Several Zero-Days, and some more pontificating on the future of Programming as it relates to CoPilot. It’s been a busy week, so let’s see what happened Last week in .NET:
🧱 Next-generation firewall capabilities with Azure Firewall Premium. Microsoft is literally charging a premium for better security. Not a great plan.
🔓 Let’s make Visual Studio even more accessible together This is a wonderful shift in focus, and I hope Visual Studio accessibility continues to improve.
👨🏼🤝👨🏼Cecil Philips and David Pine talk positional pattern matching in C# and how it works and true to the internet there’s at least two commenters who thinks they know better than the language creators.
🌃🐎Kevin Beaumont validates that Microsoft made the SAM database (user passwords) accessible to non-admin users on Windows 10 which is… problematic, to say the least. Kevin followed up with a blog post that goes deeper into how #HiveNightmare works.
I would like one week. Just one week where it doesn’t feel like the sky is falling in info-sec.
🟥 Speaking of the sky falling, Windows Hello bypassed using infrared image. We call it science fiction because it isn’t realistic — and that’s true: They put more effort into security than real life.
🕵️♂️ DevSecAI: Github Copilot prone to writing security flaws Microsoft’s designs of monetizing CoPilot seem like it’s fading. The problem with artificial intelligence is that it mimics our own intelligence.
🗃 Jonathan Blow, creator of the Braid and The Witness, says Don’t use fopen() on Windows turns out there’s a bug when you do file stuff in multiple threads where file flushes don’t happen at predictable times.
🔮 Github Copilot: Fatally Flawed or the Future of Software Development? Yes.
✌ Ars technica writes: Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling Exploit #1 was the aforementioned SAM Database vulnerability; and the second is a vulnerability in the linux kernel, by creating, mounting, and deleting a deep directory structure with a total path length that exceeds 1GB and then opening and reading the
💻🏫 The ML.NET Community standup happened last week, and they talked about ML.NET 1.6 and more.
🔐 Christo Matskas has a blog post out on how to Secure Open API (Swagger) calls with Azure Active Directory.
🆘 Miguel Ramos tweets that if you do Windows UI development, they’re going to want to know what you think.
📢 Visual Studio 2019 16.10.4 has been released. This update includes several bug fixes and performance improvements, as usual.
🍾 There is a new System.Text.Json source generator in .NET 6. This allows you to have System.Text.JSON serialization classes auto-generated for you and results in more optimized serialization and deserialization.
💁♂️ Github Policy releases Minimum Viable Governance: lightweight community structure to grow your FOSS projects. It’s a document that gives some… sensible defaults for open source project governance on Github.
🚫🐜 Michael Peña (not that one) gave a talk to the Philippine .NET Users Group on the state of .NET on Mac OS and it’s well worth your time.
📃Looking for the 20 best C# and .NET Blogs? Seb Nilsson has you covered. It’s my personal opinion that Eric Lippert’s blog is criminally underrated.
There is a self-reported Intuitive Gudie to Understanding Closures in C# and while I won’t pass judgement on ‘intuitive’, I will call it informational.
And that’s it for what happened Last Week in .NET.