>>> http://msdn.microsoft.com/security/ >> Heh. They want us to do their code review for them? > Did you look at it?
I looked at the referred-to blog. I didn't see any code, though I didn't do much webcrawling looking for any - perhaps I was too early, or perhaps I just missed the crucial link, or something. (But whatever it was, it must still be; I just now looked - http://blogs.msdn.com/brianjo/archive/2005/07/18/440179.aspx, as linked to by http://msdn.microsoft.com/security/ - and still can't see any code there. Maybe it's that [INLINE] - I didn't bother fetching images - or maybe I need to have JavaScript or ActiveX or some such security-disaster-waiting-to-happen to get it; I don't know. I do see three javascript: links, arguing in favour of the JavaScript theory.) > The current one is a 4-line toy bug. It's a contrived example, and > theposter obviously already knows there is a bug. > You think they are going to work their way up to: > "Umm... great so far, readers. Now look at these 10,000 lines and > tell us where the bug is..."? Basically, yeah. When dealing with anything Microsoft, I not only look the horses in the mouths, I am inclined to X-ray and ultrasound them, and even then may not buy. I don't trust Microsoft even as far as I can throw them. Maybe this is exactly what it appears to be. In that case, well, good for them, and maybe it will begin to do some epsilon of good, start chipping away at the mountain of negative karma they've built up. But maybe it's not, too. And if I want examples of bad code I hardly have to go to Microsoft to find them. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
