Cole Tobin

Hence why I asked. It seems Avalonia's master is on [a4e6be2d](https://github.com/kekekeks/XamlX/tree/a4e6be2d1407abec4f35fcb208848830ce513ead) dated June 30th. I'll leave it open until the submodule commit reference is updated, I guess.

This appears to have been fixed in 9acb2a11 (the 11.0-preview1 tag), so I'm gonna mark this closed now.

Not a solution, but I managed to work around this by manually upgrading `Microsoft.VCRedist.2015+.x64` (x64, not x86) with `winget upgrade `.

Starting indexes are always considered inclusive. The documentation is also clear on this: it starts searching _at_ the specified index: > The search starts at a specified character position and...

The timing attack you are describing is one where the first failed comparison breaks out of the loop: ```cs public static bool CheckHash(byte[] fromUser, byte[] expected) { // validation elided...

Yes. A more "constant time" algorithm would look something like: ```cs for (int i = 0; i < storedHash.Length; i++) err |= computedHash[i] != storedHash[i]; ``` Then the value is...

Why would the sample not be able to use `FixedTimeEquals`?

They are intentionally unitless. Instead, they have whatever meaning the consuming cache decides to ascribe to them: https://stackoverflow.com/a/59775139/1350209

Does it make sense for this warning on "null" values to be in the remarks and not the "property value" area? I would expect a comment on "null" properties to...

To expand, IEEE-754 allows comparisons *against* infinities, so it's a number in the sense that it's not NaN. Essentially, if it is not *not* a number, then it's a number....