Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Internet Explorer, Java, Patches and updates, Security, Windows

New Java version: 8 Update 131

Leave a comment

Earlier this week Oracle posted its quarterly Critical Patch Advisory for April 2017. Most of the Oracle software affected by these updates is likely only of interest to system administrators and developers, but buried in the advisory is a list of eight security vulnerabilities in Java 8 Update 121. Although it’s not mentioned in the advisory, those Java vulnerabilities are addressed in a new version of Java: 8 Update 131.

Anyone who uses a web browser with a Java plugin enabled should install Java 8 Update 131 as soon as possible. These days, Firefox, Chrome, and other Chrome-similar browsers like Vivaldi don’t support Java at all, so that leaves Internet Explorer. You can check whether Java is enabled in Internet Explorer by pointing IE to the official Java version test page.

Even if you don’t use a browser with Java enabled, you may have a version of Java installed on your computer, in which case you should consider updating it. You can find out whether Java is installed by looking for the Java applet in the Windows Control Panel. If it’s there, Java is installed; go to the Update tab and click Update now to install the new version.

Oracle sued by the FTC

If you visit the main Java page, you may notice a large all-caps message at the very top of the page: IMPORTANT INFORMATION REGARDING THE SECURITY OF JAVA SE. The message links to a page that discusses an ongoing lawsuit:

The Federal Trade Commission, the nation’s consumer protection agency, has sued us for making allegedly deceptive security claims about Java SE. To settle the lawsuit, we agreed to contact you with instructions on how to protect the personal information on your computer by deleting older versions of Java SE from your computer.

This is a good reminder that Java installers tend to leave old versions and related junk on Windows computers, and that you should always check for and remove old versions of Java after you install a new version. Visit the Java uninstall page and the Java uninstall help page to get started.

Android, Microsoft, Windows 10, Windows 7, Windows 8.x

Strange times for Microsoft

Leave a comment

Microsoft’s relentless push to get everyone using Windows 10 is creating problems for the software giant. At least one class action lawsuit is underway in Illinois, where annoyed users claim that Microsoft owes more than $5 million in damages related to Windows 10 upgrades, both wanted and unwanted.

Meanwhile, Windows is no longer the most popular way to access the Internet. As recently as 2012, up to 90% of all Internet access was via Windows, but that number has been dropping steadily in recent years, and it’s now at an all-time low. For the first time ever, another operating system is in first place: the mobile O/S Android. Microsoft has bet heavily on Windows 10 and its universal touch interface, alienating traditional desktop enthusiasts and power users in the process. But if consumers are increasingly choosing Android over Windows 10 for their mobile devices, where does that leave Windows?

Microsoft’s efforts to herd users towards their advertising platform Windows 10 includes discontinuing support for newer processors on older versions of Windows. While it’s clearly Microsoft’s prerogative to decide which hardware they support, there’s no obvious technical reason for this limitation. In light of Microsoft’s historical support for older systems, this is particularly annoying news for anyone expecting to be able to use Windows 7 or 8.1 with new hardware.

The April 12 publication of a set of exploits by hacking group The Shadow Brokers included several that were widely reported as unpatched zero-day Windows vulnerabilities. It turns out that most of those vulnerabilities were already fixed by March’s Patch Tuesday updates. While this is good news for Windows users, it raises questions about when and how Microsoft learned about the Shadow Brokers exploits, why there was no mention of the source in March’s patch release notes, and whether this has anything to do with the rescheduling of February’s Patch Tuesday updates. Update: TechDirt’s analysis.

Microsoft, Privacy, Windows 10

Windows 10 telemetry details revealed by Microsoft

Leave a comment

Microsoft has finally provided some details regarding Windows 10’s telemetry: the data Windows 10 collects and sends back to the Redmond mothership.

A recent post on the Windows blog (Windows 10 privacy journey continues: more transparency and controls for you) highlights three changes related to Windows 10 privacy:

  1. With the April 11 Creators Update, Windows 10 itself will provide more useful and detailed information about privacy settings, both during initial setup and in the Settings app.
  2. The privacy statement for Windows 10 has been updated.
  3. Most importantly, you can now see exactly what data is being collected from your computer and sent to Microsoft.

Telemetry data revealed

The information Windows 10 collects at the Basic privacy/telemetry/diagnostic level is listed in great detail on a new page on the Technet site: Windows 10, version 1703 basic level Windows diagnostic events and fields. The information is moderately technical, and may not be of much use to regular users, but it’s worth skimming if you have any concerns about Windows 10 telemetry.

There’s a similar new Technet page that describes, in somewhat more general terms, the data collected at the Full privacy/telemetry/diagnostic level: Windows 10, version 1703 Diagnostic Data.

Now someone just needs to review all that information, looking for red flags. Any volunteers?

Ars Technica: Microsoft opens up on Windows telemetry, tells us most of what data it collects

The Verge: Microsoft finally reveals what data Windows 10 really collects

Edge, Microsoft, Patches and updates, Privacy, Windows 10

Windows 10 Creators Update

Leave a comment

The next big update for Windows 10 was released on April 11, Patch Tuesday. Opinions differ as to the significance of the update: while Microsoft touts it as something amazing, others see it as something less than a major update.

Still, the new version contains incremental improvements, and a few changes that are likely to be useful. Interesting, but not particularly useful changes include Paint 3D, mixed reality support, and 4K gaming support. Visuals, Ink, Surface Dial, Bluetooth, notifications, background execution, Cortana, Skype, Windows Defender, Windows Store and app download all get modest improvements.

Enhancements to Desktop Bridge, which allows traditional desktop apps to be migrated to the new Windows UI, will make a lot of lives easier. The Windows Subsystem for Linux is also expanded with new functionality. The Edge browser gets some new features that are likely to be helpful for people who actually use Edge. A new Game Mode may make Windows 10 gaming slightly more palatable. Beam game streaming is now built into Windows 10. A new feature called Night Light allows Windows 10 to reduce blue light from a display at specific times.

Windows 10’s privacy settings are overhauled in the new version, including a new privacy dashboard, although the overall result seems to be less control rather than more. The window of time during which Windows 10 can update itself has been widened slightly, but there’s still no way to avoid Microsoft’s remote fiddling unless you’re using an Enterprise version.

All in all, there’s nothing particularly objectionable about this update, and there are enough improvements to make it worthwhile. Which is good, because you’ll get it whether you want it or not. Whenever Microsoft wants you to get it.

More information from Microsoft

Update 2017Apr28: Microsoft says the first phase of the Creators Update rollout is underway. In this phase, only computers with new hardware are being updated. The next phase won’t start until Microsoft is happy with phase one, so it’s difficult to predict when that will happen. Microsoft also recommends enabling ‘full’ telemetry/diagnostic/privacy settings to help diagnose any issues the update may encounter (they’re hoping you’ll forget to disable them as well). Apparently further rollout could be blocked indefinitely if serious issues are encountered at any phase. You can download the update from the Microsoft Download Center, but Microsoft cautions that doing so bypasses blocks and may be somewhat risky. Ars Technica has more.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Silverlight, Windows

Patch Tuesday for April 2017

Leave a comment

As of this month, Microsoft is no longer publishing security bulletins. What we get instead is the Security Update Guide, an online database of Microsoft updates. Instead of a nice series of bulletins in my RSS reader, I get a single notification that contains almost nothing of use, aside from a link to the Security Update Guide. It also recommends enabling auto updates. Suffice to say that they won’t need to change the wording next month.

Security Update Guide

I’m sure it’s possible to create an online update database that works, but the Security Update Guide doesn’t qualify. In the hour I’ve spent so far trying to use it, what I usually see is an empty list. On the occasions when updates were shown, attempting to navigate from there also produced blank lists. Presumably this is happening because the site is overwhelmed, this being Patch Tuesday, but it’s also an excellent demonstration of why simpler systems are often better.

But even assuming that the current (as of 2017Apr11 13:00 PST) issues are transitory, information about the current set of updates that I did manage to see (in brief glimpses) was scattered among hundreds of items in the list. There is an always-visible link to a release notes page for the month’s updates, but sadly that page is far less useful than the summary bulletins previously provided. Aside from a few notes about special cases, all we get is this:

The April security release consists of security updates for the following software:
Internet Explorer
Microsoft Edge
Microsoft Windows
Microsoft Office and Microsoft Office Services and Web Apps
Visual Studio for Mac
.NET Framework
Silverlight
Adobe Flash Player

For the period between March’s Patch Tuesday and today, the guide shows 233 total items. To learn more, you have only one obvious option: go through every item in the list, looking for unique Knowledge Base article numbers in the More Info column, and clicking them to see the related KB article. I think I’ll leave that as an exercise for the reader. If Microsoft improves the guide sufficiently, I’ll go back to providing a more detailed breakdown of the monthly updates.

Update 2017Apr12: On Microsoft’s Security Update Guide, you’ll find a small Download link at the top right of the update list. You can use this to open the update list in Excel, which is a lot easier than using the flaky web-based tool. Using this method, I was able to count the number of unique updates, and it looks like there are forty-two, with forty-four vulnerabilities addressed. CERT’s count is sixty-one.

Update 2017Apr18: Ars Technica wonders if anyone likes the new Security Update Guide.

Update 2017May05: One of the updates is a new version of Silverlight (5.1.50906.0) that addresses a single security issue.

Adobe’s Contribution

As is now almost traditional, Adobe published their own set of updates today. This month we get updates for Flash (seven issues addressed) and Acrobat/Reader (47 issues addressed).

If you still use a web browser with a Flash plugin, you should update it as soon as possible. Internet Explorer and Edge will of course get their own Flash updates via Microsoft Update, while Chrome’s built-in Flash will be updated automatically on most computers.

Patches and updates, Vivaldi

Vivaldi 1.8

Leave a comment

The latest version of Vivaldi sports a reworked browsing history, and better control over audio, as well as several bug fixes. The release announcement lists all the changes. None of the changes appear to be related to security.

Vivaldi 1.8’s new history interface is a real improvement over what’s available in other browsers. Anyone who spends a lot of time reviewing their browsing history will appreciate the new calendar view.

Despite the improvements, I’d rather the Vivaldi development team spend their time fixing issues with the user interface. The sidebar bookmark editor is still weirdly difficult to use, and it’s also now apparently impossible to remove. There are still inconsistencies in the way links and bookmarks are handled, and the browser still lacks options that would allow complete control over whether links and bookmarks open in new tabs.

Update 2017Apr05: the full version number is 1.8.770.50.