ithilgore’s bzero() post

I just read ithilgore’s post and it remind me a funny story. We were on 25c3, I think it was the second day of the congress and we were sitting down waiting for a presentation to start, if I’m not wrong it was the “Exploiting Symbian” and while sitting there I was showing a tool I had written to ithilgore… His first comment while browsing my code was: “Why are you using bzero() to zero out this buffer?“, this code had about 4-5 innovative techniques and his comment was why am I using a deprecated library routine! :-P

After that, eveytime I come across a bzero() call I remember this funny story.

Written by xorl

April 17, 2009 at 17:29

Posted in fun, Uncategorized

2 Responses

Subscribe to comments with RSS.

Yes, it’s the detail that makes the difference. You have to be perfect at every little tiny detail, in order to achieve excellence. It is even more important to look at these things, when you already have a resourceful program like the one you showed me. Imagine how embarassing it gets, for example, when a project famous for its code auditing and proactive security like OpenBSD, gets exploited: http://www.securityfocus.com/bid/5093 (You have already seen this, I know). It is equivalent, when an otherwise innovative program like your own, is partially overshadowed by small oversights like the use of deprecated library functions. And usually they are deprecated for a reason.

ithilgore

April 17, 2009 at 18:55
if your code doesn’t compile without warnings w/ -Wall -pedantic it’s practically useless!!!1

rebel

April 20, 2009 at 00:46

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

xorl %eax, %eax