In fact, the bug had already been audited and fixed, almost two years ago, when the security researchers found a way to exploit it. From TFA:

We identified a number of factors that mitigate the impact of this bug. In particular, we discovered that it was fixed on May 21, 2013 (between the releases of glibc-2.17 and glibc-2.18)

Current glibc release is 2.20. That's three relases without the bug already.

Nothing to see here, move along.

We have GnuTLS which is only one year younger than OpenSSL, has a nicer API, is portable to Windows, has a better track record with regard to binary compatibility, a better build system, and can be used by commercial software (it’s LGPLv2.1). Comparison of features with other SSL libraries.

You need benchmarks to prove such blanket statements. In my experience, Java code usually isn't far from C++ performance and it's actually faster when we're talking about high level "glue" code. It vastly outperforms C in string handling, because C's standard string routines are awful not only to the programmer, but to the processor, too. And then again, for maximum performance there's FORTRAN.

Do you know any example of stack smashing, buffer overflows, invalid pointer dereference, malloc failures, code overwriting done by a program written in pure Java? They're the stuff that hackers love. They happen automatically in C: any code you write causes them by default, and you need to be very clever, to have complete information about the machine state after every instruction (which is usually impossible), to have platform-specific tool support (relro, noexecstack, ASLR, ...) in order to avoid or prevent them. In Java, they just don't happen, barring bugs in the JVM, which are akin to bugs in the runtime library of any compiled language of your choice. If this isn't an improvement...

To be honest, the runtime environment for applets was supposed to be restricted (it's not the same runtime environment that Java applications see). It's the same mechanism that post-HTML5 Javascript has, except that at least we can disable (or better delete) the awful Java plugin, while we can't do the same for the browsers' Javascript support.

Then again, I haven't seen too many security patches for gcc or libstdc++ or glibc

Then have a closer look.

So, who are those "patriots" in Silicon Valley supposedly willing to give him, again, the keys to all the personal information that they collect?

I can make a guess, by looking at the track record and the lobbying spending of the usual suspects, but still it would be more appropriate, in the name of transparency, to state explicitly whether the companies that we are entrusting with our personal information are a neutral third party or, instead, are patriots. So we can choose.

If you were using coreutils in your nightmare, you would actually have no problem:
(guys, don't do this at home, your rm implementation could differ)
# rm -rf /
rm: it is dangerous to operate recursively on '/'
rm: use --no-preserve-root to override this failsafe
# rm --version
rm (GNU coreutils) 8.23
You wouldn't enjoy such protection if you typed rm -rf /*, however.

Let's start outsourcing your jobs and see if you still have the same point of view.

Looks like my post failed catastrophically at communicating what my point of view is.

Seeing the slashdot crowd, which is pro-capitalism and laissez faire when it's the other people's source of income which is being put in jeopardy, suddendly start to scream in pain because of the fear of a modest reduction of their earnings, is priceless.

What did you say when shiny gadget manufacturer #1 announced that workers had better learn to "run against the robots"? And when shiny gadget manufacturer #2 exploited underage workers in dangerous sweatshops in China? I haven't read any comments about "unions turning the IT sector into another Detroit" on this page, but instead I now learn that government regulation is in "the true spirit of America, because it's againt slavery". If selling stuff in Spain but paying taxes to the British Virgin Islands is not only moraly acceptable, but even a duty, because it's in the interest of the investors, then why would hiring IT developers from abroad be any different?

Capitalism is about making money, and that's it. It's not a philosophy, it won't make your lives better by itself. And rightly so. It is a government's job to ensure that the interests of those making money proceed in harmony with the interests of a nation as a whole; to which extent is matter of debate. When the government turns out as an expression of those with the most money (bi-partisan agreements...) rather than the choice of informed voters, we'd better learn to love the "invisible hand" and wait for its positive effects on the economy to trickle down on us.

Change, however it happens, should make things easier. It's not the case for Windows 8 (and 8.1). I'll tell a random example: a friend of mine had her Internet Explorer links retargeted by an adware to point to an ugly search engine instead of her default home page. Fixing the desktop links was easy: right click / Properties. Fixing the Modern ones? Either it's impossible, or finding how it's done was too hard for me, so in the end I resorted to searching for .lnk files in desktop mode and change them from there. Now that made me feel old...

But Google continuously updates Google Play Services on my phone without me even noticing, let alone the carrier or the device manufacturer approve and test the changes.

In the same way, they could update the WebView as well (hadn't they put it into a read-only file system, digitally signed by the device manufacturer). It's a userspace component with no implications on the phone service or the radio baseband.

In fact, IIRC the WebView can be updated through the market in the newer versions of Android.

The very same things can be said about Islamist terror. Ignorant people are being maneuvered by virtual caliphs who wish to become actual ones. Every human conflict in history can be reduced to a matter of "us vs them", with a "flag" motivation covering the real, always political, one.

I can't speak to Islam, but what I do know is that Christians who use violence to spread their views can not be considered Christians.

The quran, too, prescribes tolerance towards Hebrew and Christians. And christian holy scriptures contain incitements to violence, too:

Howbeit of the cities of these peoples, that the LORD thy God giveth thee for an inheritance, thou shalt save alive nothing that breatheth, but thou shalt utterly destroy them: the Hittite, and the Amorite, the Canaanite, and the Perizzite, the Hivite, and the Jebusite; as the LORD thy God hath commanded thee; that they teach you not to do after all their abominations, which they have done unto their gods, and so ye sin against the LORD your God.

http://en.wikipedia.org/wiki/2...

The place was subject to armed surveillance but the terrorists managed to slaughter the cops, too. Your sarcasm is therefore out of place, and anyway, choosing such an occasion for an attempt at gun propaganda shows bad taste and lack of compassion. You're not doing a good service in your cause, IMHO.

Google has a dominant position (among other places) in the browser market so site owners can't disregard their imposition. Saying that you can install other browsers would have been just like saying "you can install another OS" when Microsoft played leverage games with their near monopoly on the desktop back in the times. Plus, Chrome tends to end up installed on the PCs of many unexperienced users because of their policy of aggressive bundling. So one can expect that a relevant portion of his site's visitors will be using Chrome in the foreseeable future no matter what.

That's because the law doesn't say "you can own guns full stop", it will say something like "you can own guns as specified by law", so lower-level laws can be passed to regulate the ownership of guns without violating the constitution. But no person or government agency can decide that you can't own a gun without having a law that backs their decision.

You are right in the fact that most constitutions, and probably that of the USA too, comprise some kind of exceptional procedures allowing the government to override the rule of law in the case of an emergency. I think that they're required in order to deal with those cases such as angry people with pitchforks burning down cities etc, something that still happened once in a while in the past century, but I don't expect those procedures to have been applied often nowadays.