Tech Parrots Tech; Microsoft parrots Google
A nasty RCE has been patched; .NET 5.0.1 has been released; and there's a new site that lets you find blogs for any tech stack.
gortok/ lwidn-newsletterPrivate
📢 .NET 5.0.1 has been released. Lots of Bug Fixes and Performance improvements in this one; with an focus on EFCore. If you use EF Core, take note.
🚨 There's a Remote Code Execution Vulnerability in MS Teams that was apparently patched in October 2020. This github repository includes commentary and videos on the RCE itself. The important point here (besides it being patched) is that according to Microsoft, it's not a very dangerous RCE, but from the outside looking in, a "zero-click, wormable, cross-platform remote code execution in Microsoft Teams" seems pretty dangerous. The problem with bug bounties and patching systems is that the incentive is to give out as little money as possible, and once the vendor is aware of the bug, the leverage is gone, couple that with the legal fragility of saying "I have a way to hack into your systems", and you have a recipe for disaster.
🎥 Microsoft's ASP.NET Community standup covers "Material Design with Blazor", which continues the tradition of tech parroting tech. Alternate Runtime that compiles to JavaScript? Check. Design library that mimics a flat design? Check. All we're missing is a realization that in 5 years, Material design made design worse, not better, as we all relegate flat design to the dustbin of bad decisions, where it belongs.
🎥 Did you know Microsoft has its own TV station devoted to .NET? The Zoomers are probably asking "What's a TV Station?" but for the rest of us, .NET live is effectively a TV station devoted to... .NET. This is precisely as exciting as it sounds, and that excitement you feel is why you subscribe to my newsletter.
🐦 Scott Hanselmen reminds us, If you're using .NET Core, you can generate a .gitignore file in one command dotnet new gitignore will generate a .gitignore file that is already set up for working in .NET. This is a pretty neat development and I'm here for it.
🎌 Jetbrains tells you how to make the most of init-only properties and records with Resharper 2020.3 and C#9. ReSharper remains one of the fastest ways to improve your productivity in Visual Studio. Even with VS 2019, which has come a long way in refactorings, ReSharper still beats Visual Studio's out of the box developer experience, hands down.
👩💻 There are cryptography improvements in .NET 5 for the 5 of you that care about this, you probably already know about it. So really the only thing I can say is "Don't roll your own crypto" and "don't trust some random blog post on Crypto", and let's all ignore for the second that this blog post filled the latter. In all seriousness though: If your code even comes within 50 feet of dealing with Cryptography, hire an "InfoSec" centered developer that knows what they're doing.
⏩ If you use blazor, there's a library that claims to have somewhere between "0-1000x faster API responses on server side with Fusion's caching and automatic dependency tracking abstractions.". Yes, 0-1000x. That's quite the range. This is one of those situations where I'm thinking "Ok, this could be bullshit", or "I'd love to interview the developer of this to get a better understanding of what's going on", so if you run the Stl.Fusion project, or you know who does, make me an introduction?
🤼 Github Universe took place last week and there are lots of on-demand sessions available for your perusal. Oh, and drop ICE as a contract, please. Best, Me.
🎁 CSLA 5.4.0 for .NET 5 has been released No I don't know what this does either; but according to the project page it's a way to "build a reusable, maintainable object-oriented business layer for your app. This framework reduces the cost of building and maintaining applications."
🎁 Infer# for .NET has been released this library does 'interprocedural memory safety analysis for C#', and if you know what that means you probably know whether this is good for you or not. It's a .NET version of the "Infer" Static Analyzer; and I have no clue how it differs from FxCop or other Static analysis tools for .NET. If you do, let me know on twitter @ gortok](https://twitter.com/gortok).
📝 There's a new site out that let's you know what blogs to follow, no matter your tech stack Now Rust Developers have yet another way to remind you that they use Rust. This site was built by @monicalent, and is pretty fricking awesome. H/t to Stephanie Morillio for the link.
📝 Claire Novotny shows you how to create Nuget packages that can use Source Link Source Link seems to be "Source symbols" for the 21st century. Instead of an esoteric way of downloading symbols (and the nightmare that ensued), you can now point your nuget packages to your public source repository, allowing developers to browse your source code without using that Godawful Visual Studio dialog to do so.
🎁 Microsoft Edge 89 has been released to the developer channel and I promise not to make any 'edge' jokes. I'm coming so close to doing it but I won't do it. It's really hard not to though.
🎁 Try-Convert 0.7.160902 Preview has been released this project "tries" to convert .NET Framework projects to .NET Core. This is also a Microsoft based project that for once has no support from Microsoft whatsoever. I consider this an especially good omen.
🌐 Dave A Brock talks about the "Route-To-Code" feature available in ASP.NET MVC Core on .NET 5. One day MVC will figure out what sort of framework it wants to be when it grows up. For my part; I'd be happy with as few files with code in them as possible. That's all I want out of an MVC framework, to make it dead-ass simple to produce a crud web-app. That's it. Maybe call it... C# on Rails?
📝 There's a blogpost from Microsoft detailing what's new in Windows Forms in .NET 5, and if you think about it, Windows Forms is lucky to be included in .NET 5. Don't get me wrong, I'm glad it is, but it could have just as easily received the WebForms treatment in .NET 5. It probably would have, too, if Microsoft's desktop application strategy wasn't so schizophrenic.
📝 .NET development on Apple's M1 Silicon is mostly there. With the exception of Docker working (which is a pretty big stumbling block to my own designs on picking up a new Macbook Pro) and some goofiness, it seems to... work, as long as you don't want Debugger support.
🤼 There's a working group assigned to address "eco-system growth for .NET" which means that they want to make the open source contributor eco-system for .NET Better. Claire Novotny mentions you too can participate but as of this release time, she hasn't gotten back to me on how people would participate in this working group, or what type of participation would be most helpful.
📢 Windows 10 Insider Preview Build 21277 is now available Included is the ability to emulate x64 applications on ARM based Windows devices, like the Surface, lots of new emojis, and fixes you probably wouldn't care about if they didn't include new emojis in this release. Napolean Bonaparte once said "Man will fight to the death for a colored bit of cloth" and I think that's a pretty good summation of our relationship to emojis in 2020.
🐦 Zac Bowden shows a screenshot purportedly to be of the new Microsoft Word UI it's rounder, less cluttered, and still includes Icons people never use in prime real-estate space.
And lastly,
🎁 ReSharper 2020.3 has been released and it includes profiling analysis of .NET 5 applications and lots of other features that look cool but I can't tell them apart by name, because naming is hard.
That's what happened last week in .NET, I'm George Stocker, and when I'm not helping teams migrate to distributed systems (a bad idea for most), I'm working with teams to double their productivity through test driven development. That is much less boring than it sounds, and allows teams to focus on features without getting bogged down in regression bugs. It's only boring until your boss realizes how much money it saves your company, and then it becomes cool. To learn more about how I can help your team save money and be cool again, reach out at https://www.doubleyourproductivity.io, and I'll see you next week.