ithilgore’s bzero() post
I just read ithilgore’s post and it remind me a funny story. We were on 25c3, I think it was the second day of the congress and we were sitting down waiting for a presentation to start, if I’m not wrong it was the “Exploiting Symbian” and while sitting there I was showing a tool I had written to ithilgore… His first comment while browsing my code was: “Why are you using bzero() to zero out this buffer?“, this code had about 4-5 innovative techniques and his comment was why am I using a deprecated library routine! :-P
After that, eveytime I come across a bzero() call I remember this funny story.
Yes, it’s the detail that makes the difference. You have to be perfect at every little tiny detail, in order to achieve excellence. It is even more important to look at these things, when you already have a resourceful program like the one you showed me. Imagine how embarassing it gets, for example, when a project famous for its code auditing and proactive security like OpenBSD, gets exploited: http://www.securityfocus.com/bid/5093 (You have already seen this, I know). It is equivalent, when an otherwise innovative program like your own, is partially overshadowed by small oversights like the use of deprecated library functions. And usually they are deprecated for a reason.
ithilgore
April 17, 2009 at 18:55
if your code doesn’t compile without warnings w/ -Wall -pedantic it’s practically useless!!!1
rebel
April 20, 2009 at 00:46