Slashdot Mirror
Microsoft Port 25 interviews Miguel de Icaza
Ben Galliart writes "Microsoft's Port 25 blog, the voice of MS Linux Labs and a spin-off from the MS Channel 9 blog, has an interview with Miguel de Icaza where they discuss the Gnome and Mono projects. It is a nice change of pace to see Microsoft go from attacking Novell and Linux to interviewing a Novell employee about a Linux desktop system. Port 25 has come under some fire since they can not always be trusted. Port 25 has on occasion put out FUD such as claiming Microsoft is doing more to improve security than any other vendor and a security guide attacking Red Hat for not providing security updates for Red Hat v9 despite that Red Hat ended support back in 2004. They have also released a password synchronization daemon for Red Hat, AIX, HPUX and Solaris that must run as root and makes several calls to strcpy() (which violates Microsoft's guidelines for doing secure coding)."
What the fuck kind of insane summary is that? Even for Slashdot, that steps over the line.
miguel is the liebermann of open source
Just goto http://port25.technet.com/ and click the link on the front page.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Maybe there is some validity in saying they (Port 25) are untrusted, but what excuse is it that Redhat ceased updates for v9 in 2004, a mere year after the product was released (March 31 2003). Seriously, is a single year of updates good enough? I think they actually have a valid point on that one at least, a year isnt long enough to even be considered stable server software in my book.
Port 25 has on occasion put out FUD such as claiming Microsoft is doing more to improve security than any other vendor
Which vendors are doing more to improve their security?
Given what they had to start with, I think it's very difficult to claim anybody's done what they've accomplished between 95 and XP SP2. You tell me one other vendor that's gone so far as using tools like authentication and WGA to combat the worst offenders of security -- the users themselves? Linux users, Mac users, even the *BSD user is free to boot their operating systems without the slightest arbitrary challenge to their right to do so and from there go on to face any number of potential security issues; but with Windows, you need only upgrade your CD drive emulator a handful of times or use Windows Update as directed to find yourself relieved of the concerns users of lesser operating systems face.
They had the most potential with regards to security and they've finally met it, and I say kudos.
I never vote for anyone. I always vote against.
-- W.C. Fields
At the very least, they should be using Port 465 (SMTP over SSL/TLS). It's no wonder they feel insecure, using plain-test. Honestly!
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Even my old university has now upgraded their labs to FC5, and they are so cheap that they actually asked if there was a discount on a GPL upgrade license.
Think of the Children; Sleep with your Sister
Can someone explain to me why strcpy is insecure? No sarcasm here, I really would like to know.
I use strcpy. If you know for a fact that the string is terminated then it's overkill to use anything else. For example the below is perfectly legit:
char buf[6];
strcpy(buf, "hello");
In fact, to truly protect yourself from invalid input you frequently need to write a state machine style input parser. It's the parser that ensures all strings are properly terminated which would mean all downstream copies could be performed safely with strcpy.
It's far more important to understand *why* strcpy should not be used. Then you'll know when you *can* use it.
And he takes abuse from MS too:
http://linux.sys-con.com/read/124218.htm
Interesting bit of history there. It really disturbs me that Miguel is leading a column of FOSS enthusiasts into the maw of MS patent enforcement, especially when he could have used his talent on something unencumbered like Parrot.
Can you think of a sillier thing to criticize MSFT about? Really?
I looked at (some) of the code. They do a malloc(strlen(foo)+1), and, if it succeeds, they do a strcpy() of foo. THERE IS NO VOODOO MAGIC IN STRNCPY TO MAKE IT SAFER IN THIS SITUATION.
Really. There isn't.
That's "Mr. Soulless Automaton" to you, Bub.
The MSFT-employee-wannabe that you speak of is the father of the GNOME desktop. Without GNOME, QT might not have been open sourced in the first place. Without a man like Miguel to give GNOME a forward direction, we might still be using Motif. When your contributions to the open source movement become a tenth of what Miguel has done then your rant might have more merit.
.NET framework. If there is one man who has the objectivity to look beyond the zealotry to see technologies for their merits is Miguel. MONO is an excellent development environment for Linux. It bridges the gap between high performance but difficult to use languages like C++ and low performance high RAD languages like Python.
If there is one Microsoft technology that deserves admiration is the
My favorite thing to bash Linux bigots with:
OLE Automation.
(Or whatever they're calling it these days; I think it was absorbed into the ActiveX branding.)
Just about every Unix vendor had this dream of turning their entire desktop environment into a sea of programmable objects.[1] The one I got to laugh at was Sun, with DOE, although you formerly-MacOS-bigots got to see it replayed in AppleScript and OpenDoc.[2]
Well, Microsoft delivered. I can write a script (in my choice of languages) that opens up a Word document, finds any bold text at the start of paragraphs and then HTTP POSTs it to a URL. And if I feel really annoying, I'll increase the volume level on the sound device, and read it to you. In a page of code.
It's really amazing what you can script this way. OK, yes, there's a reason I'm typing this on a Linux box, and why I have cygwin installed on any Win32 box I care about. But through marketing muscle and a desire to create opportunities for small VARs, Microsoft let little software authors poke around inside big applications. And created some nice tools for those little authors to write code with.
Shame it breaks in such obscure ways.
[1]: ARexx doesn't count. That's just DDE.
[2]: Obligatory joke about whether "the" is optional at some point in hypercard syntax here. Apple has been getting better, though.