Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

All posts by jrivett


Java 8 Update 71 released

Oracle seems to be jealous of Microsoft’s ability to confuse the heck out of users. Of late, Java releases seem to come in two distinct versions, with the later version being typically unavailable to most users.

The latest update is a good example: the release announcement talks about Java 8u71 and 8u72, and says that 8u71 contains security fixes. It goes on to say that 8u72 contains the same bug fixes plus ‘additional features’.

If you use the Windows Java Control Panel to update Java on your computer, you’ll end up with Java 8u71. If you go to the main Java download page and choose one of the versions for Windows, again you’ll end up with 8u71. So what’s 8u72 for?

The release notes page for Java 8u71 describes a few non-security bug fixes. Oracle’s Critical Patch Update Advisory for January 2016 shows about eight security vulnerabilities that are addressed in Java 8u71. So if you use Java, you should install 8u71 as soon as possible.

More Flash updates

The latest version of Flash is 20.0.0.286, for most browsers. Microsoft Edge and Internet Explorer on newer versions of Windows are apparently still stuck at Flash 20.0.0.272.

Sadly, the information on the Adobe site related to these updates is inconsistent, confusing, or just missing.

The About Flash page doesn’t seem to agree with the announcement page. The former shows “Internet Explorer (embedded – Windows 8.x) – ActiveX 20.0.0.286”, while the latter shows “Flash Player 20 for Internet Explorer on Windows 8.1: 20.0.0.272”.

The Flash runtime announcement says “Security update details can be found here: Security Bulletin (APSB16-01)”. But the APSB16-01 bulletin is for the previous Flash updates. The linked URL is also wrong; it points to an even older bulletin: APSB15-32. And to top it off, the security bulletin that should exist (APSB16-02) for this update currently generates an error.

Hopefully Adobe will fix this mess ASAP.

Meanwhile, although the announcement doesn’t mention any security fixes in the new versions, it’s safe to assume they exist, so you should update Flash in any browser where it’s enabled.

As usual, Internet Explorer on new versions of Windows will receive these updates via Windows Update, and Chrome will get its new Flash automatically.

Update 2016Feb02: I reported the announcement and bulletin problems (noted above) to the author of the announcement. He replied that the About page would be fixed, and that he had fixed the link to the bulletin on the announcement page. Unfortunately, that link now goes to the bulletin for the previous Flash release. The author claims that bulletin still applies, but it really doesn’t, since it recommends the previous version of Flash.

Update 2016Feb04: According to the author of the announcement, there were effectively no changes in this Flash update. Certainly there were no security fixes. A link to the previous security bulletin was included simply because it was the most recent bulletin. The link text will be changed to make this more clear.

Windows 10 Insider Preview build 11099

My Windows 10 test computer just upgraded itself to the latest Insider Preview build, 11099.

I’m now on what Microsoft calls the ‘Fast Ring’, which means that I get new Windows 10 builds almost immediately after they become available. One of the drawbacks of this scheme is that these early builds tend to have more problems than regular releases. For me, that’s acceptable, because my test PC is not used for much aside from testing. I wouldn’t try this on my main computer.

The first thing I noticed about the new build is that the File Explorer progress dialogs are back. Those dialogs disappeared in the last build, which wasn’t a huge problem, but it was disconcerting.

The only other difference I’ve noticed in this build is a weird error message that pops up when Windows starts. There’s additional information, including a couple of possible fixes, over at Neowin.

I’ll post updates here as I work with the new version.

Shockwave 12.2.3.183 released

A new version of the Shockwave player is available from Adobe. The official download page correctly shows the new version as 12.2.3.183, and that’s what you’ll get if you install Shockwave Player from there.

Unfortunately, Adobe still lags behind in updating other web resources related to Shockwave. The Shockwave Player help page, which detects the version you’re running, correctly identifies the installed version, but claims that the newest version is 12.1.9.159. The release notes page for Shockwave 12.x lists the latest version as 12.2.1.171.

If you use a web browser with Shockwave enabled, you should install version 12.2.3.183 as soon as possible, because there are almost certainly security fixes in the new version.

Chrome 47.0.2526.111 released

A few minor bug fixes prompted the release of Chrome 47.0.2526.111 on January 13. None of the fixes are related to security. In most cases, Chrome will update itself automatically to the new version.

The change log has all the technical details, and since there are relatively few changes, the log probably won’t crash your browser when you try to look at it. You can also view the changes in the log in an easier to read format.

Patch Tuesday for January 2016

This month’s Microsoft updates are more interesting than usual, in that they are the last for versions of Internet Explorer earlier than 11. No more patches for older IE versions means you should avoid using them if at all possible, since they are likely to become a major target for malicious persons intent on spreading malware and increasing the size of their botnets.

It’s interesting to speculate on how much of a hit Microsoft will take in terms of browser share once people move way from IE 8, 9, and 10. Estimates vary, but I’ve seen recent numbers that show IE 8 at 9%, IE 9 at 7%, and IE 10 at 4%. If everyone does the right thing and switches browsers, Microsoft could lose as much as 20% of their browser market share.

There are ten updates from Microsoft this month, affecting Windows, Internet Explorer, Edge, MS Office, Visual Basic, Silverlight, and Exchange Server. Six of the updates are flagged as Critical. A total of twenty-five vulnerabilities are addressed.

When installed, the Silverlight update will bump the software’s version up to Build 5.1.41212.0. Silverlight’s release notes page has been updated to show what’s changed.

Three security advisories were also published by Microsoft today, the most interesting of which is titled Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program.

Adobe joins the fun once again this month, but this time we only get an update for Reader that addresses fifteen vulnerabilities. Surprisingly, there are no updates for Flash.

Update: Support for Windows 8 has also ended. Anyone still using Windows 8 should upgrade to Windows 8.1 to continue receiving updates.

Clarification: Microsoft will still develop security updates for Internet Explorer 7, 8, 9, and 10, as well as Windows XP, Vista, and Windows 8, because they are still supported for some business clients, and for some Windows Server versions. The updates just won’t be available to regular folks.

Disappointment: Google decides not to add a sidebar to Chrome

Chrome is a pretty good browser. I recommend it with few reservations. I even use it myself. But my use of Chrome is limited to a few sites that just work better in Chrome than in Firefox – at least for me.

The main reason I don’t use Chrome for most of my browsing, despite the fact that I really don’t want to use Firefox either, is the lack of a sidebar. No feature is more frequently requested for Chrome. And yet Google has resisted adding one.

Why is a sidebar such a big deal? Like many other people, I use the sidebar to show my bookmarks, in a nested tree format. This is an extremely efficient way to manage a lot of bookmarks. There’s just not enough room in the horizontal toolbar to do this; I can add folders and subfolders to the toolbar to create a drop-down menu effect, but I want the bookmarks I’m currently working with to stay on the screen and not disappear when I click one.

And I’m not the only one. Just look at the comments and votes for this bug in Chrome’s bug tracking system, and in this post in the Chrome support forum.

If you look at that bug, you’ll see that Google started the work to add a sidebar. But they must have run into a big problem, because today the bug was updated to the status ‘WON’T FIX’. That means we are unlikely to ever see a sidebar in Chrome. The update provides very little explanation, and points to the general Chrome FAQ. Presumably what they are referring to is the word ‘simplicity’ in the second point.

And so concludes another chapter in my love-hate relationship with Google. I think Google is terrific, and I depend on their services, but this is a huge disappointment.

Update: the WebKit-based Opera browser also doesn’t include a useful bookmark sidebar, but I’ve just discovered a sidebar extension called V7 Bookmarks, and so far I’m loving it. It looks like Opera will be my new main browser when I finally can’t stand Firefox’s bloat and instability any more.

Remove those annoying Windows 10 upgrade prompts

If you run Windows 7 or 8.x, you’ve probably seen for yourself the many ways in which Microsoft is trying to get people to upgrade to Windows 10, or at least to add unwanted Windows 10 features to your O/S. I wrote about my own experiences with this back in October. Here are a few observed examples:

  • ‘Get Windows 10’ icon in the notification area.
  • Windows Update installs tracking features from Windows 10.
  • Windows Update shows messages and special highlights encouraging users to upgrade.
  • Windows 10 installation files are downloaded to your hard drive.
  • Windows 10 upgrade runs without your approval.
  • Windows Update stops letting you install updates, and only lets you upgrade to Windows 10.

If you’re like me, you plan to upgrade to Windows 10 when you bloody well feel like it, and not when Microsoft decides you should. And, like me, you’re looking for ways to prevent all this annoying behaviour on your Windows 7 or 8.x computer.

One of the more annoying features of the ‘Get Windows 10’ icon is that even if you remove it (using instructions I posted earlier) it typically reappears for no apparent reason. This makes it seem more like a virus than anything helpful.

Microsoft’s own instructions for removing the ‘Get Windows 10’ icon, published only grudgingly after many user complaints, are poorly written and needlessly complicated. But rather than try to present a simpler guide here, I will instead point to a small utility that does all the work for you: GWX Control Panel, available as freeware from Ultimate Outsider.

GWX Control Panel
GWX Control Panel

GWX Control Panel shows the status of the ‘Get Windows 10’ app, whether Windows Update O/S upgrades are enabled, and whether there are any Windows 10 installation files on your computer. Buttons let you disable ‘Get Windows 10’, disable O/S upgrades in Windows Update, and clear the Windows 10 download folders (which, by the way, are typically huge). It’s totally safe and simple to use.

Sadly, Windows 10 will start appearing as a ‘Recommended’ update in Windows Update on Windows 7 and 8.x computers at some point in 2016. Hopefully the update will be clearly labeled and easy to ignore and/or hide.

How-To Geek has additional information.

WordPress 4.4.1 security release

A critical cross-site scripting (XSS) vulnerability in WordPress 4.4 and earlier versions has been addressed in a new WordPress version: 4.4.1.

Since this is a security release, anyone who administers a WordPress site is strongly encouraged to install the update as soon as possible. If your WordPress site is configured for auto-updates, it may have been updated already, but you should check it to be sure.

WordPress 4.4.1 also fixes a few minor non-security bugs. In all, 52 bugs were addressed in the new version. The release notes provide additional details.

You can also see what’s changed in 4.4.1 on the WordPress bug tracking site. Happily, the page on the other end of that link shows only what’s changed in WordPress 4.4.1, which is a lot more useful than Mozilla’s approach for Firefox, which is to list all changes since the last major version. The WordPress change list is also a lot easier to navigate (and understand) than the equivalent list for Google Chrome.