Yikes! How can an API call be banned? Well, these functions from the C Runtime Library (CRT) will trigger warnings from the compiler in Visual C++ 2005 and beyond. I've blogged about this before, and linked to an older paper about it too. Now Michael Howard has an updated article that lists all the "banned" CRT calls and suggests what to use instead. He also clarifies the role of the StrSafe functions and compares them to the _s versions of the insecure CRT functions. Definitely recommended reading if you're maintaining an older code base and worry about it a little.

Kate

First, this Information Week article says "there's a greater call for IT professionals in the New York and New Jersey area than there is in Northern California". Then they say something really strange: "When it comes to programmers, the C and C++ languages were the most popular with 18,290 job postings, while Microsoft's .Net drew 14,807." Wow. Ignoring the fact you can do C++ on .NET, that's still quite a dramatic ratio. It's partly because the jobs include other operating systems, like Linux, and C++ is The cross-platform language. But I know (because people email me asking to help them find staff) that C++ programmers are getting hard to find. Who'da thunkit?

Kate

Jesper is The Guy on security and since UAC is generally represented as a security feature, I'm interested in just about anything he has to say on the topic. So imagine my eyebrows headed for the ceiling when I read:

UAC does not, nor is it intended to, stop malware.

But my eyebrows came back down pretty quickly. There's a difference between stopping malware and reducing the effect of malware people happen to launch. UAC is intended, Jesper says, to "enable more users to run as a standard user." After all, most devs are admins on their own box, because otherwise they can't accomplish all kinds of day-to-day developer tasks. And then they accidentally write applications that only work if you're an administrator. And most folks react to that by making everyone an administrator. And that leaves you in a nasty place if you did happen to launch some malware. He goes on to say:

...we ideally end up in a situation where most people do not run as administrators and, hopefully, start questioning some of the elevation prompts they do get. The fewer they get, the more likely they are to consider them carefully before allowing them, or so the theory goes. By extension, yes, there may be less malware, but it all depends on (a) whether users keep UAC on, (b) which is dependent on whether ISVs will write software that works with it, and (c) users stop considering prompts to be fast-clicking exercises and actually consider whether an elevation request is legitimate or not.

That last one I am seeing no signs of. A UAC prompt comes up, people just click it as quick as they can. Sigh. Let's hope that changes over time. One last quote from Jesper:

The fact that UAC does not mitigate all security problems, or that it does not possess a property that many of us, myself included, would dearly like to have - first-order protection against malware - does not mean it is not a security technology.

The more we understand the point of UAC, the more likely we are to think a little during that black-screen-pause while the prompt is coming up. If you don't think what you just did deserves a UAC prompt, why are you going to consent?

Kate

Ali Parker writes about the Women in Technology event that will be held once again at Tech Ed in Orlando this year. Let her know your thoughts on what the event should be, and on how to reach out to young girls and inspire them to consider changing the world through technology. I know I'll be attending no matter how they structure the event or when it's held. It's fun to be in the majority once in a while. BTW, men are always welcome ... you don't need to pass some screener with some talk of having a daughter or the like, just come on in and join us.

Kate

At the risk of turning this into a jobs blog, I just have to point you to another opening. How would you like to apprentice to Eric Sink at Source Gear? He's looking for a developer to do marketing. He would rather you didn't have a lot of marketing background, and he'll pay you as he would pay a senior developer. You have to move to Illinois, and be willing to travel every month or so, and I bet you'll have a terrific time. Application instructions are in the blog posting.

Kate

One of the things that's fairly hard to do with Team Systems out of the box is to search work items. You know there was something about the Pending flag in some work item or another, but now you just can't seem to find it. You could create a query but that seems like overkill, right? Well, Noah Code has a little addin for you that makes searching work items a lot more convenient. It adds a toolbar with a search box, and you're all set. If you want, you can tweak what fields it searches.

Kate

Microsoft wants to hire a Program Manager for COM+, DCOM, RPC, the WCF/COM Integration, System.EnterpriseServices, and whole lot more. It's true. If you love COM and think you can do this job, start at this blog entry from Clemens but don't follow his link over to the jobs page -- it seems to be broken. This link worked better for me.

Kate

I know I mentioned earlier about Code Camp (March 31st, downtown Toronto). The sessions are now set and there will be five tracks with five talks each. Topics range widely - SharePoint development, fundamentals of generics, game programming with XNA, workflow, even a robotics / mobility mashup! Plenty of veteran and new speakers; it promises to be a great day. My talk is scheduled early so I can relax and watch everyone else after I'm done. In keeping with my Code Camp tradition this will not be a C++ talk - I'll be covering Vista programming for non C++ people.

Kate

Hey, this is great, my Tech Ed talk was accepted this year. This is the earliest I've known I'll be speaking at Tech Ed USA. (I know, I already knew I was headed there for the pre-con, but now I have a breakout.)

C++/CLI and Vista: a natural fit

Vista brings a host of new features that developers can use to create beautiful, powerful, and intuitive applications. Some of these features are easy to access from managed code while others are more of a challenge. These features are generally easy to access from native code. By using C++/CLI, a developer can call either native or managed APIs with maximum ease. This session will demonstrate a variety of different Vista features to illustrate the strengths of C++/CLI.

This should be a level 300 talk and I'm really looking forward to it!

Kate