Monthly Archives: January 2016

Chrome, Edge, Firefox, Internet Explorer, Java

End in sight for Java browser plugin

Leave a comment

Oracle is finally throwing in the towel for Java browser plugins. A never-ending source of security problems, the Java plugin will be phased out in the near future. Browser software developers like Mozilla and Google made this move inevitable when they started removing plugin functionality in recent months.

This will cause headaches for organizations that use a lot of browser-based Java. They’ll be faced with a decision. Many will presumably stall for time, and continue to use existing Java applets in increasingly-outdated browsers. Others may decide to switch to another platform entirely, which is likely to be very costly. The best alternative is to – where possible – change browser-based Java applets to use the Java Web Start technology. According to a white paper from Oracle (PDF): “The conversion of an applet to a Java Web Start application provides the ability to launch and update the resulting application without relying on a web browser… Desktop shortcuts can also launch the application, providing the user with the same experience as that of a native application.”

Regular users will only notice the loss of the Java browser plugin if they happen to use one or more Java applets. Site operators have been aware that this change is coming for a while, and have been scaling back their use of Java applets, but they may still be found on some banking and financial sites, web site builders, and so on. One Java applet-based service that I find extremely useful is Berkley’s ICSI Netalyzer, which analyzes your network connection and reports on any issues it finds. I’m hoping that Netalyzer’s developers will convert it to use Java Web Start, or do something else to keep the service online.

Duo Security has additional related information.

Edge, Microsoft, Patches and updates, Windows 10

Two more Windows 10 Insider Preview builds

Leave a comment

When Windows 10 updates itself, in the final stages, we’re treated to a series of screen-filling messages, like “We’ve updated your computer”, and “All your files are right where you left them.” I can understand why Microsoft is showing messages like this: to reassure users who would otherwise be wondering what’s going on as their hard drive thrashes away. As a more technically-minded person, I would prefer an indication of exactly what’s happening, and how long it’s going to take, but I can live with these messages instead.

On the other hand, sometimes these messages are misleading. Take this one: “We’ve got some new features to get excited about.” Apart from the grammatical issues, this message simply isn’t usually true. The most recent Preview builds, for example.

Windows 10 Insider Preview Build 11102

Build 11102, released on January 21, includes only one new feature of note, and it’s hardly exciting: you can now “right-click on the back and forward buttons in Microsoft Edge for quick access to your recently visited websites in the current tab.” Woo hoo.

Note that this build still has the problem with WSClient.dll error dialogs popping up at inconvenient times. At least the build announcement describes a workaround.

Windows Insider Preview Build 14251

Build 14251, released on January 27, has the distinction of generating a lot of discussion regarding the large jump in build number. It turns out that the big jump is the result of Microsoft trying to synchronize builds across platforms, which is actually a good thing.

Meanwhile, the announcement for build 14251 actually says “This build doesn’t have notable new features in it”. And sure enough, it’s mostly bug fixes.

Firefox, Tools

Easily view pages with default colours and fonts in Firefox

Leave a comment

I’m a fan of Firefox’s ‘Reader Mode’ feature, because it allows me to read web pages that use light text on dark backgrounds. My eyes have always been pretty good, but in recent years I’ve noticed that reading white text on a black background gives me blurry vision within a few minutes. All I have to do is click the Reader button, and I see a nice, clean view of the page, with black text on a white background.

Unfortunately, Firefox’s Reader mode is only available for some pages. I’ve yet to discern a pattern. For example, the home page of this site (boot13) doesn’t show the Reader button, but navigating to an individual post, or to one of the post archive pages or category pages does.

Luckily, I stumbled across a Firefox add-on that does what I want: Page Colors & Fonts Buttons. There’s not much to the add-on; it simply adds two buttons to the toolbar: one to toggle the default colours off and on, and another to toggle the default fonts off and on. It doesn’t give you the fancy view you get with Reader mode, but it does work on any page.

Any Firefox user who’s ever had trouble reading text on a web page should install this add-on. Highly recommended.

Firefox, Patches and updates, Security

Firefox 44.0 released

Leave a comment

With traditional (aka standard, normal, common, sensible) software version numbering, moving from version 43 to version 44 would normally signal big changes and (hopefully) improvements. This is no longer the case with Mozilla’s version numbering scheme for Firefox.

Case in point is Firefox 44.0, made available by Mozilla on January 26. According to the release notes, there are no major new features. A few bugs were fixed, including about twelve security issues. Many of the changes are related to encryption and video handling. Several improvements to the developer tools also made it into this release.

In other words, there’s really nothing in this release that makes it worthy of a major new version number (44). How is Mozilla making these decisions? Your guess is as good as mine.

Meanwhile, of course – and despite assurances from Mozilla – this release, somehow worthy of a major new version number, was not even announced by Mozilla. At least not anywhere I looked. I discoverd the new version because of (yet again) a post on the US-CERT site.

Chrome, Google, Patches and updates

Chrome 48.0.2564.97 released

Leave a comment

There don’t seem to be any security fixes in the latest version of the Chrome browser, 48.0.2564.97.

The announcement doesn’t include any details to speak of. The full change log lists sixty-eight changes, most of which are minor bug fixes. A few of the changes are related to stability and performance.

There’s also a related post on the Chrome blog. Most of that post is about new features related to mobile users, so it may not be of much interest.

On most computers, Chrome will silently update itself to the new version.

Java, Patches and updates, Security

Java 8 Update 71 released

Leave a comment

Oracle seems to be jealous of Microsoft’s ability to confuse the heck out of users. Of late, Java releases seem to come in two distinct versions, with the later version being typically unavailable to most users.

The latest update is a good example: the release announcement talks about Java 8u71 and 8u72, and says that 8u71 contains security fixes. It goes on to say that 8u72 contains the same bug fixes plus ‘additional features’.

If you use the Windows Java Control Panel to update Java on your computer, you’ll end up with Java 8u71. If you go to the main Java download page and choose one of the versions for Windows, again you’ll end up with 8u71. So what’s 8u72 for?

The release notes page for Java 8u71 describes a few non-security bug fixes. Oracle’s Critical Patch Update Advisory for January 2016 shows about eight security vulnerabilities that are addressed in Java 8u71. So if you use Java, you should install 8u71 as soon as possible.

Adobe, Chrome, Edge, Firefox, Flash, Internet Explorer, Patches and updates, Security

More Flash updates

Leave a comment

The latest version of Flash is 20.0.0.286, for most browsers. Microsoft Edge and Internet Explorer on newer versions of Windows are apparently still stuck at Flash 20.0.0.272.

Sadly, the information on the Adobe site related to these updates is inconsistent, confusing, or just missing.

The About Flash page doesn’t seem to agree with the announcement page. The former shows “Internet Explorer (embedded – Windows 8.x) – ActiveX 20.0.0.286”, while the latter shows “Flash Player 20 for Internet Explorer on Windows 8.1: 20.0.0.272”.

The Flash runtime announcement says “Security update details can be found here: Security Bulletin (APSB16-01)”. But the APSB16-01 bulletin is for the previous Flash updates. The linked URL is also wrong; it points to an even older bulletin: APSB15-32. And to top it off, the security bulletin that should exist (APSB16-02) for this update currently generates an error.

Hopefully Adobe will fix this mess ASAP.

Meanwhile, although the announcement doesn’t mention any security fixes in the new versions, it’s safe to assume they exist, so you should update Flash in any browser where it’s enabled.

As usual, Internet Explorer on new versions of Windows will receive these updates via Windows Update, and Chrome will get its new Flash automatically.

Update 2016Feb02: I reported the announcement and bulletin problems (noted above) to the author of the announcement. He replied that the About page would be fixed, and that he had fixed the link to the bulletin on the announcement page. Unfortunately, that link now goes to the bulletin for the previous Flash release. The author claims that bulletin still applies, but it really doesn’t, since it recommends the previous version of Flash.

Update 2016Feb04: According to the author of the announcement, there were effectively no changes in this Flash update. Certainly there were no security fixes. A link to the previous security bulletin was included simply because it was the most recent bulletin. The link text will be changed to make this more clear.

Microsoft, Patches and updates, Windows 10

Windows 10 Insider Preview build 11099

Leave a comment

My Windows 10 test computer just upgraded itself to the latest Insider Preview build, 11099.

I’m now on what Microsoft calls the ‘Fast Ring’, which means that I get new Windows 10 builds almost immediately after they become available. One of the drawbacks of this scheme is that these early builds tend to have more problems than regular releases. For me, that’s acceptable, because my test PC is not used for much aside from testing. I wouldn’t try this on my main computer.

The first thing I noticed about the new build is that the File Explorer progress dialogs are back. Those dialogs disappeared in the last build, which wasn’t a huge problem, but it was disconcerting.

The only other difference I’ve noticed in this build is a weird error message that pops up when Windows starts. There’s additional information, including a couple of possible fixes, over at Neowin.

I’ll post updates here as I work with the new version.