To ensure that several services could only be invoked by trusted parties, someone at Ricardo P's employer had the brilliant idea of requiring a token along with each request. Before servicing a request, they added this check:

private bool IsValidToken(string? token) { if (string.Equals("xxxxxxxx-xxxxxx+xxxxxxx+xxxxxx-xxxxxx-xxxxxx+xxxxx", token)) return true; return false; }

The token is anonymized here, but it's hard-coded into the code, because checking security tokens into source control, and having tokens that never expire has never caused anyone any trouble.

Which, in the company's defense, they did want the token to expire. The problem there is that they wanted to be able to roll out the new token to all of their services over time, which meant the system had to be able to support both the old and new token for a period of time. And you know exactly how they handled that.

private bool IsValidToken(string? token) { if (string.Equals("xxxxxxxx-xxxxxx+xxxxxxx+xxxxxx-xxxxxx-xxxxxx+xxxxx", token)) return true; else if (string.Equals("yyyyyyy-yyyyyy+yyyyy+yyyyy-yyyyy-yyyyy+yyyy", token)) return true; return false; }

For a change, I'm more mad about this insecurity than the if(cond) return true pattern, but boy, I hate that pattern.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

An anonymous reader quotes a report from Polygon: In the wake of storefronts like Steam and itch.io curbing the sale of adult games, irate fans have started an organized campaign against the payment processors that they believe are responsible for the crackdown. While the movement is still in its early stages, people are mobilizing with an eye toward overwhelming communication lines at companies like Visa and Mastercard in a way that will make the concern impossible to ignore. On social media sites like Reddit and Bluesky, people are urging one another to get into contact with Visa and Mastercard through emails and phone calls. Visa and Mastercard have become the targets of interest because the affected storefronts both say that their decisions around adult games were motivated by the danger of losing the ability to use major payment processors while selling games. These payment processors have their own rules regarding usage, but they are vaguely defined. But losing infrastructure like this could impact audiences well beyond those who care about sex games, spokespeople for Valve and itch.io said. In a now-deleted post on the Steam subreddit with over 17,000 upvotes, commenters say that customer service representatives for both payment processors seem to already be aware of the problem. Sometimes, the representatives will say that they've gotten multiple calls on the subject of adult game censorship, but that they can't really do anything about it. The folks applying pressure know that someone at a call center has limited power in a scenario like this one; typically, agents are equipped to handle standard customer issues like payment fraud or credit card loss. But the point isn't to enact change through a specific phone call: It's to cause enough disruption that the ruckus theoretically starts costing payment processors money. "Emails can be ignored, but a very very long queue making it near impossible for other clients to get in will help a lot as well," reads the top comment on the Reddit thread. In that same thread, people say that they're hanging onto the call even if the operator says that they'll experience multi-hour wait times presumably caused by similar calls gunking up the lines. Beyond the stubbornness factor, the tactic is motivated by the knowledge that most customer service systems will put people who opt for call-backs in a lower priority queue, as anyone who opts in likely doesn't have an emergency going on. "Do both," one commenter suggests. "Get the call back, to gum up the call back queue. Then call in again and wait to gum up the live queue." People are also using email to voice their concerns directly to the executives at both Visa and Mastercard, payment processors that activist group Collective Shout called out by name in their open letter requesting that adult games get pulled. Emails are also getting sent to customer service.

Read more of this story at Slashdot.

Anthropic will implement weekly rate limits for Claude subscribers starting August 28 to address users running its Claude Code AI programming tool continuously around the clock and to prevent account sharing violations. The new restrictions will affect Pro subscribers paying $20 monthly and Max plan subscribers paying $100 and $200 monthly, though Anthropic estimates fewer than 5% of current users will be impacted based on existing usage patterns. Pro users will receive 40 to 80 hours of Sonnet 4 access through Claude Code weekly, while $100 Max subscribers get 140 to 280 hours of Sonnet 4 plus 15 to 35 hours of Opus 4. The $200 Max plan provides 240 to 480 hours of Sonnet 4 and 24 to 40 hours of Opus 4. Claude Code has experienced at least seven outages in the past month due to unprecedented demand.

Read more of this story at Slashdot.

After filing for bankruptcy, Norwegian smart home company Futurehome abruptly transitioned its Smarthub II and other devices to a subscription-only model, disabling essential features unless users pay an annual fee. Needless to say, customers aren't too happy with the move as they bought the hardware expecting lifetime functionality and now find their smart homes significantly less smart. Ars Technica reports: Launched in 2016, Futurehome's Smarthub is marketed as a central hub for controlling Internet-connected devices in smart homes. For years, the Norwegian company sold its products, which also include smart thermostats, smart lighting, and smart fire and carbon monoxide alarms, for a one-time fee that included access to its companion app and cloud platform for control and automation. As of June 26, though, those core features require a 1,188 NOK (about $116.56) annual subscription fee, turning the smart home devices into dumb ones if users don't pay up. "You lose access to controlling devices, configuring; automations, modes, shortcuts, and energy services," a company FAQ page says. You also can't get support from Futurehome without a subscription. "Most" paid features are inaccessible without a subscription, too, the FAQ from Futurehome, which claims to be in 38,000 households, says. After June 26, customers had four weeks to continue using their devices as normal without a subscription. That grace period recently ended, and users now need a subscription for their smart devices to work properly. Some users are understandably disheartened about suddenly having to pay a monthly fee to use devices they already purchased. More advanced users have also expressed frustration with Futurehome potentially killing its devices' ability to work by connecting to a local device instead of the cloud. In its FAQ, Futurehome says it "cannot guarantee that there will not be changes in the future" around local API access. Futurehome claims that introducing the subscription fee was a necessary move due to its recent bankruptcy. Its FAQ page reads: "Futurehome AS was declared bankrupt on 20 May 2025. The platform and related services were purchased from the bankruptcy estate -- 50 percent by former Futurehome owners and 50 percent by Sikom Connect -- and are now operated by FHSD Connect AS. To secure stable operation, fund product development, and provide high-quality support, we are introducing a new subscription model." The company says the subscription fee would allow it to provide customers "better functionality, more security, and higher value in the solution you have already invested in."

Read more of this story at Slashdot.

A second, far more recent data breach at women's dating safety app Tea has exposed over a million sensitive user messages -- including discussions about abortions, infidelity, and shared contact info. This vulnerability not only compromised private conversations but also made it easy to unmask anonymous users. 404 Media reports: Despite Tea's initial statement that "the incident involved a legacy data storage system containing information from over two years ago," the second issue impacting a separate database is much more recent, affecting messages up until last week, according to the researcher's findings that 404 Media verified. The researcher said they also found the ability to send a push notification to all of Tea's users. It's hard to overstate how sensitive this data is and how it could put Tea's users at risk if it fell into the wrong hands. When signing up, Tea encourages users to choose an anonymous screenname, but it was trivial for 404 Media to find the real world identities of some users given the nature of their messages, which Tea has led them to believe were private. Users could be easily found via their social media handles, phone numbers, and real names that they shared in these chats. These conversations also frequently make damning accusations against people who are also named in the private messages and in some cases are easy to identify. It is unclear who else may have discovered the security issue and downloaded any data from the more recent database. Members of 4chan found the first exposed database last week and made tens of thousands of images of Tea users available for download. Tea told 404 Media it has contacted law enforcement. [...] This new data exposure is due to any Tea user being able to use their own API key to access a more recent database of user data, Rahjerdi said. The researcher says that this issue existed until late last week. That exposure included a mass of Tea users' private messages. In some cases, the women exchange phone numbers so they can continue the conversation off platform. The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images. At the time, Tea said in a statement "there is no evidence to suggest that current or additional user data was affected." The second database includes a data field called "sent_at," with many of those messages being marked as recent as last week.

Read more of this story at Slashdot.

Anker has indefinitely paused sales of its 3D printers, with no clear plans to resume or release new models. Despite promises of ongoing support, critical replacement parts like hotends and extruders have quietly vanished from the EufyMake site, leaving customers and the maker community in the lurch. The Verge reports: In March, charging giant Anker announced it would spin out its 3D printer business into an "independent sub-brand," stating that the new EufyMake would "continue to provide comprehensive customer service and support" for its original 3D printers the AnkerMake M5 and M5C. Now, the 3D printing community is wondering whether that was all a euphemism for exiting the 3D printer business. eufyMake is no longer selling any 3D printers and has stopped selling some of the parts it would need to provide anything close to "comprehensive support." Anker confirms to The Verge that it has stopped selling the M5 and M5C 3D printers indefinitely. Spokesperson Brett White could not confirm that the company will resume selling them or create any future models. He says that "sales have been paused." "My understanding is that eufyMake has not ruled out creating new 3D printer models in the future. But the brand has ended sales of the M5 and M5C for the time being," White tells The Verge. The 3D printing section of EufyMake's website is currently empty of printers. The only gadget EufyMake now sells is a UV printer that creates a 3D texture atop flat materials.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: On Friday, OpenAI's new ChatGPT Agent, which can perform multistep tasks for users, proved it can pass through one of the Internet's most common security checkpoints by clicking Cloudflare's anti-bot verification -- the same checkbox that's supposed to keep automated programs like itself at bay. ChatGPT Agent is a feature that allows OpenAI's AI assistant to control its own web browser, operating within a sandboxed environment with its own virtual operating system and browser that can access the real Internet. Users can watch the AI's actions through a window in the ChatGPT interface, maintaining oversight while the agent completes tasks. The system requires user permission before taking actions with real-world consequences, such as making purchases. Recently, Reddit users discovered the agent could do something particularly ironic. The evidence came from Reddit, where a user named "logkn" of the r/OpenAI community posted screenshots of the AI agent effortlessly clicking through the screening step before it would otherwise present a CAPTCHA (short for "Completely Automated Public Turing tests to tell Computers and Humans Apart") while completing a video conversion task -- narrating its own process as it went. The screenshots shared on Reddit capture the agent navigating a two-step verification process: first clicking the "Verify you are human" checkbox, then proceeding to click a "Convert" button after the Cloudflare challenge succeeds. The agent provides real-time narration of its actions, stating "The link is inserted, so now I'll click the 'Verify you are human' checkbox to complete the verification on Cloudflare. This step is necessary to prove I'm not a bot and proceed with the action."

Read more of this story at Slashdot.

Samsung's new One UI 8 update has quietly disabled the ability to unlock the bootloader on all Galaxy devices globally, ending the custom ROM and kernel era for Android enthusiasts. While most users won't notice, the developer community sees this as a major blow to modding freedom -- one that could potentially raise regulatory concerns within the EU. SamMobile reports: A new report highlights evidence found in the Galaxy S25 One UI 8 beta builds that the bootloader unlock option has been removed. A similar change has also been confirmed on the Galaxy Z Fold 7 and Z Flip 7 which are running stable versions of One UI 8. A deep dive into the stable version's code has also confirmed that regardless of the region, the bootloader unlock option will not be available on devices running One UI 8. The enthusiast community won't like it. They won't be able to use custom ROMs to update devices when the official software support runs out or use custom kernels to extract more performance. However, with most Samsung phones now offering seven years of Android OS upgrades, one can argue that the utility of this capability is not as significant as it once was.

Read more of this story at Slashdot.

New submitter Pravetz-82 shares a report from Politico: A cyberattack on Russian state-owned flagship carrier Aeroflot caused a mass outage to the company's computer systems on Monday, Russia's prosecutor's office said, forcing the airline to cancel more than 100 flights and delay others. Ukrainian hacker group Silent Crow and Belarusian hacker activist group the Belarus Cyber-Partisans, which opposes the rule of Belarusian President Alexander Lukashenko, claimed responsibility for the cyberattack. Images shared on social media showed hundreds of delayed passengers crowding Moscow's Sheremetyevo airport, where Aeroflot is based. The outage also disrupted flights operated by Aeroflot's subsidiaries, Rossiya and Pobeda. While most of the flights affected were domestic, the disruption also led to cancellations for some international flights to Belarus, Armenia and Uzbekistan. Silent Crow claimed it had accessed Aeroflot's corporate network for a year, copying customer and internal data, including audio recordings of phone calls, data from the company's own surveillance on employees and other intercepted communications. "All of these resources are now inaccessible or destroyed and restoring them will possibly require tens of millions of dollars. The damage is strategic," the channel purporting to be the Silent Crow group wrote on Telegram. There was no way to independently verify its claims. The same channel also shared screenshots that appeared to show Aeroflot's internal IT systems, and insinuated that Silent Crow could begin sharing the data it had seized in the coming days. "The personal data of all Russians who have ever flown with Aeroflot have now also gone on a trip -- albeit without luggage and to the same destination," it said. The Belarus Cyber-Partisans told The Associated Press that they had hoped to "deliver a crushing blow." Russia's Prosecutor's Office said it had opened a criminal investigation. Meanwhile, Kremlin spokesperson Dmitry Peskov called reports of the cyberattack "quite alarming," adding that "the hacker threat is a threat that remains for all large companies providing services to the general public."

Read more of this story at Slashdot.

An anonymous reader quotes a report from CNBC: Samsung Electronics has entered into a $16.5 billion contract for supplying semiconductors to Tesla, based on a regulatory filing by the South Korean firm and Tesla CEO Elon Musk's posts on X. The memory chipmaker, which had not named the counterparty, mentioned in its filing that the effective start date of the contract was July 26, 2025 -- receipt of orders -- and its end date was Dec. 31, 2033. However, Musk later confirmed in a reply to a post on social media platform X that Tesla was the counterparty. He also posted: "Samsung's giant new Texas fab will be dedicated to making Tesla's next-generation AI6 chip. The strategic importance of this is hard to overstate. Samsung currently makes AI4.TSMC will make AI5, which just finished design, initially in Taiwan and then Arizona. Samsung agreed to allow Tesla to assist in maximizing manufacturing efficiency. This is a critical point, as I will walk the line personally to accelerate the pace of progress," Musk said on X, and suggested that the deal with Samsung could likely be even larger than the announced $16.5 billion. Samsung earlier said that details of the deal, including the name of the counterparty, will not be disclosed until the end of 2033, citing a request from the second party "to protect trade secrets," according to a Google translation of the filing in Korean on Monday. "Since the main contents of the contract have not been disclosed due to the need to maintain business confidentiality, investors are advised to invest carefully considering the possibility of changes or termination of the contract," the company said.

Read more of this story at Slashdot.

Microsoft today launched Copilot Mode, an experimental feature that transforms Edge into an AI-powered browser experience. Available free for a limited time on Windows and Mac in markets where Copilot operates, the mode places AI at the center of web browsing through a single input interface combining chat, search, and navigation. The feature enables Copilot to view content across all open browser tabs, handle voice commands, and assist with tasks like comparing websites. Future capabilities will include booking reservations and managing errands through natural language commands. Microsoft has not specified when the free trial ends, though the feature will likely require a Copilot Pro subscription afterward.

Read more of this story at Slashdot.

Chinese universities are actively encouraging students to use AI tools in their coursework, marking a departure from Western institutions that continue to wrestle with AI's educational role. A survey by the Mycos Institute found that 99% of Chinese university faculty and students use AI tools, with nearly 60% using them multiple times daily or weekly. The shift represents a complete reversal from two years ago when students were told to avoid AI for assignments. Universities including Tsinghua, Remin, Nanjing, and Fudan have rolled out AI literacy courses and degree programs open to all students, not just computer science majors. The Chinese Ministry of Education released national "AI+ education" guidelines in April 2025 calling for sweeping reforms. Meanwhile, 80% of job openings for fresh graduates now list AI skills as advantageous.

Read more of this story at Slashdot.

A study of 12,069 middle and top-level venture capital professionals at US firms between 1996 and 2025 found that 46% never achieved a successful investment. The research by Stanford professor Ilya Strebulaev and Blake Jackson classified directors, principals, and general partners as successful if they had at least one investment that either became a unicorn, exited at twice the entry cost, or went public. (The analysis deemed any investment with 2x return "successful," though one should know that in the venture capital industry, the majority of bets don't return anything and the model works because of power law.)

Read more of this story at Slashdot.

Windows 11 has become indistinguishable from malware because of the way Microsoft has inserted intrusive advertising, AI monitoring features, and constant distractions designed to drive user engagement and monetization to the operating system, argues veteran writer and developer Rupert Goodwins of The Register. Goodwins contends that Microsoft has transformed Windows 11 into "an ADHD horror show, full of distractions, promotions and snares" where AI features "constantly video what you're doing and send it back to Mother." He applies the term malware to describe software that intervenes in work to advertise and monitors user data, concluding that "for Windows it isn't a class of third-party nasties, it's an edition name."

Read more of this story at Slashdot.

Security researchers have discovered evidence suggesting the SkyRover X1 drone sold on Amazon for some $750 is a DJI product operating under a different brand name. The findings come at a time when DJI is facing an unofficial ban at US customs. The drone shares identical specifications and features with the DJI Mini 4 Pro and connects to DJI's online infrastructure, including DJIGlobal, DJISupport, and DJIEnterprise services. Hacker Kevin Finisterre successfully logged into the SkyRover system using his existing DJI credentials. Security consultant Jon Sawyer found the SkyRover app uses the same encryption keys as DJI software, with the company making only basic attempts to conceal its origins by replacing "DJI" references with "xxx" or "uav." DJI didn't deny to The Verge that the SkyRover X1 is their product.

Read more of this story at Slashdot.

Norway's $2 trillion sovereign wealth fund, equivalent to $340,000 per citizen, may be undermining the country's economic health, according to a contentious new book. Martin Bech Holte's "The Country That Became Too Rich" argues that oil revenue has made Norway bloated and unproductive, with data supporting several concerns. Norway has recorded the slowest productivity growth among wealthy nations over the past two decades while Norwegians take 27.5 sick days annually, the highest rate in the OECD. Student test scores have declined since 2015 and now rank below the OECD average despite Norway spending $20,000 per student compared to the $14,000 OECD average. Fund withdrawals now cover 20% of the annual budget, up from less than 10% two decades ago.

Read more of this story at Slashdot.

A new analysis of protein changes across human tissues has identified an aging acceleration point around age 50, with blood vessels showing the most dramatic deterioration. Researchers examined tissue samples from eight body systems in 76 people of Chinese ancestry aged 14 to 68 who died from accidental brain injury, finding age-related increases in 48 disease-associated proteins. Between ages 45 and 55, the most significant shift occurred in the aorta, the body's main artery carrying oxygenated blood from the heart. The team identified one aortic protein that triggers accelerated aging signs when administered to mice. Early aging changes appeared around age 30 in the adrenal gland, which produces various hormones. The study, published in Cell, adds to mounting evidence that aging occurs in waves rather than following a steady progression.

Read more of this story at Slashdot.

This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts. It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey... OSS Rebuild helps detect several classes of supply chain compromise: - Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact. - Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether. - Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review. For enterprises and security professionals, OSS Rebuild can... — Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem. — Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture... - Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions... The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface. "With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."

Read more of this story at Slashdot.

Measuring earth's position (or "geodesy") requires using telescopes that track radiation from distant black holes. Their signals "pass cleanly through the atmosphere and we can receive them during day and night and in all weather conditions," writes a senior scientist at the University of Tasmania. But there's a problem... Radio waves are also used for communication on Earth — including things such as wifi and mobile phones... [A] few narrow lanes are reserved for radio astronomy. However, in previous decades the radio highway had relatively little traffic. Scientists commonly strayed from the radio astronomy lanes to receive the black hole signals. To reach the very high precision needed for modern technology, geodesy today relies on more than just the lanes exclusively reserved for astronomy. In recent years, human-made electromagnetic pollution has vastly increased. When wifi and mobile phone services emerged, scientists reacted by moving to higher frequencies. However, they are running out of lanes. Six generations of mobile phone services (each occupying a new lane) are crowding the spectrum... Today, the multitude of signals are often too strong for geodetic observatories to see through them to the very weak signals emitted by black holes. This puts many satellite services at risk. To keep working into the future — to maintain the services on which we all depend — geodesy needs some more lanes on the radio highway. When the spectrum is divided up via international treaties at world radio conferences, geodesists need a seat at the table. Other potential fixes might include radio quiet zones around our essential radio telescopes. Work is also underway with satellite providers to avoid pointing radio emissions directly at radio telescopes. Any solution has to be global. For our geodetic measurements, we link radio telescopes together from all over the world, allowing us to mimic a telescope the size of Earth. The radio spectrum is primarily regulated by each nation individually, making this a huge challenge. But perhaps the first step is increasing awareness. If we want satellite navigation to work, our supermarkets to be stocked and our online money transfers arriving safely, we need to make sure we have a clear view of those black holes in distant galaxies — and that means clearing up the radio highway.

Read more of this story at Slashdot.

The Standard Template Library for C++ is… interesting. A generic set of data structures and algorithms was a pretty potent idea. In practice, early implementations left a lot to be desired. Because the STL is a core part of C++ at this point, and widely used, it also means that it's slow to change, and each change needs to go through a long approval process.

Which is why the STL didn't have a ``std::map::containsfunction until the C++20 standard. There were other options. For example, one could usestd::map::count, to count how many times a key appear. Or you could use std::map::findto search for a key. One argument against adding astd::map::containsfunction is thatstd::map::count` basically does the same job and has the same performance.

None of this stopped people from adding their own. Which brings us to Gaetan's submission. Absent a std::map::contains method, someone wrote a whole slew of fieldExists methods, where field is one of many possible keys they might expect in the map.

bool DataManager::thingyExists (string name) { THINGY* l_pTHINGY = (*m_pTHINGY)[name]; if(l_pTHINGY == NULL) { m_pTHINGY->erase(name); return false; } else { return true; } return false; }

I've head of upsert operations- an update and insert as the same operation, but this is the first exert- an existence check and an insert in the same operation.

"thingy" here is anonymization. The DataManager contained several of these methods, which did the same thing, but checked a different member variable. Other classes, similar to DataManager had their own implementations. In truth, the original developer did a lot of "it's a class, but everything inside of it is stored in a map, that's more flexible!"

In any case, this code starts by using the [] accessor on a member variable m_pTHINGY. This operator returns a reference to what's stored at that key, or if the key doesn't exist inserts a default-constructed instance of whatever the map contains.

What the map contains, in this case, is a pointer to a THINGY, so the default construction of a pointer would be null- and that's what they check. If the value is null, then we erase the key we just inserted and return false. Otherwise, we return true. Otherotherwise, we return false.

As a fun bonus, if someone intentionally stored a null in the map, this will think the key doesn't exist and as a side effect, remove it.

Gaetan writes:

What bugs me most is the final, useless return.

I'll be honest, what bugs me most is the Hungarian notation on local variables. But I'm long established as a Hungarian notation hater.

This code at least works, which compared to some bad C++, puts it on a pretty high level of quality. And it even has some upshots, according to Gaetan:

On the bright side: I have obtained easy performance boosts by performing that kind of cleanup lately in that particular codebase.

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.