Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Chrome, Google, Patches and updates, Security

Chrome 53.0.2785.113

Leave a comment

The announcement for Chrome 53.0.2785.113 highlights five security issues that are addressed in the new version. It points to this page for details, but currently nothing is listed there. According to Google, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix.”

The full change log lists several dozen changes, most of which are minor bug fixes.

For most users, Chrome will update itself. To make sure you’re running the most recent version, click the menu button (at the top right; looks like three vertical dots), and select Help > About. If Chrome hasn’t already updated itself, this should trigger the update.

Adobe, Chrome, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for September 2016

Leave a comment

Microsoft’s contribution to our monthly headache is fourteen updates for their flagship software (Windows, Office, Edge, and Internet Explorer). Seven of the updates are classified as Critical. Over sixty separate vulnerabilities are addressed by these updates. One of the updates is for the version of Adobe Flash embedded in Internet Explorer 10 and 11, and Edge.

Not wanting to be left out, Adobe once again brings its own pile of patches to the table. Flash 23.0.0.162 includes fixes for at least twenty-six vulnerabilities. Google Chrome will update itself with the new Flash, and Internet Explorer 10 and 11, and Edge, get the new Flash via the update mentioned above. For all other browsers, simply visit the main Flash page to check your Flash version and update it as needed.

Hardware, Internet, IoT, Privacy, Windows

Cory Doctorow on the future of the privacy wars

Leave a comment

Noted writer and technology analyst Cory Doctorow just posted a new article on the Locus Online web site: “The Privacy Wars Are About to Get A Whole Lot Worse.”

After providing some background on the current privacy situation, and how we got here, Doctorow speculates on what will happen when even the absurd notice-and-consent terms of use agreements that we see (and blindly agree to) every day are gone, leaving us surrounded with devices that invade our privacy without any pretense at consent, all in the name of commerce.

In case you hadn’t guessed, we are talking about the Internet of Things. Despite plenty of warnings from privacy advocates, and numerous real-world examples of the consequences to privacy of poorly-designed devices, the current move toward ‘smart’, connected devices continues apace. And these devices won’t ask for your consent, they’ll just compromise your privacy by default.

Meanwhile, Doctorow wonders whether and when this will come to a head with some kind of legal challenge. There have been attempts to challenge the validity of terms of use agreements that nobody ever reads, but so far the results are not promising.

I’d like to see Microsoft singled out for its current Windows strategy, which includes gathering and transmitting user information, ostensibly for the purpose of providing better support, but which can also be used to better target advertising, another feature of newer versions of Windows. To be sure, these features are currently protected behind terms of use agreements, but even those could disappear in a world dominated by smart devices.

Doctorow is worried about this, and so am I.

Patches and updates, Vivaldi

Vivaldi 1.4

Leave a comment

A new release of Vivaldi features enhancements to theme support, including theme scheduling. Panels can now be different widths, and middle-clicking the garbage icon now restores the most recently closed tab.

Wait. Theme scheduling? Does anyone really need this? Frankly, I wish the Vivaldi developers would focus on the core issues, like tabs, bookmarks, and link handling, which are still a mess, in my opinion. Why is Vivaldi the only browser that doesn’t highlight the contents of the address bar on right-click?

The Vivaldi 1.4 release announcement has additional details, including a complete list of changes.

Google, Things that are bad

Google ‘mistake’ causes mass RSS outages

Leave a comment

Google runs an URL shortening service called goo.gl. It also runs an RSS feed service, technology purchased with FeedBurner. Both of these services are widely used on the web.

Over the weekend, goo.gl started blocking all URLs generated by FeedBurner. That meant all links used in FeedBurner feeds suddenly started showing scary-looking alerts instead of linked content.

Given Google’s history of creating useful services, waiting until they’re widely-used, then killing them off, you’d be excused for assuming that this is just the latest installment of the ‘Google rug pull‘. But according to Google, the problem was simply the result a mistake. Regardless, the cause was identified and rectified within a few days, but not before some users (including the technology blog Techdirt) switched to competing services.

Patches and updates, Security, WordPress and other CMS

WordPress 4.6.1: security release

Leave a comment

Two serious security vulnerabilities in WordPress 4.6 are fixed in the latest version, 4.6.1. Several other minor issues are also addressed. See the release notes for additional details.

WordPress sites that are configured to install minor updates automatically should be auto-upgraded to version 4.6.1 in the next few days, but anyone who manages a WordPress site should immediately verify this, and install the update manually if it’s not already running 4.6.1.

Boot13, Internet crime, Malware, Security

Recent Infosec highlights

Leave a comment

It sometimes feels like news in the world of information security (infosec) is a never-ending tsunami. With the almost-daily reports of breaches, malware, phishing, vulnerabilities, exploits, zero-days, ransomware, and the Internet of Things (IoT), it can be difficult to identify stories that are likely to be of interest to typical computer users.

Stories about infosec issues that are primarily academic may be interesting, but they’re unlikely to affect most users. Sometimes the impact of a security issue is exaggerated. Occasionally the threat is later found to be nonexistent or the result of faulty reporting.

In the past, I collected infosec stories and wrote about the most interesting and relevant ones in a single month-end roundup. This helped to manage the load, but it introduced an arbitrary and unrealistic schedule.

Starting today, I will occasionally post a few selected infosec stories in a single ‘highlights’ article. Without further ado…

Don’t be a victim of your own curiosity

Researchers in Germany discovered that most people click phishing links in emails, even when they don’t know the sender, and even when they know they shouldn’t do it. Why? Curiosity, apparently. It doesn’t just kill cats any more.

Promising new anti-phishing technology

On a related note, there’s a new reason to be optimistic in the fight against phishing. A proof-of-concept, prototype DNS greylisting service called ‘Foghorn’ would prevent access to unknown domains for 24 hours, or until the domain is identified as legitimate and whitelisted. Hopefully Foghorn will prove effective, and become available for regular users in the near future.

Scope of 2012 breaches of Last.fm and Dropbox finally revealed

Popular Internet radio service Last.fm suffered a breach way back in 2012, but the details were not revealed until very recently. According to a report from LeakedSource, as many as 43 million user passwords were leaked, and the passwords were stored using very weak security. If you had a Last.fm account in 2012, you were probably instructed to change your password. If you didn’t do it then, you should do it now.

Massively popular file sharing service DropBox was also breached in 2012, but again, the complete details of the breach are only coming to light now: passwords for as many as 60 million Dropbox user accounts were stolen. The validity of this information has been verified by SANS and Troy Hunt.

The usual advice applies:

  • If you have accounts for these services, change your passwords now, if you haven’t already.
  • Avoid using the same password for more than one service or site.
  • Use complex passwords.
  • Use password management software so you don’t have to remember all those unique passwords.
Chrome, Google, Patches and updates, Security

Chrome 53.0.2785.89

Leave a comment

The full change log for Chrome 53.0.2785.89 is another one of those browser-annihilating pages that you probably shouldn’t even try to load. Included in the boat-load of changes in Chrome 53 are thirty-three fixes for security vulnerabilities, making this an important update.

For most users, Chrome will automatically update itself, but given the number of security fixes, you should probably make sure. Click the funny little menu icon (three dots in a vertical line), then select Help > About from the menu. If Chrome isn’t already up to date, this should trigger an update.

There may be some interesting new features in Chrome 53, but the announcement doesn’t mention anything in particular. If anyone out there is patient enough to read the full change log and notices anything noteworthy, drop me a line to let me know, and I’ll update this post.