Opera stomps on 'extremely severe' security holes Opera has unleashed a minor point upgrades for the Windows and Mac versions of its web browser - so minor it didn't merit a press release. But the 10.54 release fixes five security holes, four of which Opera won't fully disclose, but are rated "extremely severe", "highly severe", "moderately severe" and… "less severe". This …
No, Andrew's whining ( :-P ) about the four bullets listed below - you know the one's rated "extremely severe", "highly severe", "moderately severe" and, erm, "less severe", as per his article.
Personally, I'm glad they wait a few days before telling the black hats where to look. (Particularly as I'm using Opera@USB, http://www.opera-usb.com/operausben.htm, which can take a couple of days to come through.)
Oh, and the Reply/Report buttons on these forums are still invisible on 10.54/win. *sigh*
If you install the latest Opera normally, then copy all the files and folders, except operaprefs_default.ini and the uninst folder, from the install folder to the folder you have Opera USB running from (backup that folder first of course), then it will work as the latest update. As the prefs now use relative folders rather than direct, and the opera.exe is used directly rather than operausb.exe, it just works, well for me anyway.
The Reply/Report buttons can be seen if you enable the Class and ID user CSS file then disable it, only until you go to another page though. Definitely something that The Register web devs need to look at.
I'm glad it's not just me - I find the Reg can be quite flaky with Opera, I deal with the missing buttons by just hovering around until I find them, but I've also seen inabillity to up/down vote and post comments properly, which seems to be ok now. This is on several different versions of opera, running on Windows XP, Vista, 2k3, MacOS 10.4 and various versions of Fedora.
If you read anything on their forum, any and all issues identified "couldn't possibly be", has to be the end user's problem. My favorite is the constant dragging out of "previous (negative) comments on the upgrade path for previous versions, and claiming that historically this is what happens, and the latest is the greatest thing since sliced bread. Guess they never heard of Vista and it's "upgrade path".
...is the preferred version for me too, on Windows. (10.5x garbles email timestamps on my (and other) systems. Something to do with DST, I'm told.) I'll try an upgrade as soon as the corresponding changelog suggests they've looked at the problem. In the meantime it would be nice if there was a way of blocking the "I've got a new version, would you like to refuse it (again)?" box that pops up every few days.
<quote>
In the meantime it would be nice if there was a way of blocking the "I've got a new version, would you like to refuse it (again)?" box that pops up every few days.
<\quote>
Set Check For New Opera (opera:config#Check%20For%20New%20Opera) to 0. As this is not a clickable link, highlight everything between the brackets, right click and then click Go to Web Address, another one of Opera's clever little features.
There are other ways, ie hand editing .ini files, but that one has been there since version 9.
They haven't fixed the DST bugs yet? I though they had. Are you running 10.53 or later? If you are, this is appalling. It's not as though DST is some obscure thing only 50 people in the world ever encounter.
As for switching off the auto-updates, go into the preferences, down to 'Security' settings (No, I don't know why it's not listed under 'notifications' either) and set auto-update to 'Do not check for updates'. I'm not sure if this will stop checking for updates to the browser.js file too, which is best kept updated for an easier life.
Opera 10.5 has truely been a terrible release, with so many little bugs in the UI rather than serious bugs in the rendering engine or stuff like that. They really are focussing on W3C standards too much and forgetting all about how important the shell of the application is. you know, the side of the program the human being actually interacts with.
I wonder if it's in any way connected to the board effectively ousting (for want of a better, more PR friendly word that Opera themselves would probably use) their founder/CEO and putting in an outsider?
Management at Opera has always been a bit second rate (and I say that objectively as a fan of them - Just look at their handle on PR and getting themselves into the press), something which they may have got away with when they was a small team of 16 friends in a small office. But they're a small, floated multinational operation now with hundreds of employees, and the company's output seems less joined-up with every new release. Attention to detail has suffered.
Honestly Opera, it doesn't matter if one particular component of your product is so well made that it's the first to pass the Acid3 test, is the fastest to process Javascript or the only one in existence to do CSS counters (which was true 10 years ago). If it crashes on a Mac every 5 seconds or UI features are annoyingly buggy to Windows users, or it can't even handle DST in its mail client, it's not going to go down well.
And after all that blinkered focus on the rendering and W3C standards, they still have security holes in them! Go back to giving the UI and features as much attention as the rendering component and Javascript engine, and stop breaking features and changing the behaviour of features for no apparent reason or benefit. Those are why I started using Opera. W3C compliance is only as relevant as the proportion of sites that comply too, so come up with a balanced product again.
"They haven't fixed the DST bugs yet? I though they had. Are you running 10.53 or later? If you are, this is appalling. It's not as though DST is some obscure thing only 50 people in the world ever encounter."
I don't know, to be honest, since I saw the bugs on 10.51 or 10.52 and found that the only cure was going back to 10.10. Then, as I said, I decided that I wouldn't bother even trying a new release unless there was some indication in the changelog that they'd fixed it. This isn't me being awkward. Running an email client that randomly shunts both incoming and outgoing email by an hour just isn't a good look, professionally, so I'm really *not* inclined to be Opera's guinea pig in front of my colleagues at work.
Opera fixed the doubly-applied DST timezone problem in mail some time ago. 10.52 release candidate 5 and later should work: the fix was mentioned in a snapshot changelog, but not in the main changelog. See:
http://my.opera.com/desktopteam/blog/2010/04/01/final-fixes-before-the-easter-holidays
Eversince v10.10 users of Logitech mice (running Logitech Setpoint software) have also lost the horizontal scrolling feature of the mousewheel, v10.51, v10.53, v10.54 and even the BETA v10.6 doesn't allow sideways scrolling.
The undocumented security risks may be associated with Adobe Reader, with which recent Opera builds have demonstrated some incompatibilities. Equally I suspect it could be something which functions within Opera Unite that was potentially flawed and could allow your PC to be pwned by a third party or their trojan botnet.
It's gone from my netbook, and will soon be gone from my desktop too, unless Operas Dev's pull their socks up - and remember to learn to walk before trying to run.
Honestly from Opera would be preferable to sticking their heads in the sand :/
I have a Logitech keyboard and Setpoint installed, but no mouse.
Opera stopped side-scrolling for me too! I use a touchpad and the Synaptic drivers that go with it, yet Opera 10.1 still stopped side-scrolling. When I try, the scrolling icon appears, but nothing actually moves. Vertical scrolling is fine.
It's little user interface bugs like this that drive users mad and harm their marketshare, not whether it passes W3C tests better than all other browsers. No one wants to be served pre-chewed food, no matter how nutritious it is. Sort out the presentation!
I've been using the Opera v10.60 beta on Snow Leopard and it's excellent, so if any problems with previous releases, give it a go.
http://www.opera.com/browser/next/
(And as usual, the world goes by ever faster with the new Carakan, Vega and Presto engine updates, along with the full-Cocoa framework). I like the integrated fast-fwd button better now. ;)
Take it easy, Andrew. The reason why Opera's holding back on the disclosures...is to save all the OTHER browsers because they haven't released their own fixes yet for the identical vulnerabilities. Sheesh.
- simply tell opera you ARE using the latest version... :) :)
In Opera 1010, type in the address bar..
opera:config#Version
where it says 'Newest Used Version' type in (or whatever the newer version is..)
10.60.3428
remember to save & restart opera... (and check other boxes are empty...)
I am using windows, and V1010, due to the 'stupid search URL bar' in 10.6..
if you type in 'google' , it googles for the word google!!! the same for any other word..
V1010 does it properly - 'BBC' will get you the bbc.co.uk website, and so on...
the FF 'awesome bar' (translation: the address bar..) does the same and far better... wot, no brains, opera???? (or the good devs left for FF???)
Normal people:
If you are still starting up google to make a search, it is like driving to work, even though it is 2 minutes walk from your house!!! It would take twice as long to find parking!!! :P
delete your 'google' bookmark!!! In firefox and opera, just type your search into the addressbar!! in opera 1010, if it is one word, it looks for a website- if it is two words, it does google (or your selected search engine)
If you think '10.5 / 10.60 works ok' , you have NO CLUE - Just suppose your work gives you a big, comfortable, fast car...
then they 'upgrade' it... much faster yes, BUT NO comfortable seats, only 2 seats instead of four, no CD player, just bad radio.. I am sure you will be as p****d as us due to many missing features!!
A lot of people have given up waiting for opera to get websites working! that is why FF gets more and more popular...
"A lot of people have given up waiting for opera to get websites working! that is why FF gets more and more popular"
I never realised that Firefox's success was purely off the back of ex-Opera users.
There was me mistakenly thinking IE's share had declined and the two were somehow (largely) connected...
No, FF success is mainly due to MS forgetting its users, and IE being full of holes!!! Before safari & google chrome appeared, there were only THREE browsers for windows!!!
FF is historically related to Netscape, so that helped as well as them being very extrovert, stopping at NOTHING to publicize it...
The early FF was very basic, but has much more security, and is updated regularly, unlike IE that is only updated every few years!!
Opera is more for the advanced person, that load 100's of different pages daily... and has a lots of utilities that need an addon in FF....
The problem with the company though, it seems to be very introverted, saying the web advertising and exhibitions are all the publicity it needs....
So most have NEVER HEARD about opera.... and those that have, see the paranoia about very old versions....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
