Yeah, I couldn't even get the damn thing to work reliably when it was new. Oh but you can rest assured that it had no problem exfiltrating all that precious data of mine about what I was doing, and any other things they could suck out of my Android phone. No way in hell will I EVER buy another Sonos product.
we've got a pair of Sonos One speakers airplay(2?) connected to our Apple TV (recent generation): the sound is excellent but connection over airplay regularly is dropped, which might be Apple's doing, since they may well favor device testing with homepods. it drives some here to anger...it is a pisser because the sound quality is great.
I noticed Sonos speakers are featured in some upscale cars now, Audi for example.
There is no .NET Core or .NET Framework since .NET 5.0 in 2020. Maybe you mean ASP.NET Core, but then there is no ASP.NET Framework so the comment still does not make sense to me.
The vulnerable component is ASP.NET Core, which did not change name when .NET dropped the Core name to distinguish it from legacy ASP.NET.
--- edit: cut here - the sentence below is incorrect! ---
If somehow you were still using legacy ASP.NET / Framework 4.8 etc, you have much bigger problems - legacy ASP.NET has been unsupported since 2022 so will definitely not be receiving security updates.
> If somehow you were still using legacy ASP.NET / Framework 4.8 etc, you have much bigger problems - legacy ASP.NET has been unsupported since 2022 so will definitely not be receiving security updates.
There are plenty of apps out there were there is no feasible upgrade path to .NET Core / .NET 9, so I imagine MS will continue to support these for a very long time. Note that the VB6 runtime is still supported in all Windows operating systems: https://learn.microsoft.com/en-us/previous-versions/visualst...
Yes, you're right, the last sentence is definitely a mistake on my part, I should have written less! Thanks for the links, paulirwin's sibling response is helpful too.
We had code using WCF and AppDomains that were always out of scope for .NET Core. WCF has a Core replacement now that is not quite one-for-one but AppDomains will never be supported in .NET Core / .NET 5.0+ and would indeed have to stay on 4.8 / 4.8.1 if they were still running.
Yes, you are right, if you are on 5.0+, however the 4.x stuff is definitely out of support.
Sorry, I did not know they had actually brought non-Core ASP.NET forward into 5.0+, but it makes sense given how much of .NET Framework they continued support for and how much ASP.NET and Forms stuff is still around in enterprise with no budget for bringing it forward.
Totally agree with breaking the chain though, we moved to Core around 2.0 and never looked back, as an ecosystem it is so much better.
> however the 4.x stuff is definitely out of support [...] Sorry, I did not know they had actually brought non-Core ASP.NET forward into 5.0+
None of this is true, you've gotten yourself very confused. The only real change with .NET 5 was the "Core" name being dropped and the Mono runtime being merged in. .NET Framework 4.x is still around and is still fully supported for legacy applications.
Yes, there is, because Microsoft naming sucks, and making the distiction between .NET Core and .NET Framework is the only way to actually explain modern .NET to most folks without background on .NET.
Additionally the mistake to rename .NET Core as .NET is the main reason many people still think .NET is Windows only.
Well they did have a valid reason for a rename, .NET 5.0's announcement coincided with discontinuing Mono and Xamarin, and uniting the non-Windows .NET flavors under a single platform. They also planned to iterate more rapidly and add APIs beyond .NET Standard.
But yes, choosing ".NET" as the new name was a bad idea, since now when someone says .NET you have no idea if they are referring to the modern runtime, or its various generations collectively.
I, for one, think dropping the "Core" suffix (absolutely dumb naming) was the right thing. Yes, it might have created some confusion with the old .NET aka .NET Framework but I hope it's temporary. It's been five years of .NET-no-suffix and nine of it being cross-platform. At some point people should just educate themselves and stop thinking that .NET is somehow Windows only.
Good luck with that, the .NET team keeps referring this is a recurring problem trying to get new users that rather pick something else for their startups or teaching curriculum, just go listen to .NET podcasts where well known figures got interviewed.
Ignoring CR is often how two systems end up parsing the same file differently, one as two lines the other as a single line.
If the format is not sensitive to additional empty lines then converting them all CR to LF in-place is likely a safer approach, or a tokenizer that coalesces all sequential CR/LF characters into a single EOL token.
I write a lot of software that parses control protocols, the differences between the firmware from a single manufacturer on different devices is astonishing! I find it shocking the number that actually have no delimiters or packet length.
Why would ignoring CR lead to problems? It has nothing to do with line feeding on any system released in the last quarter of a century.
If you’re targeting iMacs or the Commodore 64, then sure, it’s something to be mindful of. But I’d wager you’d have bigger compatibility problems before you even get to line endings.
Is there some other edge cases regarding CR that I’ve missed? Or are you thinking ultra defensively (from a security standpoint)?
That said, I do like your suggestion of treating CR like LF where the schema isn’t sensitive to line numbering. Unfortunately for my use case, line numbering does matter somewhat. So would be good to understand if I have a ticking time bomb
At the very least Windows Update can offer you two versions, a stable version of the driver and a newer but potentially less stable version through the "Optional Driver Updates" page in Windows Update.
True, it has never been in an HTML standard, however it was definitely a documented part of early HTML.
The blink element was in Netscape Navigator's HTML dialect in 1993/94, when early HTML was still just hitting IETF RFCs / DRAFTs, you can find blink in the Netscape HTML developer documentation from just after that era, DevEdge. It was never in NCSA Mosaic, the other big GUI browser of the era.
Later on in the process of being standardized, when it was more W3C than IETF albeit still mainly the same people, Netscape agreed to drop blink from the proposals if Microsoft dropped marquee, so in that sense yes, it was never in a standardized version of HTML, but many tags in active use at the time were never in a standards doc.
The act of turning AIS off can attract unwanted attention (higher resolution local satellite monitoring), less likely if you are entering waters where piracy is common and many vessels disable AIS.
If a vessel turns AIS off then cuts the cable, but their position is known by other means, they will be giving up plausible deniability.
It may be an unpopular opinion, but I suspect treating juveniles with kid gloves all the time and the popularization of the view that they are entitled not be exposed to anything that may upset or offend them has lead to less personal resilience.
The social media environment does also mean that when subjected to bullying it is amplified by a massive factor that previous generations were not exposed to, so the change in expectations is certainly not the only factor at play here.
Yeah I think this is definitely a part of it. The average kid living in NYC a century or two ago was exposed to many more repulsive things on a daily basis than anything social media can come up with today. What's changed is that the expectation of "dealing with it" has evaporated.
Definitely used to be more common, but it wasn’t as if everyone was one of those things. My point was more that people were a bit tougher then, as they had more difficult everyday lives.
> The average kid living in NYC a century or two ago was exposed to many more repulsive things on a daily basis than anything social media can come up with today.
I don’t even need a citation here, I’m just curious what you’re imaging when you say this.
The amount of filth, trash, disease, and other unpleasant things used to be pretty crazy in NYC (and in other places like London or Paris, for that matter.)
Are you familiar with how squalid the conditions were for many people in the early 20th century? It was a whole lot worse than "trash in the street." More like, animals rotting in the street, ten people living in a studio apartment with no windows or fresh air, diseases widespread, people working 15 hour days in brutal conditions, etc.
As a user of Keycloak on a production project, I'm a little sad there is currently no support for opaque tokens.
Sure, you can treat the access token as an opaque token... but at the end of the day it could be a lot smaller.
We also experience a few front-end issues, like when a token expires, the browser tab goes back to the login page. If you leave the tab a while then press login, the token it is using will have expired. Rather than automatically retrieving a new token and posting the login again, the user gets an error message and has to authenticate again.
If you have two tabs in that state, you log one back in, switch to the other tab, if you refresh that tab, all is well, login proceeds automatically. If you press "login" instead, you get an error page telling you "already logged in" rather than just redirecting you back to the app... it also loses the redirect url so you have to press "back" instead.
Will see if we can fix these when we have time, it would be nice to contribute back.
gpg supports using public / private keypairs to encrypt any amount of data you like. I use it for uni-directional backups from machines where trust is an issue.
Or is the reality of this that it's just encrypting a symmetric key with the asymmetric cipher, and then encrypting data using that key?
Everything is encrypted with a symmetric key. It is just that sometimes there is an asymmetrically encrypted symmetric key packet included in the message so that GPG (or whatever) does not have to ask you for the symmetric key. This is all fairly generic, if you actually have the symmetric key you can use it directly even if a key packet exists. This means that you can give some entity a key to decrypt a particular message/file without revealing your asymmetric secret key associated with your identity.
Funnily enough based off Lenovo's reputation for their higher end laptops, in April I bought a Lenovo X1 Carbon Gen10, pretty much as they came out. The machine is a nightmare, and has been through about 10 firmware updates over the last 6 months, but has barely improved.
From day one and still now... on Win11 that it shipped with it won't hibernate, just a black screen on resume, then pot luck over the next boots whether it starts or not. Sometimes from shutdown it does the same thing. Under little load, it gets hot as hell, you literally can't type on it, I use a bluetooth keyboard. If I'm doing light dev work, 3h battery life, tops. Audio drivers are broken, the internal 3.5mm just emits noise above around 10% volume and is distorted below that. Shipped with an underpowered 45W adapter... same SKU now ships with a 65W (an i7-1260p w/32GB).
I don't think it's faulty, there are plenty of people with the same story about Gen10s. Mine is in for repair now, so we'll see, if it comes back with the same issues, it's getting warranty returned.
I know the X1 Carbon Gen9 is a really good machine, maybe Lenovo got screwed by Intel's 12th Gen platform and Microsoft's support for the processor, but the machine should not be going out the door like that.
Come to think of it... my XPS15 9560 from 2017 is STILL a better machine, which is what I switched back to while it's in for service (and cost half as much!)
The Gen 8/9 had a bad bios update sent out and set to install in the background.
It bricked the laptops it was installed on. I know this because I had to handle the warranty stuff for my coworker who was fortunately covered under their warranty.
Required a new motherboard and half a week of downtime, but at the same time Lenovo at least fixed the problem.
