Black Tuesday patchfest: A lot of digits plug security dykes Microsoft carried out a fairly comprehensive spring cleaning of vulnerabilities on Tuesday, fixing 20 vulnerabilities with seven bulletins, four of which are rated critical. Heading the critical list is an update for Internet Explorer (MS13-021) that tackles nine vulnerabilities, including a zero-day vulnerability in IE 8. " …
"Both Mozilla and Google pushed browser updates within hours..."
So, they're either not very well tested and engineered patches, or patches for incredibly simple problems. Or are we actually talking the equivalent of saying "it's patched" when actually there is a patch that's gone into the nightly unstable releases and will take about a month to get into an actual distribution.
Yeah, if you ever get a chance, do try Mozilla Litmus out sometime.
Its actually really easy to use for automated testing, they even include scripts so you can run an entire testing evolution in one command. Plus the more data the QA team has, the faster they can work, every little bit helps the QA team. As does participating in bug triage days and hacking on Aurora and Betas, and hell, some people like nightlies but I don't tend to test them myself. With a full time and very demanding civilian job, and my Army Reserve stuff, I dont have time for the extensive amount of work that working on nightlies entails.
I don't know about Chrome, I don't use it. I honestly use Internet Explorer much more than Chrome (And before the rain of downvotes happens, hear me out, I strongly detest IE. One of the reasons I started volunteering time to Mozilla Quality was because even the sometimes sketchy betas and RCs were better browsers than IE 6, which is what I had. Though IE 10 is pretty good as its blazing fast, at least on Windows 7. It is still definitely not my first choice, but its pretty good. The problems with IE were never really with Trident though, the Trident Engine's actually quite good, it was all the other bullshit like ActiveX and its rather dodgy idea of Microsoft cherry picked standards).
However, my distrust of Microsoft is nothing compared to my distrust of Google and Apple. If I'm going to use WebKit, I use Konqueror, since KHTML is WebKit's daddy. So, given my limited knowledge about Chrome, or WebKit for that matter, I have no idea what Apple's rules in regard to taking on bugs as well as pushing patches to WebKit are (like if anyone besides Apple themselves can do it) or even how Google tests it, since IIRC they have both the Chromium volunteer testing community as well as paid QA Oompa Loompas who work for the Chocolate Factory directly.
>So, they're either not very well tested and engineered patches, or patches for incredibly simple problems
Most security flaws are simple problems, implementation errors that can lead to serious problems (off by 1 error).
A few patches need to be well engineered because of a design flaw that cannot be fixed trivially (ActiveX).
Firefox will push a serious release to stable within a day, if whatever f'ed up distribution takes a month that's not their fault. Go back to being abused by Microsoft and Oracles terrible patching schedules and stop trolling here.
Yeah, Taylor's right at least from what Ive seen.
From what the salesman here in Orlando at the Florida Mall Microsoft Store showed me, its alot like Windows Update meets the Google Play store. Its pretty quick even with bigger files. But most apps in the store are Microsoft First Party which shouldn't be surprising for a 4 month old tablet in a different architecture and OS than most Windows Developers are used to writing for.
RT could be really cool if Microsoft didn't halfass it. As could Windows 8, but they tried form over function and it worked out so far worse than Vista. I just hope Microsoft will show some agility and accede to what the market wants by changing Windows 8 SP 1 into a traditional desktop environment based but touch enabled OS, like a Windows 7 you can fondle if you will, without TIKFAM or Charms or Gestures or any of the crap that reminds me of Unity. And something like that for the RT tablets.
This is irksome because Flash is a prime target for targeted attacks and asking consumers or corporate users to turn it off, like Java in the browser, isn't easy because the technology is so widely used on the web.
I humbly contend that it is not as irksome as having the machines compromised by an exploit. I, for one, welcome Adobe's frequent release: better patched than gaping. Corporates can usually disable plugins by policy.
This is irksome because Flash is a prime target for targeted attacks and asking consumers or corporate users to turn it off, like Java in the browser, isn't easy because the technology is so widely used on the web.
Aside from one applet my credit union uses to deposit checks electronically, I honestly haven't seen anything else thats wanted me to use Java in quite awhile, excluding the Army intranet called Army Knowledge Online, and the Defense Department's Defense Knowledge Online. As well as some other stuff like AKO webmail,
I keep it deactivated unless I need to scan a check or have to get on AKO/DKO's unsecured network, or any of the Unclassified or Confidential networks handling privacy act, personnel, pay, dependent, medical, and some other FOUO areas to check my official mail and do administrative work. And when I'm done with whatever requires it, I clear the Java temp files, delete my browser cache and cookies and then Java goes right back off. Its just too unstable at the moment to leave on all the time.
Flash is a bit harder, but I only ever use it for YouTube anyway, and most of the time YouTube's in HTML 5 for me, so I dont even notice. Its only on stupid videos with commercials before them that you have to use flash from what Ive noticed anyway, so most of the time I keep it turned off, but constantly updated so when I have to turn it on, I know Im as protected as I'm going to get.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
