Wait, I thought one project = one assembly, so you would never have "types in assemblies in the same project which the current assembly depends on".

Should that be same solution instead of same project?

Yes, sorry.

NuGet is lock-by-default for the parent package, but with the move from packages.config to <PackageReference> it's no longer lock-by-default for dependencies.

It never made sense the other way. If I reference a package, logically I'm also referencing its dependencies at the version that the package uses. Forcing the user to also reference dependencies of dependencies of dependencies means the package reference lists aren't DRY.

But just the dependency list isn't sufficient to pick a specific version, thanks to dependency ranges. If Package A depends on Package B >= 1.0, and Package B has v1.0 and v1.1 available, it will use v1.0. But if Package B suddenly unlists v1.0, then future restores will change to v1.1.

Ah, I see the worry. A supply-chain attacker can use de-listing to force an upgrade to the malicious version if clients have dependency ranges that reach into the future.

I didn't know about that one.

In general, any dependency system that allows "you can silently upgrade to versions of the package that did not exist at the time the packagereference list was created" seems to be a vulnerability.

It's frustrating since this vuln seems trivially simple to fix, at a glance... although it would require an API change in PackageReference. Mandatory lockfiles by default, or getting rid of the floating versions misfeature. BindingRedirects let you override declared dependency versions anyways, they're not a blood pact.

It seems trivially simple until you have two dependencies with conflicting exact version requirements... So I don't think you can get rid of floating versions entirely. They did add NPM-style lockfiles for PackageReference, but currently not mandatory.

The version numbers for BindingRedirects are orthogonal to the package versions. You can have multiple package versions use the same AssemblyVersion so that applications don't need to create BindingRedirects. (e.g. Newtonsoft.Json - 13.0.0, and 13.0.1 in NuGet are both 13.0.0.0 for binding redirect purposes) And .NET Core/5+ don't need BindingRedirects at all!

Could be worse. It’s finally gone now but I believe that my employer used VS6 as late as 2025.

Amazon.jp does ship everywhere, but their international items use a separate warehouse, and sometimes items are only stocked in the domestic one(s) and are unavailable for international shipping.

You can get a proxy shipping address via Tenso (different service but iirc same company as Buyee) and then have stuff shipped there from Amazon.jp & consolidated and shipped to you.

I used it successfully for all the cheap and/or rare second hand books available on Japanese Amazons that Amazon will normally not ship internationaly (as its actually a miriad of small sellers listing the via Amazon and often only shipping domestically).

“It sounded good.” https://devblogs.microsoft.com/oldnewthing/20211214-00/?p=10...

> Why every advertising agency needs to have a review panel of twelve-year-old boys

https://devblogs.microsoft.com/oldnewthing/20080501-01/?p=22...

Don't miss that link in the above!

Not sure it's the brightest idea to pick a name based on what a 12-year-old thinks is cool, but ok

It’s the opposite - if a 12-year-old thinks it’s cool it probably needs a rethink.

It's that if a 12 year old boy can't stop laughing at the name, it's a bad one. Negative signal rather than a positive one. eg expertsexchange.com

Why not leave your functions but have them invoke the libraries instead?

They weren't drop in replacements. They were actually easier. Made up example:

> setup_terminal(); enable_input(); while(...) inp = read_character(); .....

vs

> readline()

So yes I could've stubbed out the other stuff and replaced just one, but that's just adding tech debt

That makes sense. Thanks for explaining!

It depends a bit. But it would now mean that there are multiple ways of doing the same. Call your internal function or call the library directly. You need to put up some linting around it that people only use your function or the library function.

Otherwise you may get that you have your function, you think everywhere is using it, you make it fix a bug. And poof, you introduced bugs at the other call sites.

But there is no such thing as a “genuine” $30 bill.

I don't think that the parent comment is making the case it's not a crime, but rather that it's not specifically counterfeiting. There comment reads as playfully snarky to me, since, when discussing counterfeit currency, we almost always take counterfeit to mean "to make a fraudulent replica of".

It's still fraud, and an attempt to deceive.

There is if we agree that there is.

Which we have.

It's impossible to know which Steam games are DRM-free since Steam games without DRM are not marked in the store. They have to all be assumed to have DRM.

Steam flags kernel-level DRM in a game's store page. Denuvo is identifiable (and named!) this way.

Recent example: https://store.steampowered.com/app/3357650/PRAGMATA/

Denuvu anti tamper isn't kernel level though

Well, all Steam games have Steam DRM? The Steam store will tell you if there is additional DRM on top of Steam, at least it has in the past.

To the parents question, it is better to use GOG if you care about DRM.

Sometimes the Steam version is qualitatively better because the publisher/dev has supported the Steam version with more updates. Often the updates do turn up on GOG, but it's possible there is a delay.

DRM is an optional Steamworks feature, the developer can opt out by simply not using it.

https://partner.steamgames.com/doc/features/drm

This is true only if there is exactly one person who buys them.

I know we used to use them in our corporate environment. Not sure if we still do, or if they gave up and called OneDrive “good enough”.

They also still don't have ASP.NET Core support for SQL Server Reporting Services - you're stuck in ASP.NET Web Forms land if you want to embed reports in your app.