Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Java Update (hopefully) fixes recent 0-day vulnerability

A new update for Java (Version 7, Update 11) was released today. This update is supposed to fix the serious 0-day vulnerability discovered last week. Anyone using Java 7 in a web browser should install this update immediately. Given the recent track record of Oracle/Sun (Java’s developer), it remains to be seen whether this update actually fixes the vulnerability. I will wait for Adam Gowdiak to weigh in before I’m certain one way or the other.

Technical details:

Update 2013Jan17: An interesting post over at NetworkWorld reviews what’s being said about the state of Java’s vulnerability.

Latest Java still vulnerable, new exploits in the wild

A new vulnerability in all the most recent versions of Java is already being exploited in the wild. It’s being called a critical zero-day bug, meaning that the vulnerability can be exploited right now, before the developers have had a chance to fix it, and that it allows for serious security breaches.

The Ars Technica article linked above points out that several hacking toolkits have already been updated to include exploits specific to this vulnerability.

Our advice on using Java remains the same: if you require Java to be enabled in your web browser, use the available security features to prevent Java from running in any context where it’s not actually necessary. If you only require Java to be available outside of a web browser, disable Java in your web browser. If you don’t need Java at all, disable or remove it completely.

For additional details, see the CERT post. Mozilla has a helpful post about protecting users from this vulnerability.

Update 2013Jan12: Adam Gowdiak has weighed in on this issue. According to Mr. Gowdiak, this new vulnerability is the result of a previous vulnerability being improperly fixed by an earlier patch.

And now, an apology: somehow I missed the release of Java Version 7 Update 10, which apparently became available on December 12, 2012. That version addressed a variety of vulnerabilities and other bugs, and enhanced security in general with new features like the ability to prevent any Java application from running in a web browser.

Downgrade from Windows 8 to Windows 7

Lifehacker has an interesting post that points to information from Microsoft on downgrading Windows 8 to Windows 7.

The downgrade option is not available for all new PCs and license types. The Microsoft page linked above goes over the details.

There are a lot of legitimate reasons one might want to downgrade.

It’s no longer possible to purchase a PC with Windows 7, so anyone buying a new PC will get Windows 8 by default. Being forced to switch operating systems by a big corporation is annoying for many people. You know, people who prefer to have a choice.

If you’re not interested in learning the new O/S, or setting the computer up for someone who is comfortable in Windows 7 (say your grandmother) and doesn’t want to change, this is a useful option.

I’ve personally downgraded a set of Windows computers like this, when software required for a business just didn’t run with the delivered O/S. Sure, it’s the developers’ fault, but waiting for a fix wasn’t an option.

You may use hardware and/or drivers that don’t work on the new O/S, in which case, again, you don’t have much choice until you buy new hardware or (if you’re very lucky), the hardware maker produces new drivers.

Corporate IT providers use the downgrade option more than anyone. There’s a constant need to replace aging PC hardware, but upgrading operating systems involves an enormous amount of re-training that most companies would prefer to do on their own schedule, instead of Microsoft’s.

And so on.

Suprisingly, a lot of the comments on the Lifehacker story are negative. “just learn the new O/S” is a common refrain. Unpaid (or possibly paid) marketing drones, all of them.

Adobe announces patches for Reader and Flash

As expected, Adobe has released new versions of its Acrobat/Reader software to coincide with Microsoft’s Patch Tuesday for January 2013. Adobe also announced new versions of Flash today.

An Adobe Reader bulletin identifies new versions for the 9, 10 and 11 series of Reader software as 9.5.3, 10.1.5, and 11.0.1 respectively. Anyone who uses Adobe Acrobat/Reader software is strongly encouraged to install the appropriate new version. As usual, the new versions address security and crashing issues.

A Flash bulletin identifies the new version of Flash as 11.5.502.146. This version is for all web browsers except Chrome and Internet Explorer 10, which now use embedded Flash code. The most recent version of Flash in Google Chrome at this time is 11.5.31.137. The most recent version in Internet Explorer 10 is 11.3.378.5. As usual, the new versions address security and crashing issues.

Patch Tuesday for January 2013

Patch Tuesday comes early this month, since January started on a Tuesday. There are seven bulletins, addressing twelve issues in Windows, admin software and developer tools.

January 2013 bulletins