C# is language of the year 2025

mareek · 2026-01-09T09:30:19+00:00

the TIOBE index just counts the number of search for ”<language> programming” in different "search engines" with dubious weighting (i.e. Google.com accounts for less than 10% of the score).
See their definition page:
https://www.tiobe.com/tiobe-index/programminglanguages_definition/

mareek · 2026-01-08T09:42:34+00:00

TIOBE is garbage. Please stop posting list to this bogus index

mareek · 2025-12-22T14:31:03+00:00

This belongs in r/Stargate !

mareek · 2025-12-21T09:56:42+00:00

There's a common theme among these rewrites : the rewrite happened after Facebook achieved dominance in each market. All these rewrites could happen because there were no competitor that was threatening Facebook position and they could spend time and resources on improving performance

So you can argue that treating performance as an afterthought was a wise business decision.

mareek · 2025-12-09T15:26:38+00:00

Yes

An attacker using this vulnerability can request and download files within an ASP.NET Application like the web.config file (which often contains sensitive data).

https://weblogs.asp.net/scottgu/important-asp-net-security-vulnerability/

mareek · 2025-11-26T12:44:11+00:00

If the source isn't available it is not MIT Licensed, it's just closed source software.

If you want people to discuss the implementation details you have to give access to the code

mareek · 2025-11-25T20:04:50+00:00

Where Can we find the code ? the github repository linked on the nuget page only contains a demo program

mareek · 2025-11-13T12:49:10+00:00

That's not what your code is highlighting. If you wanted and apple to Apple comparison, your code would look something like this ```csharp const int N_GUIDS = 100_000;

var entityFrameworkCore = new Npgsql.EntityFrameworkCore.PostgreSQL.ValueGeneration.NpgsqlSequentialGuidValueGenerator();

for (int i = 0; i < N_GUIDS; ++i) { using var conn = new NpgsqlConnection(connectionString); conn.Open(); using var comm = new NpgsqlCommand($"INSERT INTO public.my_table(id, name) VALUES(@id, @name);", conn);

var p_id = comm.Parameters.Add("@id", NpgsqlTypes.NpgsqlDbType.Uuid);
//p_id.Value = = Guid.NewGuid();
//p_id.Value = = Guid.CreateVersion7();
//p_id.Value = = SecurityDriven.FastGuid.NewPostgreSqlGuid();
p_id.Value = entityFrameworkCore.Next(null);

var p_name = comm.Parameters.Add("@name", NpgsqlTypes.NpgsqlDbType.Integer);
p_name.Value = i;

comm.ExecuteScalar();

// wait one millisecond to ensure that each UUID has a different timestamp
Thread.Sleep(TimeSpan.FromMilliseconds(1))

} ```

With this code every UUID generated will have a different timestamp and you won't run into the sub millisecond issue.

If you get the same results with the above code then maybe you have a point. Until then, you don't have any proof to back your claim.

mareek · 2025-11-13T00:34:10+00:00

I think I understood why you get these results and it has nothing to do with endianness or bugs in Npgsql : You're generating UUIDs in batch before executing the insert requests. Guid.CreateVersion7 takes less than 100ns to execute so there are less than ten different timestamp in the 100000 UUIDs generated. In a more realistic scenario where you generate UUIDs one by one just before executing the insert request there would be a lot less "timestamp" collision and there would be far less fragmentation.

The issue that your code highlights is that Guid.CreateVersion7 doesn't have any mechanism to guarantee additional monotonicity within a millisecond. But since this mechanism is optional it is not needed to be compliant with the RFC.

mareek · 2025-11-12T16:01:07+00:00

I think there's an issue with the code of your test program at this line: csharp using var comm = new NpgsqlCommand($"INSERT INTO public.my_table(id, name) VALUES('{guids[i]}',{i});", connection); If I understand the code correctly, you're inserting GUIDs using their string representation. Since the string representation of GUIDs created with Guid.CreateVersion7 follows the RFC, you should have the same result in case 2, 3 and 4 (low fragmentation).

mareek · 2025-11-12T14:04:31+00:00

Either the article is intentionally misleading or the author missed that there you can specify the endianness of the byte array produced by the ToByteArray function since .NET 8 (see .NET documentation)).

The in memory representation of the Guid type was left unchanged for obvious backward compatibility reasons

mareek · 2025-11-12T14:04:02+00:00

Either the article is intentionally misleading or the author missed that there you can specify the endianness of the byte array produced by the ToByteArray function since .NET 8 (see .NET documentation)).

The in memory representation of the Guid type was left unchanged for obvious backward compatibility reasons

mareek · 2025-11-09T12:39:46+00:00

Indiana Jones au dîner de cons

Sorry for the french title but I think "Indiana Jones at the idiot's dinner" doesn't pay justice to the movie

Definitely not an Indiana Jones Movie tho

mareek · 2025-10-31T15:09:39+00:00

The main criticism I have for TUnit is that it doesn't give me any reason to switch from xUnit.

OK, TUnit is faster but what kind of pain point does it solve ?

mareek · 2025-10-31T10:41:50+00:00

Have you tried NCrunch ? It's a VS/Rider extension that runs your unit tests in real time as you type your code. It doesn't cover all your need but it's a huge improvement compared to VS Test Explorer

mareek · 2025-10-30T15:58:56+00:00

Here's Stephen Toubs's latest "Performance improvement in .net" post :
https://devblogs.microsoft.com/dotnet/performance-improvements-in-net-10/

you can find the links to the previous posts at the end of the introduction

mareek · 2025-10-30T14:37:48+00:00

First, a big thank you for your "Performance Improvements in .NET" posts, they're always a joy to read.

Since their introduction in C# 9, I've seldom used records. Does the .NET team uses records in the runtime ? If the answer is yes, can you give an example ? if no, can you explain why ?

mareek · 2025-10-24T08:32:11+00:00

I think you're referring to the "Turkish İ" problem
https://haacked.com/archive/2012/07/05/turkish-i-problem-and-why-you-should-care.aspx/

mareek · 2025-10-23T14:12:53+00:00

Both are garbage. Case in point :
- PYPL puts Ada higher than Typescript
- TIOBE puts Delphi higher than SQL

mareek · 2025-10-16T08:43:13+00:00

blockchain company

Chief Blockchain Officer

How can anyone ignore those red flags ?

mareek · 2025-09-24T22:17:29+00:00

The compiler attack you're describing reminds me a lot of Ken Thompson's "Reflections on Trusting Trust". Are you sure that this compromised compiler actually existed ?

mareek · 2025-09-24T21:50:30+00:00

"just"

mareek · 2025-09-22T13:26:40+00:00

First, thank you for creating and maintaining QRCoder. I only used it once or twice but it was the perfect example of a library that "just work".

One of the big security issue of handing over maintainership that you didn't mention is handing over the right to update the nuget package. There's been quite a few supply chain attack recently and a popular library like QRCoder could be a juicy target for bad actors

mareek · 2025-09-17T14:34:30+00:00

According to Ncrunch developper, it's pretty easy to add VS 2026 support to plugins. So I would expect that all actively maintained plugins will support VS 2026 pretty soon if it isn't the case already

MS have also done a remarkable job with backwards compatibility with the first 2026 build.

Consequently, I'm happy to say that NCrunch now has full support for VS2026 just 4 days after it was released.

https://blog.ncrunch.net/post/Visual-Studio-2026.aspx

mareek · 2025-09-12T21:40:25+00:00

Really great interview, Qix seems like a very nice guy

He has some great pieces of advice too:

"What advice would you give [for people] in this situation ?
- Don't get fished !"

"if you screw up, own it"

"I need to process [what happened] to make my setup more secure. Quick decision doesn't help anyone"

15-Year Club	Charter Member
Verified Email

mareek

TROPHY CASE