I've read the article (the topic is always interesting, and Ptacek is well-known in the security world). I must have missed something, because I still see the problem as a combination of really lousy programming* from the Flash guys, plus a bunch of cute hacks from Dowd to overcome the exploit limitations.
From the article:
"It then uses that pointer [the NULL pointer] with an offset controlled by the attacker."
Well, what's left to say? If you allow extraneous information to set the offset of an address in memory, you're dead meat, period.
Best,
*I definitely agree with Ptacek's comment on how malloc() should always be checked. I still think that the default one should remain unsafe (too much old code may depend on this), and instead libraries should provide a safe_malloc() that punts on failure.
> but it is also allowing French people to buy books they would have a hard time to find otherwise I disagree with the fixed book price system having any positive effect in how hard is to find books. If the book is relatively new (after the 1980s), you can always find it in amazon (sometimes in the used books section). If it's older than that, you'd do much better in a used book shop. I buy around 5 books a month (mostly novels, CS, and Economics), and have hardly found a book amazon doesn't carry.
Anyway, you forgot to add "at a higher price" to your "allowing French people to buy books" comment. I live Spain, where there's a similar fixed price book law. (There's no amazon here, my hunch being that a fixed price book law makes competition impossible.)
An average novel in Spain costs 25 EUR. The average salary is around 18 KEUR a year. The price of most of the books similar to the ones I buy in amazon is around 16-17 USD. For example, "Character Makes a Difference: Where I'm From, Where I've Been, and What I Believe", by M. Huckabee, goes for 10 bucks as of today in amazon*. The average salary (it may be the median, I can't remember where I got the number) in the US is 36.7 KUSD (2002),
So, another way to see this law could be that it increases the price that people pays for books with high demand to subsidize access to those books with smaller demand. Now, guess where most people fit.
Finally, the "big city/small village" bookstore argument doesn't apply today. If you live in a small village, you'll always have a much book selection in amazon than in the local bookstore.
*Note: this is actually the first book amazon recommends me as of today. Not sure whether I should be scared of what amazon thinks about me:)
What you're discussing is known as "meme" (http://en.wikipedia.org/wiki/Meme). The term was introduced by Dawkins in "The Selfish Gene."
Your point on how "a mixed world of beliefs is the fittest" is interesting. Dawkins (again) discusses it in "The God Delusion," while debunking the positive effects of religion (should I add "IHO"?). I sort of agree with you: If you accept Darwinian evolution for ideas, the fittest belief system correspond to a belief mix, even to the current religious mix (1/3rd of Christian, 1/5th of Muslims, and some others, including atheists). This would definitely mean that a 100% Christian (or other religion) society is definitely not as fit as one with atheists.
The reasons why this is so are not so clear, though. You suggest that more people being religious than atheists may be due to religion leading to less killings than atheism (through ethics). Somebody could argue the reason is that religion leads to more killings of non-religious people. Religion can be a more useful tool or a better gun than atheism.
The birth control point is not proved: Birth control (the one that most people is likely to practice, meaning not abstinence) dates from 20th Century. While I can see how it can be right (people with large families tend to reproduce more), it hasn't had time to really make an effect (evolution works by discarding less fit elements through several generations).
Also, I see too much "noise" in the process for it to work: While genes have a strong "stickiness" feature (you get what your parents gave you, and you cannot change it), you can always change your ideas. Considering ideas themselves, some are "stickier" than others: I'd argue that the "killing is bad" idea is stickier (you're less likely to change what your parents taught you) than the "belong to a given religion" one.
Slashdot Mirror
I've read the article (the topic is always interesting, and Ptacek is well-known in the security world). I must have missed something, because I still see the problem as a combination of really lousy programming* from the Flash guys, plus a bunch of cute hacks from Dowd to overcome the exploit limitations.
From the article:
"It then uses that pointer [the NULL pointer] with an offset controlled by the attacker."
Well, what's left to say? If you allow extraneous information to set the offset of an address in memory, you're dead meat, period.
Best,
*I definitely agree with Ptacek's comment on how malloc() should always be checked. I still think that the default one should remain unsafe (too much old code may depend on this), and instead libraries should provide a safe_malloc() that punts on failure.
> but it is also allowing French people to buy books they would have a hard time to find otherwise
:)
I disagree with the fixed book price system having any positive
effect in how hard is to find books. If the book is relatively
new (after the 1980s), you can always find it in amazon (sometimes
in the used books section). If it's older than that, you'd do
much better in a used book shop. I buy around 5 books a month
(mostly novels, CS, and Economics), and have hardly found a book
amazon doesn't carry.
Anyway, you forgot to add "at a higher price" to your "allowing
French people to buy books" comment. I live Spain, where there's a
similar fixed price book law. (There's no amazon here, my hunch
being that a fixed price book law makes competition impossible.)
An average novel in Spain costs 25 EUR. The average salary is
around 18 KEUR a year. The price of most of the books similar to
the ones I buy in amazon is around 16-17 USD. For example,
"Character Makes a Difference: Where I'm From, Where I've Been,
and What I Believe", by M. Huckabee, goes for 10 bucks as of
today in amazon*. The average salary (it may be the median, I
can't remember where I got the number) in the US is 36.7 KUSD
(2002),
So, another way to see this law could be that it increases the price
that people pays for books with high demand to subsidize access to
those books with smaller demand. Now, guess where most people fit.
Finally, the "big city/small village" bookstore argument doesn't
apply today. If you live in a small village, you'll always have a
much book selection in amazon than in the local bookstore.
*Note: this is actually the first book amazon recommends me as
of today. Not sure whether I should be scared of what amazon
thinks about me
The reasons why this is so are not so clear, though. You suggest that more people being religious than atheists may be due to religion leading to less killings than atheism (through ethics). Somebody could argue the reason is that religion leads to more killings of non-religious people. Religion can be a more useful tool or a better gun than atheism.