There’s no particular need to install the very latest Java, version 8 Update 74. According to Oracle, “Java SE 8u74 is a patch-set update, including all of 8u73 plus additional features (described in the release notes).” The release notes don’t shed much light on the differences between 8u73 and 8u74, but they don’t appear to be of any importance for regular users.
In other words, if you’re already running Java 8 Update 73, you’re fine.
For those of you interested in the Windows 10 Insider Preview builds, the latest is build 14267, which was announced on February 18.
Build 14267 finally fixes the WSClient.dll error dialogs that were popping up in previous builds. Problems with certain front-facing cameras have been fixed. The ‘Reset this PC’ function is once again working properly with this build.
It’s now easier to use Cortana to identify playing music. There are several improvements to Edge, including Favorites management, an option to clear browsing data on exit, and better download management.
The newest version of Chrome includes a fix for one security issue and a few other minor bug fixes. The version 48.0.2564.116 announcement provides additional details, as does the full change log.
Here we go again. Researchers have discovered (actually more like rediscovered) a very bad flaw in the commonly-used GNU C Library, also known as glibc.
The flaw has existed, undiscovered, since 2008. It was discovered and reported to the glibc maintainers in July of 2015 (CVE-2015-7547), but nothing was done about it until Google researchers re-discovered the flaw and reported it on a public security blog.
The glibc maintainers reacted to the Google revelations by developing and publishing a patch. It’s not clear why such a serious vulnerability was not fixed sooner.
But that’s not the end of the story. Any computer or device that runs some flavour of Linux, including most of the world’s web servers and many routers, is potentially vulnerable. Individual software applications that are compiled with glibc are also potentially vulnerable.
Although it’s safe to assume that diligent sysadmins will update their Linux computers, tracking down all the affected software will take time. The Linux firmware running on routers and other network devices will be updated much more slowly, if at all. All of this opens up many exploitation possibilities for the foreseeable future.
The good news is that there are several mitigating factors. Many routers don’t use glibc. In some cases, default settings will prevent exploits from working. Android devices are not vulnerable. Still, this problem is likely to get worse before it gets better.
Update 2016Feb20: Dan Kaminsky just posted his analysis of the glibc vulnerability. It’s very technical, but if you’re looking for a deeper dive into this subject, it’s a great place to start. Dan helpfully explains why it’s difficult to predict just how bad things will get.
A post on Jeff Atwood’s Coding Horror blog describes the process Jeff uses to test the stability of new computers. It’s an intensive set of tests, and if your hardware is in the least bit flaky, this process will probably break it.
It’s been ages since Opera updated the classic (pre-Webkit) version of their browser. Although still available for download and still technically supported, the old version is obviously not Opera’s focus. Before yesterday, the latest version of classic Opera was 12.17, and hadn’t changed since April 2014.
Yesterday, in response to recent web-wide changes affecting security, Opera released a new version of the 12-series browser: 12.18. The associated announcement explains why this was done. Sadly, the new version isn’t even mentioned on the change logs page. There is still a link to the 12.17 change log, but that link is still broken.
In related news, Opera (the company that develops the Opera browser) is expected to be sold to a Chinese consortium in the near future. It’s difficult to predict how the new owners will influence the browser, but I’m not optimistic. I had begun switching from Firefox to Opera as my main browser, but that’s on hold for now.
Meanwhile, I’m looking at Vivaldi, an alternative browser developed by former Opera employees. So far it looks promising.
A couple of minor bug fixes and a Chromium Engine update prompted the release of Opera’s latest version, 35.0.2066.68. You can check out the full change log, but trust me, there’s not much there.
Ars Technica has an interesting look at how Moore’s Law is losing its relevance and will no longer be the focus of industry plans for the future of microprocessors.
Moore’s Law originated with a 1965 prediction of Intel co-founder Gordon Moore, which gradually came to mean that the number of transistors per microchip would double every twelve months. This prediction held true for decades but has been strained in recent years.
My Windows 10 testing computer is still on the Windows Insider Preview ‘Fast Ring’, which means it gets the very latest Windows 10 preview builds as soon as they become available.
The test machine was just updated to preview build 14257. This build includes a lot of bug fixes, including one for a nasty app crashing problem related to memory management. The WSClient.dll error dialog box problem has not yet been resolved.
If you use Google’s image management software Picasa, you should start looking into alternatives, because Picasa is headed for the chopping block on March 15. It will continue to work, but it will no longer be supported.
Thanks Google. I love your work, but getting us hooked on something only to yank it away again is getting very annoying.
boot13