Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Internet Explorer 10 for Windows 7 now available

If you’re interested in using Internet Explorer 10 on Windows 7, head over to this Microsoft Downloads page.

Windows 7 users with autoupdate enabled will be upgraded to IE10 in the coming weeks. Currently, the new version doesn’t appear in Windows Update, but that will also change in the near future.

IE10 is much the same as IE9, but includes Javascript performance improvements, integrated spell-checking/correcting and better adherence to web standards like CSS3.

Vulnerabilities in latest Java

Oh no, not again! Adam Gowdiak of the Security Explorations research team has been hard at work, looking for holes in the latest Java (7u15). Here’s a quote from Mr. Gowdiak’s alert email:

We had yet another look into Oracle’s Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues (numbered 54 and 55), which when combined together can be successfully used to gain a complete Java security sandbox bypass in the environment of Java SE 7 Update 15 (1.7.0_15-b03).

Gowdiak has submitted his findings to Java’s developers, but there has been no official confirmation from Oracle/Sun as yet. Still, I’m cautioning Java users – especially those of us who have Java enabled in our web browsers – to exercise extreme caution, and flagging Java 7u15 as possibly vulnerable.

Ars Technica has more details.

Google Chrome 25 released

Version 25.0.1364.97 of Google’s Chrome web browser was announced yesterday.

The new version includes several security and other bug fixes, as well as some new features for web developers and voice recognition.

No mention of Java is made in the announcement linked above, but presumably the most recent Java security fixes found their way into this Chrome release.

Starting with this version, Chrome extension updates are no longer installed ‘silently’. This is a welcome improvement in security.

Microsoft doesn’t want you to use their software

In yet another move guaranteed to alienate users, Microsoft has decided to make using its new version of Office more difficult and expensive.

Until Office 2013, it’s been possible to transfer the software from one computer to another, and to re-install it on an upgraded computer. Microsoft even allowed people who used Office at work to install and use it on their home computers as well. This sort of realistic flexibility made it a lot easier to justify the rather hefty price tag for Office.

Unfortunately, with Office 2012, one set of Office media will be wedded to one particular computer forever. Non-transferable; one computer only.

As Peter Bright rightly points out in the post linked above, this penalizes a particular segment of computer users: the enthusiast. This includes a lot of the people who write about software and computers, so Microsoft can expect a lot more public backlash against this decision, as well as a general increase in the move away from MS Office toward alternatives like Apache OpenOffice, LibreOffice, NeoOffice, and Google Docs. Any conceivable increase in revenue stemming from this decision will be outweighed by these losses.

It seems clear that Microsoft is hell bent on driving away enthusiast/hobbyist/power users. Windows 8 is another example of Microsoft’s hostility toward power users.

As expected, more critical Java updates

Oracle/Sun has released Java version 7, update 15. What happened to update 14? Anyway, the new version includes a batch of security and other bugfixes they wanted to release with the last batch, and which were originally scheduled for release today. Confused yet?

Since the new version is all about fixing the rather horrible Java security vulnerabilities that have been revealed in recent weeks, you should go ahead and install the update, if you use Java. If you don’t use it, pat yourself on the back and count yourself lucky.

If you read the announcement linked above, you’ll notice that once again, determining the version being discussed is left as an exercise for the reader, since the version (7u15) is not mentioned anywhere on the page. There are plenty of references to the versions being replaced, which only adds to the confusion. Annoying.

Firefox version 19 released

Firefox 19 was released today, with the usual lack of a proper announcement, and a confusing jumble of change information from Mozilla.

Instead of a proper announcement for the new version, all we get is this post announcing a new, built-in PDF viewer.

As usual, the release notes for version 19 are confusing, but at least the new version is mentioned, albeit in an unusual congratulatory note to ‘new Mozillians’ – whatever they are. And, as always, the complete list of changes for version 19 actually includes every bugfix in recent history. When are they going to clean this stuff up, one wonders.

Still, a built-in PDF viewer will allow users to steer clear of at least one buggy piece of Adobe software in the form of a Reader plugin. It remains to be seen whether the new viewer has as many security issues as what it’s replacing.

Windows 7 users: install Service Pack 1

If you’re running Windows 7, and you haven’t already installed Service Pack 1, you should do so before April 9, 2013. After that date, Microsoft will no longer provide patches for Windows 7 without SP1. That includes security patches.

Microsoft will continue to supply patches for Windows 7 with SP1 until January 14, 2020.

The details are laid out in a related post on Microsoft’s Springboard blog.

Adobe Reader software currently being exploited

There’s a brief announcement on the Adobe Product Security Incident Response Team (PSIRT) Blog stating that Adobe is looking into reports of a new exploit for their Reader software. No further details are provided. Since this exploit is apparently being seen in the wild, we recommend extreme caution when opening PDF documents from unknown or untrusted sources. Better yet, switch to a different PDF reader like Foxit, thereby avoiding the dangers inherent in using Adobe Reader.

Update: Ars Technica has the details. Apparently the vulnerability was reported by the security company FireEye, and attacks based on the vulnerability have been seem in the wild. Further, the vulnerability is important because security in version 11 of the Reader software was supposedly much more difficult to circumvent.

Update 2: There’s a new post on the Security Advisory blog for Adobe Reader and Acrobat that covers this issue.

Update 3: Ars Technica points out that Adobe Reader 11 would protect users from this vulnerability, if its security settings were actually enabled by default (which they aren’t). On learning this, I immediately made the required changes to my installation of Reader, enabling Protected View. Check the bottom of this post for the procedure.

Update 4: Adobe announced that updates for the vulnerabilities in Reader will be made available some time during the coming week.

Enabling Protected View in Adobe Reader 11

  1. Start Adobe Reader.
  2. From the menu, select Edit > Preferences.
  3. Select Security (Enhanced) from the list on the left.
  4. In the Sandbox Protections section at the top, make sure that the setting for Protected View is All files.
  5. Click OK.

And here’s a screenshot:
AdobeReaderSecurity