That's pretty awesome.

In 2014, there 1.3 billion mobile devices sold. 82% of those run Android, so just over 1 billion Android devices. Over the same time period, 160 million PCs were sold.

The year of the Linux desktop was several years ago. Most new computing devices run Linux, and fit in your pocket.

If it has access to draw windows in your X session, it's elevated plenty - it can also log keystrokes at that point.

A straw man is a position invented during an argument in order to strike it down. If I pretended Obama had proposed executing anyone who gets a promotion, then shown why that proposal is bad, that would be a strawman.

Pointing out what the original claim was isn't a straw man, that's the opposite of a straw man. Let me give you two more examples of straw man:

Bob: The water is shallow.
Sally: You're wrong, I can prove the water is wet!

Bob: The bug is shallow.
Sally: You're wrong, I can prove the bug exists!

That's true, you could point to certain addresses. You're just left with no room to jump to that address or do anything else with it - the pointer takes up all of the space.

Also of course the other bytes of the pointer are restricted to eleven values each. I have no doubt they'll be some exploit, it's just likely to be rather limited.

The franchise laws which bug auto manufacturers including Tesla and GM were passed to limit the power of GM and Ford, mostly in the 1930s and the 1950s. It's weird that you think prohibiting General Motors from engaging selling the cars the way they used to is "pro big business". The purpose was to protect small family businesses from those big bad corporations.

Section 2 of this paper has a good summary of how those come about:
http://papers.ssrn.com/sol3/pa...

I'm not sure if you're trolling, or just really confused. That big government is textbook democrat. Republicans are all about the free market. Time Warner and Cablevision are heavily invested in trying to get Hillary Clinton elected:
http://www.opensecrets.org/pol...

That's somewhat true, their exploit will show how to exploit EXIM if that's installed and open via the firewall on vulnerable systems. Most other software using glibc isn't vulnerable for the reason I listed above.

Also,with 3-7 bytes they can overwrite, less than the size of a pointer, their exploit may be very, very limited. Specifically, it can't specify a memory address to jump to where the main exploit is found, because there's not enough room for a pointer to a memory location. We'll see what they come out with, but it may well be very, very limited.

The last Republican mayor of Seattle was in 1968. The City Council is nine people, of which zero are republicans. There are eight Democrats and one Socialist. Whatever you get from your city hall, that's what Democrats do for/to you.

Adobe doesn't sell the plugin, they sell their development tools. Those development tools are slowly being switched to html5, so Adobe's customers can continue to use them as always.

Seattle was a candidate to be the first city to get Google fiber. The culture of bureaucracy there made it unattractive for Google. For example, in Seattle, and nowhere else in the country, they have to get permission from every homeowner within a certain distance before they can install a fiber cabinet. Just contacting every homeowner and getting them to fill out the form to "yes" or "no" would be a giant pain in the ass that slows things down.

http://crosscut.com/2014/03/04...

The article lists a long string of mitigating factors tat make it not as dangerous as it might first appear. Someone else already mentioned that it doesn't effect applications that are IPv6-ready; both IPv4 and IPv6 addresses are resolved with the same (safe) function in most software that's IPv6-capable.

Also, at 4 bytes can be overwritten on 32-bit, 8 bytes 64-bit, and they can only be overwritten with ascii digits 0-9, dots, and must have a terminating null. (So really three bytes on 32 bit, 7 bytes on 64 - not enough for a pointer).

There are several other mitigating factors. You should update glibc, but there's no need for panic.

In case you're unaware, "bugs are shallow" doesn't mean they don't exist.

ESRs complete sentence is:

"given enough eyeballs, all bugs are shallow; or more formally: Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone."

In other words, someone will quickly quote Adam Savage and say "THERE'S your problem!". :)

The difference between a deep bug and a shallow bug is is what happens after you notice a problem. A shallow bug is right there, at the surface. Function foo() is supposed to return x, but instead it returns x -1, and there is the line of the code that's the problem.

A deep bug is one where you look at function foo(), which creates an instance of class Bar, which is subclassed from IEParser, which calls friend class HTML4Lexer, which has function TagAtrribute() - but TagAtrribute() returns the correct value, so how the heck is it wrong in Bar? Then when you found out WHY it's wrong, you can't come up with any way of fixing it without rewriting the HTML specification.

Heartbleed is actually a great example. Many people looked at it right away and within an hour or so there was a patch available. Those may people discussed the three or four proposed long-term solutions and in about 24 hours we agreed on that Florian's solution was best. Florian was one of the many eyes, and the bug was shallow to him - "he fix will be obvious to someone", and that someone was Florian.

You can spin the numbers any way you want. We could go back and forth all day. One thing that's undeniable is that Clinton is financed by Time Warner and Wall Street.