.NETly News

Lots of .NET stories in the news today and yesterday; it's a total coincidence that Microsoft started a huge marketing push on Wednesday, including the occasional Doubleclick ad running on Slashdot. BrendanL79 writes: "Peter Wright at Salon.com contributes to public awareness of Microsoft's .NET with this exuberant piece. The praise borders on sycophancy ("Gutenberg ... Babbage ... now Gates") with no apparent tongue in his cheek. Comments?" Reader vw writes: "Active State has just released Visual Perl 1.2, Visual Python 1.2, and Visual XSLT 1.2 as plugins for Microsoft's Visual Studio .NET. Wonder how long it will take for a Mono hack." Numerous readers pointed to several stories about a buffer overflow problem in Visual Studio .NET which was supposed to be immune to buffer overflows - but it had passed Microsoft's stringent new security audit.

Story not complete

[estar]

.NET is many things and many people are confused by what .NET exactly refers too. In the context of this story .NET is refering to the compilers, and libraries that make up Visual Studio.NET. VB.NET, & C# are both geared toward using the CLR and .NET Framework. Visual C++.NET can use the CLR and .NET Framework but, unlike VB, you can work with Visual C++ like you could in previous versions and ignore the CLR and .NET Framework. So what is the security error reported? This is the detail as reported by Cigital. The protection afforded by the new feature allows developers to continue to use vulnerable string functions such as strcpy() as usual and still be "protected" against some forms of stack smashing. The new feature is closely based on an invention of Crispin Cowan's called StackGuard and is meant to be used when creating standard native code (not the new .NET intermediate language, referred to as "managed code"). This is a problem with Microsoft's Version 7 C++ compiler not with the CLR and .NET Framework.

.Net fails the pr0n test

[Kushana]

Peter Wright seems to have been given a few too many Microsoft T-shirts, for his critical facilities have completely left him.

Human history has shown that with the advent of any new important media, pr0n has never been far behind. The printing press? One estimate says that within 10 years 30% of all presses were being used for pr0n. Glossy magazines? Pr0n. Pictures on your computer screen? Pr0n. The Web? Pr0n.

The simple fact is that .Net will not assist in the distribution of pr0n, and therefore will never be as important to humanity as the printing press, the computer, or the Web.

Compiler: Stackguard!

[irregular_hero]

Look here for additional details on the compiler buffer overflow.

It's not actually a _compiler_ overflow.

Instead, it's a subversion of the "buffer overflow protection" that's built-in to the compiler. The most startling piece of this technical review is that the Microsoft "Overflow Protection" in the compiler appears to be a port of StackGuard. The reviewers point out that an examination of the binary output reveals that the compiled code is nearly identical to the StackGuard output.

Salon lost major tech and street cred

[coyote-san]

When I read that Salon puff piece last night, I had to check my calendar. Twice. Yet it stubbornly refused to be April Fools Day.

I wouldn't have minded a piece on .NET. I wouldn't have minded, much, a softball piece on .NET.

But that fawning piece of crap was inexcusable. It was clearly written by the marketing department - no tech would ever favorably compare Bill Gates to Guttenberg - but it was presented as a straight story.

Now I'm going to find it impossible to take any other story the post seriously. I will always have to ask who really wrote the piece.

That's a shame - Salon has been a good thorn in the side of the powerful for a long time. Look at the old stories on the "Drug Czar" paying for anti-drug messages in prime time entertainment shows, or their coverage of the RIAA. But now there will always be a loud voice in the back of my head asking if this is another PR piece by the powerful.