There are lots of thoughts on primary constructors in C#. At first they seem like a nice idea, but there are downsides. Here are some articles, which seem to start positively but become more negat...

Introducing TypeSpec: A New Language for API-Centric Development A new API definition language. TypeSpec is a language for describing cloud service APIs and generating other API description langua...

FIFO is Better than LRU: the Power of Lazy Promotion and Quick Demotion Interesting article about the efficiency of cache eviction algorithms. LRU is usually used because it makes sense to evict t...

The Silk Wasm: Obfuscating HTML Smuggling with Web Assembly Interesting idea to hide binary code in html as base64 (an old idea), but then load it as WebAssembly. Lock statement patterns New loc...

State Of Software Security 2024 I attended a webinar from Veracode last night, which was interesting and made me want to download the fully report and write about it here. We use Veracode at NIPO...

Understanding C# 8 default interface methods Seems like a hack that’s supposed to make migration easier. But there are gotchas, and I think it’s better to just bite the bullet and do the migration...

Azure Cloud Security Pentesting Skills A good interview with Karl Fosaaen of NetSPI about pentesting Azure. I recommend his book and his blog. Start with config review - find the cloud footpri...

NDC Security I went to NDC Security in Oslo. See my report here. I used the opportunity to use GitHub Pages, which use Jekyll, which I’m planning to migrate this blob to (Jekyll, not GitHub Pages).

What’s New in NuGet for .NET 8 | .NET Conf 2023 The first point was most interesting: NuGetAudit. It higlights known vulnerabilities in NuGet packages that you’re consuming, also for transitive p...

.Net Blazor SSR A bit of a history of Blazor and the criticisms its had along the way and its response to them, the latest of which is static site rendering. They still haven’t convinced me. I st...