Microsoft Port 25 interviews Miguel de Icaza

Ben Galliart writes "Microsoft's Port 25 blog, the voice of MS Linux Labs and a spin-off from the MS Channel 9 blog, has an interview with Miguel de Icaza where they discuss the Gnome and Mono projects. It is a nice change of pace to see Microsoft go from attacking Novell and Linux to interviewing a Novell employee about a Linux desktop system. Port 25 has come under some fire since they can not always be trusted. Port 25 has on occasion put out FUD such as claiming Microsoft is doing more to improve security than any other vendor and a security guide attacking Red Hat for not providing security updates for Red Hat v9 despite that Red Hat ended support back in 2004. They have also released a password synchronization daemon for Red Hat, AIX, HPUX and Solaris that must run as root and makes several calls to strcpy() (which violates Microsoft's guidelines for doing secure coding)."

Link to interview doesn't work.

[RingDev]

Just goto http://port25.technet.com/ and click the link on the front page.

-Rick

Re:Link to interview doesn't work.

[RingDev]

The -- (two hyphens) is resolving to %E2%80%94

The link should be: http://port25.technet.com/archive/2006/08/11/Let_2 700_s-talk-Mono_3A00_--Sam-interviews-Miguel-de-Ic aza.aspx

but some ass hat probably pasted it into MS Word to spell check the summary, and word resolves -- to it's funky double wide hyphen character.

-Rick

strcpy ok sometimes

[KidSock]

I use strcpy. If you know for a fact that the string is terminated then it's overkill to use anything else. For example the below is perfectly legit:

    char buf[6];
    strcpy(buf, "hello");

In fact, to truly protect yourself from invalid input you frequently need to write a state machine style input parser. It's the parser that ensures all strings are properly terminated which would mean all downstream copies could be performed safely with strcpy.

It's far more important to understand *why* strcpy should not be used. Then you'll know when you *can* use it.