Feed aggregator
Telegram Zero-Day for Android Allowed Malicious Files To Masquerade as Videos
Read more of this story at Slashdot.
Rivian CEO Says CarPlay Isn't Going To Happen
Read more of this story at Slashdot.
Boeing Expects Its Pilotless Air-Taxi To Begin Carrying Passengers 'Later In the Decade'
Read more of this story at Slashdot.
Google Won't Be Deprecating Third-Party Cookies In Chrome After All
Read more of this story at Slashdot.
Windows 11 Strikes Again With Annoying Pop-up That Can't Be Disabled
Read more of this story at Slashdot.
Waymo Is Suing People Who Allegedly Smashed and Slashed Its Robotaxis
Read more of this story at Slashdot.
Mystery Oxygen Source Discovered on the Sea Floor
Read more of this story at Slashdot.
Verizon Hit By Prepaid Subscriber Exodus After Internet Subsidy Ends
Read more of this story at Slashdot.
Porsche Waters Down EV Ambitions, Says Transition Will Take 'Years'
Read more of this story at Slashdot.
Developing Film Photos Is a Lost Art
Read more of this story at Slashdot.
Intel Says Its Desktop Core Crashes Don't Extend To Mobile Chips
Read more of this story at Slashdot.
US Wins Math Olympiad For First Time In 21 Years
Read more of this story at Slashdot.
Here's What Happens When You Give People Free Money
Read more of this story at Slashdot.
Microsoft Reveals EU Deal Behind Windows Access After Global Outage
Read more of this story at Slashdot.
Who Will Pay For the Costs of Crowdstrike's Outage?
Read more of this story at Slashdot.
Paramount+ Documentary: an Origin Story For Music Piracy - and Its Human Side
Read more of this story at Slashdot.
CodeSOD: Serial Properties
Jan wrote some code that set a property, and a few lines later had to write code to read that value- and the compiler complained. Which is what drew his attention to this C# code:
public string ViewNodeFilter { protected get { if (viewNodeFilter.IsNotValid()) { return "null"; } return new JavaScriptSerializer().Serialize(viewNodeFilter); } set { viewNodeFilter = value; } }Now, one of the features of properties in C# is that the getter and setter can have different access levels, which we see here. It's odd and unexpected, and when we look at the implementation, we can see why the getter is protected: it's not a getter, it's a JSON serializer.
But there's a lot more oddness in here. First, the property is a string, so when we serialize it… we're just serializing a string. Then there's also the IsNotValid method, which is not part of string, which implies that it's an extension method. Extension methods are a C# bit of syntactic sugar that allows you to write a function which accepts an object as a parameter (in this case, a string), but invoke the method as if it were a member function of the object. They can be powerful and useful, but this is peak "not how you use this"- every string gets a IsNotValid() method, this way, which is likely not what we want.
This is a surprisingly common problem in the .NET languages, though. Since you can attach code to getters and setters, but access looks just like an assignment expression, people put all sorts of surprising code in there. Would you expect foo = viewNodeFilterHolder.ViewNodeFilter to serialize to JSON? I wouldn't. But since the data is a string, does it matter? Well, it does when I get surprised by the string "null".
All in all, this is an ugly little booby trap, that represents a pattern common in Jan's application.
[Advertisement] Keep the plebs out of prod. Restrict NuGet feed privileges with ProGet. Learn more.Ransomware Attack Takes Down Computer System for America's Largest Trial Court
Read more of this story at Slashdot.
One Nation Mostly Unaffected by the Crowdstrike Outage: China
Read more of this story at Slashdot.
US Prepares Jamming Devices Targeting Russia, China Satellites
Read more of this story at Slashdot.