Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Java, Patches and updates, Security, Windows

Java 7 Update 21 fixes 42 security issues

Leave a comment

As expected, Oracle yesterday released a new update for the series 7 Java Runtime Environment (JRE). Java 7 Update 21 includes fixes for a whopping forty-two security vulnerabilities.

Adam Gowdiak of Security Explorations reports that several of the issues previously reported by him have apparently been fixed in Java 7u21. He points out that one issue in particular took six weeks to fix, and that this delay was unwarranted.

Update 21 also includes some general security improvements. Java will now pop up security warnings whenever unsigned Java code starts to run. Requiring Java code to be signed is going to annoy some users, but given the number of Java security issues in recent months, this is definitely a good idea. The Internet Storm Center has additional details.

Given that most of the fixed vulnerabilities can allow remote attackers to gain control of unprotected computers, we recommend installing the update as soon as possible on any computer running Java, especially those with Java enabled in web browsers.

Unfortunately, as with most Java updates, the announcement from Oracle leaves much to be desired. The date of the announcement is buried toward the bottom of the document. The version of the update is never mentioned. Instructions to users are needlessly complex.

Microsoft, Windows 8.x

Windows 8.1 will bring back the desktop – sort of

Leave a comment

The Verge reports on rumours that Microsoft will make the new (formerly ‘Metro’) interface skippable in the next version of Windows 8. That next version is being referred to as ‘Windows 8.1’ and ‘Windows Blue’, and Microsoft may or may not make it a paid upgrade.

The details are sketchy, but it sounds like users will have a new option to boot straight to the desktop, bypassing the new UI. It’s unclear whether the Start menu will reappear; if it doesn’t, then the usefulness of this new option will be limited. The new UI will probably still rear its ugly head in many circumstances as well.

Java, Patches and updates, Security

Big Java security update expected today

Leave a comment

Yesterday, Oracle announced that it will soon issue a significant update for Java. The update will include fixes for forty-two known security vulnerabilities, including thirty-nine that may be remotely exploitable without authentication. Apparently the update will also introduce some new general security improvements.

Ars Technica has additional details.

The update is scheduled for release later today (April 16, 2013).

Security, WordPress and other CMS

Massive attack against WordPress web sites underway

Leave a comment

Ars Technica reports on evidence of a worldwide attack on WordPress web sites.

The attack seems to focus mainly on brute-force login attempts using the WordPress ‘admin’ account. Successful password guesses allow the attacker to gain full control over the site and install back-door software.

Anyone who operates a WordPress web site should quickly check their admin password and change it to something complex: no dictionary words; use of mixed case letters, numbers and punctuation; at least 10 characters long.

Microsoft, Patches and updates, Windows

Patch Tuesday update causing problems

Leave a comment

Apparently some Windows users are encountering problems after installing last Tuesday’s Microsoft updates. One of the updates, KB2823324 (aka MS13-036), is causing system errors on some Windows computers.

Affected users are advised to follow the instructions in a new bulletin, KB2839011 – You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324.

The original update has been pulled from the Windows Update site, and is no longer being pushed out to Windows computers with Autoupdate enabled.

Update: Microsoft is now saying that the update in question (KB2823324) should be removed from ALL Windows 7 computers. See bulletin KB2839011.

Microsoft, Patches and updates, Security, Windows

Advance notification for April 2013 Patch Tuesday

Leave a comment

It’s that time again. Microsoft has posted its usual notification about the next Patch Tuesday. This month’s patch day is on April 9. Anyone using Windows Autoupdate will start seeing the patches around 10am on that day.

There will be nine bulletins/updates this month, two of which are Critical, addressing Windows, Internet Explorer, Office, and server software. The technical details are available in the associated Security TechCenter post.