Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Changes coming to Chromium and Firefox

There’s interesting news from the world of web browser software. And when I say ‘interesting’, I mean possibly extremely annoying, depending on which browsers you use, and how you use them.

First up, there’s been an interesting debate in the Firefox bug list, since 2014, about whether to change the behaviour of the Backspace key.

It’s possible that you weren’t even aware that you could use your keyboard’s Backspace key to navigate to the previous page in Firefox. This functionality has existed in most browsers at one time or another, but it was removed in Google Chrome version 52 in July 2016. It’s a convenient shortcut for doing the most common thing you can do in a web browser, and I have personally used it for years.

The problem is that some users apparently run into trouble when they try to use Backspace to erase the previous character in a text box on a web page, such as in a form, only to find that they have navigated to the previous page instead. This can result in the loss of form data, and I imagine that could be very annoying.

Because of the debate about this, Mozilla software engineers went so far as to track the usage of the Backspace key in Firefox. And while I applaud their methods, I don’t necessarily agree with their analysis. For example, they found that the Backspace key is the most pressed keyboard shortcut in Firefox, with forty million users pressing the key and triggering a ‘previous page’ navigation every month.

By comparison, the next most common keypress is Ctrl-F, which is the browser-universal key combination for searching within the current page. That keypress is used by about sixteen million users per month. Fifteen million users per month use F5 and Ctrl-R to reload the current page.

So far so good, but the Mozilla engineers somehow used this information to conclude that many of the Backspace presses (and subsequent navigation to the previous page) were unintentional. I don’t follow their reasoning, frankly. Isn’t it just as likely that that people frequently use the Backspace key to go to the previous page?

Regardless, Mozilla is changing the behaviour of the Backspace key in Firefox from version 86 onwards. That version is scheduled for release on February 23, 2021. There will be workarounds, so this isn’t likely to be a huge problem for most people, but there will clearly be a bit of fumbling as people get used to the change.


Meanwhile, Google is planning to cut off access to several of its services for Chromium-based web browser software, on March 15, 2021. This won’t affect Google’s own Chrome browser, but any browser built on the Chromium browser engine that isn’t Chrome will lose access on March 15.

The Google services involved include bookmark synchronization, the ‘safe browsing’ feature, search suggestions, spell checking, and others. It’s important to recognize that these functions are not necessary for basic browser use, and their loss likely won’t affect many users. Losing search suggestions and spell checking seem like minor annoyances at worst. Loss of the safe browsing feature is unfortunate, but other safeguards exist. Anyone who uses bookmark sync is going to be annoyed at losing that feature.

At the same time, it’s interesting to note that people who are using a non-Chrome Chromium browser to avoid using Google software never really accompished their goal if they used any of the soon-to-be-disabled features. They might as well have been using Chrome all along.

Google maintains that it was never their intention to make these services available to non-Chrome browsers. Which is why, despite having frequently expressed annoyance at Google for discontinuing software and services that they had strenuously promoted, this change doesn’t bother me.

Java 8 Update 281

Oracle’s Critical Patch Update Advisory for January 2021 includes an entry for Java. There’s a single security vulnerability in Java 8 Update 271 and, presumably, in earlier versions as well.

The risk of using an unpatched version of Java depends on how you use it. If it’s only used to run specific, business-related software, the risk is low. By far the biggest risk is Java code that arrives on your computer by way of compromised web sites, or in email.

Java’s newer, built-in security features make it less of a risk than in years past, but risk remains. As a rule, it’s best to keep Java up to date.

If Java is installed on your Windows computer, you’ll see an entry for it in the list of installed software in the Control Panel or Settings. You should also see an applet in the Control Panel for Java, which you can use to both check which version is installed, and update it if necessary.

To get to the Control Panel in Windows 10, click the Start button, then start typing “control panel”. You should see it in the search results as you type. Click the search result to get there.

Patch Tuesday for January 2021

There’s no stopping the juggernaut of monthly updates coming from our pals in Redmond.

This month’s load of updates, based on analysis of the new, ‘improved’ Security Update Guide, shows that we have updates for Edge, Office (2010, 2013, 2016, and 2019), Sharepoint, SQL Server, Visual Studio, Windows (7, 8.1, and 10), and Windows Server (2008, 2012, 2016, and 2019), addressing eighty-three security vulnerabilities in all.

There’s a summary of this month’s updates linked from the SUG, but as usual, it’s bafflingly incomplete.

Windows 8.1 computers can get this month’s updates via Windows Update in the Control Panel. Windows 10 computers will get the updates over the next few days, unless they’ve been configured to delay updates temporarily. Windows 7 users are still basically out of luck.

Flash is DEAD

Adobe’s kill switch for Flash went into effect as scheduled yesterday. Any Flash media you try to view from now on will show a placeholder image, which links to the End Of Life announcement for Flash.

That includes any Flash media you have lying around on your computer. For example, I found the Flash test animation on my main computer and uploaded it to my web server, where until January 12, it worked perfectly. That same Flash animation used to show on the main Flash help page, but of course that page now shows the placeholder as well.

And so ends the long, exasperating, security nightmare that was Flash. Good riddance.

Adobe Reader update, Flash ‘kill switch’

Adobe logoEarlier this week, Adobe released new versions of its Acrobat/Reader product line, to address a lone security vulnerability in earlier versions.

The new version of Acrobat Reader DC, which is the free — and widely used — version of Acrobat, is 2020.013.20074.

Recent versions of Acrobat and Reader usually manage to update themselves, but if you use either of them for viewing PDF files from untrusted sources, you should make sure you’re running the latest version. In Acrobat Reader DC, navigate its menu to Help > Check for Updates... If a newer version is available, you’ll see an option to install it.

Flash ‘Kill Switch’

We expected Adobe to show warnings in Flash after its development and support end in January 2021. Now comes news that Adobe is taking the rather drastic step of preventing Flash content from playing at all after January 12.

It’s not clear whether it will be possible to override this behaviour, so anyone who still relies on being able to play Flash content after January 12 should be looking into alternatives.

Patch Tuesday for December 2020

Microsoft recently overhauled its Security Update Guide, the web-based resource meant to be the definitive guide to Microsoft software updates. I don’t know what they had in mind, but from the standpoint of usability, there’s little improvement.

I still recommend using the SUG’s handy Download link to save the data in spreadsheet form, which you can then open in an Excel-compatible program, and use filtering and sorting functions to extract the information you need.

The official release notes for this month’s crop of updates is somewhat useful, although it contains neither a complete list of updates nor a complete list of vulnerabilities. It does at least provide a list of the software affected by the updates: Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Edge for Android, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.

The Vulnerabilities tab of the SUG lists fifty-nine vulnerabilities that are addressed by the December updates. That matches the total I obtained in my analysis of the data. As for the number of actual updates, that’s increasingly difficult to determine. There are references to forty-seven help articles and twenty-one sets of release notes in the SUG data.

As usual, Windows 10 computers will get the relevant updates installed when Microsoft feels like it. Windows 8.1 computers are best updated via the Windows Update applet in the Control Panel. Users of Windows 7 and earlier versions are still pretty much out of luck, though it’s worth checking Windows Update anyway.

Adobe Reader update

Adobe logoLast week Adobe released new versions of its Acrobat and Reader products, to address fourteen security vulnerabilities in earlier versions.

In the Adobe product lineup, Acrobat is the commercial PDF builder, while Reader is the free PDF viewer. At one time you pretty much needed to have Reader installed to view PDF files, but these days PDF viewer functionality is increasingly built into operating systems and web browsers.

The new version of Reader — officially referred to as Acrobat Reader DC — is 2020.013.20064. Details are available in the related Adobe Security Bulletin.

All of Adobe’s Acrobat/Reader products update themselves by default, and there’s apparently no simple way to disable that feature. Still, if you have Reader installed, and you use it to view PDF files obtained from email or the web, it’s a good idea to make sure it’s up to date.

To check for updates, start Reader and navigate its menu to Help > Check for Updates... If there’s a newer version available, you’ll be prompted to install it.

Patch Tuesday for November 2020

This month’s pile-o-patches from Microsoft includes updates for Flash in Microsoft browsers, .NET, Exchange Server, Office (2010, 2013, 2016, and 2019), Sharepoint, Windows (7, 8.1, and 10), Windows Server (2008, 2012, 2016, and 2019), Visual Studio, Visual Studio Code, Internet Explorer 11, Edge, and Teams.

Analysis of the new (but not improved) Security Update Guide for November shows that there are at least 102 bulletins (but as many as 118, depending on what’s counted), each with an associated set of updates. As many as one hundred and eighty-five security vulnerabilities are addressed.

Dammit, Microsoft

Microsoft has once again changed the way security bulletins and updates are documented. As a result, it’s now even more difficult to find certain details about individual updates, and more difficult to ascertain just how many updates were made available for a given Patch Tuesday. It seems like Microsoft wants us to give up trying to get a handle on these things, and just install all available updates. Some people have turned to non-Microsoft resources for update information, such as the Patch Tuesday Dashboard, which is useful, but the numbers there don’t match mine, so who knows.

Getting the updates

Most Windows 10 users will get the relevant updates installed automatically over the next couple of days, although more recent versions of Windows 10 do allow updates to be delayed.

Windows 8.1 computers that have automatic updates enabled will also get those updates soon. Otherwise, you’ll need to head to the Windows Control Panel to run Windows Update.

Windows 7 users are still pretty much out of luck.

Java Version 8 Update 271

Oracle’s quarterly Critical Patch Update Advisory for October 2020, published on October 20, includes a list of eight vulnerabilities affecting Java 8u261, 7u271, and older versions.

Security risks arising from the use of older versions of Java are not as scary as they once were, since most current web browsers no longer support Java. The notable exception is Internet Explorer 11, which still supports the Java NPAPI plugin. Still, it’s best to keep Java up to date if it’s installed.

The easiest way to both check whether you have Java installed and see which version you’re running is to go to the Windows Control Panel. On Windows 7 and earlier, the Control Panel is accessible via the Start menu. On Windows 8.1 and 10, Microsoft annoyingly hid the Control Panel, but you can find it by clicking the start button and entering the text “control”. In the list of search results, you should see “Control Panel”. Click that to get to the Control Panel.

If Java is installed, you’ll see its Control Panel entry: Java (32-bit). Once you’ve clicked that, you’ll see the multi-tab Java applet. To see which version is installed, go to the Java tab and click View... The Product column shows the version. If it shows as “1.8.0_271“, that means you’re running Java 8 Update 271. Click Cancel to close that dialog.

To update Java, go to the Update tab and click the Update Now button. Follow the prompts to download and install the latest applicable version.

Alternatively, you can visit the main Java download page and install Java from there.

Flash update and upcoming retirement

Last week, on Patch Tuesday, Adobe released a new version of Flash that addresses a single critical vulnerability in previous versions.

The security bulletin for Flash 32.0.0.445 provides some additional context.

Anyone still using Flash, and in particular if Flash is enabled in Internet Explorer 11, Edge, or Google Chrome, should install the new version.

The easiest way to obtain the latest version of Flash is to go to the Get Flash page on the Adobe web site.

You’ll probably notice a warning at the top of the Get Flash page: “Important Reminder: Flash Player’s end of life is December 31st, 2020. Please see the Flash Player EOL Information page for more details.” That’s right, Flash is nearing the end of its troubled life.

Adobe plans to retire Flash at the end of 2020. After that, Adobe will no longer update or distribute Flash. They won’t fix security vulnerabilities, and you won’t be able to download it from Adobe’s web site. Adobe recommends removing Flash from all systems by the end of 2020.

Flash will live on, of course. But leaving Flash installed and enabled in browsers will become increasingly risky, as any new vulnerabilities will not be fixed by Adobe. If you must continute to use Flash for work-related activity, try to use it only as needed, and never to view content obtained from unverified Internet sources. Use a separate browser just for viewing Flash content if possible.

Patch Tuesday for October 2020

It’s time for another round of updates for your Windows computers. Earlier today Microsoft published fifty-eight bulletins, with associated updates, addressing eighty vulnerabilities in Flash, .NET, Office (2010, 2013, 2016, and 2019), SharePoint, Visual Studio, and Windows (7, 8.1, 10, and Server). Ten of the vulnerabilities are flagged as having Critical severity.

Get the full details directly from the source: Microsoft’s Security Update Guide.

Interestingly, there are no updates for any version of Internet Explorer this time around. I don’t think that’s ever happened before.

What you need to do

Windows 10

Unless you’re running one of the more recent major releases of Windows 10, and you’ve configured it to delay updates, you’re going to get the new updates within the next day or so.

If your version of Windows 10 has settings that allow you to delay updates, I strongly recommend that you use them. Given Microsoft’s recent track record with updates, which includes rushing out fixes for a sadly long series of problematic updates, it seems like the smart choice.

Windows 8.1

It’s been a while since Microsoft broke Windows 8.1 with a bad update, but if you’re at all wary about these things (as am I), you should make sure Windows Update is not configured to install updates automatically, then wait a few days before installing them manually with Windows Update.

The more adventurous among you may choose to install the new updates right away via Windows Update, or even (shudder) configure Windows Update to do it all automatically.

Windows 7

If the organization you work for has paid for extended updates, your Windows 7 computer will get any applicable updates, but your IT folks probably do that for you anyway.

The rest of the world’s Windows 7 users can only wonder how much less secure their computers are without the new updates.