Category Archives: Patches and updates

Opera, Patches and updates

Opera version 16 released

Leave a comment

The new WebKit-based Opera browser has been updated to version 16. The browser still looks and acts almost exactly like Google Chrome, and as such there’s not much to recommend it. Many features that worked well in the non-WebKit version of the browser – still available as version 12 – are missing from version 16. That includes the auto-update feature. In fact, there isn’t even a link on the About page or in the browser’s menus that points to a download page. My advice is to give this browser a pass. If you still like and use the old Opera 12 browser, keep your fingers crossed that it will continue to receive updates.

Firefox, Patches and updates

Firefox 23.0.1

Leave a comment

A new version of Firefox was released yesterday. Version 23.0.1 apparently fixes three minor bugs, none related to security.

There was no official release announcement for this new version. The release notes are exactly the same as for version 23, with the three fixed bugs just added the top of the list of changes. The ‘complete list of changes’ link still points to an enormous list of bugs that appear to all be related to version 23.

I won’t bother rehashing everything that’s wrong with the way new Firefox versions are being documented by Mozilla. For that, see my post about Firefox 23.

Microsoft, Patches and updates, Security, Windows XP

When Windows XP support ends…

Leave a comment

After April 2014, it will no longer be possible to obtain security updates for Windows XP – unless you’re paying Microsoft a ton of money. This has some interesting ramifications.

Clearly, there will be renewed interest in the aging O/S as an attack target. New vulnerabilities will continue to appear, but will remain unpatched on most Windows XP computers. Tools that exploit these vulnerabilities will increase in value, resulting in a boom for anyone developing them.

Depending on how many XP systems remain after April 2014, and the number and seriousness of vulnerabilities discovered after that date, there may be some backlash against Microsoft. There may be calls to extend support for XP even further. It’s possible that as many as one third of all computers and devices will still be running XP after support expires.

If Microsoft declines to extent support, you can bet that any new patches they develop for XP will find their way into the hands of regular users through unauthorized torrents and underground web sites.

On the other hand, while keeping Windows XP patched is obviously an important part of an overall security plan, there are other ways to protect yourself. Most users these days connect to the Internet through a router/firewall, which – if configured correctly – makes it almost impossible for an attacker outside the router to identify or even detect a computer inside the router. So, while I’m not recommending that you ignore this problem (you should really upgrade to Windows 7), there may not be a reason to panic if you’re still running Windows XP next year.

Update 2013Aug21: Another ComputerWorld post on this subject, and a post from ZDNet.

Internet Explorer, Microsoft, Patches and updates, Security, Windows

Today is Patch Tueday for August 2013

Leave a comment

It’s that time again. This month Microsoft has issued eight bulletins, with three of them flagged as Critical. The associated patches affect Windows and Internet Explorer. The August 2013 security bulletin has all the technical details. A post on the Microsoft Security Response Center has a somewhat friendlier summary. For a slightly different view of this month’s updates, check out this post on the SANS Internet Storm Center.

Microsoft, Patches and updates, Windows 8.x

Windows 8.1 update coming in October

Leave a comment

Windows 8 Service Pack 1 8.1 will be made available starting some time in October 2013, according to various sources.

Included in the free update will be several tutorials on the new user interface. The exclusion of such tutorials in Windows 8 was a strange decision by Microsoft, since they were in every previous version of Windows.

The update will also include a variety of changes related to user interaction, affecting the use of touch, mouse and keyboard input. Context menus will be improved for better usability.

Related:

Update: Microsoft has set a firm date for availability of Windows 8.1: October 18, 2013.

Firefox, Patches and updates

Firefox 23 released

3 Comments

Another new version of Firefox was made available yesterday. Along with the usual crop of security bug fixes, version 23 sports a few changes worthy of mention:

  • A shiny new logo.
  • A Network panel was added to the Web Developer Tools. This panel shows the network activity associated with web browsing, including load times.
  • The HTML text ‘blink’ attribute has been removed. Blinking text has fallen out of fashion, and it’s generally seen as not user-friendly and non-accessible.
  • The ‘Disable Javascript’ setting has been removed from the Options dialog. The developers feel that since disabling Javascript causes many web sites to fail, the option should be hidden. The Javascript options are still accessible via about:config.
  • The ‘Load images automatically’ setting was removed from the Options dialog. Again, the developers decided that this option was too dangerous for most users. You can still find the setting in about:config.
  • The ‘Always show the tab bar’ setting was removed from the Options dialog. Like the other removed settings, somehow this option was felt to be too dangerous for most users. You can still find the setting in about:config.

Firefox version announcements still lacking

Update 2016Jan06: The release notes page for Firefox 23.0 no longer exists. It was moved to an archive site by Mozilla, but must have been lost in the process. There’s a broken link to the missing page on the Releases/Old/2013 page.

As always, there was no proper announcement for this release. I discovered the new version when I was reading Hacker News. I’ve outlined the problems with Firefox’s online resources in several previous posts, so I’ll just provide a brief list here. Suffice to say that nothing has improved since Firefox 22.

  • According to Mozilla, the Mozilla Blog is where new versions of Firefox are announced. The blog has an RSS feed, which is good, and whenever a new version of Firefox becomes available, there is usually at least one post on the blog that describes some of the new version’s features. But these posts do not qualify as release announcements, because they never mention the new version number, or even that there is a new version! Here’s the ‘announcement’ for Firefox 23: Firefox Makes it Easy to Share Your Favorite Content with Friends & Family.
  • The main release notes page has several problems, all of which would result in a failing grade in any ‘Web Pages 101’ course:
    • the page’s title makes no mention of the version;
    • the version isn’t mentioned in any of the page’s headings;
    • the first text on the page reads "Firefox Notes (First offered to release channel users on…", which makes it sound as though some ‘notes’ are being offered, not a specific version of Firefox;
    • the version is only visible in the page’s URL, which is barely human readable, and in an aside that thanks contributors.
  • A link on the release notes page titled ‘complete list of changes‘ points to a list of bugs in Mozilla’s bug tracking system. The list is huge, and the information is highly technical and not really intended for regular users.
  • The main download page never mentions the version, although all of the download links point to the most recent version.
  • The hidden ‘security advisories‘ page lists Firefox security vulnerabilities by the date on which they were first reported by Mozilla, with no indication of which vulnerabilities have been fixed, or when they were fixed. This is somewhat mitigated by the also hidden ‘known vulnerabilities‘ page, which lists security vulnerabilities and the versions of Firefox in which they were fixed.
Opera, Patches and updates

Opera 12.16 and 15.0

Leave a comment

Version 12.16 of Opera contains only a minor change, to the code signing certificate.

It appears that the classic Opera browser is soon to become extinct. Opera’s developers decided to toss out their distinctive browser and the ‘Presto’ engine on which it was based. Instead, starting with version 15.0, Opera will be based on the Webkit engine. As a result, Opera 15.0 is virtually indistinguishable from Google Chrome. If there’s a specific reason you’ve avoided Chrome in the past, that reason now applies equally to Chrome. For instance, Chrome has no sidebar feature, and now neither does Opera.

I have been unable to discover how long Opera’s developers will continue to update and support the 12.x series browser.

Opera version 15.0 is now available, but I can’t bring myself to recommend it. If you want to try it, just look at Chrome.