Chad's News

A little over a week ago, word spread on the Internet that a previously unknown security flaw in the Java browser plugin was being “massively exploited in the wild”. The bug allows an attacker to execute arbitrary commands on a vulnerable system. It exists in all versions of Java 7 through update 10, which was the latest release as of a week ago. Based on the widespread use of Java (installed on more than 1 billion PCs) many organizations, including the US government, recommended disabling Java in the browser, or uninstalling Java completely.

The real problem was not that a flaw was found, but that it was already in the wild and had infected a significant number of machines.

Oracle released an emergency patch within three days of the announcement: Java 7 Update 11. If you’ve not already done so, you should update your Java software—this can be done via the Java Control Panel, or via www.java.com. Developers who use the JDK can go to the Java download page to get the latest version. If you don’t know which version(s) of Java you have installed, this page will tell you.

Note that even with the update from Oracle, US-CERT still recommends disabling Java in browsers, to “defend against … future Java vulnerabilities.” Apparently optimism is not in their vocabulary.

Link #1 (announcement of flaw): http://arstechnica.com/…

Link #2 (announcement of update): http://arstechnica.com/…

Link #3 (govt advisory): http://www.us-cert.gov/…

Link #4 (oracle advisory): http://www.oracle.com/…

John from Boulder, CO, a computer professional and self-proclaimed “digital dog”, has gone all out in regards to Windows 8. For example, he purchased touch-sensitive desktop displays a touchpad and a touch mouse so he could experience Windows 8 as it was meant to be. He currently has it installed on a Dell desktop system, a notebook, and a phone. Here are some of his thoughts.

“There is no performance penalty in Windows 8 (quite the opposite).”

“I am coo-coo for cocoa puffs over the blistering fast shutdown and startup behavior on Windows 8. This simply does not get talked about enough. With everything else working so well, you’d think people would at least mention what a time saver this is.”

“Windows App launch is many times faster than Win 7. For example, if I double click on an .XLS type file in Win Explorer in Windows 8, it launches as fast as Notepad in Windows 7. Very snappy.”

“Live Tiles is The Real Deal. Look for Android and iOS to figure out how to get their OS’s up to this level of convenience and power. Really, with Live Tiles on my Windows 8 Phone, I can review state of up to five different things without even unlocking the start screen — battery level, missed calls/voice mail, newly arrived texts … you pick ’em. And then once on the Start screen, there are those aspects and others (like weather — eg, outside temp, forecast high/low, percip prognosis … since the live tile is live, it can rotate through lots of things).”

“Oddly, the Win 8 Start screen is a better way to start up your common-use Desktop apps (ie, non-metro style apps). In Windows 7 you have a quick start menu that has to be searched, … but the Win 8 start screen has tiles in a size OF YOUR CHOOSING so the things you want are bigger and the things that deserve a place, though less so, can be squeezed in at a smaller size. It’s like the old Cordless Phone experience … you never knew you could check the mailbox out front, run out to the car in the driveway, or go out back with the dog, while you were on the phone … not until you got your first cordless phone.”

“I upgraded my heavily used Windows 7 eight-way processor developer-purposed notebook to Windows 8 and everything turned up ‘just as I’d left it’ — all my apps (and their configurations — registration database or not), all my desktop icons, my Quick Launch toolbar definitions, my DOS environment variable definitions, on and on.”

“My Windows Desktop apps work fine. All my drivers worked under Windows 8 – printing, monitors, external drives, etc.”

A study by Yale researchers shows that male jurors have a significant bias against overweight female defendants. They did not have a bias for lean women or for men of any weight. Female jurors had no weight or gender bias at all. The guilt difference, based on a 5-point scale, was about ¾ of a point, so not only is it statistically significant, but it’s meaningful in the real world.

Link #1: http://yaledailynews.com/…

Link #2 (study abstract): http://www.ncbi.nlm.nih.gov/…
(via Slate)

The Flash animation in the linked page shows the scale of things, from the Planck length to the estimated size of the universe. It’s quite interesting, and I find it funny how they run out of metric prefixes when things get extremely large or small.

Thanks to Josh for this link.

Link: http://htwins.net/…

Back in 2009, France passed a “three strikes” law, which cuts off a person’s internet access after three documented instances of illegally downloading copyrighted material. So when I heard about the new six strikes system (officially the Copyright Alert System) being implemented in the United States, I assumed it was the same type of thing but with three extra warnings.

Fortunately, that’s not the case. First off, participation by ISPs is voluntary, unlike in France and other countries where it’s a legal requirement. And so far only a few ISPs have decided to take part: Comcast, AT&T, Time Warner, Verizon, and Cablevision.

Second, the punishment is not a total loss of internet access; rather, it’s typically a temporary reduction in connection speed or the temporary blocking of certain websites. The specific punitive measures, as well as when they take effect, are decided by each ISP. But in no case will internet service be suspended.

The system was scheduled to go live last Fall, but has been postponed until early 2013.

Update: [1/13/2013] Slashdot has the details of Verizon’s six strikes policy.

Link #1: http://www.komando.com/…

Link #2: http://arstechnica.com/…

Link #3 (official FAQ): http://www.copyrightinformation.org/…

Link #4 (failure of French system): https://www.eff.org/…

The linked article covers the history of that iconic American institution, Publishers Clearing House. While not as visible as they used to be, the company is still around and holds sweepstakes contests.

Link: http://www.mentalfloss.com/…
(via Neatorama)

QR codes are those black and white squares that you can scan with your smartphone to go directly to an associated website. They’ve become popular enough to attract the attention of spammers and malicious hackers, who are including codes in spam emails. They’re also placing QR code stickers in areas with a high amount of foot traffic (think airports and tourist sites) in the hopes that people will scan them. And even worse, they’re putting the stickers on top of regular QR codes—so it seems legitimate, but you end up going to a malicious website. According to the linked article, the only safeguard is to “download and install a QR reader that checks the website’s reputation, and then offers them the option of taking them there or not.”

Link: http://www.net-security.org/…
(via Slashdot)

The linked articles give compelling evidence for the case that leaded gasoline caused the huge spike in violent crime starting in the ’60s, as well as the equally sharp decline starting in the ’90s. From the cover story:

“All of these studies tell the same story: Gasoline lead is responsible for a good share of the rise and fall of violent crime over the past half century.”

“Everyone over the age of 40 was probably exposed to too much lead during childhood, and most of us suffered nothing more than a few points of IQ loss. But there were plenty of kids already on the margin, and millions of those kids were pushed over the edge from being merely slow or disruptive to becoming part of a nationwide epidemic of violent crime.”

Thanks to Josh for these links.

Link #1 (synopsis): http://www.motherjones.com/…

Link #2 (cover story): http://www.motherjones.com/…

Back in July, security researcher Cody Brocious demonstrated how to easily circumvent keycard locks that are manufactured by Onity (a popular brand). Now thieves are using the technique to steal items from locked hotel rooms. To make things worse, however, many hotels won’t be fixing the problem any time soon.

Link: http://www.forbes.com/…
(via Kim Komando)

Update: Onity has changed its mind and is now offering a partial recall of the affected locks, but only to certain customers.

The linked article discusses the state of wireless charging technology for devices (and cars!). There’s a good chance we may see wireless charging becoming commonplace in the near future. (Note that Sonicare toothbrushes have been charging wirelessly for well over a decade.)

Link: http://www.komando.com/…

Yapp is a service that allows the average person to create a professional-looking mobile app for events such as weddings, birthday parties, book club meetings, reunions, fundraisers, retreats, etc. It integrates with many of the features of the mobile device, allowing messaging, maps/directions to the event, photo sharing, etc. Once you create the app for your event, it can be shared with others after they install the YappBox app. Looks like a pretty nifty tool, and it’s free (they make money by offering premium services for a fee).

Thanks to Donna for this link.

Link: http://online.wsj.com/article/…

Using custom software and a computer cluster of 25 graphics cards, password-cracking expert Jeremi Gosney has created a system capable of guessing 350 billion Windows passwords per second. From the article, it takes 5½ hours to “brute force every possible eight-character [Windows] password containing upper- and lower-case letters, digits, and symbols.” This development reinforces the message of this xkcd comic, that long passwords are much harder to crack than shorter but more complicated ones. Note also that an easy way to create long but memorable passwords is to use a passphrase.

Link: http://arstechnica.com/…