►
From YouTube: GitHub Quick Reviews
Description
Powered by Restream https://restream.io/
A
A
Hello,
freunden
or
whatever
the
actual
german
is
for
hello,
friends,
yet
another
overflow
session
for
api
review,
but
we
only
have
two
red
things:
we're
catching
up
and
anyone
who
was
with
us
yesterday.
We
got
to
non-red
things,
so
we're
hoping
to
do
that
again.
Today,
yeah,
I
think
that's
all
the
stalling.
I
can
do
mostly.
E
A
F
All
right,
actually
leomi
won't
be
able
to
attend
today.
So
I
think
we
should
save
this
for
next
time.
Cool,
awesome,
then
cool.
Then
let's
go
the
architecture.
One
burning
through
issues
and
aaron
is
on
his
way.
A
Okay,
yeah
so
probably
no
more
kermit,
the
frog
all
right:
s390x
architecture,
enum,
five,
two
niner,
zero,
niner.
F
G
H
F
Is
there
any
any
consideration
for
like
x39
or
s390x
32
versus
64
versus
anything
else.
F
H
E
A
Okay,
I
will
ask,
do
we
want
to
go
ahead
and
add
s
390
and
so
that
we
always
have
the
32
f
or
preceding
the
64.?
And
then
I
think
the
answer
is
no,
and
now
it
has
been
asked
and.
I
What
is
there
a
cost
to
adding
this?
I
looked
through
some
of
the
changes
build
scripts
are
updated.
This
is
a
completely
new
build
pipeline
that
we
potentially
need.
It
feels
like
when
we
add
something
at
the
public
api
level
that
that
implies
something
we
do.
We
have
something
for
freebsd
per
chance,
like
that's
the
os
equivalent
kind
of
idea
like
it
seems
like
we're
really
jumping
into
this,
and
it's
like
I
haven't,
heard
any
debate
or
discussion
if
this
is
something
that
we
want
to
put
at
the
public
level.
I
Right,
but
everything
that
was
been
done
so
far
is
general
and
some
of
the
other
prs
are
for
core
clr,
not
just
mono,
and
so
like
it's,
not
it's
not
just.
Let's
support
a
new
architecture.
It's
this
is
going
to
be
a
part
of
build
script.
It's
going
to
be
part
of
a
maintenance
concern.
Are
we
going
to
have
branches
throughout
the
code
base
that
we
are
supporting
this
other
platform
with
zero
coverage
on
our
side?
What
is
the
contractual
expectation
for
us
to
maintain
this
architecture
like
I'm,
just
I'm
looking
at
a
maintenance
concern?
E
Can
say
is
that,
like
on
the
dot
net
standard
side
like
the
so
the
challenge
that
we
have
is
that
while
we
try
to
be
somewhat
multi-vendor
or
more,
you
know
neutral
so
like,
for
example,
red
hat,
could
you
know
fork.net
core
and
maintain
their
own?
You
know
support
policies
for
whatever
hardware
they
want
to
run
on.
The
problem
is
that
the
choke
point
is
the
api
surface
right.
So,
for
example,
when
I
forgot
the
freebsd
guys
wanted
some
some
eno
members
to
be
added
right.
E
We
don't
support
freebsd,
but
people
do
and
so
the
the
bar
I've
I've
tried
to
hold
up
in
the
bar
is
to
say
like
if
somebody
wants
a
new
inner
member
somewhere
and
that
makes
their
life
easier.
I
think
that's,
okay.
I
don't
think
that
having
an
eno
member
here
implies
any
support
I
mean
we
do
have
I
mean
we
have
eu
members
that
are
from,
like
you
know,
ancient
times
like
you
know,
old,
xbox,
values,
old,
motorola,
phones,
right,
and
so
that's
that's
totally
fine,
but
I
think
it's
fair
to
say.
E
Yes,
there
is
a
consideration
for
who
supports
this.
You
know
which
branches
does
this
being
built
from,
but
to
me,
that's
completely
orthogonal
and
separate
from
my
apis,
but
if
somebody
wants
to
add
large
chunks
of
apis,
I
would
probably
say
well,
unless
that's
really
a
major
thing
that
we
care
to
support.
E
I
I'm
I
marked
it
the
reason
I
marked
it
blocking-
and
this
probably
was
incorrect
on
my
part-
is
because
I
saw
it
was
marked
for
6.0
and
I
my
understanding
is
that
we're
getting
close
to
a
point
where
we're
not
going
to
be
changing
apis.
That
was
because
we're
like
preview
five.
I
think
that
was.
That
was
the
reason
I
did
that,
if
that's
not
appropriate,
then
that
was
that's.
F
A
A
J
Right
sorry,
yeah,
so,
okay,
I
I'm
not
sure
if
you,
if
you
got
the
background
on
this,
but
we've
been
working
with
ibm
on
on
basically
supporting
them
with
their
work
of
porting,
like.net
runtime
to
the
s390x
architecture.
So,
basically
all
of
the
work
is
on
their
site.
We
are
just
there
to
to
assist
them
and
make
sure
like
we
drive
the
api
reviews
and
everything
else
so
yeah
it's.
Basically,
it
will
be
supported
by
them
and
not
by
microsoft.
E
I
was
about
to
say,
but
basically
it
means
like
they
are
basically
like
the
previously
guys
right
like
we
don't
do
anything
besides
like
telling
them
where
the
files
that
they
need
to
touch,
but
they
will,
they
will
build
the
devil
ship
it
that
will
support
it.
There's
nothing
that
changes
in
our
branches
or
bits
right
right,
yeah,.
E
Yep
yep
yep,
I
mean
yeah,
I
think
the
usual
chill
points
are
like,
as
you
said,
the
architecture
in
them,
probably
the
operating
system
type
depending
on
whether
they
have
custom
operating
systems
they
want
to
support
and
then
the
root
graph
right.
These
are,
unfortunately,
the
things
that
have
to
be
in
the
common
core
base
right.
G
G
J
G
A
G
A
H
E
So
alex
I
have
to
be
the
guy,
because
people
I
was
having
people
ask
me
to
write
things
down,
but
do
you
know
what
it
is
anybody
taking
notes
of
like
you
know
here
are
the
places
you
would
have
to
touch
in
order
to
bring
up
an
operating
system
like
do
we
have
a
general
recipe,
because
then
I
could
contribute
the
parts
that
talk
about.
You
know
api
editions
and
what
that
would
look
like.
I
don't.
J
Think
there's
a
like
a
dock
or
anything
like
that,
and
it's
there
are
different
angles
here,
because
adding
a
new
operating
system
is
different
from
adding
a
new
architecture
like
we
have
here,
because
this
is
like
this
is
still
running
linux.
It's
just
a
different
architecture,
which
touches
a
few
different
colors
than
if,
if
you
add
an
operating
system,
but
ideally
we
would
have
a
dock
that
outlines
the
necessary
changes
for
both
of
these
cases.
E
Yeah,
maybe
I
should
just
jumpstart
that,
because
I
mean
the
problem
is
that
we
know
we,
we
just
had
this
discussion
with
the
national
framework
people
because
they
wanted
to
bring
up
a
new
flavor,
off.net,
so
they're
kind
of
various
kind
of
tasks
where
you
know
somebody
has
to
make
changes
to
the
core
product,
even
if
microsoft
doesn't
support
it
right.
That's
like
a
new
framework.
It's
a
new
operating
system
or
it's
a
new
architecture
right.
E
J
I
A
E
A
F
You
can
talk,
I
I
can
talk,
so
we
added
a
bunch
of
we
added
a
bunch
of
one-shot
static
apis
for
doing
straight-up,
hashing,
un-keyed,
sha-1,
sha-256
and
so
on.
F
This
basically
adds
that
same
capability
to
the
hmac
types,
so
that
you
can,
as
a
single
static
method,
call
provide
a
key,
a
data
to
be
hashed
and
a
buffer
to
receive
the
digest
and
it'll.
Just
do
the
whole
thing
in
one
shot
you
don't
have
to
new
up
in
hvac
sha-1.
You
don't
have
to
go
through
that
whole
ceremony.
This
would
be
the
preferred
api
when
you
have
all
the
data
already
ready
to
be
hashed
yeah
the
api
surface,
as
proposed
here
mimics.
F
What's
already
on
the
sha-1
and
other
types
with
the
addition
of
a
key
parameter.
E
So
I
recently
did
that
funny
enough,
because
I
I
implemented
a
hook
for
github
actions
in
order
to
verify
the
secret,
you
have
to
compute
an
hmac.
E
E
A
A
F
F
F
A
We
added
in
five
but
compute
hash
of
stream,
which
is
on
the
base
class
of
the
hmax.
Is
you
know,
older
than
dirt
dot
net
framework,
one
yeah?
E
F
A
So,
for
reference,
here's
what
we
added
on,
of
course,
that
doesn't
do
what
I
want
yeah,
so
bite
to
bite
span
to
bite
span
to
span
returning
and
spend
a
span.
Try
so
same
pattern.
Yup
here.
A
E
A
A
C
C
A
Yeah,
so
that's
where
it's
like
you
know:
hash
data,
mac
data,
authenticate
data,
sign
data,
there's
probably
another
word
solid
list
previously
hash
data
matches
what
we
have
on
the
non-keyed
hash,
algorithms,
so
yeah.
The
api
takes
a
key.
It's
clearly
keyed
yeah.
So
so
I
think
keyed
hash
is
a
concept,
so
we
have
a
key
and
a
hash.
So,
but
that
was
really
a
room.
E
A
F
F
So
you
know
so
this
this
particular
issue
is
covering
two
things
of
which
I
only
want
to
discuss
one
today.
This
issue
is
covering
both
the
obsoletion
of
secure
string
and
the
introduction
of
something
that
can
take
its
place
for
more
generalized
usage
scenarios,
not
going
to
talk
about
obsolete,
insecure
string
right
now,
but
I
do
want
to
talk
about
introducing
a
a
companion
type
that
should
probably
be
our
preferred
mechanism
going
forward
for
these
kinds
of
scenarios.
F
F
Generally
speaking,
this
means
that
this
data
should
not
be
included
in
logs
should
not
be
included
in
error.
Messages
should
not
be
serialized
if
it
happens
to
exist
as
a
field
or
a
property
of
a
class,
and
so
on.
The
the
canonical
use
case
is
a
secret.
Objar
could
represent
a
password
or
a
connection
string
or
some
other
kind
of
connection.
Key
a
secret
of
light
could
represent
a
symmetric
key,
for
instance,
and
that's
kind
of
why
I
wanted
to
discuss
this
after
the
previous
hmac
conversation.
F
What
I
have
proposed
alongside
of
this
is,
and-
and
this
is
this
link-
is
somewhere
in
this
comment,
but
I
had
proposed
lighting
up
a
bunch
of
the
api
service
and
dot
net,
particularly
apis
that
take
cryptographic,
keys
or
other
sensitive
data
in
order
to
accept
a
secret
of
byte,
in
addition
to
a
read-only
span
of
byte
or
a
byte
array,
to
contain
that
data
asp.net
actually
already
uses
a
type
very
similar
to
this
throughout
its
crypto
stack,
they
call
it
I
secret.
F
I
say
they,
even
though,
like
I
wrote
the
whole
thing
whatever,
but
the
general
idea
again
is
it's
something
that's
supposed
to
be
it's
something.
That's
generally
intended
to
be
treated
as
opaque.
That
should
only
be
cracked
open
under
very
special
circumstances.
F
So
yeah,
that's
that's
what
this
proposal
is
for.
There's
in
this
direct
comment,
there's
the
type
itself
and
in
a
link
somewhere
bearing
in
this
comment.
There
is
a
list
of
api
surface
that
will
be
lit
up
with
it.
F
That
is
an
excellent
question.
First,
this
type
is
immutable.
Once
it's
created,
there
is
no
way
to
mutate.
One
of
these
things
you
don't
have
like
add
char
or
add
bite
or
whatever
methods
the
second
this
can
take.
This
can
take
arbitrary,
arbitrary
types
like
byte
and
char,
which
makes
it
appropriate
for
things
like
symmetric
keys,
which
secure
string
cannot
do
this
type
of
this
type
also
can
make.
F
Given
that
this
has
a
fresh
api
surface,
we
can
provide
more
useful
utility
methods
that
would
be
difficult
or
impractical
to
add
to
secure
stream.
For
example,
I
have
an
extensions
class
here
which
actually
like
which
actually
turns
this
thing
back
into
a
string,
for
instance,
if
you're
giving
it
a
secret
of
char,
we
we
could
do
that
with
secure
string.
F
To
be
perfectly
honest,
but
we've
already
said
that
like
secure
string
is
kind
of
the
end
of
the
road
and
we
really
don't
want
people
using
it
and
we
have
documented
it
as
such
and
as
a
result,
I
don't
expect
us
to
add
friendly
apis
to
secure
string
going
forward.
F
F
F
Two
unshrouded
array
could
be
an
instance
method,
you're
right,
that's
the
same
thing
we
did
on
span
of
t
use.
I
did
not
put
as
an
instance
method
because
it
takes
two
different
type
parameters,
not
just
one,
and
I.
F
There's
like
some
weird
concern
about
about
type
parameters
and
explosion
and
stuff
like
that.
A
F
E
I
mean
yeah.
That
was
something
that
probably
yeah.
I
would
comment
on,
but,
like
I
mean
to
me
that
seems
reasonable.
F
A
Could
be
purely
an
instance
method,
there's
no
advantage
so
because
so,
when
we
were
doing,
fdg3
yawn
was
did
a
nice
job
of
reviewing
like
the
extension
methods
and
such
and
you
know,
talked
about
like
well.
We
need
it
here
for
specialization,
a
bunch
of
things
on
on
super
low
level.
Types
are
when
an
operation
isn't
going
to
be
used
very
common,
then
move
it
out
of
the
v
table
and
into
into
an
extension
thing.
So
it
doesn't.
A
You
don't
pay
the
size
for
every
t,
but
on
this
we
expect
like
two
t's
and
so
now
I
actually
don't
know
how
the
implementation
of
generic
methods
off
of
generic
types
works.
So
I
don't
know
where
that
explosion
lives,
but
it
to
me
it
feels
like
use,
fits
more
as
an
instance
method,
but
I
don't
have
super
strong
rules.
F
F
Much
yeah
the
other
one
other
interesting
thing
on
this
is
this
is
iclonable
and
the
reason
for
this
as
we
learned
in
asp.net,
is
it
because
csharp
and.net
don't
have
very
well-defined
ownership
rules
whenever
you
receive
one
of
these?
If
you
plan
on
holding
on
to
it
long
term,
you
should
clone
it.
That
gives
it
its
own
completely
separate
lifetime
right,
but
do
you
need.
F
You
don't
have
to
have
it
iclonable,
but
I
figured
since
there
is
a
clone
method
may
as
well
make
it
iclonable.
If,
if
we
really
hate
iclonable.
A
Interface
because
I
feel
like
when
we
did
json
document.
A
That
I
was
trying
to
come
up
with
what
do
we
like?
We
want
a
way
to
duplicate
it.
Apparently
it's
only
json
element.
Has
it
yeah
it's
like?
Well,
we
want
a
way
to
duplicate
it,
etc,
and
I
was
avoiding
the
word
clone
because
of
iclonable,
and
what
came
out
of
the
review
was
clone
is
the
right
word,
just
don't
implement
icloneable.
F
Which
is
also
a
valid
a
valid
option,
because
I
implement
the
interface
explicitly
here,
which
means
no
one
will
ever
see
it
so.
A
So
yeah
so
json
element
does
not
say
it's
iclonable,
but
it
has
a
method
called
clone,
which
does
some
cloning
things,
so
we
can
easily
this
tab,
so
this
could
be.
This
could
have
a
clone
method
without
being
icloneable.
A
F
A
F
F
F
F
F
The
buffer
dispose
does
whatever
is
appropriate,
based
on
the
architecture
that
you're
targeting
the
the
this
type
also
does
a
bunch
of
stuff
as
an
implementation
detail
which
attempts
to
limit
exposure
of
the
data
inside
say,
managed
memory.
Anything
like
that
and
we
would
pull
whatever
tricks
are
appropriate
based
on
the
current
run
time
this
it
it's
not
a
guarantee
that
it
makes
like
it's.
F
It's
not
explicitly
saying
I
guarantee
that
this
data
won't
exist
inside
of
a
memory,
jump
or
anything
like
that,
but
we
do
try
to
be
careful
and
make
sure
that,
like
the
data
doesn't
exist
inside
of
an
array
pool
array
that
the
data
doesn't
exist
inside
of
inside
of
a
mechanism
where,
like
a
dangling
pointer,
might
end
up
exposing
it
so
on.
F
G
A
G
F
A
Yeah
I
mean
yeah,
even
if
yeah
I
mean
that's
true
of
any
buffer
yeah
like
dereferencing,
a
pointer
could
be
o
of
n
if
it
got
paged
out.
F
Like
yeah,
exactly
because
the
the
actual,
the
original
implementation
that
we
had
for
asp.net
actually
stored
the
data
out
of
process
and
then
it
brought
it
back
in
process
only
when
you
needed
it,
but
it
broke
in
antares.
So
we
reverted.
A
A
Because
part
of
the
problem
with
secure
string
is
the
documents
from
when
it
was
created,
said
it
will
do
the
following
things
and
then
we
got
to
new
platforms
and
we
couldn't
do
those
things.
And
so
then
we
we
did
a
weasley
thing
and
we
changed
will
to
may
and
kind
of
called
it
a
day,
but
the
yeah.
So
the
answer
here
is
this:
keeps
you
from
accidentally
logging
it
and
it
it's
a
signal
in
api
review.
That's
most
of
what
it
does.
Anything
else
is
levi
making
himself
happy.
F
F
Example,
one
of
the
things
that
it
does
is
the
the
implementation
that
I
have
for
non-windows
actually
uses
gc
handle
to
wrap
the
original
array,
and
the
reason
for
that
is.
There
is
no
way
via
reflection,
unless
you're
willing
to
follow
pointers
to
get
to
the
underlying
buffer
that
contains
the
data.
That's
an
explicit
design
decision,
because
we
don't
want
one
of
these
things
to
be
accidentally
passed
to
a
serializer
that
will
crack
open
all
of
the
fields
and
just
start
writing
all
of
them
to
the
output
right.
E
So
one
question
I
have
is
so
they
basically
to
summarize.
Basically,
we
don't
like
secure
stream,
because
it
makes
guarantees
that
we
can't
keep.
It
has
a
name
that
implies
it
makes
very
you
know
it
makes
a
very
universal
claim
right,
like
this
is
secure.
If
you
use
me,
you
know,
your
secrets
are
secure
kind
of
thing
right.
This
one
is
basically
saying
you
identify
a
secret
as
a
secret,
but
your
type
makes
no
statement
that
it's
you
know
protected
or
saved
or
secure
right
you're.
F
To
right,
yeah
I
mean
we
provide
apis
more
clearly,
but
to
to
answer
your
questions
about
secure
string.
Secure
string
has
two
really
bad
things
against
it.
The
first
is
that
it's
char
data
only
which
doesn't
help
you
at
all
for
things
like
symmetric
keys,
which,
by
the
way
we
just
discussed
in
the
last
issue
and
b,
it
is
mutable,
and
it's
whenever
you
mutate
it.
F
Every
mutation
is
an
o
of
n
operation,
which
means
that,
if
you're
building
up
a
secure
string
from
input,
it's
actually
o
of
n
squared,
which
is
very,
very
sucky.
I've
actually
seen
I've
actually
seen
like
websites
that
think
that
they're
doing
the
secure
thing
by
taking
a
they
take
an
input
string
from
request.form
and
then
char
by
char
they'd,
build
up
a
secure
string
around
that
because
they
want
to
pass
that
to
like
a
network
credential
or
something
guess
what
they
just
have
of
n
squared
on
an
input.
F
That's
potentially
four
megabytes
in
size,
they're
now
performing
16
trillion
units
of
work
inside
their
application,
good
job
everyone,
so
they
have
dosed
themselves
just
by
virtue
of
trying
to
do
something
safe
had
they
just
done
the
same
thing
and
just
used
string
everywhere.
This
would
have
been
a
non-issue
for
them,
but
they
had
compliance
reasons
or
something
else
that
forced
them
to
use
that
weird
unsafe
code.
K
So
levi,
I
have
a
question
so
earlier.
You
said
that,
with
this
new
secret
type,
you
made
it
so
serializers
are
unlikely
to.
You
know:
write
the
buffer
because
you'd
have
to
follow
a
pointer
or
something
is
that
also
true
for
secure
string.
F
F
F
Concept,
yeah
correct
and
this
concept
already
exists
in
the
asp.net
crypto
stack
their
type.
Is
I
secret?
This
concept
already
exists
in
azure
sdk.
I
forget
what
the
name
of
their
type
is,
but
they
actually
have
a
type
to
represent
a
key.
I've
spoken
with
a
powershell
team
offline
like
they
said
they
would
use
this
type
if
it
exists,
because
they
have
scenarios
for
it.
Yeah.
E
But
there
there
are.
Is
it
unfair
to
say
sorry?
Is
it
fair
to
say
that
we
would
move
this
type
relatively
low,
like
ideally
kind
of
quali,
and
then
everybody
who
basically
deals
with
secrets,
like
say,
sql
connection,
for
example,
or
the
networking
stack
or
whatever
else?
We
would
just
make
sure
we
add
overloads
that
accept
the
secret
of
char,
probably
potentially,
yes,
because
that
was
the
other
big
problem
with
secure
saying
that
really
nothing
took
it.
E
G
E
Time
usable
by
actually
being
able
to
pass
it
around,
I
think
it's
it's
not.
I
mean
it's
not
bad
because
you
said
like
you
can
still
keep
it
in
your.
You
know
in
your
own
data
types
as
an
indicator.
We
probably,
but
we
probably
want
to
make
sure
that
we
look
at
all
the
right
places
like
I'm
thinking
like
configuration,
for
example,
where
you
get
an
overload
that
says,
get
secret
or
something,
and
then
it
already
gives
you
a
stick.
You
don't
have
to
like.
F
E
F
And
that's
actually
a
good
point.
Jeremy.
Can
you
scroll
down
a
little
bit
because
I
discussed
that
so
under
other
ecosystem
api
changes
this
so
the
the
first
line?
F
There
is
the
link
to
the
full
list,
but
this
is
just
kind
of
a
partial
list
of
what
we
could
light
up
wherever
we're
taking
a
read-only
spanish
byte
or
a
byte
array,
for
instance,
in
the
crypto
stack,
we
could
also
take
a
secret
of
byte
or
a
sensitive
data
byte
that
way,
the
that
way
the
application
never
has
to
juggle
the
raw
bytes
that
represent
the
key.
They
could
just
read
it
from
configuration,
keep
it
as
a
sensitive
data
of
byte
and
then
just
flow
it
along
to
wherever
it
needs
to
go.
F
There's
also
directly
beneath
this
a
proposal
for
how
it
might
flow
into
configuration.
The
full
list
of
proposed
api
changes.
That's
linked.
There
has
a
lot
of
stuff
in
it.
E
I
mean,
I
think
part
of
the
implications
here
is
in
order
to
really
make
it
and
honestly
the
crypto
things
are
nice,
but
I
think
the
vast
majority
of
people
who
would
use
this
type
of
problems
don't
care
about
crypto,
but
they
would
care
about.
I
don't
know
like
some
azure
library
that
takes
a
connection
stream,
for
example.
Right
or
like
I
don't
know,
I
use
the
azure
storage
sdk
right,
but
in
order
for
those
things
to
take
it,
you
probably
have
to
distribute
the
type
as
a
net
standard
tool,
library
right.
E
F
E
F
A
E
In
the
issue
yeah,
I
mean
we
could
it's
just
that
every
time
we
do
these
things
it's
like
kind
of
like
this?
Is
an
ecosystem
feature
really
right,
you
want.
You
want
libraries,
and
you
know,
producers
and
consumers
of
of
you
know
configuration
data
kind
of
to
buy
into
that
right,
because
that
was
always
the
promise
with
secure
sticking.
It
was
a
platform
type,
but
it
was
never
really
driven
as
as
one
and
that
kind
of
is
part
of
the
reason
why
I
wasn't
successful
right.
E
Some,
some
parties
like
powershell,
really
embraced
it,
but
by
and
large
we
didn't-
and
that
was
also
one
of
the
reasons
why
I
think
nobody
really
cared
to
fix,
for
example,
the
usability
issues
that
the
type
has
right,
and
so
I
think,
if
you
want
this
to
be
successful,
I
I
really
think
we
should
proactively
try
to
make
this
type.
You
know
pervasively
available,
otherwise
it's
not
going
to
be
very
useful
in
my
opinion,
but
that
it
probably
also
implies
like
changes
elsewhere
right.
E
So,
for
example,
you
already
said
you,
you
know
when
you
walk
this
time
by
reflection,
you
don't
accidentally
secrets,
but
maybe
what
you
really
want
to
do
is
literally
blow
up
in
reflection
and
say
sorry,
what
is
what
they?
You
know,
it's
right
in
civilization
and
say:
hey
I
discovered
this
type.
What
are
you
doing?
E
You're
not
supposed
to
have
to
stick
in
your
types
right,
and
so
there
may
be
some
other
changes
that
you
want
to
do
in
order
to
make
that
thing
really
fly
right
and,
and
so
so
to
be
clear,
like
I
think
what
may
not
come
across
but
like
I
I'm
very
supportive,
I
think
it's
a
good
idea,
especially
like
you
know,
as
I'm
building
more
and
more
websites
like
my
is
full
of
secrets
all
the
time
and
it
seems
to
be
that's
just
the
way
things
are
in
the
cloud
right.
E
F
Sure
the
the
reason
I
had
put
it
in
that
name
space
is
because
the
canonical
use
case
is
to
represent
connection
strings
passwords
cryptographic
used
blah
blah
blah,
but
I
I
would
be
you
know,
open
to
other
suggestions.
A
E
Yeah
yeah
exactly
so
there's
a
bunch
of
like
sins
from
the
past,
and
quite
frankly
I
mean
to
me
I
would
really
try
to
avoid
the
words
you
know,
security
or
secure
right.
I
think
that's
why
I
like
secret,
because
it
kind
of
it
just
says
what
it
is.
It
doesn't
really
make
a
statement
about.
E
You
know
all
this
is
safe
or
secure
right
like
it
just
says:
well,
here's
here's!
Where
I
store
a
secret
right,
you
just
make
a
factual
statement
and
then
it's
basically
just
everybody
who
uses
that
thing
should
be
mindful
and
responsible
right.
It's
kind
of
like
when
you
mark
an
api
is
unsafe,
but
you
don't
really
make
a
statement
about
quality
of
code
or
anything
like
that.
Yeah
system
security,
like
I
mean,
there's
almost
nothing
in
that
namespace
that
you
want
anybody
to
use
ever
today
right.
A
F
We
would
want
to
rename
it.
I
think,
if
we
did
that,
because
I
I
think
secret
might
be
maybe
a
bit
too
widely
used
and
would
conflict
with
people's
applications
that
I
I
see
that's.
E
F
Sure
so
I
did,
I
did
go
through
everything
in
the
dotnet
runtime
repo
and
I
looked
at
every
single
parameter
that
was
called
key
or
password
or
things
along
those
lines,
and
I
did
propose
inside
this
issue
making
overloads
where
appropriate.
F
F
E
E
F
Yeah
so
it
sounds
like
this
would
be
more
useful
as
a
net
standard,
2o
type,
and
it
sounds.
E
So
I
would
I
would
say,
in
order
for
this
to
be
successful,
it
needs
to
be
an
ecosystem
feature
and
that,
by
definition
today
at
least
means
it
needs
to
be
net
standard
too,
but
it
seems
like
I
don't
know,
I
I
don't
think
it's
problematic.
I
think
it's
pretty
straightforward.
We
know
what
the
shape
of
the
thing
is.
We
probably
know
it
will
live
in
kolib.
We
can
pretty
much
freeze
the
api's
purpose
when
we
ship
it,
probably
because
it's
you
know
such
a
simple
type.
So
I
think
you
know
all
normal
things.
E
We
know
we
can't
do
with
an
ube.
I
don't
think
our
problems
here,
so
I
think
it
seems
like
a
fairly
simple
thing
for
us
to
do,
but
I
also
think
it's
that
we
need
to
kind
of
do
it
like
if
we,
if
we
kind
of
like
you
know,
wait
for
somebody
in
azure
to
ask
us,
I
think
we're
just
inverting
the
relationship,
because,
ideally
we
go
to
them
and
say:
please
change
your
apis
and
take
secrets
right,
and
so,
if
they
know,
say
well
cool.
E
Where
can
I
reference
this
and
you
tell
them
like?
Oh,
you
can
reference
it
in
three
years
from
now,
they're
like
well
dude
come
back
if
we
use
that,
and
so
that's
because
I
think
it's
more
like
a
platform
ask
from
our
end.
You
know,
rather
than
a
desire
from
there
right.
Okay.
E
So
what
I
would
I
mean
we
should
probably
look
at
the
proposal
of
the
apis.
You
want
to
add,
it
might
be
nice
to
actually
think
about
like
the
the
civilization
impact
and
whether
you
think
we
should
more
proactively
throw,
and
I
think
the
other
question
is
just
naming
right.
Let's
just
find
the
namespace
home
for
it.
I.
A
F
Yeah,
which
really
doesn't
seem
like
the
worst
thing
in
the
world,
to
be
honest,
that's
kind
of
the
intent
of
that
behavior.
It
may
leak
the
length
of
your
password.
That's.
A
A
E
Correct
I
mean
it's
kind
of
like
you
know.
I
guess
at
this
point
nuance
right
like
you
know
they
call
it
the
configuration
binder
right
but
yeah,
it's
something
reflection
based
that
sets
some
properties,
but
but
I
guess
in
this
case
the
intent
clearly
is
you
want
it
to
work
right
versus
if
you
use
json
or
a
grpc
or
a
binary
serializer,
do
you
really
expect
that
to
work,
or
would
you
consider
this
a
bug
in
your
in
your
object,
land
that
it's
in
there
in
the
first
place.
F
For
the
ebay
right,
I
would
not
expect
it
to
work
for
json,
binary
format
or
anything
else,
because
generally
we
say
that
those
things
should
be
round-trippable,
and
it's
just
like
it's
weird
to
have
something
that
can
serialize
but
never
deserialize.
It
seems
strange
to
have
something
that
can
deserialize,
but
never
serialize.
A
F
A
I
I
can
sort
of
kind
of
slightly
buy
it
that
you
know
if
you
wrote,
you
know
password
colon
quote
secret.
Don't
look
at
me
end
quote
that
the
binder
could
have
special
support
for
if
the
target
is
secret
and
the
input
is
string
then
like
yeah,
I
know
how
to
deal
with
that,
but
but
going
the
other
way,
it
certainly
seems
like
it
would
should
require
opt-in
or
just
never
work
to
from
a
secret
of
char,
be
like
oh
I'll.
Just
you
know,
call
to
unshrouded
string
and
write
this
down.
E
Yeah
and
I
guarantee
you
in
three
years
from
now,
we
will
find
a
stick
overflow
post.
That
will
exactly
do
that
and
that's
fine
like
at
that
point.
It
means,
as
you
said,
we
make
no
attempt
to
like
hide
the
corners
of
the
buffer
from
the
people
who
can
call
apis
in
the
process
right.
But
I
feel
like
at
that
point.
E
Somebody
made
an
explicit
step
in
their
sterilization
to
say
I
really
want
to
have
the
plain
text
out
of
that,
but
it
seems
like
the
point
of
the
type
is
to
avoid
accidents
right,
and
I
mean
I
can
totally
see
in
a
larger
object
graph
that
you,
you
know
accidentally
have
a
property
somewhere
you're,
not
aware
of
it
and
now
suddenly,
you're
serializing,
that
out
on
the
wire
has
plain
text
seems
like
a
a
thing.
We
explicitly
don't
want
to
work,
but.
E
A
Yeah
so
emo
you.
F
Jumping
length
is
useful
if
you're
writing
this
out
somewhere.
F
A
Sorry,
jeremy,
I
interrupted
you
so
you
suggested
you
didn't
like
system.security
did.
Did
we
have
a
replacement
name
for
that,
or
is
it
just
that
that's
being
put
as
a
pending
resolution.
A
E
And
the
reason
why
I
don't
like
buffers
necessarily
is,
if
you're
an
asp.net
developer
and
you
just
cause
some
configuration
stuff
and
you
pass
some
stuff
to
your.
You
know:
azure,
you
know,
storage
thingy,
then
you
just
don't
deal
with
buffers
ever
and
you
just
set
up
some
stuff
right.
So
it
seems.
A
G
A
Add
new
members
I'm
just
like
if
we
think
that
it's
sort
of
the
same
people
who
I
mean
it
uses
span,
so
that
would
be
a
dependency
of
it
anyway,
and
if
it's
basically
just
as
sort
of
ecosystemy,
then
it
seems
like
that
would
be
like
if
we
can
put
it
in
that
package.
That's
where
I
would
put
it.
E
E
E
Sort
of
like
do
we
need
another
reason:
yeah
we
either
put
this.
So
that's
why
to
me
the
name
space
is
not
helped
by
the
question
which
package
I'll
be
putting
it
in
right,
because
I
mean
we
either
have
the
secret
in
its
own
package,
in
which
case
we
will
name
whatever
the
freaking
type
name
is
called,
but
if
we
actually
ship
it
like
this
proposed
here,
I
would
call
the
package
system
security.secret
right.
If,
if
we
were
to
say
oh,
we
don't,
we
actually
put
the
nexus
in
an
existing
one.
E
E
F
A
So
I
mean
like
this:
is
it's
a
question
of?
Are
we
being
able
to
actually
drive
anything
to
completion
today?
So
one
of
the
outstanding
issues
is
emo
doesn't
like
this
line
and
I
can
totally
100
get
behind
that.
But
that
means
we
need
to
replace
it
with
something
yeah.
Otherwise
we
can
probably
talk
about
some
of
the
members
like
we
talked
a
little
bit
about.
A
You
know
the
structure
of
some
of
these
members,
but
I
think
when
you,
when
you
named
these
unshroud
into
to
unshrouded
array
into
unshrouded
string,
it
was
called
shrouded
buffer
or
shrouded
data
or
something,
and
now
it's
called
secret.
So
it's
is
unshroud
the
right
verb.
F
Yeah
and-
and
I
did
get
some
feedback
on
the
issue
that
they
didn't
really
like
the
name
secret,
and
I
I
I
understand
where
they're
coming
from
the
reason
I
changed
it
from
shrouded
is
because,
especially
for
non-native
english
speakers
like
shrouded
as
such
an
odd
word.
E
E
A
A
E
E
F
A
E
But
I
mean
I
mean
to
go
back
to
the
unshort
discussion.
I
think
one
verb
we
could
we
could
consider
is
just
extract.
A
E
Yeah
I
I
like,
as
I
said
I
like
I
like
verbs,
that
make
it
clear,
like,
as
you
said,
you're
crossing
a
boundary
you're
now
accessing
something
that
you
may
want
to
think
about,
and
I
would
agree
with
your
reasoning
that
shrouded
is
not
the
best
term,
for
you
know,
people
that
are
not
into
fantasy,
so
I
mean
I
mean
talk
of
war.
E
Is
the
next
level
up
here
but,
like
you
know,
fork
and
fork,
but
I
I
don't
know
like
the
that's
why,
if
you
have
secret,
it
seems,
like
you
know,
a
reveal
or
extract,
or
something
that
kind
of
conveys
that
you're
now
accessing
it
effectively
right
you're,
looking
into
it
yeah.
F
The
other
one
other
name
for
this
type
that
was
proposed
was
sensitive.
Data
of
t.
It's
it
doesn't
sense.
Sensitive
is
at
least
a
common
enough
word.
It's
not
weird
like
shroud,
so
maybe
that
could
inform
whatever
verb
we
use
as
well.
E
Yeah,
I
think,
sensitive
data
to
me.
It's
not
unreasonable.
It
will
probably
not
conflict
with
anybody,
because
I
don't
think
they
would
name
things
like
this,
but
it
does
have
a
watered-down
field.
I
don't
know
yeah
yeah,
not
like
the
border
down.
It's
just
like
it's
it's.
It
feels
very
abstract
right.
It
doesn't
feel
like
a
great
name
right.
It's
more
like
a
name.
You
get
from
a
committee
right.
E
Like
the
only
thing
you
need
to
add
is
a
year
now
and
then
you're
pretty
much
good
to
go
for
an
rfc
lab
type
yeah
I
mean
honestly
secret
of
t.
I
mean
the
downside
with
that
thing
is
kind
of
like,
as
you
said,
the
name
is
very
short,
so
it
has
a
high
chance
of
conflicting
and
we
better
not
change
your
mind
on
that
type.
F
Yeah,
if
nothing
else
at
least
put
it
in
system,
if
nothing
else
at
least
it
at
least
it
could
serve
as
a
long-term
marker
type,
even
if
we
remove
all
behaviors
from
it.
I.
C
E
A
Like
on
wasm,
you
can't
move
it
out
of
rock
right
on
correct,
oh,
and
so,
even
if
you
decide
that
on
windows,
there's
a
convenient
way
of
shuttling
data
into
the
lsa,
like
so
behaviors.
F
May
vary
yeah,
oh
absolutely,
and
that
is
in
fact
what
the
original
windows
behavior
was.
It
shuttled
it
into
lsas,
but
again
it
broke
into
azure
websites
because
they
limit
our
pc
calls
yeah.
So
it
it
killed.
Yeah.
E
G
E
The
combination
probably
get
you
the
vast
majority
of
the
value
you
can
get
from
this
type
and
the
reflection
one
is
the
probably
the
other
big
one
right
in
civilization
and
then
everything
else
is
just
yeah.
I
mean
if
you
do
anything
more
than
that,
it's
sugar
on
top,
but
it's
probably
not
you
know
now
you're
talking
about
the
you
know
really
long
tail
of
defense
in
depth
at
that
point.
A
But
okay,
so
what
I
have
so
far
as
we
moved
everything
except
to
unshrouded
string
to
be
an
instance
method.
Instead
of
a
extension
method,
we
got
rid
of
iclonable.
A
We
have
a
note
that
we
should
change
the
namespace.
We
change
the
length
property
to
a
length
method
so
that
the
object
always
serializes
empty
yep
like
I
don't
really.
A
A
Well,
yeah,
I
mean
you'd
run
into
things
like
in
and
yes,
you
could
do
it
in
the
use,
but,
like
you
know,
aes
you're,
passing
it
as
a
key.
There
are
only
three
valid
lengths.
It
seems
weird
to
be
like
in
the
middle
of
the
callback
and
then
be
like
wait
a
minute.
The
length
is
wrong.
So,
let's
you
know,
let's.
F
A
Used
his
name
is
a
little
weird,
but
I
can't
think
of
a
better
one.
So
it's
I
mean
if
I
tried
to
think
of
a
better
one,
it
would
be
project.
G
E
No,
but
it
said
no,
you
have
the
same
thing
as
in
string
right
where
there's
this
you
know
ever
like
magic
question
of
like
well
is:
is
the
abstinent
of
a
string
signaled
by
null
or
by
an
empty
string
right
and
so
like.
If
you
do
this,
you
probably
want
a
non-generic
secret
thing
where
we
could
so
instead
of
having
secret
extensions,
we
could
just
say
we
call
it
secret
and
then
we
basically
can
put
like
a
static
method
on
it,
for
example,
is
null
or
empty
right?
E
F
Yeah,
I
I
don't.
I
don't
necessarily
think
that
is
a
huge
concern.
To
be
honest.
I
somewhere
else
in
this
issue.
I
explicitly
wrote
that
I
did
not
include
secretive
t
dot
empty
as
a
as
a
static,
read-only
property.
The
reason
for
that
is
what
now
we
need
to
make
operator
equals
work
like
things
like
that.
D
G
A
Yeah
I
mean
we
can
certainly-
and
I
was
having
the
thought
of
we
could
instead
of
secret
extensions,
we
could
name
it
secret,
but
then
I
couldn't
come
up
with
a
utility
method
that
we
wanted
on
it.
So
then
I
didn't
have
a
driver.
A
A
Right,
but
so
that's,
if
we
do,
if
we
do
secret
dot,
creative
t
where
t
unmanaged,
then
you
can
do
secret
dot,
create
and
then
pass
in
a
string
because
that's
implicitly
convertible
to
rosh
char,
instead
of
having
to
say
new
secret
of
char
of
the
string,
the
true
okay,
that
is
fair.
So
it's
to
get
the
angle
brackets
out
of
your
invocation.
G
G
E
F
F
F
I
can
also
have
a
create
of
string
accelerator
if
it
comes
down
to
it.
That
way,
we
have
both
the
string
and
read-only
span
version
just
for
simplicity,.
A
No,
making
secret
of
char,
create
char
or
secretive
char,
create
of
strength.
C
F
F
G
E
A
E
A
E
A
A
E
Stream
right,
whoever
calls
read
and
write
on
the
stream
is
usually
not
the
customer
right.
They
just
get
a
stream
and
pass
it
to
somebody
else.
Who
does
the
work
right?
It's
the
same
here.
I
don't
actually
expect
the
speaker
just
give
it
to
somebody
else
who
actually
does
whatever
work.
They
have
to
do
right.
That's
that's!
The
most
people
will
probably
never
have
to
like
do
anything
with
that
thing.
E
K
K
G
F
I
I
still,
I
still
think
system
security
is
not
as
bad
as
as
everyone
claims
just
because,
like
again,
the
intent
of
this
is
to
help
you
avoid
introducing
security
holes
in
your
code,
but,
like
I'm,
I'm
definitely
not
going
to
die
on
that
hill.
A
Yeah,
like
I
I
agree,
it
doesn't
belong
in
cryptography.
Oh
yeah,
security
is
okay.
E
Yeah,
it's
like
we
basically
put
stuff
in
and
basically,
if
we,
if,
like,
I
think
the
problem
is
today,
nobody
would
have
been
using
for
this
thing
right
and
now
you
basically
make
people
write
usings
for
things
that
is
full
of
effective
legacy
types.
You
effectively
increase
the
exposure
of
legacy,
which
I
think
is
not
great
like
there's
nothing
wrong
with
the
name
per
se.
I'm
not
fan
of
the
security
thing,
but
if,
if
the
namespace
would
generally
contain
useful
things,
you
want
people
to
actually
use
today.
F
A
F
A
F
Great,
the
first
thing
I
picked
was
an
enum,
so
by
by
the
way,
like
some
of
some
of
the
apis
exposed
by.
F
A
Yeah,
that's
what
I
said
and
then
emo
was
like
that's
when
the
producer
consumer
yeah
came
out,
but
yeah
buffers
may
be
the
best
aside
from
system
which
I
think
we
can
all
agree
is
problematic,
especially
once
we
make
the
the
static
companion
type
be
called
secret
system
buffers.
That
is
true.
Probably
the
best
thing.
G
A
E
More
stuff
you
would
put
in,
I
don't
think
I
have
a
problem
with
creating
new
name
spaces,
but,
like
I
think
our
bars
usually
give
me
five
things
that
make
sense
together
as
a
unit,
and
then
we
can
talk
about
what
the
namespace
of
that
would
be
so
like
we,
we
do
create
new
namespaces
right.
It's
just
that.
We
we
generally
say
you
need
to
have
more
than
one
concept
that.
A
Makes
it
worthwhile-
and
I
think
emo
is
very
hesitant
to
add
namespaces
directly
under
system?
Probably
he
wants
like
10
types.
Really
he
wants.
What
are
your
two
sub
name
spaces,
because
that's
how
we
ended
up
with
system.formats,
which
has
literally
nothing
in
it.
It's
just
a
word
between
system
and
asn1
and
a
word
between
system
and
cbor.
E
A
E
A
G
E
G
E
E
We
have
a
type
called
secret
buffer
and
the
package
is
called
system.secretbuffer.
It
seems
fine
right
or
if
we
have
a
type
called
secret
that
lives
in
the
gamespace
called
buffers.
Then
we
have
package
called
system
buffers.secret
right
I
mean
we
can
opt
in
for
this
kind
of
thing,
where
we
usually
have
literally
one
primary
type.
Naming
the
package
after
the
type
name
is
usually
what
we
have
done
so
far,
but
the
the
downside
is
it's
like
yeah,
it's
yet
another
package,
it's
yet
another
library.
So
that's
usually
not
what
people
want.
G
A
A
F
I
don't
I
don't
like
reveal
as
its
own
standalone
verb,
because
that
implies
mutation.
But
if
we
had
something
that
implied,
you
know
copying
into
a
basically
plain
text
array
and
that
would
be.
C
G
E
Fine
yeah,
I
mean
extract,
seems
fine
to
me.
I
reveal,
I
don't
know,
seems
a
bit
more
close
to
the
closer
to
the
domain.
Maybe
but
yeah
I
mean
they're
both
better
than
I'm.
E
A
B
I
A
A
So
the
reason
for
having
a
try
when
you
don't
need
it
is
that
if
somebody
is
making
their
own,
so
if
you
had
a
structure
that
had
three
of
these
secrets
in
it-
and
you
have
your
own
extract
me
to
a
file
type
thing,
you're
going
to
be:
writing
it
in
terms
of
try,
and
so
it's
convenient
to
right.
Try
in
terms
of
try,
try,
try,
try,
try,
instead
of
like
do
a
try
here,
followed
by
a
declarative
thing
here,
followed
by
a
try
here,
and
so
it's
just
for
its
composition.
A
Instead
of
like
direct
usage.
C
F
E
A
G
A
G
A
A
A
F
E
E
F
It's
well
first
class
is
doing
a
lot
of
heavy
lifting
it's
it's
something
that
would
be
an
exchange
type
and
an
exchange
type.
That's
normally
used
for
things
like
configuration
or
other
scenarios
where
you
use
it,
maybe
at
app
start
and
then
you
never
worry
about
it
again
like
it's
not
like
you're
passing
these
things
over
and
over
and
over
and
over
again.
E
No,
I
think,
that's
fair,
but
I
think
if
you
look
at
a
you
know
the
hello
world
sample
for
losing,
let's
say,
azure
storage
or
as
our
storage
queues.
The
very
first
line
is
new
client
parsing
connection
string
right.
So
in
that
sense
it's
kind
of
like
as
visible
as
binary
data
would
be
right.
Correct.
I
mean
yes
you're
only
using
it
in
one
place,
but
it
would
be
very
much
a
first
class.
You
know,
everybody
who
writes
hello
world
needs
to
know
about
this
type
and
needs
to
know
how
to
use
it
correctly.
E
A
B
F
F
The
power,
so
I
did
talk
with
the
powershell
team
already
and
they
expressed
a
significant
interest
in
it.
I
I
haven't
spoken
with
azure
yet,
but
I
know
that
azure
has
a
very
similar
type
in
their
sdk.
E
F
B
F
I
think
the
idea
is
that
they
wouldn't
ever
have
people
write
like
new
object,
this
thing
in
practice
everything
would
be
done
through
a
commandlet
or
a
pre-compiled
dll,
just
like
it
is
with
a
secure
string
today,
like
you,
never
in
powershell
new
up
a
secure
string,
you
always
use
commandments
to
manipulate
them.
F
B
F
A
Right
all
right,
okay,
so
I
think
we're
probably
done
aside
from.
A
Levi,
what's
your
what's
your
feeling
is:
is
this
string
or
string
question
mark
on.
F
F
Okay,
because,
if
you're,
if
you're
passing
it
null
like-
I
don't
quite
know
if
you
intended
null
or
empty.
So
it
would
be
good
to
make
the
caller
explicit.
Okay
and.
A
Emo
usability
question:
do
we
want
secret
of
t
creative
t
t
array
so
that
we're
reducing
the
what's
the
span?
Confusion.
A
E
A
T
array
yeah,
in
addition
to
t
span
just
for
the
reason
that
on
low
level
or
on
highly
in
people's
faces
types,
we
we
allow
friendlier
looking
inputs.
It
also
lets
us
catch
the
null
array
and
say:
no,
if
you
want
the
empty
buffer,
give
me
the
empty
buffer.
A
E
F
I
want
to
say,
like
we
have
things
like
executioncontext.run,
which
is
probably
the
closest
analog
to
this,
but.
E
F
It
handles
extraction,
it
passes
it
to
you
as
a
span
so
that
you
can't
use
it
outside
of
the
immediate
delegate
and
then
once
your
delegates
finish,
it
destroys
the
temporary
buffer.
F
A
Yeah
I
mean
this
is
a
degenerate,
so
I
guess
here:
oh
let's,
some
p
invoke
you're
doing
what
you're
not
supposed
to
right
there.
Well,
because
if
you
were
doing
copy
too,
you
would
just
call
reveal
too
right.
So
it's
the
the
real
case
for
like
crypto
is
that
yeah
yeah
give
me
the
buffer
where
the
thing
is
and
now
call
a
pmbok,
which
does
technically
mean
it
becomes
mutable.
But,
like
don't
do
that.
F
A
Yeah
so
like
that's
what
the
the
use
is
for,
and
so
it's
it's
different
than
I
mean
we
could
call
it
reveal
of
t,
but
that
feels
a
little
weird,
because
it's
different
because
you're
you're
pseudo
callbacking
and
that
it
it
is
a
callback
but
you're
you're
doing
you're
almost
certainly
doing
non-capture.
But
actually
you
have
to
do
not
capture
it's
a
span.
So.
F
A
So
I
mean
reveal
into
requires
that
you
do
the
get
length.
Is
my
buffer
big
enough?
Do
the
thing
like
if,
if
you're
passing
it
to
something
that's
going
to
consume
the
span,
then
in
the
case
of
you
know
being
on
windows,
if
it's
marshalled
into
the
lsa,
we
had
to
pull
it
back,
and
so
we
already
did
this
for
you
here,
but
in
the
case
of
something
like
browser
wasm,
it's
just
like.
Oh
here,
here's
the
array
like
there
you
go.
Oh
the.
G
A
F
A
F
Get
the
value
we
yeah,
we
maintain
the
heap
we
zero
stuff
out
like
there.
There
is
actually
a
lot
going
on
behind
the
scenes
in
the
prototype
of
this.
To
try
to
to
try
to
avoid
leaking
as
much
as
possible,
like
the
temporary
buffers
are
all
on.
A
separate
heap,
for
instance,
are
not
under
managed
heap
stuff
like
that.
E
E
F
No,
so
they
their
builder
pattern
is
you
use
the
builder
and
within
the
callback
you
manipulate
the
builder.
F
This
would
just
be
giving
you
data
temporarily.
There
were
two
other
things
that
I
think
we
should
probably
take
a
look
at
at
the
exact
same
time.
They
should
be
very
fast
if
you
scroll
up
back
to
where
I
had
that
yeah
scroll
down
a
little
bit
there,
I'm
adding
two
methods
to
secure
string
in
order
to
translate
back
and
forth
between
secure
string.
G
F
Secretive
t
that
it's
just
for
interoperability,
if
you
have
an
api
that
takes
one
of
these
things,.
A
A
F
I
I
think
it's
generally
easier,
if
you
have
a
constructor
just
because
people
are
used
to
using
new,
I
prefer
to
use
create
factories
only
when
they
provide,
like
an
actual
benefit
that
you
can't
get
through
new.
In
this
case,
the
only
reason
to
use
a
factory
pattern
is
because
you
want
to
avoid
writing
the
t
inside
the
constructor,
which
great
you're
saving
six
keystrokes.
A
F
But
two
tuple
has
tuple
can
have
anonymous
type,
so
so
it
absolutely
requires
a
create,
or
at
least
it
did
until
we
had
like
target
new
or
whatever
it
was.
K
Fair
enough,
so
can
sorry.
Why
is
it
reveal
two
array,
as
opposed
to
reveal
azure
it's
kind
of
nitty,
but
it
makes
it.
F
E
A
A
A
F
I
could
we
could
make
them
extension
methods
or
yeah.
I
I
didn't
want
to
put
them
on
secret.
F
You
can
you
can
always
implement
one
in
terms
of
another.
It's
just
how
do
you
do
you
want
to
force
people
to
drop
down
to
unsafe
code
to
do
it.
B
B
F
A
E
We
have
is,
we
can
either
say
screw
it.
You
just
like
the
oop,
doesn't
give
you
the
ability
to
do
that.
The
inbox
version
does
that
seems
acceptable
if
we
were
to
provide
them
as
extension
methods.
E
E
A
Right
because
we
could
make
the
secure
string
two
secret
and
extension
method
provided
out
of
secret,
the
non-generic
yeah.
If
we
like
that
better
than
having
secret.creative
secure
string,
because
that
makes
secure
string
live
on
the
constructor.
One
is
harder
to
hide.
E
Well,
the
problem
is
that
putting
it
as
an
extension
method
doesn't
buy
you
much
because
they're,
both
in
the
same
name
space.
If
you
see
one,
you
see
the
other,
it's
just
a
different
icon
in
texas
and
so
well.
A
B
A
C
A
If
it's
only
us
and
I'll
I'll
call
powershell
us
because
I'll
be
I'll
be
encompassing
us,
if,
if
it's
only
if
it's
only
a
handful
of
places
that
are
going
to
need
to
do
this,
then
we
can
just
say
here:
are
the
here
are
the
three
lines
of
code
to
go
each
way
right,
because
the
the
char
star
constructor
off
of
secure
string
yeah,
you
have
to
write
unsafe,
but
you
can
do
that
from
the
span,
and
so
you
can.
A
You
can
build
the
secure
string
from
the
secret
without
doing
the
n
squared
work.
It
just
requires
the
unsafe
and
then
correct
from
secure
string
to
secret
is
again.
You
have
to
say,
marshall
dot.
Give
me
the
real
pointer
behind
some
unencrypted,
secure
string.
Stuff
great
now
go
call
new
secret
or
secret.create,
which
will
make
a
copy,
and
now
marshall,
I'm
done
using
the
secure
string.
A
So
please
throw
it
away
again,
like
it's
a
it's
a
couple
lines
of
code
that
we
would
have
to
put
in
a
couple
of
places,
but
it
again
it
depends
on
where
the
caller
needs
to
do
these
things
if
they
need
to
do
it
from
a
net
standard
2o.
That's
what
they're
going
to
have
to
do
if
they're
going
to
do
it
from
net
6,
we
can
add
the
methods
here
as
net
6.
F
I
don't
think
I
buy
that
idea
and
the
reason
that
I
don't
buy.
That
idea
is
the
same
reason
that
we
can't
make
system.half
an
out-of-band
package
like
great.
We
can
give
you
the
exchange
type,
but
our
rbcl,
our
library
ecosystem,
has
a
locked
down
api
surface
like
we
can't
go
back
and
retroactively,
add
overloads
that
take
this
thing
and
then
make
them
that
standard
2o
compatible
because
we've
already
locked
the
api
for
all
time.
B
A
They're
in
that
standard
2o,
when
using
cryptography
they
can,
they
can
use
the
new
extension
method,
get
secret
like
really
it's.
Do
you
ever
want
it
to
go
into
extensions
right?
They
can
call
get
secret,
they
can
get
all
the
way
up
to
the
key,
and
then
they
have
to
call
reveal
to
array
like.
D
A
E
Yeah,
it's
kind
of
like
spam
right
so
like
to
spend
we've
done
the
same
thing
we
should
span
as
an
oop
right
and
then
yes,
all
the
overloads
on
binary
reader.
None
of
them
exist
or
stream
right,
but
the
thing
is
we
also
shipped
a
bunch
of
new
functionality
where
you
can
actually
use
spam
already
and
that
added
enough
waiter
for
people
to
use
it.
I
feel
like
for
for
this
type.
Quite
frankly,
I
don't
think
the
bcl
is
actually
the
most
important
thing.
I
honestly
think
it
is.
E
That
is
really
the
the
thing
that
will
make
it
or
break
it,
and
I
think
the
rest
is
done
again,
just
a
long
tail
to
get
more
and
more
people
to
buy
into
this
new
type
as
the
exchange
mechanism
for
things
that
are
secrets
right,
and
you
can't
really
win
that
war
unless
you're
willing
to
give
people
an
oop,
because
if
you
tell
them
there's
this
new
thing,
I
want
you
to
use,
but
you
have
to
be
net
standard.
Sorry,
net
yeah,
that's
standard
2.1
or
you
know,
net
six
or
something
they're
like
well.
E
It's
cool
like
tell
me
in
three
years
again
right
and
then
we
are
back
to
where
we
are
today
with
another
ball
right.
So
it's
it's.
It's
really
hard
to
get
people
to
start
doing
something
unless
it's
actionable
and
I
think
the
oop
makes
it
actionable.
It
doesn't
solve
our
problems,
but
it
does
solve
the
problems.
Jeremy
said
you
can
start
taking
it
and
then
in
your
own
code
you
may
have
to
call
to
array
or
something
but
that's
fine
right.
G
C
A
E
I
would
start
with
that,
because
I
mean
I
I
kind
of
agree
with
device
design
here
like
that's,
where
the
methods
logically
belong.
So
I
think
that
would
be
the
natural
home
for
them
and
if
we
start
finding
people
wanting
those,
then
I
think
we
could
consider
shipping.
A
E
A
F
Yeah,
so
just
to
confirm
it
looks
like
the
type
itself
would
be
netstandard2o.
The
changes
to
secure
string
would
be
net
60
and
we'll
just
discuss
it.
Some
future
time
lighting
up
the
rest
of
the
bcl
with
support
for
these
types.
A
E
Yeah,
what
what
we
thought
we
should
do
is,
and
I'm
not
sure
whether
you
want
to
start
with
that,
but
like
we
should
talk
to
the
other
sdk
like
we
should.
We
should
get
them
to
buy
into
their
type
and
and
we
should
identify
what
apis
they
should
actually
accept
them
from
and
then
also
work
with
them
to
make
sure
that
sample
code
reflects
that
right.
E
Yes,
yeah,
I
care
less
about
what
they
have
to
do.
It's
more
about
the
you
know.
If
you,
if
you
go
to
the
azure
storage
sdk
home
page
right,
they
basically
have
sample
code
that
for
asp.net
that
takes.
You
know
the
the
connection
string,
for
example,
from
configuration,
and
then
they
do
a
new
azure
blob
storage,
client
and
pass
that
in
right
that
that
is
the
kind
of
line
you
would
like
to
see
changed
right
and.
F
Oh
side,
question
debugger
display
attribute.
Should
that
display
the
plain
text.
F
E
I
mean
I
think
it's
reasonable
to
do
that.
I
I
mean
I
can't
think
of
a
downside
to
it.
Yeah,
I'm
wondering
how
useful
it
is
because
most
of
my
secrets
are
like
random
character
strings
anyway.
So
it's
not
like.
I
can
look
at
it
and
convince
myself
that
that's
useful,
I
think
probably
the
most
expensive,
like
the
most
useful
one
would
be
to
just
show
the
name
so
that
I
know
it's
not
empty
yeah.
A
A
K
Wait
wait
a
second
so
for
the
debugger
display
attribute
if
it's
a
string
like
it's
annoying,
if
I
can't
read
it
in
a
debugger,
because
there
are
times
where
I
want
to
like
call
an
api,
and
I
don't
know
what
the
secret
is
the
moment.
But
I
have
a
debugger
and
I
want
to
use
postman
or
whatever
and
like.
I
don't
see
why
a
debugger
should
be
getting
in
my
way.
Yeah.
A
That's
what
he
said
the
debugger
display
attribute
will
reveal
the
string,
but
the
two
string
method
will
not
okay.
In
fact,
maybe
we
want
to
take
the
two
string
on
it
and
explicitly
mark
it
as
obsolete
just
to
help
people
avoid
like
it's.
You
won't
reveal
to
string
if
you're
calling
it
right
like
if
you.
E
It
out
I
mean
yeah,
I
think
I'm
okay
with
it.
I
just
don't
think
you
will
get
as
much
weight
over
it
as
you
think,
because
I
think
most
people
don't
call
to
string.
They
pass
it
to
something
else
as
object,
and
that
thing
calls
to
string
so
like,
if
you
think
of
like
console.writeline
or
debug.trades
or
no.
A
A
That's
the
why
the
tostring
doesn't
do
anything
useful
is
so
that
you
don't
accidentally
log
it.
The
question
is:
if
somebody
is
trying
to,
I
have
the
secret
of
char
and
I
need
I
want
to
get
the
string
back
and
they're
like
well.
Two
string
usually
does
what
I
want.
If
we
have
two
string
as
obsolete
call
reveal
to
string
instead,
then,
like
that
yeah
yeah.
K
C
A
C
F
F
My
my
com,
my
question
about
display,
debugger
attribute
or
debugger
display
attribute,
was
just
like.
I
don't.
I
don't
know
how
that
works
in
practice.
I
think
it
just
tells
the
debugger
to
invoke
another
method
for
display
purposes,
but
I
yeah
it
would
be
yeah.
F
D
B
F
E
Yeah
the
usual
pattern
that
we
do
is
you
put.
You
have
an
internal
property.
What
I
think
can
even
be
private
called
display,
string
or
debugger
display,
string
and
then
you'd
say
in
the
attribute.
I
think
you
can't
say
an
arbitrary
expression
in
there.
The
problem
with
arbitrary
expressions
is
that
they
are
interpreted
using
the
language
of
the
of
the
user.
So
that
means,
if
a
vb
user
runs,
they
get
the
vb
language
rules.
E
If
the
c-sharp
user
runs,
they
get
the
c-sharp
rules
and
so
on,
and
so
we
try
to
not
have
an
actual
expression
in
there.
We
just
name
the
method,
because
that
just
works
in
all
cases
and
then
yeah.
The
thing
is
private,
so
you
don't
accidentally
call
it
publicly
right,
but
that's
basically
what
the
user
pattern
is.
We
do.
E
And
yeah,
if
you
don't
have
a
debugger
display
you
it
basically,
I
think
it
defaults
to
two
string.
Unless
you
have
configuration
that
says,
don't
do
that
yeah.
I
think
that
changes.
E
E
A
E
E
F
A
And
then
there
was
a
comment
from
chat
that
we
should
probably
just
eb,
never
the
two
string,
which
maybe
defeats
my
obsolete
to
tell
you
to
call
reveal
to
string.
But
it
does
seem
reasonable
that
we
don't
want
that.
Intellisense.
E
E
No,
I'm
saying
if
you
eb
never
hit
and
somebody
just
types,
two
string
out
of
muscle
memory
intellisense
will
show
reveal
to
string
with
the
two
string
portion
being
bold
because
that's
the
match
right
yeah
and
they
don't
see
a
regular
two
string.
I
think
I
think
it
achieves
it's.
It's
fine.
I
think
I
would
probably
do
that.
Okay,
so.
F
F
A
Yeah
it's
when
it's
explicitly
called
you
are
obviously
doing
something
wrong.
So
cool
emo
remind
me
what
the
what
marker
I
should
use
on
this
needs
work
because
we
didn't
finish
or
approved,
because.
A
E
I'm
at
this
point
I
can
go
either
way
I
mean
I
would
say
like
we
still,
I
mean
it
seems
to
me
we're
not
done
with
that
right.
It
seems
there's
another
iteration
like
once.
We
actually
get
other
parties
to
sign
off
on
that,
then
we
can
probably
call
it
done
so
what's
missing,
I
would
probably
well
it's
basically
the
yes.
So
do
we
really
want
to
put
it
in
buffers
or
do
we
want
to
put
it
in
system?
I
think
that's
the
only
decision,
that's
pending
right
everything
else.
A
Right
so
again,
just
think
talking
things
through.
It
feels
like
we
can
say
approved
and
then,
if
we
decide
actually,
let's
put
it
in
a
system
secret
data,
then
that's
just
a
meeting
to
talk
about
the
rename
and
then
we
approve
the
rename.
I
think
that's
fine
yeah,
like
nothing.
A
A
A
E
E
A
Market
approved
and
then,
if
we
have
to
rename
it,
then
let's
try
for
email,
because
otherwise
you'll
be
at
the
bottom
of
the
list
and
now
it'll
be
a.
I
guess,
you'd
just
mark
it
blocking,
because
now
it's
you
need
to
make
a
thing
that
has
to
be
done
before
we
ship
so.
J
F
A
Cool
so
yeah,
I
feel
good
about
today,
looks
like
our
next
session
is
friday
at
10
redmond
time.
So
we
get
a
day
off
how
nice
do
we
yeah
emo.
E
F
H
F
E
It
blocks
your
progress,
it
would
be,
we
usually
meet
10
to
12.
and.
C
H
F
E
E
Yeah
I
mean
for
people
that
I
mean
what
I
try
to
achieve
usually
is
when
people
are
not
usually
on
our
call,
I
try
to
put
it
in
front
so
that
they
can
drop
off
quicker,
like
you
know,
given
that
laomi
basically
lives
with
us
now,
because
every
other
issue
is
about
jason,
like
I'm
okay,
with
saying
the
only
has
to
wait.
10
minutes
I
mean
that
seems
reasonable,
because
he
probably
talks
to
us
for
the
rest
of
the
meeting
yeah,
given
that
you're.
A
Yeah,
I
would
just
mark
it
blocking
at
this
point
and
then
you'll
just
naturally
be
the
first
one
up,
because
your
issue's,
older,
okay
you're,
already
at
the
near
the
front
of
the
list.
It's
just
codifying
that
we
talked
today
about
reordering
it,
making
it
easy
on
us.
A
Friday,
10
a.m.
Redmond
time
same
bat,
time
same
bat,
channel
yeah
that
doesn't
work
either.
I
really
need
a
catchphrase
bye.
Everyone.