Jump to content

James_A

Contributor
  • Posts

    606
  • Joined

  • Last visited

  • Days Won

    4

Everything posted by James_A

  1. Well, the situation is now so bad that there is now a live website which tracks how long it has been since the last Java exploit: http://java-0day.com/ .
  2. It's YAJ0* time! Yes, it's Yet Another Java 0-day exploit -- this one is out in the wild and being exploited against Java 7 update 15 and Java 6 update 41. Time to update the "It has been [ ] days since the last new Java exploit" notice. Time to remove Java from all your computers, too. * the YAJ0 acronym was coined by FireEye to report this new exploit on their blog .
  3. Oracle uses odd-numbered updates for security fixes, which is why the last three updates have been 11, 13 & 15. When update 15 was released on Feb 19th, Oracle scheduled the next update for April 16th. They might have to rechedule that. .
  4. That's a lot of bugs -- somewhere about 185 by my count -- and, on a quick skim through the list, there are quite a few to do with the editor. Even so, I still find a need to switch in and out of BBCode mode now and again when editing a post. However, it's definitely improved from where it was. .
  5. Well, they had better update that notice. Two new Java exploits were announced yesterday (25th-February). In the meantime, Twitter, Apple, Microsoft and Facebook have all been attacked, using Java exploits, after the iPhone developer forums were compromised. .
  6. Some people don't like the new built-in PDF reader (it can be quite slow on older hardware). It can be disabled, but this is a little tricky to do as it doesn't show up at all in the Add-on Manager -- neither as an extension, nor as a plugin. Nor is there anything in the Options menus. Instead, a hidden preference in about:config needs to be toggled. In about:config, look for the item pdfjs.disabled and right-click on it, then select Toggle, to change the setting from false to true. You may also need to reset the PDF handling by going to Tools -> Options -> Applications and resetting your preference for handling PDF files. Some information can be found on the mozilla support forums at "Don't like the new pdf.js viewer. How can I disable it and restore Acrobat Reader as my preferred plugin?" .
  7. Firefox 19.0 has been released. New in Firefox 19 is a built-in PDF reader (no need to rely on Adobe Reader, or other plugins) and improvements to the startup performance. Firefox 19.0 also includes 8 Security fixes, 4 of which are rated critical. Firefox (referred to as Fx) is an open source browser developed by Mozilla. The second most popular browser worldwide, Firefox features a customizable user interface that allows you to enhance it using custom themes and Personas. Personas change the appearance of the user interface without rearranging the elements. Themes however, can completely change the UI ranging from the types of buttons to the color sceme used. Add-ons allow you to customize Firefox to your liking to make a more enjoyable web surfing experience. Some examples of popular add-ons that you can use to customize Firefox are AdBlock Plus, NoScript, DownThemAll!, TabMixPlus and many more. Firefox has tabbed browsing, bookmarks, a built in session manager, private browsing, personas, themes, add-ons and more. Firefox does not use ActiveX which helps make it a more secure browser. Firefox does make use of many plugins to enhance your web experience. From Shockwave, Flash, Quicktime and more; your browsing experience reaches new levels with the Firefox browser. Downloads: Firefox 19.0 en-US | All builds View: Release Notes Homepage: Firefox .
  8. Only thing I noticed on login is that the board can't count! Main page (at the top): ... "There have been 7 new posts in 5 topics" (since my last login) View New Content then showed me 5 posts in 3 topics since my last login Unrelated -- Is contributor colours (I think that's what it is called) still unfixed? .
  9. Firefox 18.0.2 has been released. This is a stability update to the 18.0.1 release. This resolves instability issues with the JavaScript component, particularly affecting Facebook users. Firefox (referred to as Fx) is an open source browser developed by Mozilla. The second most popular browser worldwide, Firefox features a customizable user interface that allows you to enhance it using custom themes and Personas. Personas change the appearance of the user interface without rearranging the elements. Themes however, can completely change the UI ranging from the types of buttons to the color sceme used. Add-ons allow you to customize Firefox to your liking to make a more enjoyable web surfing experience. Some examples of popular add-ons that you can use to customize Firefox are AdBlock Plus, NoScript, DownThemAll!, TabMixPlus and many more. Firefox has tabbed browsing, bookmarks, a built in session manager, private browsing, personas, themes, add-ons and more. Firefox does not use ActiveX which helps make it a more secure browser. Firefox does make use of many plugins to enhance your web experience. From Shockwave, Flash, Quicktime and more; your browsing experience reaches new levels with the Firefox browser. Downloads: Firefox 18.0.2 | All builds View: Release Notes Homepage: Firefox .
  10. I like your Special instructions for those who prefer PowerPoint bullet points with everything. .
  11. Oracle have released a Java update, update 13, ahead of schedule which is listed as having 50 (fifty) security fixes. I counted 39 Security fixes in the JRE alone in Oracle's list. If you absolutely must have Java, then update to Java 7 update 13 as soon as possible. Make sure you are not installing deceptive stuff like the Ask toolbar as well, by UNchecking the option during the Java install. .
  12. And now the new Java update 11 is busted too... Not any more, because a new exploit announced this week completely bypasses the settings in the Java Control Panel. Malicious Java code can be made to run, without the user being prompted, even if the security setting has been set to the top level of Very High. Java is best completely UNinstalled on Windows. Keeping it on the system, but disabling its use in Internet Explorer is just too complicated to be practical, requiring not only a massive Registry edit to disable BOTH methods of allowing it to run, but actually removing specific files from the Java directory as well. .
  13. Not only is Java high-risk to use, it's risky to even install it. According to Ed Bott on ZDNet: Some of the sleazy practices include running the foistware installer in the background for 10 minutes, so that no entry appears in "Programs and Features" (a.k.a "Add or Remove Programs" in Windows XP) for 10 minutes after installing Java. Ben Edelman gives a full analysis in his article "IAC Toolbars and Traffic Arbitrage in 2013". .
  14. The Release notes incorrectly state that "Disable insecure content loading on HTTPS pages" has been fixed -- it hasn't. As one of the Mozilla developers says: "... As far as I can tell, the release notes that claim that this has been turned on are just wrong;" What has happened so far is that two hidden prefs have been introduced in about:config, with no user interface at all and they are both OFF by default. Even getting to this stage has taken over 12 years (the bug was first filed on 2000-12-06). .
  15. Thanks. You don't notice things like username colours until they go missing!
  16. Uh, something seems to have fallen apart in "View New Content" where the poster's name and avatar have both disappeared. Instead there's just a left-hand angle bracket "<" appearing for each. .
  17. Firefox 16.0.2 has been released. This is a Security update to the 16.0.1 release. It contains three fixes for Location object issues, which now fix two cross-site scripting (XSS) attacks and a cross-origin reading issue. See the Mozilla Security Advisory for full details. Downloads: Firefox 16.0.2 | All builds View: Release Notes Homepage: Firefox .
  18. Firefox 16.0.1 has been released. There was a 16.0 release, but it was pulled almost immediately due to a security vulnerability What's new? According to the Release Notes:- The latest version of Firefox has the following changes: Firefox on Mac OS X now has preliminary VoiceOver support turned on by default Initial web app support (Windows/Mac/Linux) Acholi and Kazakh localizations added Improvements around Javascript responsiveness through incremental garbage collection New Developer Toolbar with buttons for quick access to tools, error count for the Web Console, and a new command line for quick keyboard access CSS3 Animations, Transitions, Transforms and Gradients unprefixed in Firefox 16 Recently opened files list in Scratchpad implemented What's been fixed? According to the Release Notes:- 16.0.1: Vulnerability outlined here Debugger breakpoints do not catch on page reload No longer supporting MD5 as a hash algorithm in digital signatures Opus support by default Reverse animation direction has been implemented Per tab reporting in about:memory User Agent strings for pre-release Firefox versions now show only major version Downloads: Firefox 16.0.1 | All builds View: Release Notes Homepage: Firefox .
  19. Sounds like you made a good choice. The weakest part of a second-hand or refurbished laptop will always be the battery and it's a lottery as to whether you get one (like yours) with most of its life left or you get one that's only just usable. I have a second-hand ThinkPad X series, which is the lightweight version of the T series. It's called the MAR program or, to give it the full title the Microsoft Authorized Refurbisher program for larger companies and for smaller outfits it's called Microsoft Registered Refurbisher. For a few years it's been around for re-installing a fully licensed copy of Windows XP and now, as you have discovered, for Windows 7, too. The refurbisher gets an OEM installation kit and a supply of CoA stickers, just like a manufacturer would. Having worked on repairing one or two laptops I can confirm that the Lenovo (formerly IBM) Thinkpads are popular because (1) they really are high quality (I'm ignoring the Value line) and (2) you can actually take them apart and repair them without breaking anything, because they are held together with proper screws and not just glued-together plastic. .
  20. Thanks to you both for bringing me up to speed. The situation, already reported in the UK as raising "A storm of protest", was probably not helped by Mark Shuttleworth's comment about "Erm, we have root". Anyway, to bring this back on-topic, why Puppy Linux specifically? Apart from the ultra-simple install what else do you like about it to choose it over other flavours? .
  21. When did that first come in? It seems you just can't trust anybody anymore, when Ubuntu moves from being free software to ad-supported software. .
  22. Unless you have something that will not run without Java, don't install it at all. Now is a particularly bad time to be installing Java as there are unpatched exploits available. Oracle took 4 months to issue the Java 7 update 7 and it was broken by a new exploit the very next next day (less than 24 hours later). The new exploit is not yet public, but it's only a matter of time before the bad guys find it. To answer the original question: it is usually best to have only ONE version of Java installed if you absolutely must have it. Since there is very little on the web that requires Java, the next thing to do is to disable it in both Internet Explorer and in Firefox and in any other browsers you may have. See the following for whichever browser(s) you have: Firefox: How to turn off Java applets Google Chrome: To disable the Java plug-in, visit the Plug-ins page by entering chrome://plugins/ in the address bar. Find the Java plug-in that you’d like to disable and click Disable. Safari: How to disable the Java web plug-in in Safari Opera: Enter opera:plugins in the address bar and disable the Java plugin, similar to Chrome Internet Explorer: IE is complicated, because "Kill-bits" have to be set in the Registry. The easiest way is to visit the Microsft KB article "How to disable the Java web plug-in in Internet Explorer" at http://support.micro....com/kb/2751647 and then edit the Registry by cutting & pasting the example text given by Microsoft, saving it with a .reg extension (NOT a .txt extension) and merging it into the Registry by double-clicking the file. .
  23. Shaky phone lines I can relate to. I've looked at the wires snaking through the trees (and the insulation being rubbed-off by the branches swaying in the wind) and watched the squirrels gnawing at the wires as well and wondered how broadband makes it at all in some rural areas here -- and that's nothing like 50 miles from the nearest exchange. Anyway, enjoy the new speed!
  24. Any connection will seem great if it's an improvement on previous experience, no matter whether it's fast in absolute terms, or not. To my (UK-based and ADSL) eyes those speeds look unbalanced. If the Upload is 0.75 Megabits/sec, then I would expect the Download to be way faster, somewhere in excess of 6 or more Megabits/sec. Is [A]DSL in the USA different? Mind you, the download speeds round here depend very much upon the time of day, as residential ADSL lines have a 50:1 contention ratio here in the UK. When one of your neighbours with the same ISP is hammering the bandwidth with a video download then speeds plummet downward. What time of day were you measuring? I've actually had speeds not much faster than that in the evening peak (7pm or 8pm) period on a connection that is capable of over 15 Megabits/sec in the early hours of the morning. .
  25. Adobe have released Adobe Flash Player 11.3.300.270 for Windows. This fixes a crash in the updater:- Full details, together with direct download links that do NOT use the Adobe Download Manager are available on the Adobe Forums announcements topic: 8/2/2012 - Flash Player 11.3 Update .
×
×
  • Create New...