Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett

Patches and updates, Security, Vivaldi

Vivaldi 1.15.1147.64: security fixes

August 11, 2018 jrivett Leave a comment

Vivaldi is based on the open source Chromium browser engine. When Chromium gets security updates, Vivaldi’s developers have to ‘backport’ those changes to Vivaldi, or leave Vivaldi users exposed to known security threats.

The Vivaldi developers do a good job of staying on top of this, and sometimes release a new version of Vivaldi in which the only changes are security fixes backported from Chromium. Vivaldi 1.15.1147.64 is the most recent example of this.

You can check your verison of Vivaldi by clicking the menu button at the top left of the browser, then selecting Help > About. If you’re not running the latest version, Vivaldi should offer to update itself.

Microsoft, Windows 10

Microsoft finally making Windows 10 updates less disruptive

July 26, 2018 jrivett Leave a comment

One of Windows 10’s most frustrating features is the way it installs updates. Unless you’re using an enterprise version, updates are almost completely out of your control. You can’t prevent them from installing, and there’s very little you can do to control when they install, or when your computer restarts to complate installation.

While developing Windows 10, Microsoft somehow failed to understand that downloading, installing, and rebooting for updates automatically at potentially inconvenient times might be annoying to users.

The good news is that Microsoft is finally going to do something about this. What did it take to get Microsoft to look at the problem? A steady stream of customer complaints, starting immediately after Windows 10 was released.

The bad news is that you still won’t have any real control over when updates happen. Instead, Microsoft is planning to improve Windows 10’s ability to detect that a computer is in use before it automatically reboots. This is from the recent post Announcing Windows 10 Insider Preview Build 17723 and Build 18204:

“We trained a predictive model that can accurately predict when the right time to restart the device is. Meaning, that we will not only check if you are currently using your device before we restart, but we will also try to predict if you had just left the device to grab a cup of coffee and return shortly after.”

It’s too early to know how well this will work in practise, but at least it’s a (small) step in the right direction.

Chrome, Google, Patches and updates, Security

Chrome 68.0.3440.75: security fixes, address bar changes

July 26, 2018 jrivett Leave a comment

The latest version of Chrome includes fixes for forty-two security vulnerabilities. It’s also the first version that will display Not Secure in the address bar for all non-encrypted web pages. When that indicator appears, traffic to and from the viewed page is not being encrypted.

Viewing a non-encrypted web page is not particularly risky, as long as no private information is being transmitted. That means user names, passwords, email addresses, credit card numbers, and so on. However, as discussed here previously, unencrypted sites open up a world of possibilities for intercepting and modifying web traffic.

The release announcement for Chrome 68.0.3440.75 provides additional details regarding the security issues addressed.

The simplest way to update Chrome is also the best way to determine which version you’re running: click the three-vertical-dots icon at the top right, then select Help > About Google Chrome. If your browser isn’t already up to date, this will usually trigger an update.

Java, Patches and updates, Security

Java 8 Update 181

July 19, 2018 jrivett Leave a comment

Oracle’s latest Critical Patch Update (CPU) Advisory — for July 2018 — as usual includes a section about Java.

A new version of Java (8 Update 181) addresses eight security vulnerabilities in earlier versions. The Release Highlights page for Java 8 provides additional details on changes in Update 181, most of which are likely only of interest to developers.

If you use Java, and in particular if you use a web browser that has Java enabled, you should install Java 8 Update 181 as soon as possible. Note that the only modern browser that still runs Java applications is Internet Explorer. The easiest way to update Java is to run the Java applet in the Windows Control Panel: on the Update tab, click the Update Now button.

Internet, Security

A strong case for encrypting all web sites – even simple ones

July 13, 2018 jrivett 1 Comment

Troy Hunt has put together a video that demonstrates various ways that traffic coming from an unencrypted web site can be dicked around with, for various nefarious purposes, using a technique called a Man In The Middle (MITM) attack.

You can usually tell if a web site is encrypted by looking at your web browser’s address bar. For example, URLs for this web site (boot13.com) should appear in the address bar with a lock, followed by https:// rather than the unencrypted http://. If you try to access any part of this site using http://, you’ll be redirected to the equivalent https:// address.

Although the video does get a bit technical, it’s worth watching all 24+ minutes. You should understand enough of it to see the danger.

Perhaps the most interesting of Troy’s observations is that encrypting a web site doesn’t really provide any direct benefit to the site’s owner. This is not about protecting your web site; it’s about protecting its visitors. In other words, encrypting your web site is an act of altruism.

After watching Troy’s video, I immediately started an evaluation of all my own web sites, as well as those of clients, to make sure that all traffic coming from them is encrypted. Most are already using HTTPS, but some don’t force the use of HTTPS.

Troy Hunt’s video

If you run a web site, you should realize by now that there’s no good reason to avoid turning on encryption. It’s also easier than ever, and — thanks to Let’s Encrypt — no longer has to cost anything. The HTTPS Is Easy video series is a good starting point if you’re not sure how to proceed.

Update 2018Aug08: Sadly, people in remote and underserved locations are having a lot of trouble accessing sites via HTTPS. While that certainly sucks for them, I’m confident that solutions to the specific technical issues involved will be found.

Adobe, Flash, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for July 2018

July 10, 2018 jrivett Leave a comment

Adobe and Microsoft have issued their monthly updates for July, so even if you’d rather be doing anything else, you should be patching your computers.

We’ll start with Microsoft. As usual, this month’s Security Update Release bulletin serves as little more than a link to the Security Update Guide (SUG), Microsoft’s labyrinthine replacement for the individual bulletins we used to get.

In my experience, the SUG is much easier to digest in the form of a spreadsheet, so the first thing I do there is click the small Download link at the right edge of the page, to the right of the Security Updates heading. If you have Excel — or something compatible — installed, you should be able to open it directly.

Once the spreadsheet is loaded, I recommend enabling the Filter option. In Excel 2007, that setting is in the Sort & Filter section of the Data ribbon (toolbar). This makes every column heading a drop-down list, which allow you to select a particular product or platform, and hide everything else.

Analysis of this month’s updates from the SUG spreadsheet shows that there are sixty-two distinct updates, addressing fifty-three security vulnerabilities in Flash, Internet Explorer, SharePoint, Visual Studio, Edge, Office applications, .NET, and all supported versions of Windows. Seventeen of the updates are flagged as Critical.

As for Adobe, there are updates for Flash (version 30.0.0.134) and Acrobat Reader DC (version 2018.011.20055). The Flash update fixes two vulnerabilities, one of which is Critical. The Acrobat Reader DC update includes fixes for over one hundred security bugs.

SANS, Security, Spam and scams

How to spot phone call scams

July 5, 2018 jrivett Leave a comment

Have you been getting a lot of scam phone calls lately? I sure have. On both the land line and my business cell phone. Some callers claim that I’m being sued by the government or that I’m under investigation. Others want me to think there’s something wrong with my computer and that they have the only fix.

I’m pretty good at spotting these scams, and for me, they’re sometimes entertaining, but usually just annoying. For some people, especially elderly folks with little technical knowledge, these calls can be a horrible trap.

The latest edition of the SANS OUCH! Newsletter is all about phone scams: how to spot them, and what to do when you receive them.

Firefox, Mozilla, Patches and updates, Security

Firefox 61.0 – security and performance improvements

June 29, 2018 jrivett Leave a comment

The latest Firefox release features faster page load times and tab switching, improvements to search provider setup, an improved dark theme, better bookmark syncing, and at least eighteen security fixes.

Settings related to the home page and ‘new tab’ page are now in their own section on Firefox’s Options pages. You can access the new section directly using this URL: about:preferences#home.

The Firefox 61.0 release notes provide additional details.

On most computers, Firefox will update itself. You can encourage it by visiting the About page: click the hamburger button, then select Help > About Firefox.

Chrome, Google, Patches and updates, Security

Chrome 67.0.3396.87

June 14, 2018 jrivett Leave a comment

A new version of Google’s web browser was announced on June 12. Chrome 67.0.3396.87 (change log) is a bug fix release; a single security vulnerability is addressed. Check your version by navigating Chrome’s menu to Help > About Google Chrome.

Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for June 2018

June 12, 2018 jrivett Leave a comment

The June 2018 Security Update Release bulletin on Microsoft’s TechNet blog is almost devoid of useful information, but if you click the link to the Security Update Guide, then click the big Go To Security Update Guide button, you’ll see a link to the release notes for this month’s updates.

According to the release notes, this month’s updates affect Internet Explorer, Edge, Windows, Office, Office Services and Web Apps, Flash embedded in IE and Edge, and ChakraCore. Analysis of the information in the SUG reveals that there are forty updates, fixing fifty-one separate vulnerabilities. Eleven of the vulnerabilties are flagged as Critical.

All posts by jrivett

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.