> Take Herb Sutter for example, who argues that "memory safety" as defined in this article is an extreme goal and we should instead focus on a more achievable 95% safety
I wonder how you figure out when your codebase has reached 95% safety? Or is it OK to stop looking for memory unsafety when you hit, say, 92% safe?
Anything above 90% safety is acceptable because attackers look at that and say “look they’ve tried hard. We shouldn’t attack them, it’ll only discourage further efforts from them.” When it comes to software security, it’s the thought that counts.
A coin deposit is no more a mark of a bad neighborhood than having cart corrals in the parking lot -- like them, it is a way of reducing (or trying to eliminate) the amount of time employees have to spend collecting carts and returning them.
A coin deposit is a signal that either the carts are being stolen, or that they are not being returned to the cart corral. Both are signs of a bad neighborhood in my area of the country.
This is a true statement, but I suspect the underlying goal is to reduce overhead and pass the savings on to the consumer and/or the bottom line. This is because if carts are stolen they must be replaced, and if they are not returned to the corral a worker must be paid to do it.
>so putting the OST in CD format was a nice easter egg.
It wasn't an easter egg; it was how the games accessed and played the in-game music (and digitized speech when that was a new, exciting thing). There would be one huge data track and then dozens of small audio tracks. If the game did take multiple CDs, then either (a) you installed all the discs but all the audio was on the CD that had to be in the drive for the game to play or (b) each CD had the audio needed for the levels that were on that disc (I think that scenario was more common on PS1 games, but I could be mis-remembering)
> It wasn't an easter egg; it was how the games accessed and played the in-game music
Except they never had to do that, even before the MPs, they could always have stored the audio data as regular files on the disk image. Using CDDA just makes things more complicated as you need to reaccess the raw media instead of just reading the data from the filesystem.
In those days CD drives could output the audio as analog or digital signals separately from the data bus, using a cable that connected directly to the sound card for zero-overhead music. Commodity CD drives on the PC go back to about 1992 and playing CD audio would have been prohibitive overhead for contemporary CPUs
>I like money staying local, seeing kids sports teams sponsored by Bob's Ford
In theory that sponsorship money could stay local, if the people who saved money by buying cars direct from Ford gave it personally to the local sports teams instead of giving it to Bob first.
bob sponsors a kids sports team to advertise the local dealership to the parents.
tesla's advertising campaign is unlikely to sponsor a local sports team, because the scale is too small and there's too many local sports teams for a corporate to deal with.
The parents themselves will not see value in doing a local sports team sponsorship - they might donate just to keep it alive, but if that was possible, the sports team would not have needed sponsorship in the first place!
Under no scenario would the parents who saved some money from buying a car would give that savings to the local sports team the same way a sponsor would.
If only there was some way to collect money from car sales & use it to maintain local youth programs. Or better yet: A percentage of every transaction. We could call it "sales tax." ;)
and yet, a lot of people are opposed to sales tax due to it's regressive nature (they tax the poor proportionally more than the rich - which then is "fixed" up by adding exemptions to sales tax for goods that the gov't considers the poor to need, such as food etc).
>It's like finding out my neighbor doesn't lock his front door at night and announcing it on twitter.
No, it's like finding out your neighbor sold a bunch of faulty locks to a bunch of other people. There's a difference between information that would benefit only one person (the neighbor in your analogy) and information that would benefit many people (the neighbor's customers in my analogy)
In that case it would be better to inform future customers so they don't buy the faulty lock, rather than throwing together an in-depth tutorial on how to take advantage of the lock. Especially since, unlike a lock, software can be updated to fix the problem.
"There's a known exploit that has yet to be fixed"
But then there's an issue of trust. Without documenting the exploit to the public I suppose no one would believe you.
Nevertheless the consequence of releasing an exploit to the public is that you've also informed nefarious players. Actually it's worse than that. Likely the nefarious players are the only ones paying any attention to stuff like this.
Perhaps what's needed is a trusted third party middleman who can verify an exploit exists without releasing it to the general public?
> When they are cast to the shadows they can grow,
It's a nice poetic conceit to think of good ideas as thriving in the light like flowers while bad ideas flourish in the darkness like mushrooms, but they both thrive on the same thing -- attention. To make another comparison with things that grow in the shadows: the crawlspace under my front porch is full of bugs and critters, but they didn't get there because I cast them out of my house, and I don't keep my house bug-free by periodically inviting them in for debates.
The common term seems to be "water skiing douche" and it is something to protect against. Presumably males and females also need to avoid an anal douche.
Edit: the term is "water skiing enema" for rectally injected water injuries... The worst case scenario is severe lacerations to the vagina wall or a rectal blow out.
FTA: It is available first today in the July release of the Python Extension for Visual Studio Code, and we will later release it as a standalone component that you can use with any tool that works with the Language Server Protocol.
I wonder how you figure out when your codebase has reached 95% safety? Or is it OK to stop looking for memory unsafety when you hit, say, 92% safe?