68
Dev and IT related stuff. Rate us here: https://telegram.me/tchannelsbot?start=x4516 Feedback: https://t.me/ox49d1
.NET 5 was just released with the C# 9.0. There are many performance improvements along with unification of the .NET Core's versioning. The suffixed word "Core" was removed and now it's .NET 5. The "legacy" major framework is left at version 4.8 for now and features are freezed, there will be only security updates to it.
What's new in .NET 5
About performance improvements with benchmarks.
C# 9.0 adds the following features and enhancements to the C# language:
• RecordsAbout C# 9.
• Init only setters
• Top-level statements
• Pattern matching enhancements
• Native sized integers
• Function pointers
• Suppress emitting localsinit flag
• Target-typed new expressions
• Static anonymous functions
• Target-typed conditional expressions
• Covariant return types
• Extension GetEnumerator support for foreach loops
• Lambda discard parameters
• Attributes on local functions
• Module initializers
• New features for partial methods
You can experiment with .NET 5 for now, but it's .NET 6 that will become a long-term-support version.
New version of .NET will become available every year since now in November (N=.NET probably :) ).
- Web Forms are dead: replaced with Blazor/Razor Pages.
- The WCF is also dead, they suggest to replace it with gRPC.
More on topic:
The Journey to One .NET
https://medium.com/dev-genius/c-9-early-review-5bcd88296c54
HackerNews
https://news.ycombinator.com/item?id=25047409
#dotNET
Valuable tool from GitHub:
Code scanning, which is a developer-first, GitHub-native approach to easily find security vulnerabilities before they reach production. We’re thrilled to announce the general availability of code scanning.
Code scanning helps you prevent security issues in code.
Exciting results so far!
• Since introducing the beta in May, we’ve seen tremendous adoption within the community:
We’ve scanned over 12,000 repositories 1.4 million times, and found more than 20,000 security issues including remote code execution (RCE), SQL injection, and cross site scripting (XSS) vulnerabilities.
• Developers and maintainers fixed 72% of reported security errors identified in their pull requests before merging in the last 30 days. We’re proud to see this impact, given industry data shows that less than 30% of all flaws are fixed one month after discovery.
• We’ve had 132 community contributions to CodeQL’s open sourced query set.
• We’ve partnered with more than a dozen open source and commercial security vendors to allow developers to run CodeQL and industry leading solutions for SAST, container scanning, and infrastructure as code validation side-by-side in GitHub’s native code scanning experience.
https://github.blog/2020-09-30-code-scanning-is-now-available/
One of the best terminals for windows just got another nice update: https://devblogs.microsoft.com/commandline/windows-terminal-preview-v0-10-release/?WT.mc_id=reddit-social-thmaure
no, really, in case you've not tried it yet - just try: it's rendering with the help of DirectX is smooth and fast, works with WSL without any significant concerns! Really seems like another "Visual Studio Code" like project, with interesting new features and Microsoft's recent passion with Linux.
Another alternatives:
https://conemu.github.io/ - ConEmu; nice little thing, but has sudden hang issues. The development is stuck a bit lately.
https://cmder.net/ - Cmder; another emulator built on top of ConEmu with additional bugfixes.
You always wanted to "learn git", huh? I mean that real cryptic git like:
branch --merged | egrep -v "(*|master|dev)" | xargs git branch -dOk.. Enough of this; came across nice article (by the way it's updated regularly) about git concepts that you better understand, raw and nice theory, like we all ❤️
The musician and comedian Martin Mull has observed that “writing about music is like dancing about architecture”. In a similar way, there's an inherent inadequacy in writing about tools for thought. To the extent that such a tool succeeds, it expands your thinking beyond what can be achieved using existing tools, including writing. The more transformative the tool, the larger the gap that is opened. Conversely, the larger the gap, the more difficult the new tool is to evoke in writing. But what writing can do, and the reason we wrote this essay, is act as a bootstrap. It's a way of identifying points of leverage that may help develop new tools for thought. So let's get on with it.
How can we improve the tools that help us transform our thoughts and the way we think and memorize?
Very long longread and I think every normal human should be amazed by his brain and try to always study its patterns and search for the ways to improve the way it works on certain tasks.
https://numinous.productions/ttft/
Microsoft has ongoing .NET Conf, announcing so much tasty new stuff on where all the .NET family is going. Also they've released a bunch of new free introductary educational videos (1-o-1), check them out, in case you missed something; it's really a good place to check with good coaches (hello there Scott Hanselman!)
https://dotnet.microsoft.com/learn/videos
Also check out the "What's new in dotNet Core 3" - this will be the last "Core" project, it will be renamed to just ".NET" for the next (5(!)) version:
https://devblogs.microsoft.com/dotnet/announcing-net-core-3-0/
Conference website:
https://www.dotnetconf.net/
On-demand videos from conference:
https://www.youtube.com/playlist?list=PLReL099Y5nRd04p81Q7p5TtyjCrj9tz1t
Channel 9:
https://channel9.msdn.com/
Sometimes I think that some advanced gipsy just cursed Facebook somewhere during their history...
"TechCrunch verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook’s own password reset feature, which can be used to partially reveal a user’s phone number linked to their account."
Public access to mongo is down now, but the database copy still can be found in the "specific internet places".
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
Just a quick (actually not that quick) checklist of 12 rules to prepare modern app for "ideal" run in the wild! Tratatam
https://12factor.net/
You can combine it with the good article by Jesper Aderson about building stable systems. It's a bit old, but still fresh.
jlouis666/how-to-build-stable-systems-6fe9dcf32fc4#.r43boepaf" rel="nofollow">https://medium.com/@jlouis666/how-to-build-stable-systems-6fe9dcf32fc4#.r43boepaf
Some interesting statistics on GitHub from Microsoft's employee Jeff Wilcox (I remember him from Windows Phone times, he was an author of "4th and mayor"). He shows some internal principles MS uses for GitHub deployments and tools they use for the process automation and overall short version on how they use the GitHub. Interesting read, I personally found several interesting gimmicks.
https://jeffwilcox.blog/2019/06/scaling-25k/
So you gathered some terabytes of data and now want to do some voodoo data manipulation magic with it to please your marketing department and boost your business? Here is huge curated list of data science blogs! And you're welcome 😊
https://www.cybrhome.com/topic/data-science-blogs?q=data%20science
Every programmer has things to secure. Lets talk about password managers! Here is my fav: KeePass.
https://telegra.ph/Ode-to-KeePass-06-14
NSA has shown their own program for analyzing the malware code, called Ghidra. Thats VERY interesting case by itself. I've not checked the software yet, but I will in the coming days.
You can't use Ghidra to hack devices; it's instead a reverse engineering platform used to take "compiled," deployed software and "decompile" it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveals what the software you churn through it does. Reverse engineering is a crucial process for malware analysts and threat intelligence researchers, because it allows them to work backward from software they discover in the wild—like malware being used to carry out attacks—to understand how it works, what its capabilities are, and who wrote it or where it came from. Reverse engineering is also an important way for defenders to check their own code for weaknesses, and confirm that it works as intended...NSA will be making Ghidra available to the public as an open source release in time for its first public demonstration at the 2019 RSA Conference this March. For more NSA releases, check out CODE.NSA.GOV for open source, and NSA’s Technology Transfer Program for other technology.
No matter what comes next for the NSA's powerful reversing tool, Joyce emphasized on Tuesday that it is an earnest contribution to the community of cybersecurity defenders—and that conspiracy theorists can rest easy. "There’s no backdoor in Ghidra," he said. "Come on, no backdoor. On the record. Scout's honor."
I'm an amateur photographer, so I use sites like 500px/Instagram... What am I about..? Ah:
617 million online account details stolen from 16 hacked websites are on sale from today on the dark web, according to the data trove's seller.
For less than $20,000 in Bitcoin, it is claimed, the following pilfered account databases can be purchased from the Dream Market cyber-souk, located in the Tor network:
Dubsmash (162 million), MyFitnessPal (151 million), MyHeritage (92 million), ShareThis (41 million), HauteLook (28 million), Animoto (25 million), EyeEm (22 million), 8fit (20 million), Whitepages (18 million), Fotolog (16 million), 500px (15 million), Armor Games (11 million), BookMate (8 million), CoffeeMeetsBagel (6 million), Artsy (1 million), and DataCamp (700,000).
https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
Just go change the passwords here too. All-in-All it's just-a another brEACH in the wall.
Very nice article about network protocols for programmers without any additional hustle...
This is a part of a bigger project (https://www.destroyallsoftware.com/compendium), but its closed behind paywall subcription. Still the part is nicely structured and worth the spent time to read it.
The network stack does several seemingly-impossible things. It does reliable transmission over our unreliable networks, usually without any detectable hiccups. It adapts smoothly to network congestion. It provides addressing to billions of active nodes. It routes packets around damaged network infrastructure, reassembling them in the correct order on the other side even if they arrived out of order. It accommodates esoteric analog hardware needs, like balancing the charge on the two ends of an Ethernet cable. This all works so well that users never hear of it, and even most programmers don't know how it works.
Fun and easy to read longread about caveats of current HTTPS implementation..
Alice and Bob live in the world of the HTTPS introduction. Alice has a TLS certificate issued by a reputable Certificate Authority. So does Bob. Alice keeps her private key safe. Bob does too. Alice and Bob use their certificates to verify each other’s identities and encrypt their communication. Despite the best efforts of Eve and all of the other attackers that live in Alice and Bob’s world, the mathematics of TLS keeps their communication completely safe.
The real world is much messier. Sometimes Certificate Authorities screw up. Sometimes private keys get compromised. And sometimes even the systems that are meant to alert people when these things happen are interfered with. None of these problems affect the world of the HTTPS introduction, but the real world is plagued by them.
TLS promises the inhabitants of any world extremely secure channels of communication. But these promises would remain purely theoretical if it weren’t for robust Public Key Infrastructure. TLS provides security on an insecure network. PKI provides security on an insecure world.
https://robertheaton.com/2018/11/28/https-in-the-real-world/
Just an important news about source control services. Probably now GitHub (Microsoft) just kills their opponents
Hi HN, I'm the CEO of GitHub. Everyone at GitHub is really excited about this announcement, and I'm happy to answer any questions.
We've wanted to make this change for the last 18 months, but needed our Enterprise business to be big enough to subsidize the free use of GitHub by the rest of the world. I'm happy to say that it's grown dramatically in the last year, and so we're able to make GitHub free for teams that don't need Enterprise features.
We also retained our Team pricing plan for people who need email support (and a couple of other features like code owners).
In general we think that every developer on earth should be able to use GitHub for their work, and so it is great to remove price as a barrier.
https://news.ycombinator.com/item?id=22867627
So, for example:
you are following me, but you are not a developer or beginner one, or the one who starts to learn new tech.
Heh! Good news for you, pal (tho you may already know this repo, it's not "fresh"): there sure is a project, that is good for starting real world web app, made using different frontent/backend technologies.
It has API specs, that are completed using javascript for frontend and various backend languages for backend.
"The mother of all demo apps"
A blog. One of the most simple inventions that never would have existed without the web itself. And it takes full advantage of the web too: querying & persisting data to a database, an authentication system, session management, full CRUD for resources—and now these days social blogging platforms (like the site you’re reading this on) have also perfected relational features like following, liking, and commenting. A blogging site is the perfect example of a simple yet robust web application.
https://github.com/gothinkster/realworld
Read the full blog post announcing RealWorld on Medium
ericsimons/introducing-realworld-6016654d36b5" rel="nofollow">https://medium.com/@ericsimons/introducing-realworld-6016654d36b5
"Know your heroes by names"
The list will probably wonder you with some name origins for open source projects.
The classic anti-vi editor, the true etymology of the name is unremarkable, in that it derives from "Editing MACroS." Being an object of great religious opprobrium and worship it has, however, attracted many spoof bacronyms such as "Escape Meta Alt Control Shift" 😵(to spoof its heavy reliance on keystrokes), "Eight Megabytes And Constantly Swapping" (from when that was a lot of memory), "Eventually malloc()s All Computer Storage," and "EMACS Makes A Computer Slow." —Adapted from the Jargon File/Hacker's Dictionary
https://opensource.com/article/19/10/open-source-name-origins
Tatocaster (our Android Dev) has used some closed functionality (application distribution) of Firebase, before it was public, and now he is ready to share his findings with the world, before almost everyone else!
Firebase App Distribution is an alternative to the well-known platform Crashlytics later acquired by Google. Firebase constantly tries to fill the gaps from DevOps to the developer and to the reporting assistant, all the necessary tools are getting to appear on the platform. After the partial migration from Crashlytics to Firebase we missed beta app distribution and all the stuff around it.
I had an opportunity to enroll in the closed alpha program to gain access to the very early stages of the upcoming features and I promise there are tons of features coming out 🎉 Using Firebase is becoming fun again.
tatocaster/firebase-app-distribution-fastlane-docker-bitbucket-pipelines-telegram-and-all-that-jazz-2dcb770da7dd" rel="nofollow">https://medium.com/@tatocaster/firebase-app-distribution-fastlane-docker-bitbucket-pipelines-telegram-and-all-that-jazz-2dcb770da7dd
Everyone likes to read lists of smart advices, don't they? Uuuh, lets add one of these to our channel! Seriously nice small list for anyone stuck a bit or waiting to find some new ways for learning. Just a small little advices like:
Everyone is essentially self-taught in the industry. Tech generally moves too fast for traditional educational institutions to catch up. If you want to boot up something quick, you’re better off doing micro and nano degrees and certifications rather than sitting through three years of exams.
or
For a long time, you’ll feel like you’re not really improving — until you look back at your old code or have to explain something to someone.
https://medium.com/better-programming/25-lessons-based-on-my-experiences-as-a-developer-61644418a3ed
Even now you think that you are not followed? But just have a look at what are various browsers requesting JUST after the installation. Interesting facts are that some of them are sending data to even not their own domains, providing some telemetry to 3rd party companies RIGHT after FIRST start.
Google Chrome: https://threader.app/thread/1165493206441779200
Mozilla https://threader.app/thread/1165858896176660480
Microsoft Edge: https://threader.app/thread/1166138692509065218
Opera и Vivaldi: https://threader.app/thread/1165353213308129281
Dissenter https://threader.app/thread/1165377063932637184
Brave https://threader.app/thread/1165391211999518720
Last week, Las Vegas, DefCon 2019.
DefCon is one of the most famous infosec conferences in the world, starts right after the BlackHat with many practical labs and so on. The august is the month when security researchers/whitehat hackers present their works to public and sometimes there even are undisclosed cases too. Just look how amazing some of the things are (like tiny computers inside of USB), here is the list of interesting parts from TechCrunch:
https://techcrunch.com/tag/def-con-2019/
Just in case you are super curious and have steel nerves check this out: what actually happens when you type "google.com" in the browser's address bar.
https://github.com/vasanthk/how-web-works
And in case you are still curious mark another article, related to this one, about how browsers work in some details
https://www.html5rocks.com/en/tutorials/internals/howbrowserswork/
Sometimes I'll write small posts about "small" problems I didn't find the solution over internet or just interesting ones. They are surely not for all, but will probably be interesing for someone. Here is the first:
https://telegra.ph/ProblemSolution-TIP-What-to-do-in-case-AWS-EC2-instance-looses-public-IPv4-DNS-with-attached-ElasticIP-11-16
Recently there were several vulnerabilities, that used the processor's cache ability for exploits. But how does that thing really work, what are that L1/L2/L3 caches and how is the memory there used?..
Here is an article with "human readable" explanations and code examples in C#.
Example:
Memory accesses and performance
How much faster do you expect Loop 2 to run, compared Loop 1?
arr = new int[64 * 1024 * 1024];
// Loop 1
for (int i = 0; i < arr.Length; i++) arr[i] *= 3;
// Loop 2
for (int i = 0; i < arr.Length; i += 16) arr[i] *= 3;
Very long Linux on Desktop problems' list, with the introductory, from which we see that the author hates Windws even more.. And on some of the points I just can't desagree after living on both systems from time to time "at home". 😔
I want to make one thing crystal clear - Windows, in some regards, is even worse than Linux and it has its own share of critical problems. Off the top of my head I want to name the following quite devastating issues with Windows:
• devastating Windows rot
• no enforced file system and registry hierarchy (I have yet to find a single serious application which can uninstall itself cleanly and fully)
• svchost.exe
• no true safe mode
• no clean state
• the user as a system administrator (thus viruses/malware - most users don't and won't understand UAC warnings)
• no good packaging mechanism (MSI is a fragile abomination)
• no system-wide update mechanism (which includes third party software)
• Windows is extremely difficult to debug
• Windows boot problems are often fatal and unsolvable unless you reinstall from scratch
• Windows is hardware dependent (especially when running from UEFI)
• indows updates are terribly unreliable and they also waste disk space
• there's no way to cleanly upgrade your system (there will be thousands of leftovers)
Are you STILL using same passwords for several services and ignoring OTP (sms/authenticator additional single time passwords)?
Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a patched-together set of breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2–5, which amounts to 845 gigabytes of stolen data and 25 billion records in all. After accounting for duplicates, analysts at the Hasso Plattner Institute in Potsdam, Germany, found that the total haul represents close to three times the Collection #1 batch.
https://www.wired.com/story/collection-leak-usernames-passwords-billions/
The largest Russian tech community driven website habr.ru gets English "version". That's a very nice start of 2019, because they often have quite unique articles. Let's see if it will gain same "legendary" status among English speaking community. Go habrahabr, congrats to the team!
https://habr.com/en/company/tm/blog/435764/
Found a VERY useful resource for getting free courses from world famous universities.
Class Central is a search engine and reviews site for free online courses popularly known as MOOCs or Massive Open Online Courses.
https://www.class-central.com
“MOOC” stands for Massive Open Online Course. Usually these online courses are taught by universities all around the world (e.g. Stanford, Princeton, UC San Diego, Yonsei University, Leiden University, and over 700 other such universities). Other MOOCs are made by companies, like Google or Microsoft.
They are available for anyone with an internet connection. Some of the popular MOOC providers include Coursera, edX, Udacity, and FutureLearn. They partner with universities, companies, and professors to provide MOOCs.
MOOCs are designed for an online audience, teaching primarily through short (5–20 min.) pre-recorded video lectures. You watch these videos on a weekly schedule when it is convenient for you. MOOCs also have student discussion forums, homework/assignments, and online quizzes or exams.
