[Last Week in .NET #52] – TwinCVEs

Several Zero-Days, and some more pontificating on the future of Programming as it relates to CoPilot. It’s been a busy week, so let’s see what happened Last week in .NET:

๐Ÿงฑ Next-generation firewall capabilities with Azure Firewall Premium. Microsoft is literally charging a premium for better security. Not a great plan.

๐Ÿ”“ Let’s make Visual Studio even more accessible together This is a wonderful shift in focus, and I hope Visual Studio accessibility continues to improve.

๐Ÿ‘จ๐Ÿผโ€๐Ÿคโ€๐Ÿ‘จ๐ŸผCecil Philips and David Pine talk positional pattern matching in C# and how it works and true to the internet there’s at least two commenters who thinks they know better than the language creators.

๐ŸŒƒ๐ŸŽKevin Beaumont validates that Microsoft made the SAM database (user passwords) accessible to non-admin users on Windows 10 which is… problematic, to say the least. Kevin followed up with a blog post that goes deeper into how #HiveNightmare works.

I would like one week. Just one week where it doesn’t feel like the sky is falling in info-sec.

๐ŸŸฅ Speaking of the sky falling, Windows Hello bypassed using infrared image. We call it science fiction because it isn’t realistic — and that’s true: They put more effort into security than real life.

๐Ÿ•ต๏ธโ€โ™‚๏ธ DevSecAI: Github Copilot prone to writing security flaws Microsoft’s designs of monetizing CoPilot seem like it’s fading. The problem with artificial intelligence is that it mimics our own intelligence.

๐Ÿ—ƒ Jonathan Blow, creator of the Braid and The Witness, says Don’t use fopen() on Windows turns out there’s a bug when you do file stuff in multiple threads where file flushes don’t happen at predictable times.

๐Ÿ”ฎ Github Copilot: Fatally Flawed or the Future of Software Development? Yes.

โœŒ Ars technica writes: Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling Exploit #1 was the aforementioned SAM Database vulnerability; and the second is a vulnerability in the linux kernel, by creating, mounting, and deleting a deep directory structure with a total path length that exceeds 1GB and then opening and reading the /proc/self/mountinfo file.

๐Ÿ’ป๐Ÿซ The ML.NET Community standup happened last week, and they talked about ML.NET 1.6 and more.

๐Ÿ” Christo Matskas has a blog post out on how to Secure Open API (Swagger) calls with Azure Active Directory.

๐Ÿ˜ด Azure SDK Release (July 2021) and yes, the word Azure is in the title but not much else, which means it is definitely an azure blog post. The Azure SDK includes new App configuration settings, features for iOS in Azure Communication Services, and releases Azure Cosmos DB for Java, Azure Data Tables, and Azure Metrics Advisor for .NET, Java, JavaScript, and Python, and more. Yes. And more. I’m going to fall asleep if I have to type all these services out. So if you use the Azure SDK, check this post out — but pour yourself some coffee first.

๐Ÿ†˜ Miguel Ramos tweets that if you do Windows UI development, they’re going to want to know what you think.

๐Ÿ“ข Visual Studio 2019 16.10.4 has been released. This update includes several bug fixes and performance improvements, as usual.

๐Ÿพ There is a new System.Text.Json source generator in .NET 6. This allows you to have System.Text.JSON serialization classes auto-generated for you and results in more optimized serialization and deserialization.

๐Ÿ’โ€โ™‚๏ธ Github Policy releases Minimum Viable Governance: lightweight community structure to grow your FOSS projects. It’s a document that gives some… sensible defaults for open source project governance on Github.

๐Ÿšซ๐Ÿœ Michael Peรฑa (not that one) gave a talk to the Philippine .NET Users Group on the state of .NET on Mac OS and it’s well worth your time.

๐Ÿ“ƒLooking for the 20 best C# and .NET Blogs? Seb Nilsson has you covered. It’s my personal opinion that Eric Lippert’s blog is criminally underrated.

There is a self-reported Intuitive Gudie to Understanding Closures in C# and while I won’t pass judgement on ‘intuitive’, I will call it informational.

And that’s it for what happened Last Week in .NET.

Leave a Reply