso.scm.azurewebsites.net
These settings such as site bindings(DNS) if added will reflect in IIS Manager.

website

website-scm(Kudu)

Apps are created using ApplicationPoolIdentity. Now the choice is yours, if you don't want the typical features of Kudu like access to the file system to drag & drop files, executing commandline/powershell scripts etc. Then you're good to go otherwise hence the creation of the 'admin' app. The app pool just needs to be set to kudu-admin which we initally created with LocalSystem privileges.
Remember Kudu has no authentication or authorisation, that's handled by the Azure layer in-front of it.

The debug console is awesome but if the clicking is too much, you can quickly navigate the virtual file system by using the console in your browser's dev tools.

var v = viewModel.selected();
v.href = 'https://scm-kudu.local/api/vfs/SystemDrive/Windows/system32/drivers/etc/';
updateSelectedAndNotifyCommandLine(v);

Site extensions also work. Like if you have the iis-node module enabled, you can use something like the Monaco Editor. Since that's not publically available I can't share it so just download the source from your Azure Web App & you'll figure it out.

And yes, since Functions are an evolution of Web Jobs, they can also be run outside of Azure but that's a post for another time.

Starting with iOS 16.3 & iPadOS 16.3 comes support for Security Keys for Apple ID, the gist is you will need two keys to get started.

Weirdly my one key was treated like an HID input device so I had to toggle the on-screen keyboard to input the PIN.

I don't normally keep up with news from WWDC, neither does Apple normally release technology for web developers. If you use DuckDuckGo then you're probably familiar with MapKit JS, the feature set available covers the needs of most.
If you do NOT already have access to the Apple Developer Program, this post is probably not for you.

When compared to Google Maps or HERE WeGo(HERE Maps), Apple's take on this is quite refreshing.
MapKit JS provides for free:

• 250,000 map views
• 25,000 service calls
• 25,000 Snapshots unique requests

These limits are PER day!

Similar to unlimited OneDrive storage, when you get close to the limit, you can request your limits be increased.

Apple emphasises on the web, the setup is simple.
You craft a JWT like so

Sign the JWT with your private key, pass it to the MapKit JS library which bootstaps everything and retrieves an access token.

Adam Russell has a detailed post on how to get that setup on ASP.NET Core.

If you want to generate snapshot urls or reverse geocode on the backend then you'll find Apple's documentation sparse on the required endpoints and how to use them.
I have a basic C# project on GitHub as an example of performing such tasks with those undocumented endpoints.

When compared to Azure Blob Storage, SharePoint/OneDrive for Business is much more cost effective, but it is important to note I am NOT doing a 1:1 on the features offered. You might want a fixed cost for the storing/accessing data or the sharing abilities of SharePoint or the sync features of OneDrive, for whichever reason Microsoft 365 Business makes sense.

You can even try it out for free, by joining the Microsoft 365 Developer Program.
You get a Microsoft 365 E5 developer subscription, with

25 user licenses for development purposes
Access core Microsoft 365 workloads and capabilities (Windows not included), including:
All Office 365 apps including SharePoint, OneDrive, Outlook/Exchange, Teams, Planner, Word, Excel, PowerPoint, and more
Office 365 Advanced Threat Protection
Advanced analytics with Power BI
Enterprise Mobility + Security (EMS) for compliance and information protection
Azure Active Directory for building advanced identity and access management solutions

Before you can play around with the Microsoft Graph, you need to register an App under your tenant. To set this up, go to https://portal.azure.com/
Browse to Azure Active Directory, click on the App registrations blade then click on New registration.
For Redirect Uri use https://localhost:8080/

After creating your app, click on the API permissions blade then click on Add a permission, select Microsoft Graph then choose Application permissions. In this example, tick Group.ReadWrite.All.

Next click Grant admin consent.

Now click on the Certificates & secrets blade then click on New client secret and add a secret.

That is about it! If you want an example of implementing the API to upload and download files, I have a basic C# project on GitHub.

If you're unsure what permissions are required by each endpoint, I suggest using the Microsoft Graph Explorer to find out.

WARP is a VPN solution from Cloudflare built on the WireGuard protocol. Its goal to keep your internet experience private, secure, fast and reliable.

It's free to use on Android and iOS, the premium version WARP+ is powered by Argo Smart Routing. Let's set it up on Windows.

Creating a WARP Account

If you have a rooted Android device, awesome. If not download MEmu. This is the easiest emulator to get going that's rooted with Google Play Services. Trust me, I wasted a lot of time trying the others.

Download the 1.1.1.1 app and follow the prompts, at this point I recommend signing up for WARP+ at R30 a month.

Once you have your account, copy the com.cloudflare.onedotonedotonedotone folder to your PC, here's a guide on how to do this.

Once you have the folder, in the shared_prefs directory, com.cloudflare.onedotonedotonedotonepreferences.xml is the file you're after. This has your account details, with it you can use any WireGuard VPN Client.

WireGuard VPN Client

If you made it here, so far so good. I use TunSafe as my client. You'll need to provide a config file, here's an example based on the values from the XML.

Multi-Device Use

In the last two weeks or with the app update to v5, Cloudflare introduced the account ability to link your profile with 5 devices. This is done with the use of a license key, it's cross platform so you can mix Android and iOS.

If you're like me and have had WARP+ for a while and now you're wondering how do you get your license key? Simple, there's an API for that, replace {value} with your values from that same original XML file.

GET /v0a833/reg/{warp_registration_id} HTTP/1.1
Host: api.cloudflareclient.com
Authorization: Bearer {warp_token}
Content-Type: application/json; charset=UTF-8
User-Agent: okhttp/3.12.1
Content-Type: application/json

You'll get a response similar to this.

When Windows gives you Linux binaries

MTR

Host                               Loss%   Snt   Last    Avg   Best  Wrst  StDev

Non-WARP+
1. LIONEL-YOGA920 (172.29.16.1)    0.0%    25     0.4    0.5     0.3   1.4   0.2
2. 192.168.8.1 (192.168.8.1)       0.0%    25     3.1    3.9     2.3  11.0   2.2
3. ???
4. 105-187-234-178.telkomsa.net    0.0%    25    31.2   22.7    14.9  33.5   6.1
5. 105-187-253-58.telkomsa.net     0.0%    25    17.4   18.8    15.1  25.7   2.9
6. 105-187-234-93.telkomsa.net     0.0%    25    22.7   22.5    17.8  43.2   6.0
7. rrba-os-cer-1-wan.osnet.co.za   0.0%    25    19.7   24.3    17.9  39.4   6.3
8. 10.189.30.6 (10.189.30.6)       0.0%    25   227.0  226.6   217.0 237.7   5.1
9. (149.14.126.225)                5.3%    25   223.6  225.8   213.9 235.0   5.7
10. mei-b3-link.telia.net          5.3%    25   238.8  232.0   219.3 264.5  11.8
11. ffm-bb2-link.telia.net         5.3%    25   254.4  247.4   242.0 262.7   5.3
12. ffm-b1-link.telia.net          0.0%    25   260.7  248.1   232.6 272.7   9.0
13. (62.115.182.171)               0.0%    25   247.8  252.7   237.7 296.2  14.1
14. ???
15. ???
16. ams.github.com (140.82.118.4)  0.0%    25   248.2  253.8   243.2 276.4   8.2

 
WARP+ 
1. LIONEL-YOGA920 (172.29.16.1)    0.0%    25     0.4    0.4     0.2   0.7   0.1
2. 172.16.0.1 (172.16.0.1)         0.0%    25    26.4   32.1    16.7  79.6  13.1
3. 197.234.241.1 (197.234.241.1)   0.0%    25    25.9   32.5    19.1  86.5  14.2
4. 105.22.32.217 (105.22.32.217)   0.0%    25    17.8   43.2    15.5 115.8  23.6
5. 105.16.28.1 (105.16.28.1)       0.0%    25   190.0  193.2   178.1 221.0  11.0
6. 105.16.10.214 (105.16.10.214)   0.0%    25   198.2  191.9   176.4 209.8   6.8
7. 105.16.14.189 (105.16.14.189)   0.0%    25   179.8  188.2   177.9 203.7   6.8
8. 105.16.33.253 (105.16.33.253)   0.0%    25   183.8  188.7   176.2 241.2  14.6
9. 92.60.248.233 (92.60.248.233)   0.0%    25   177.8  191.8   177.8 269.4  20.3
10. 89.149.184.33 (89.149.184.33)  0.0%    25   200.7  216.4   190.6 306.0  37.0
11. 87.119.94.70 (87.119.94.70)    0.0%    25   212.7  225.3   201.0 349.8  36.3
12. ???
13. ???
14. 140.82.118.3 (140.82.118.3)    0.0%    25   204.9  208.9   195.5 250.6  12.9

Also good old Speedtest.

ReSharper Command Line Tools is a set of free cross-platform standalone tools that help you integrate automatic code quality analysis into your CI, version control or any other server.

The Command Line Tools package includes the following tools:

• InspectCode, which executes hundreds of ReSharper code inspections
• DupFinder, which detects duplicated code in the whole solution or narrower scope
• CleanupCode, which instantly eliminates code style violations and ensures a uniform code base

I'll only be covering InspectCode and DupFinder,  I had some issues with the latest version (2019.3) so I'm using 2019.2.4

For this guide, we're using a basic build pipeline running on a hosted agent.
The tasks include:

• Fetching code from the Git repo
• Restoring dependencies with Nuget
• Fetching the ReSharper CLT and invoking it with PowerShell
• Publishing the outputs

PowerShell Tasks

The tasks below are guidelines, adapt to your needs/context.

Fetching the ReSharper Command Line Tools

You can store the ReSharper CLT wherever you wish. Your repo, Azure Blob Storage but for this example I used GitHub.

Downloading the repo as a zip file is easy enough.

Invoke-WebRequest "https://github.com/dalion619/jetbrains-resharper-clt/archive/master.zip" -OutFile ".\jb-clt.zip"

Then extracting it into the current working directory.

Expand-Archive ".\jb-clt.zip" -DestinationPath ".\" -Force

The end result being.

$Env:BUILD_SOURCESDIRECTORY\jetbrains-resharper-clt-master\

I wrote a bad PowerShell script to help to with invoking DupFinder and InspectCode.
It takes 3 parameters:

• $SolutionFilePath, path to solution file. This is required.
• $OutputDirPath, path to directory for saving the reports.
  Default value = '..\output'
• $ExcludedExtensions, comma-separated values of the file extensions to exclude from analysis.
  Default value ='js,css'

Exclusions work with a DotSettings file, which is a ReSharper/Rider file but the script will create it for you.

Invoking DupFinder and InspectCode

The important part here is, setting the working directory because we're using relative paths.

.\jetbrains-resharper-clt-master\

Calling Publish-DupFinder-Analysis or Publish-InspectCode-Analysis will create the respective analysis report.

By default the reports are created in XML, but I modified the XSLT templates to include some Bulma CSS so the HTML versions look nicer.

You then can go upload the reports as an Artifact or upload them to Azure Blob Storage.

Authentication can have multiple factors, commonly referred to as Multi-Factor Authentication (MFA), the common factors are:

• Knowledge: Something you know - password
• Possession: Something you have - security token generator (device)
• Inherence: Something you are - fingerprint (biometric)

Two-step verification (2SV) is an approach of having a secondary step in confirming who you are, when the secondary method is one of the other factors then it is two-factor authentication (2FA). A code you receive via SMS isn't technically 2FA.

After that brief intro, 2FA still has some weak points like phishing. I won't be breaking down FIDO U2F, I'll skip to the evolved FIDO2 standard.
Fast IDentity Online is set of open and scalable standards for strong authentication developed by the FIDO alliance whose members include Microsoft and Yubico.

I'm not a fan of traveling but I have the privilege of having friends that do so I get my hands on tech that isn't easily available in South Africa. One of these endeavours lead to me, getting my hands on a Yubico Security Key.

With the release of Windows 10 version 1903, Windows Hello got FIDO2 certification. This means I can use FIDO2 based passwordless sign in with my Microsoft Account. Even better it's in public preview for Azure Active Directory.

Below is an example of using Windows Hello to sign in passwordless to a Microsoft Account.

To set this up, go to https://account.microsoft.com/security/

Click More security options and scroll to Windows Hello and security keys

You can manage your sign-in methods at https://account.live.com/proofs/fido/manage

Below is an example of using a security key to sign in passwordless to an Azure AD Account.

To set this up, go to https://portal.azure.com/
Browse to Azure Active Directory, click on the User Settings blade then click on Manage user feature preview settings

Choose selected users or all users in your directory and save.

Then browse to the Authentication methods blade, select the method either FIDO2 security key or Microsoft Authenticator passwordless sign-in, then choose select users or all and save.

Then head to https://myprofile.microsoft.com
Click Security Info and register your FIDO2 security key.

Note although you can use the Microsoft Authenticator app with many organisations, you can only enable the passwordless sign-in option with only one organisation to which your device is registered with.
With security keys you don't have any limitations. If you happen to lose it, nobody will know what services your key is associated with or be able to use it without the pin.

I haven't gone down the route of enabling security keys for Windows sign-in because I use Windows Hello, but if your devices are Azure AD joined with Windows 10 version 1809, you can easily set it up via Intune.

Overall using my fingerprint to sign-in feels more intuitive and seamless, using a security key feels more natural as you would a normal key in real life. Passwordless is easily a buzzword I can get behind and support.

Pi-hole® - Network-wide Ad Blocking

Basically Pi-hole® is an application that performs the function of being a DNS server and DHCP server if you wish for all the devices on your network. In the process it also aims to block network queries to domains in the categories of analytics, telemetry, advertisements and tracking.

The idea of trying it out had plagued me for a while, with Jeff Atwood, Scott Hanselman and Troy Hunt covering the basic setup on a Raspberry Pi.
But with a router that only serves two devices, my laptop and phone. I can't exactly call my home network sophisticated. So plan B was to use the office network, because the best testers are the ones that don't opt-in.

Although you can use a Raspberry Pi Zero, I felt safer having an actual ethernet port so I went ahead with a Raspberry Pi 3 Model B+ and 16GB microSD card for storage.

Following this great tutorial guide, my Pi-hole was up and running in under an hour.
I used the Raspbian Buster with desktop image without an issue. With the goal being a #BetterInternet I naturally chose Cloudflare as my upstream DNS provider,
1.1.1.1 is the fastest DNS resolver.

If you prefer a GUI like me, you probably prefer TeamViewer for remote access.
Here's a simply guide for setting it up on a Raspberry Pi.

If you can't set the DNS server on your router, then you set the Pi-hole to be your DHCP server to solve this. If you're not using Pi-hole as your DHCP server, you'll see IP addresses in the client column of your query log. If you are using Pi-hole as your DHCP server, you'll see the hostname of the device.

By default your Pi-hole will have the following blocklists.

https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
http://sysctl.org/cameleon/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://hosts-file.net/ad_servers.txt

I've added the following extra lists.

https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt
https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt
https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt
https://www.malwaredomainlist.com/hostslist/hosts.txt
https://someonewhocares.org/hosts/zero/hosts
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext&useip=0.0.0.0
https://raw.githubusercontent.com/mitchellkrogza/Badd-Boyz-Hosts/master/hosts
https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
https://raw.githubusercontent.com/azet12/KADhosts/master/KADhosts.txt
https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt
https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
https://raw.githubusercontent.com/uBlockOrigin/uAssets/master/filters/filters.txt
https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt

There are active communities on Reddit and Discourse. You can also find blocklists on GitHub.

After the Pi-hole is active, you'll notice websites load much faster because of the reduced bloat.

After some time you'll get a sense of the amount of queries going on in your network and the percentage being blocked. Smartphones tend to be the worst offenders with analytics integrated into apps that track every event.

You can also tweak things, it's super simply to whitelist and blacklist domains. Although the Pi-hole will cover most of your bases, for things like YouTube's video ads you'll need to rely on uBlock Origin.

This has been a fun worthwhile project but due to its low resource usage, just using a Raspberry Pi for running Pi-hole makes it very expensive so I recommend finding another secondary project like a YouTube content cache using Squid.