# Monday, 17 May 2004

This morning I've had two emails asking if the user group is meeting Tuesday. YES IT IS. Please come, Ed Musters will be talking about .NET Garbage Collection. You can register at http://gtaeast.torontoug.net/535.aspx and I want you to register so we know how many are coming. Tell your friends, and I'll see you there!

Monday, 17 May 2004 10:39:16 (Eastern Daylight Time, UTC-04:00)  #    
# Friday, 14 May 2004

So who tried to sneak a blog out into the world? Michele Leroux Bustamante, that's who. She's an RD, based in San Diego, and my go-to for the other kind of interop questions -- interop to Java and that sort of thing. For example, she's running  a Web Services Interoperability Education Day, on May 22nd, to show .NET and Java tools with WS-Security and WS-Policy support. So, read it!

Friday, 14 May 2004 08:48:53 (Eastern Daylight Time, UTC-04:00)  #    
# Thursday, 13 May 2004

Or whatever it is we end up calling ourselves. We're meeting on Tuesday the 18th, 6pm. It's not in the same place as last month - we outgrew that already. It's on the campus of Durham College and the University of Ontario Institute of Technology, in a brand-new building called UA1 that isn't on the campus maps yet. Apparently it's just east of (and connected to) the Justice Wing (JW) of the Willey building. They suggested we park in the Champions lot and come in through the Athletic Centre.

Ed Musters, president of the Toronto group, will be speaking on Garbage Collection. Please visit the group site and register for the meeting so that we order enough pizza. There were issues registering before today, I know, so go do it while you're thinking of it, OK?

Thursday, 13 May 2004 13:06:17 (Eastern Daylight Time, UTC-04:00)  #    
# Tuesday, 11 May 2004

VSLive has been over for days and days and still no blog from me, because I'm tired as I always am after a conference. I used to blame it on the flying and the airport time, but since I drove to this one, it must be the conference itself. I did four talks, and yes that's a lot of talks, and a roundtable user group thing. I had a fun time with old friends, made some new ones, and stuck up for C++ on cue. The VSLive speaker list is RD-rich so I enjoyed seeing the gang.

My best visual memory from the entire conference has to be watching Richard Hale Shaw trying to throw swag into the crowd -- tip for next year: boomerangs are not the ideal item to try to throw into the crowd :-). My favourite thing to say as the conference wound down: see you in two weeks! OK it's two-and-a-half, but still, Tech Ed is just around the corner!

C++ | RD | Speaking
Tuesday, 11 May 2004 18:12:16 (Eastern Daylight Time, UTC-04:00)  #    

Almost as soon as I noticed (and before I could report it) the only flaw I had found in dasBlog has been fixed. My C++ Category used to always come up empty, though of course I had plenty of posts in it, thanks to the punctuation in the category name. Today a completely painless upgrade to 1.6 fixed that. Yay!

Tuesday, 11 May 2004 14:59:28 (Eastern Daylight Time, UTC-04:00)  #    
# Tuesday, 04 May 2004

I spent all day Monday hanging with almost all of the Canadian RDs. If you were wondering who we all are, you can find nine of us at http://msdn.microsoft.com/canada/rd/. Or check the individual pages such as http://kate.regionaldirector.ca. (If by chance you're reading this blog entry at http://kate.regionaldirector.ca, then you need to check out http://www.gregcons.com/kateblog/ which is my regular home.)

About the picture: I hate it. What can I tell you, I hate pretty well all pictures of me but the ones that people get hold of electronically I hate even more. Enough about that until I managed to replace it with one I can stand.

What do RDs talk about when you get us all in a room? Business challenges, personal challenges, what's coming in Whidbey, what we're excited about for Longhorn, patch management, and a bunch of other stuff that's under NDA for a while yet. We also talked about user groups, Deep Dives (like this Smart Client one in Toronto or this Web Services Security one in Toronto; there are some in Calgary, Vancouver, Ottawa, and Toronto too) and conferences. VSLive starts tomorrow, then all the TechEds through the summer and the Microsoft Partner Conference in July. Lots of chances for us all to get on stage. We also talked about the things we do beyond speaking, webcasts, and other community touches. Things like my Code Guru column, the RD column on MSDN, books, and developing content. Most people never think about where all the whitepapers on MSDN, the Hands on Labs and PDC and TechEd, and the presentations for tours and events actually come from. Sure, lots are written by Microsoft people, but plenty are written by smart folks who are really into the topic, and a lot of those are RDs. And of course, we talked about our day jobs and the work we're taking on. Don't forget, pretty much all the RDs are available for consulting gigs :-) although some of us are less available than others.

Looking forward to the next one already.

Tuesday, 04 May 2004 19:07:03 (Eastern Daylight Time, UTC-04:00)  #    
# Tuesday, 27 April 2004

So, read any good buffer-overrun articles lately? Notice how they like to show the hapless programmer cheerfully using strcpy() to copy 11 characters (or 11,000 maybe) starting at the location where only 10 characters worth of space was allocated? Or maybe it's strcat that, merrily continuing till it finds that null terminator in the source string, goes way past its boundaries. Did you ever think to yourself as you read these examples, “Why can't strcpy, strcat, and the rest of them save stupid programmers from themselves?” (It's ourselves, really, but we all suffer from a little denial that we could ever write that sort of code.)

That's an idea, let's replace the naive and trusting version of strcpy, that assumes no-one ever gives it inappropriate arguments, with another version that doesn't always do as it's asked! Why not? I'll tell you why not: this is C++. And if C++ had a motto, it would be “you're the programmer!” or as I sometimes say, “OK, it's your foot!” Seriously, changing the way strcpy behaves might break code that isn't broken or insecure right now. In C++, we're allowed to write code that some compilers wouldn't let us write.

And if you were going to rewrite things, you might like to change the signature anyway, so that you could return an error code or other information. That means what you really need is a replacement for strcpy (and the rest) that's a little safer. And maybe to have the compiler warn you on your calls to strcpy so you can go through by hand and switch to these safer ones case-by-case.

That sounds like a plan. And I don't even have to do it. It's coming in the updated versions of the C Runtime Library for Whid-- er, Visual Studio 2005. And while they're at it, they're adding some overrun protection to the STL in the same timeframe. Intrigued? Read the whitepaper on MSDN. Michael Howard, coauthor of  Writing Secure Code,  lays out some of the problems and how the secure versions of old CRT standbys can keep your code out of hot water.

Tuesday, 27 April 2004 22:20:37 (Eastern Daylight Time, UTC-04:00)  #    
# Monday, 26 April 2004

The first meeting of the east of Toronto user group filled our room when up against serious competition in the form of a vital hockey game (hey, it is a Canadian user group, after all.) So I'm pleased to say that I have a room for the summer that holds TWO HUNDRED AND FIFTY people. I rather doubt we'll fill that. I'll need a new room in September though, so drop me a line if you know of one.

And if you've joined my group (or someone else's) you can come to the special user group event at VSLive  on May 5th -- whether you've registered for VSLive or not! Then afterwards you can come to the VSLive Midnight Madness which actually starts at 8pm, again whether you've registered for VSLive or not. It's like a free peek at what VSLive is like, so you'll know for next year, and a user group event at the same time. We're going to have a round table featuring INETA speakers who are speaking at VSLive: me, Keith Pleas, Richard Hale Shaw,  and whoever else agrees to do it -- I'm not the only one who can line up speakers quickly, and this event is pulling together quickly.

You have to be a member of a user group, so if you plan to head to the Congress Centre in Toronto Wednesday night next week, join the group nearest you now, then register online. See you there!

Monday, 26 April 2004 22:27:03 (Eastern Daylight Time, UTC-04:00)  #    
# Sunday, 25 April 2004

If you're a regular reader of Julie Lerman's blog, you know she likes to announce other people's wins and successes whenever she can -- she's covered plenty of mine. So turn about is fair play -- Julie is just the third Rock Star interview for Ziff Davis' DevSource. Want to know what matters to her, and what she's doing about it? Read the interview.

Sunday, 25 April 2004 14:35:39 (Eastern Daylight Time, UTC-04:00)  #