Nothing really exciting here, I’m in the process of changing my domain / web hosting provider and testing to make sure nothing broke.
The move is complete. I was hosting at Pair.com, but at nearly $200 per year, they are rather expensive. There are several well-respected and better known hosting providers that charge less than half that for roughly the same level of service. I went with HostGator.com.
Java. I do not like it, and I never have. Originally, back when Sun Microsystems owned it, I disliked it because the user interface of applications written in it did not match the “look and feel” of native applications, making for a rather visual jarring experience. Then there was the performance issue of the Java based application having to run through an interpreter in order to run.
Now that Oracle owns it, my problems with Java are security related. I would have assumed that Oracle has some of the most talented and qualified software developers there are, but apparently not. Every single version of Java that they eventually release has major security flaws, and to make matters worse, Oracle intentionally lets them stay that way for months on end because they apparently cannot be bothered to
There was a serious flaw discovered last November – three months ago – (I no longer remember what it is) and Oracle did two things: They acknowledged the flaw and then stated that they had no plans to fix it until their next release, in February. By contrast, Microsoft issues security patches at least once a month (on Tuesdays) via Windows Update, but if the issue is severe enough they’ll issue it immediately, out of sequence.
Today, I saw a notice of another one (or maybe it’s really the same one, the articles I’ve seen on it do not specify). But apparently it’s so bad that the US Department of Homeland Security has gotten into it, advising computer users everywhere to disable Java in their web browsers.
Mozilla, makers of the Firefox browser, has activated a remote security feature in Firefox to automatically disable the Java plugin (when Firefox checks for updates to itself or installed plugins, this will get activated). Apple reportedly is doing the same thing with their Safari web browser.
Me, I’ve gone beyond merely disabling it in my browser, I’ve already uninstalled it, and unless this breaks my ability to use things I have no plans on ever reinstalling it.
My source information for this opinion article consists of these articles:
Experts urge PC users to disable Java, cite security flaw
U.S. warns on Java software as security concerns escalate
Protect against latest Java zero-day vulnerability right now: Mal/JavaJar-B
UPDATE
Oracle has stated that they will fix this, but declined to say when.
I was curious as to how much spam I actually get in a day, so rather than delete it as it came in, I just let it accumulate for a day. There were 90, most of which came in dribs and drabs steadily throughout the “business day”, none at all overnight. This tells me that they are being sourced through a zombie network of infected computers.
Most of these have headers useless for tracing, at least with the tools I have at my disposal since I am not an actual computer security or forensics expert, but they do follow a general pattern that confirms that they come from a zombie network.
The days of “Oh, I don’t need antivirus software” are long gone. While the virus/trojan/whatever that is installing the spambots on your computers are likely otherwise harmless, they are sucking up your computer’s resources, your network bandwidth, your neighbor’s bandwidth, and generally making the online life of everyone less enjoyable because we are receiving the crap that you do not know your computer is spewing out.
There are many reputable antivirus software packages out there, and many that are actaully malware themselves. Personally, I wouldn’t touch Symantec or McAfee’s home products with a ten foot USB cable, but their business software is good. And there are other alternatives, some you can buy off the shelf at Best Buy, some online, some both, and some that is freeware. Personaly, I use the freeware version of Avast!, and I also periodically spot-check with the freeware version of MalwareBytes (do not have two antivrus packages in always-on realtime mode, or trouble will result, but you can have one always-on and one for on-demand scans).
Now that you’ve installed your antivirus software, something that is even more important: DO NOT OPEN THOSE MYSTERY EMAIL ATTACHMENTS! You did not just win the national lottery, the defense minister of that African nation is not asking you to help smuggle $50 million US dollars out of the country, and FedEx is not trying to deliver a package to you via email.
Other things you can do to prevent problems is to not use Internet Explorer. While many applications use Internet Explorer as a back-end display engine (because many software engineers are lazy and Internet Explorer is preinstalled on every Windows machine on the planet), that does not mean that you have to use it for web browsing. There are three common and better alternatives, and several less common ones including Apple Safari (I’m talking about Windows users, not Mac users). The three are, in my order of preference: Mozilla Firefox, Google Chrome and Opera. Why? Because unlike Internet Explorer, these other browsers either have built-in or the ability to install add-ons that make your web use safer and more enjoyable by blocking the annoying ads. And on “some” sites (like porn and pirate software sites), you don’t even have to directly interact with the ads for their malware payloads to be installed on your computer, merely visiting these sites can do that.
Technically old news by now, but it never hit the mainstream media, so far as I know.
According to Salon.com, a group fronted by the Republicsn ultra-Right Wing faction “The Tea Party”, in an attempt to combat the non-existsnt voter fraud in Democratic leaning minority neighborhoods has, in fact, committed voter fraud by forging signatures on forms requesting the service of their “observers”.
Here’s the article: Anti-voter fraud group barred for possible fraud – Salon.com.
Romney staffers stranded when campaign killed credit cards on election night | The Raw Story.
Interesting proof that Mitt Romney apparently does not care one whit about people who are of no direct service to himself. But then again, we already knew that when he made that comment about not caring about 47% of Americans.
These people were people that believed in him and his candidacy, who were actively helping him in the election. The article doesn’t say, but it’s likely that many of them were otherwise volunteers, not paid staffers. And when Romney lost the election, they were discarded like used toilet paper, now forced to pay out of their own pockets expenses that Romney’s campaign should have paid for. I’m not usually one to applaud lawsuits, but I think this deserves one.