Java Defines Software With Bad Manners

Java_Logo

Every day as I turn on my computer I confront a roadblock. A Windows message dialog box pops up asking if it’s OK to run jusched.exe. Windows doesn’t say, but I know this is the Java updater. It’s looking for permission to check and see if Oracle has issued a new Java version (or subversion).

Enter “Java security” into Google for an eye opening revelation. Java is so insecure it’s commonly used as an easy pathway to infect your PC.

From PC World: A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.

“We observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed,” FireEye researchers Darien Kindlund and Yichong Lin said Thursday in a blog post.

I’m pretty sure Helaine’s laptop was infected twice a few years ago through a Java vector!

Java Update ad for McAfee Security ScanHere’s the takeaway. Even after 17 updates (two more since the PC World article ran), Java 7 has more holes than Swiss cheese. Each update must be downloaded and installed. And, as the screencap on the left shows, each encourages you to also download and install McAfee software. In the past the Java updater has promoted Ask.com.

“Install the Ask Toolbar and Make Ask my default search provider”

Oracle, the current owner of Java, makes money by promoting products like Ask.com and McAfee. There is a financial incentive for Oracle to keep pushing out updates, even if they continue to leave Java vulnerable!

Every time the jusched.exe box appears I get a little more ticked off. If Java can’t be made secure, let’s move to something else. If Oracle must continue sending out updates, let them bite the bullet and refrain from using it as an advertising platform.

Java has become software with bad manners!

I’m About To Perform The Great Linux Experiment On Helaine’s Laptop

I can reload Windows XP and take the chance of it happening again or just maybe I can switch her to the virtually virus free Ubuntu Linux.

Helaine’s laptop is infected again! Though I’ve removed most of the infection her browser is still being hijacked. Google results bring spammy non-Google ‘search’ sites. There’s surely stuff I can’t find. Other functions like sound are no longer reliable.

This virus is so good it managed to shut off Microsoft’s own Windows Security Essentials program! Thanks Bill.

This is not Helaine’s fault! Considering where I found most of the infected files it looks like she was fed an infected Java jar. It probably came from an otherwise trustworthy website via an infected ad.

A day after the infection Java posted one of their ‘too damn often’ security updates. Come to think of it Microsoft was in the midst of rolling out Security Essentials 2 then too. Coincidence? I think not.

I have two choices. I can reload Windows XP and take the chance of it happening again or just maybe I can switch her to the virtually virus free Ubuntu Linux.

She was at first skeptical. OK, she was skeptical at second too. Linux sounds geeky.

Certainly there will be a different look and different programs to use. Her browser will remain the same. Her email program will change.

Helaine is primarily a web browser. She doesn’t run very many discrete programs. Those she does use have native Linux versions or claim to run through WINE the Windows emulator.

Linux comes with a ‘live’ version allowing a quick try without committing to an installation. I loaded the CD and it works.

Tonight I’ll back up Helaine’s files and install Ubuntu. Wish me luck.

Better still wish Helaine luck.

Confessions From An iPhone App Slut

They do a lot, but I suspect they would do more if there wasn’t such a stringent approval process from Apple–the controlling psychotic girlfriend of computing.

apple-iphone-3g.jpgAfter a few weeks with my new toy cellphone I am an iPhone app slut. There, I’ve said it. It’s out in the open now.

Apps are the little plug-in programs that extend the functionality of the iPhone. They do a lot, but I suspect they would do more if there wasn’t such a stringent approval process from Apple–the controlling psychotic girlfriend of computing.

Most paid apps cost $.99, though they do go higher. There are thousands of free apps too. In my role as an app slut I hardly ever pay. Of the dozens I’ve installed my total expenditure is still around $5.

Many of the apps take websites and customize their content for the phone’s smaller screen. We’ve got one (a very good one–no BS) at the TV station. The Times, Huffington and lots of other publishers have them too. I also have a few for weather data.

Oh–speaking of that the iPhone has no Flash or Java plug-in. That’s a major deal. There are a few weather applications I use daily which need Java&#185. I am suspicious this too has a lot to do with Apple’s control freak mentality.

Apple also prevents apps from running in the background. That means a GPS logger only logs when it’s the only thing running! Answer a call or look at an email and you have to restart the app. Maybe there’s a technical reason for this, but we’ve all come to expect multitasking and Verizon is heavily promoting it’s Droid’s ability to do that.

When the Google Map product just announced for Verizon’s Droid phone gets ported to the iPhone it will surely need to be downloaded as an app. This will happen. It probably won’t happen until the Droid has received the full benefit of its exclusivity and coolness.

I was playing with using the iPhone as a radio in the car, bringing in the NPR shows I like without the static I now get. My idea was flawed because NPR’s app is horrendously flawed (after using it a minute or two the buttons become extremely unresponsive) and Internet reception can sometimes be spotty.

Even if you lose the signal for just a second or two the NPR stations’ software sees this as a new connection and gives you a pre-recorded underwriting spiel before restarting the program. Sheesh!

On the other hand I’ve taken photos with the iPhone’s reasonably good camera (using an app called Tripod to steady the shot in low light) and had them posted on Facebook (using its app) seconds later. Very cool.

I downloaded the Joost app last night. It’s a video service claiming 46,000+ videos.

Don’t let the numbers fool you–that’s not a lot.

I watched a black and white Lone Ranger episode I’d watched as a kid. Even then I recognized very distinctive rock formations that amazingly showed up in every town the Ranger and Tonto visited. They were there last night! Now, with the Internet, I understand most of the episodes were shot in LA’s Griffith Park.

Joost suffers from what every video site suffers from–bad search. There’s just no good way to search video yet. That’s not an iPhone specific problem. Netflix and Hulu and, to a lesser extent, Youtube haven’t figured this one out.

The iPhone is a very good video player. It’s large enough, with a display dense enough, to make viewing a full show a reasonably enjoyable experience.

My secret friend from the San Fernando Valley said last night, “It’s the best toy I’ve ever had.” That’s a defensible position. This is a lot of fun and a lot of function.

I’m curious if Verizon/Motorola/Google’s entry into the market will force Apple to loosen up a little? I believe there’s a lot of potential being held under wraps, because even though I’m an app slut, Apple isn’t!

&#185 – Java is not javascript nor are they similar (One upper case, the other lowercase). The iPhone does javascript.

Google Chrome

With Chrome your javascript execution is going from a Model-T to a F/A-18. Like I said, it’s really noticeable.

I’ve been playing around with Google’s Chrome browser. I’ve used it at home where it sometimes replaces Firefox which always replaces Internet Explorer. In and of itself this isn’t a big deal. I’m a geeky, nerdy-boy. You would expect me to dabble in new tech that’s still in beta.

The reason I’m telling you (hopefully for your own sake you’re less geeky than me) is there is a difference in browsers–a difference you can notice. Chrome is crazy fast.

From what I hear the real slowdown in most web surfing is javascript. That’s a computer language sent from a website but executed on your machine. It is the real bottleneck on the web. With Chrome your javascript execution is going from a Model-T to a F/A-18. Like I said, it’s really noticeable.

At work where my desktop machine is old, slow and runs Xubuntu Linux, Chrome has added new life. That’s especially true with Gmail, a site heavy on javascript and a site I’m constantly checking.

Chrome isn’t without its problems. There are few plugins currently available for it. I use plugins with Firefox to extend my browser’s capabilities and miss them. On the Linux machine I haven’t yet figured out how to load Java (completely different from javascript) or Flash. It’s possible it’s not yet capable of running Java and Flash.

Chrome is not quite ready for prime time, but there is a great deal of promise.

You would assume by now browsers would be mature technology with little low hanging fruit. As it turns out–no.

Need Help With Craigslist–Just Ask Craig

I suspect he is the customer service guy because he understands how important customer service actually is… and because his name is on every page.

I find Craigslist fascinating. It is the perfect example of a game-changing company. Not to be a Luddite, but Craigslist has something to do with the sorry of state of newspaper finance–one of the games it’s changed!

Stef, in the midst of looking for a job, has been scanning Craigslist. If you haven’t looked for a job in a while, it’s a ‘don’t miss’ spot.

Today she saw something that looked interesting. On the Craigslist posting was a link asking her to click to apply. Instead of the link taking her to the job listing’s particulars she ended up on a page promising her more info on this and other jobs if she paid to join the site.

Basically the company making the posting was using Craigslist to bring traffic and revenue to their site. That doesn’t seem right. I can’t imagine that’s how Craigslist was meant to be used, so I wrote them. Actually, I wrote to Craig himself via Twitter.

Craig is Craig Newmark. He could be fabulously wealthy… if he’d only ‘monetize’ his website. That’s not who Craig is.

From Craigslist.org: “Craig is a hardcore Java and Web programmer who grew up wearing a plastic pocket protector (?) and thick black glasses, taped together, the full nerd cliche. “

Craig doesn’t run Craigslist. He does handle its customer service. I tweeted.

geofffox @craignewmark My daughter, looking for job. http://bit.ly/uyqb5 has “apply now” button which leads to pay site. Is this Kosher on ur site?

I used each of my 130 allowable characters! A few minutes later Craig responded

craignewmark @geofffox doesn’t sound right, will take a look.

I don’t know Craig, though we’ve traded tweets in the past. I tried to help him with a weather problem while he was flying from New York City. I suspect he is the customer service guy because he understands how important customer service actually is… and because his name is on every page.

Google Does It Again… Though Not For Me

What a tease! Google has brought out some cool, new technology and it doesn’t work for me!

Here’s what I’m talking about.

Google has replicated many of its full sized web applications for the tiny screens on ‘smart’ cellphones. One of the coolest ported applications is Google Maps. I’ve actually used this more than once.

It’s just as full featured as the Google maps you see on line – just smaller. As you scroll the map, new panels are downloaded off the Internet. It’s ingenious. And, just like Google Maps online, you can have it route a trip.

It’s possible to ‘mate’ this app with a Bluetooth GPS receiver (and wouldn’t I be King Nerd to do that) and have it position the maps and move them across your screen, keeping pace as you drive. I’ve seen some of these pocket sized GPS receivers advertised for under $30.

Of course that’s not enough for Google! They’ve taken it one step further. They’ve figured out a way to have this map program find its way without a GPS receiver. Neat trick.

Since the maps are running in a cell phone, Google looks at which cell towers are being received, figures out where they are and triangulates!

It’s not as accurate as satellite based GPS, but it’s not too bad. You can be located within a few blocks. With the maps on your screen, a few blocks is close enough… or it should be.

As I said, there’s an unfortunate problem. It doesn’t work with my phone!

I’m not 100% sure, but I think it’s because my Samsung Blackjack uses a strange version of Java which is problematic in many cases. It’s a ‘me’ problem, not a Google problem.

Is there a workaround? Probably. I’ll be looking for it.

Meanwhile, I’m impressed by Google… and more than a little bit envious.

Another Computer Repair

I went to dinner by myself last night. Helaine and Steffie are away. At work all the usual suspects were otherwise engaged. I headed to the Greek Olive.

After my omelet, I schmoozed a little with Tony, the owner. Somehow we got to talking about computers and he showed me an old laptop he had which he had been told was incapable of going on the Internet.

Sheesh! This is such a big crock. The amount of money spent on new hardware for little purpose amazes me. Usually it’s a machine that has slowed down. The owner figures it’s worn out. It doesn’t work that way.

There’s no doubt, in today’s environment this machine is slow. But, for Internet surfing and reading email, it’s fine. Well, it’s nearly fine. It needs about $20 in additional memory. I’ll get to that in a minute.

To me, seeing an unused computer is like having a puppy follow me home. I am unable to help myself.

The first thing I normally do is look for the computer online to see if anyone else has any advice which will make my job easier. A label on the cover says “Viva Book Hand Technologies.” That was worthless. Nothing showed up on Google.

Imagine how obscure a laptop must be to not even show on Google! After all, this is Google, where even typos can bring thousands of hits.

The bottom panel of the laptop had a little more info, including the FCC ID number. That wasn’t much help, but it was some. The manufacturer, long since gone, was located in Taiwan. The laptop had been sold under a few names including ILUFA and Chaplet as the M175.

It has an AMD K6 processor running at 300 mHz. There is 32 mb of RAM. That’s very little (which is why I’ll order Tony some more). The hard drive is 3 GB. That’s tiny, but only if this machine is going to be loaded with programs. As a barebones mail and web machine, 3 GB will suffice.

I copied the license information down and reloaded the operating system from scratch. Then I went to Microsoft and ran all the updates.

Though the laptop is the computing equivalent of one of my Dell laptops, it was very sluggish. I ‘borrowed’ a 64 MB memory stick and threw it in. Still sluggish.

When I scrolled the screen it was painfully slow. Text rippled from top to bottom instead of smooth motion. That is a warning sign that the video driver is no good. I went to the Device Manager in the Control Panel and, sure enough, a generic video driver was being used and a warning was posted.

I installed Belarc adviser, an excellent program that scans and reports on your hardware and software. It could identify the video system. Then I looked at what was being reported to Windows. Just some gibberish and coded data that I couldn’t uncode.

If the manufacturer were still alive… or if this had been a popular model, I’d be able to go to school based on other people’s queries. There was nothing.

I went to Drivershq, loaded up their Driver Detective and hoped for the best. Bingo! The video system was an old Chips and Technologies device. C&T doesn’t exist anymore, but their drivers live on.

Before long I had the drivers going and the screen responding pretty quickly. Make no mistake. This is not a speedy machine. It’s an ‘it will do’ machine.

Right now, I’m finishing up by installing Flash, Java, Adobe Reader and a few other things Tony will need. Then I’ll go back and ‘strip’ the operating system, turning off programs and services he doesn’t really need which only serve to make a system like this more slovenly than it needs to be.

This will never be a P4 3.8 gHz machine – but it doesn’t need to be. On the Information Superhighway it’s a 1996 Chevy Cavalier – and most of the time that’s plenty.

The Geek In Me Speaks – VI

Here’s the status as I get ready for bed. Mandrake Linux is up and running. The laptop has no sound. There is neither Java or Flash with the browser. The wireless LAN is perfect, though I have no idea where I administer it from. I haven’t tried a wired NIC card yet. Printing over the network to my laser printer works.

I have lost both my taskbar and icons. The icons were part of a bug that I may have fixed. I followed info on Mandrake’s knowledge base. I have no idea why the taskbar disappeared, but not having it makes it difficult to do anything… including reboot. Once I did that, the taskbar was back.

I have installed OpenOffice, Gaim and Mozilla – none of which seemed to come with the distribution natively.

I hope this isn’t too boring.

What’s That Bright Star Over Branford?

I can’t tell you how often someone will call or write to ask me to identify a star. I don’t know quite enough to be dangerous, so it’s off to some site to research the sky.

Now, Sky and Telescope has opened up their Java mapping applet for direct linking. So, all I’ll have to do is click here and voila, Connecticut’s sky. And, it’s customizable.