Version 28.0.1500.95 of Google’s web browser fixes several security vulnerabilities. The details are available in the official announcement.
All posts by jrivett
The back-room wrangling that dictates your online experience
Okay, so this isn’t exactly news, in the sense of being new. But it is interesting. And it most definitely does matter, to anyone who uses the Internet.
If you’ve ever wondered why Youtube videos are suddenly buffering, or why that download is taking so long, you probably assumed that the server was overloaded, or your Internet provider was having infrastructure issues. But there may be a deeper cause.
A handful of organizations – mostly commercial in nature – provide the backbone of the Internet: the network hardware that makes up the core of the net. Since its inception, these organizations have engaged in negotiations about how they move data amongst themselves. When the commercial web got off the ground, these negotiations began to involve large amounts of money. As with all negotiations, all parties try to get what they want for the least amount of effort and expense. The difference is that in these negotiations, when one party is unhappy with the results, they can make their feelings known by downgrading the service they provide.
All of these negotiations happen without much fanfare, and the fights ebb and flow according to changing technology and the rise and fall of the fortunes of individual companies. The net effect for Internet consumers is inexplicable changes in Internet speeds.
Ars Technica has a terrific overview of this process and its ramifications. It’s a long read, but well worthwhile. Maybe you can read it while you’re wating for that Youtube video to finish buffering…
Canada’s new anti-spam law
Canada is late to the game when it comes to anti-spam laws, but with the recent passing of the “Canadian Anti-Spam Legislation” (CASL), it’s about to get a lot harder for spammers to do their work here (yes, I’m in Canada).
As with other anti-spam laws, the focus of CASL is consent. The following activities will become illegal with the new law: sending a commercial electronic message to a recipient without the recipient’s consent; installing software on a recipient’s computing device without their consent; and altering electronic messages during transmission without the recipient’s consent.
Other activities that will become illegal with the new law include: collection of personal information through access to computing devices; and harvesting electronic addresses from the Internet through automated methods for the purposes of building bulk email recipient lists.
There is no set timeline for enforcement of CASL to begin, but it should be within a few months, and certainly by the end of 2013. Once the law becomes official (comes into force), immediate compliance is expected. However, there will be a three year transitional period during which consent may be assumed for existing relationships.
Several different agencies will be involved in enforcement of the new law: the CRTC, the Competition Bureau, and the Office of the Privacy Commissioner.
Additional highlights:
- Any commercial electronic message is assumed to be illegal, although there are exceptions.
- Potential recipients of commercial electronic messages cannot be added to recipient lists automatically. Explicit consent to receive such messages must be given by the potential recipient. In other words, commercial email list subscription must be “opt-in” instead of “opt-out”.
- Software must not be installed automatically on customer computers. This part of the law is meant to curtail the forced installation of unwanted software along with other (wanted) software.
The new law will present serious challenges to commercial organizations, so it would be wise for all such organizations to begin assessing its impact immediately. Penalties will typically take the form of very steep fines: up to ten million dollars.
An official FAQ for the new law is available.
New version of Chrome: 28.0.1500.72
A single minor fix is the only reason for this new version of Google’s web browser. It also seems to include the latest Flash, although given the way Google software updates itself, that may have happened silently between 28.0.1500.71 and 28.0.1500.72.
Microsoft says “your privacy is our priority” (unless the NSA is involved)
Over at TechDirt, a post by Tim Cushing details a recent leak published by The Guardian, showing that Microsoft values your privacy, unless the NSA comes calling. When the NSA asks for your ‘private’ information, Microsoft is happy to hand it over. This means that nothing you say on Skype, Outlook.com, Skydrive or Hotmail is safe from prying eyes.
Microsoft is quick to point out that nothing they’ve done is illegal, but that’s really the problem, isn’t it?
Updates for Flash
Version 11.8.800.94 of Flash was announced today. As always, “[t]hese updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.” For a more complete change list for this version, see the Flash Player 11.8 Release Announcement on the Flash Runtime Announcements page.
A patch for Internet Explorer 10 that includes a new version of Flash (also 11.8.800.94) was released by Microsoft today as well.
An update for Flash in Chrome should also become available from Google in the near future. The new version of Flash in Chrome will be 11.8.800.97.
New version of Chrome announced
Another new version of Google’s Chrome web browser was announced today.
Version 28.0.1500.71 of Chrome fixes several bugs and security vulnerabilities. It doesn’t seem to include the latest version of Flash, however.
Patch Tuesday for July 2013
It’s that time again. This month there are seven bulletins: “six Critical and one Important, addressing 34 vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, GDI+ and Windows Defender.”
The MSRC blog post has additional details.
Windows 8.1 available to manufacturers in late August
On July 8, at the Worldwide Partner Conference in Houston, Microsoft executives announced that Windows 8.1 will be released to manufacturing in late August. Still no word on when the update will become available to consumers in retail stores or through other channels.
Another question that remains is whether Windows 8.1 will be available through Windows Update or Windows automatic updates. If so, will it be a forced update, or will it be optional? In the past, Windows Service Packs (which are the closest analog to the 8.1 update) were available via Windows/auto update and – at least initially – not forced.
Windows 8.1 makes search even less useful
Microsoft has been gradually destroying Windows’ search capabilities since Vista. When I originally evaluated Vista, I discovered that searching for file contents would mysteriously fail if the search string only existed past the first ten kilobytes in the files being searched. I posted a video on Youtube to demonstrate the problem.
Vista search had a lot of problems, but I had discovered workarounds for most of its bizarre limitations. The 10K problem looked like a bug, so I dutifully reported it to Microsoft. After several hours on the phone with Microsoft Support, they were able to reproduce the problem and it was fixed in Vista Service Pack 1.
But the damage was done. With each new version of Windows, search has become increasingly useless, and I’m reluctant to trust it. I still try to use it, but I always go back to third party tools such as Everything and Fileseek, or even (when desperate), ancient DOS tools like FINDSTR.
The root of this gradual decline in Windows’ search functionality seems to be one of perspective. As clearly demonstrated by the Windows 8 UI, Microsoft no longer cares about ‘enthusiast’ users, which include power users, system administrators and software developers. For these elite users, the new UI just gets in the way, and the search tools are almost entirely useless.
<rant>Microsoft is making Windows a consumer-oriented O/S. What Microsoft doesn’t seem to realize is that while this change may solidify Windows as the consumer O/S of choice, and reduce support costs, they are driving enthusiast users, including me, to Linux. Worse, business IT departments are staffed with enthusiast users, and these are the people who evaluate software and make organization-wide recommendations. Eventually, these people are going to get tired of fighting Microsoft and look elsewhere for a corporate O/S.</rant>
All of which leads me to wonder how the otherwise reliable Ars Technica could publish an article extolling the virtues of the search changes coming in Windows 8.1. Possibly Ars has realized that Windows is now a consumer-grade O/S and adjusted their viewpoint to suit.
In Windows 8.1, search will be entirely integrated with the Bing web search engine. Any time you search for something, Windows will assume you want to search the web as well as certain specific areas of your local system. This also means that you’ll start seeing advertisements in your Windows search results.
Problems I see with this change:
- Blurring the line between local and web search is dangerous for privacy.
- For me, as with many users, there are distinct search use cases; there is almost never any reason to search the web when I’m looking for something on my local system, or search my local system when I’m looking for something on the web.
- The same applies when searching for locally installed programs or features; it’s an activity that’s completely separate from web searching.
- I was previously able (in Windows XP) to easily search local files in a particular folder and its subfolders, by file name and/or contents. Now that functionality has been eliminated: it is simply no longer possible to perform useful local searches and third party software is required.