Posts by Martin Edwards

Terminology

The description of this situation does not tally with any common definition of a public file server. There's no excuse for such misinformation and hype.

OpenOffice a viable alternative, are you serious?

Am I the only one here who couldn't honestly recommend OpenOffice to anybody? Every time I've used it I've been stumped by the lack of what should be commonplace features, and UI behaviour that feels a decade old. Correct me if I'm wrong, but doesn't OO lack the ability to visually crop images, or adjust character spacing, for example?

I look forward to OpenOffice being a true Microsoft competitor (and hopefully Ubuntu too, for that matter). But I think this moment is still a little while away.

And for corporate users...

At work I dutifully registered for Adobe's site license thing (I forget the name) for the 50-machine network I manage. I'm frustrated to report that when I follow the link in the resulting e-mail to download Reader (there's a version without AIR and Acrobat.com, which is nice) I'm served the 9.0 installer. After installation, on first run this prompts to be updated but only to version 9.1.0, then restarts Reader but fails to re-run the Updater; manually starting it this second time reveals the 9.1.2 patch which can then be installed.

(These version numbers are from memory... I hope I've got them right).

@Gilbo

Well said, good summary.

PowerPC support

Isn't dropping PowerPC processor support a large part of the point of Snow Leopard? Cleaning up the code for the future and contributing to the 6GB reduction in required disk space? I'm sure when Snow Leopard was first talked about a year ago, the lack of PPC support was a _feature_. A selling point almost.

STOP THIS NONSENSE FORTHWITH

Judas Priest, this has **** all to do with Windows, OK. Other than perhaps that it's easier to write software for Windows than for some custom ATM platform. Physical access is physical access. You're talking like this thing got in by itself through some unpatched buffer overflow condition in Paint.

Adobe Updater

Adobe Updater suffers the same problem as Firefox (as mentioned above) in that it needs administrative privileges. Also, it's only invoked when an Adobe program is run. Now that more people are starting to understand the importance of running as non-admin, this has got to change. By contrast, Google Updater runs a Windows service so it can install patches regardless of who is logged on. For this reason alone, Chrome is now my browser recommendation for the many novices who rely on me for computer advice. I'm interested to see, though, that Google Updater can also update some non-Google software too, including Reader and Firefox. I've yet to try this, so I wonder if anyone here can say whether it patches these third-party products in the same way (and thus under a non-admin account)? If so, big thumbs-up for Google.

Microsoft Java VM

It's a shame the Microsoft JVM is no more. Because now every few months we have to log on as an admin and click through an unnecessarily lengthy wizard and be shown adverts for OpenOffice. I'd much rather have Windows Update do it for me while I'm asleep.

Unfettered root access?

Could anyone elaborate on "unfettered root access"? If it means running as administrator, then that's obviously (unfortunately) a very common situation, and surely doesn't belong in the same breath as physical access in terms of how difficult these attacks might be to pull off. Paris, because... wait, no.

A great problem indeed

Adobe's updating definitely isn't what it should be. Adobe could choose the Apple approach -- install an updater utility that checks for updates and notifies the user -- but as far as I know, currently Flash and Adobe Reader will never phone home for updates unless they're already running. And I'm sure some Reg readers will commend this (arguably) less-intrusive approach. What definitely isn't cool is Flash's default check-for-updates interval of 30 days.

Perhaps the greatest problem with so many third party products, though, is that they can only be updated from an administrator account. Flash, Reader and Firefox suffer from this. I'm fairly certain that non-administrators won't even be notified that there are update(s) waiting, in the case of these three examples. Yet running day-to-day on an account with limited priviledges is something we are told we should do, and something I certainly recommend to all the people for whom I'm "the computer guy". So I think this is a great problem.

It's a bargain

Really, it is. 2 GB of memory is loads and loads in OS X terms. And... *drumroll and sigh of relief*... it's still got Firewire.

Free whitepaper: The Critical Role of Data Loss Prevention

... right below the article! The Register's new contextual ad system is working!

Money, money, money

Bollocks to the lot of it.

Re: Bad Peter bad! Bad Trixie Bad!

"he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable such access to be secured"

It's not as clear as it could be. I assume it means "he causes a computer to perform any function with intent (i) to secure access, or (ii) (with intent) to enable such access to be secured". Thus, whether you're actually performing the function, or merely enabling it to be performed, it's the _intent_ that matters. Otherwise, indeed, most programmers would be guilty (not just for vulnerabilities; any program that accesses data can be used with intent to access data without permission)!

Double standards

Argh! Too many virtually identical and off-topic comments!

The real point in this article is the "double standards" issue. It's a point I put to several friends earlier in the year when cases of lost personal data were making the headlines: in general, the average person is careless about account security, whether through using easy passwords and PINs, sharing passwords, letting keyloggers etc. onto their computers (or using web cafés for banking and such), clicking links in phishing e-mails, and so on. Yet they expect to remain blameless for any consequences, or, furthermore, to be bailed out at the expense of their bank (or whoever) when someone steals their money/identity.

Good review of an underrated product

I still love my Shuffle, a year on. The battery life is amazing. Speaking of which, pedants like myself will spot the awkward double-negative on the first page: "The manufacturer reckons you'll get about 12 hours' continuous playback out the gadget. Our testing over the past week or so gave us no reason not to doubt that figure." Sorry (!)

Line spacing

Fixed-width is great. It keeps the words-per-line under control which is essential for readability. I've long wanted to see an increase in line spacing though. I was delighted when BBC News increased theirs.

I think it's ideal

I can't speak for the Windows version, but on OS X (as Muscleguy says above), Software Update lists the iTunes and QuickTime updates separately, and each has a line in the description that reads "For detailed information on the security content of this update, please visit...". The QuickTime update also says "...changes that increase reliability, improve application compatibility and enhance security...".

I think that's ideal: the average user doesn't get bogged down reading the details, while the curious and the technically-minded can follow the links and read them. They're well-written and clearly laid-out, too.

http://support.apple.com/kb/HT3025

http://support.apple.com/kb/HT3027

Irresponsible

I don't understand how Infobyte can possibly think it is OK to make this tool publicly available. I understand that there are circumstances in which publicising a vulnerability helps encourage people to fix it, but this seems like such a blatantly irresponsible move. I guess I could say the same for Metasploit?

More blame on customers

AC further up the page rightly suggests that we should be more willing to blame customers for their own losses if they are careless with malware or using weak passwords. The biggest cybercrime problem is the average user. Better systems to educate the public will be necessary, but once they're in place, I think it really will be fair that customers who are careless with security pay the price for such carelessness themselves.