The biggest news this week (and will likely trump any sort of news for the next couple of weeks in the Microsoft space) is that Azure has a vulnerability dubbed “ChaosDB” that exposed its customers keys to the world, leaving every single CosmosDB customer’s database data exposed for the taking. There’s a technical deep-dive into this vulnerability as well. I hope the Azure team is wearing their brown pants.
This is as bad as it gets. Good news though! They gave out a bounty of $40,000 to the finder of this vulnerability. Which values this vulnerability as akin to a Tesla Model 3 — and not even a fully decked out one.
⭕ Apply rounded corners in desktop apps for Windows 11. In some cases, rounded corners will be applied to your applications automatically, in others, here’s what you can do to make them rounded. As Apple intended.
🐛 Razer Bug lets you become a Windows 10 admin by plugging in a mouse. This is a pretty easy exploit to… well.. exploit, so if you’re using Razer mouses in a corporate context, you may want to rethink that decision.
🤷♂️ The real names of features in Visual Studio. It’s a bit inside baseball, but still a wonderful walkthrough.
👨👩👧👧 David Fowler writes to tell us that New .NET 6 APIS [are] driven by the developer community. In this blog post, David details new APIs available in .NET 6, and highlights the fact that well, they were authored by members of the community. I’m a fan of
Parallel.ForEachAsync, as that seems rather useful for my needs.
🏃♀️ This is your warning: Get out of the Dev Channel for Windows 11 unless you want to experience some turbelance. If you want stability, use the beta channel or get out of the insider program entirely. If you want to see new builds of Windows 11 that may have the stability of Windows Vista, stay in the Dev channel.
🙌 Nicole Miller-Abuhakmeh is the new Community Manager for the .NET Foundation. This is a wonderful choice for CM, congrats Nicole and the .NET foundation.
🙀 Looks like there’s another tactic available to exploit Proxyshell vulnerabilities. A few weeks ago, a researcher showed off an exploit of Microsoft Exchange Server dubbed ‘ProxyShell’ and it seems like the gift that keeps on giving to attackers. Bottom line: keep your Exchange servers up to date.
🎲 In .NET 6, FirstOrDefault(), LastOrDefault() and SingleOrDefault() now let’s you specify a default value. Sadly it has to be a compile-time constant so you can’t have something like new Random().Next() available.
🗓 Microsoft Ignite is November 2-4, 2021 and is virtual again this year because people can’t bother to vaccinate.
✈ Github’s Copilot can get you in trouble 40% of the time and if you’re the type to use AI to write code, maybe you deserve to have problems.
🐶 Using SignalR in your Blazor applications This is an nice pairing of technologies. Like Chardonnay and Brie, or Hotdog and Chili. Ketchup is forbidden, Mustard is recommended, however.
And I say this with a twing of irony, but that’s it for what happened Last Week in .NET.