TwinCVEs
Description
Several Zero-Days, and some more pontificating on the future of Programming as it relates to CoPilot. It’s been a busy week, so let’s see what happened Last week in .NET:
🧱 Next-generation firewall capabilities with Azure Firewall Premium. Microsoft is literally charging a premium for better security. Not a great plan.
🔓 Let’s make Visual Studio even more accessible together This is a wonderful shift in focus, and I hope Visual Studio accessibility continues to improve.
👨🏼🤝👨🏼Cecil Philips and David Pine talk positional pattern matching in C# and how it works and true to the internet there’s at least two commenters who thinks they know better than the language creators.
🌃🐎Kevin Beaumont validates that Microsoft made the SAM database (user passwords) accessible to non-admin users on Windows 10 which is… problematic, to say the least. Kevin followed up with a blog post that goes deeper into how #HiveNightmare works.
I would like one week. Just one week where it doesn’t feel like the sky is falling in info-sec.
🟥 Speaking of the sky falling, Windows Hello bypassed using infrared image. We call it science fiction because it isn’t realistic — and that’s true: They put more effort into security than real life.
🕵️♂️ DevSecAI: Github Copilot prone to writing security flaws Microsoft’s designs of monetizing CoPilot seem like it’s fading. The problem with artificial intelligence is that it mimics our own intelligence.
🗃 Jonathan Blow, creator of the Braid and The Witness, says Don’t use fopen() on Windows turns out there’s a bug when you do file stuff in multiple threads where file flushes don’t happen at predictable times.
🔮 Github Copilot: Fatally Flawed or the Future of Software Development? Yes.
✌ Ars technica writes: Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling Exploit #1 was the aforementioned SAM Database vulnerability; and the second is a vulnerability in the linux kernel, by creating, mounting, and deleting a deep directory structure with a total path length that exceeds 1GB and then opening and reading the /proc/self/mountinfo file.
💻🏫 The ML.NET Community standup happened last week, and they talked about ML.NET 1.6 and more.
😴 Azure SDK Release (July 2021) and yes, the word Azure is in the title but not much else, which means it is definitely an azure blog post. The Azure SDK includes new App configuration settings, features for iOS in Azure Communication Services, and releases Azure Cosmos DB for Java, Azure Data Tables, and Azure Metrics Advisor for .NET, Java, JavaScript, and Python, and more. Yes. And more. I’m going to fall asleep if I have to type all these services out. So if you use the Azure SDK, check this post out — but pour yourself some coffee first.
📢 Visual Studio 2019 16.10.4 has been released. This update includes several bug fixes and performance improvements, as usual.
🍾 There is a new System.Text.Json source generator in .NET 6. This allows you to have System.Text.JSON serialization classes auto-generated for you and results in more optimized serialization and deserialization.
💁♂️ Github Policy releases Minimum Viable Governance: lightweight community structure to grow your FOSS projects. It’s a document that gives some… sensible defaults for open source project governance on Github.
🚫🐜 Michael Peña (not that one) gave a talk to the Philippine .NET Users Group on the state of .NET on Mac OS and it’s well worth your time.
📃Looking for the 20 best C# and .NET Blogs? Seb Nilsson has you covered. It’s my personal opinion that Eric Lippert’s blog is criminally underrated.
There is a self-reported Intuitive Gudie to Understanding Closures in C# and while I won’t pass judgement on ‘intuitive’, I will call it informational.
And that’s it for what happened Last Week in .NET.
If your .NET team is thinking about moving to microservices, check out https://movetomicro.services first.