boot13Windows 10 preview builds are being pushed out more frequently these days. Build 14271 doesn’t include anything particularly exciting, consisting mostly of minor bug fixes. The associated announcement provides details.
Opera 35.0.2066.82
The Opera web browser is based on Google’s Chromium ‘engine’ – the same core software that powers the Chrome browser. Aside: the Chromium browser engine is not to be confused with the other ‘Chromium’ – Google’s operating system, ChromiumOS. What is it with big corporations and confusing names?
Anyway… when Chrome gets a security fix, an Opera release with the same fix will soon follow. Opera 35.0.2066.82, announced on February 23, contains the same updated version of Chromium as Chrome 48.0.2564.116, which was released on February 18.
The Chromium security issue addressed in the latest versions of Opera and Chrome is CVE-2016-1629. The bug potentially allows attackers to bypass Same Origin Policy (SOP) measures that normally prevent scripts on other hosts from running.
If you use Chrome or Opera, or any other web browser based on the Chromium engine, you should update it as soon as possible. Chrome and Opera have self-updating features which can be triggered by navigating to their respective ‘About’ pages.
Java 8 Update 74
There’s no particular need to install the very latest Java, version 8 Update 74. According to Oracle, “Java SE 8u74 is a patch-set update, including all of 8u73 plus additional features (described in the release notes).” The release notes don’t shed much light on the differences between 8u73 and 8u74, but they don’t appear to be of any importance for regular users.
In other words, if you’re already running Java 8 Update 73, you’re fine.
Windows 10 Insider Preview Build 14267
For those of you interested in the Windows 10 Insider Preview builds, the latest is build 14267, which was announced on February 18.
Build 14267 finally fixes the WSClient.dll error dialogs that were popping up in previous builds. Problems with certain front-facing cameras have been fixed. The ‘Reset this PC’ function is once again working properly with this build.
It’s now easier to use Cortana to identify playing music. There are several improvements to Edge, including Favorites management, an option to clear browsing data on exit, and better download management.
Chrome 48.0.2564.116
The newest version of Chrome includes a fix for one security issue and a few other minor bug fixes. The version 48.0.2564.116 announcement provides additional details, as does the full change log.
Critical security flaw affects millions of systems
Here we go again. Researchers have discovered (actually more like rediscovered) a very bad flaw in the commonly-used GNU C Library, also known as glibc.
The flaw has existed, undiscovered, since 2008. It was discovered and reported to the glibc maintainers in July of 2015 (CVE-2015-7547), but nothing was done about it until Google researchers re-discovered the flaw and reported it on a public security blog.
The glibc maintainers reacted to the Google revelations by developing and publishing a patch. It’s not clear why such a serious vulnerability was not fixed sooner.
But that’s not the end of the story. Any computer or device that runs some flavour of Linux, including most of the world’s web servers and many routers, is potentially vulnerable. Individual software applications that are compiled with glibc are also potentially vulnerable.
Although it’s safe to assume that diligent sysadmins will update their Linux computers, tracking down all the affected software will take time. The Linux firmware running on routers and other network devices will be updated much more slowly, if at all. All of this opens up many exploitation possibilities for the foreseeable future.
The good news is that there are several mitigating factors. Many routers don’t use glibc. In some cases, default settings will prevent exploits from working. Android devices are not vulnerable. Still, this problem is likely to get worse before it gets better.
Update 2016Feb20: Dan Kaminsky just posted his analysis of the glibc vulnerability. It’s very technical, but if you’re looking for a deeper dive into this subject, it’s a great place to start. Dan helpfully explains why it’s difficult to predict just how bad things will get.
Testing your computer’s stability
A post on Jeff Atwood’s Coding Horror blog describes the process Jeff uses to test the stability of new computers. It’s an intensive set of tests, and if your hardware is in the least bit flaky, this process will probably break it.
Opera 12 isn’t dead yet
It’s been ages since Opera updated the classic (pre-Webkit) version of their browser. Although still available for download and still technically supported, the old version is obviously not Opera’s focus. Before yesterday, the latest version of classic Opera was 12.17, and hadn’t changed since April 2014.
Yesterday, in response to recent web-wide changes affecting security, Opera released a new version of the 12-series browser: 12.18. The associated announcement explains why this was done. Sadly, the new version isn’t even mentioned on the change logs page. There is still a link to the 12.17 change log, but that link is still broken.
In related news, Opera (the company that develops the Opera browser) is expected to be sold to a Chinese consortium in the near future. It’s difficult to predict how the new owners will influence the browser, but I’m not optimistic. I had begun switching from Firefox to Opera as my main browser, but that’s on hold for now.
Meanwhile, I’m looking at Vivaldi, an alternative browser developed by former Opera employees. So far it looks promising.
Opera 35.0.2066.68
A couple of minor bug fixes and a Chromium Engine update prompted the release of Opera’s latest version, 35.0.2066.68. You can check out the full change log, but trust me, there’s not much there.
Moore’s Law has run its course
Ars Technica has an interesting look at how Moore’s Law is losing its relevance and will no longer be the focus of industry plans for the future of microprocessors.
Moore’s Law originated with a 1965 prediction of Intel co-founder Gordon Moore, which gradually came to mean that the number of transistors per microchip would double every twelve months. This prediction held true for decades but has been strained in recent years.