Google Releases Chrome 13·0·782·112

August 9, 2011

Google has released a new version, 13·0·782·112, of its Chrome browser, for all platforms (Linux, Mac OS X, Windows, and Chrome Frame).  This release incorporates the new version of Adobe’s Flash Player.  More details are available in the release announcement on the Chrome Releases blog.

Windows users  should  get the new version via the built-in automatic update mechanism; you can verify that your system has been updated by clicking on the tools menu (the little wrench), and then on “About Google Chrome”.  Linux users can get the updated package using their distros’ usual update tools.


Adobe Patches Flash Player, AIR

August 9, 2011

Adobe has released new versions of its Flash Player and AIR software for all platforms (Windows, Mac OS X, Linux, Solaris, and Android), to address 13 identified security vulnerabilities.  The affected software versions are:

  • Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 10.3.185.25 and earlier versions for Android
  • Adobe AIR 2.7 and earlier versions for Windows, Macintosh, and Android

The new version of Flash for Windows, Mac, Linux, and Solaris is 10.3.183.5; the new version of Flash for Android is 10.3.186.3.  The new AIR versions are 2.7.1.1961 for Android, and 2.7.1 for all others.  Further details, including information on the vulnerabilities addressed in this update, are in the Adobe Security Bulletin [APSB11-21].

Because of the security content of this release, I recommend that you install it as soon as you conveniently can. Adobe has characterized this as a Critical update.  Users of Windows, Linux, Mac, and  Solaris systems can obtain the new version from Adobe’s download page; Windows or Mac users should also be able to get the new version via the product’s built-in update function.  Users of Android devices will need to get the update from the Android marketplace.

Windows users who use browsers other than Internet Explorer should note that they will probably need to get two new versions: one for Internet Explorer (ActiveX), and one for everything else.

Update Wednesday, 10 August, 10:10 EDT

Adobe has also issued security bulletins and patches for the following products:

  • Shockwave Player
  • RoboHelp
  • Flash Media Server
  • PhotoShop CSS

This summary page has links to the individual bulletins.


Microsoft Security Bulletins, August 2011

August 9, 2011

Once again, it is the second Tuesday of the month, and time for Microsoft patches.  This month, there are 13 security bulletins (eleven affect Windows, one is for Office, and two affect Microsoft’s developer tools), which address a total of 18 identified vulnerabilities. All supported versions of Windows are affected; for a breakdown of bulletin severity by Windows version, please see my preview post of last Thursday.  More details and download links are in the Security Bulletin Summary for August 2011.

Microsoft says that eight of the Windows patches will definitely require a reboot, and the other patches may require one, depending on the configuration of your system.  As usual, I recommend that you install these patches as soon as you conveniently can.

Update Tuesday, 9 August, 20:12 EDT

The good folks at the SANS Internet Storm Center have posted their usual analysis of this month’s patches, along with their severity ratings.


Too Clever by Half ?

August 9, 2011

Earlier this summer, I posted a note here about the smart grid initiative announced by the White House Office of Science and Technology Policy.  In order to increase the proportion of our energy use supplied by renewable sources, such as wind and solar power, we need a power distribution system (the grid) that is more responsive to changes in the availability and relative cost of power, because these renewable sources are subject to natural fluctuations: some are predictable (the sun will set this evening), some (it may get really windy this afternoon) not so much.

The adoption of smart grid technology is not without its potential pitfalls.  In January of this year, the US Government Accountability Office [GAO] issued a report warning of the security risks involved.  I’ve written about some of the security concerns specific to smart electricity meters.  The MIT News site has posted a report of some new research, pointing out another potential problem with a grid that is “too smart for its own good”.

One of the potentially attractive consequences of having a smart grid is that consumers could be provided with information about the varying cost of energy throughout the day, in different seasons.  The idea is that the customer might choose to run certain energy-intensive appliances (like a clothes dryer) at off-peak times, when electricity would presumably be cheaper.  Time-varying rates (typically, cheaper at night) have been tried in some places, and have resulted in some smoothing of electricity demand.  But a really smart grid could, in principle, deliver varying price information in close to real time.

One envisioned application of these “smart meters” is to give customers real-time information about fluctuations in the price of electricity, which might encourage them to defer some energy-intensive tasks until supply is high or demand is low.

However, the MIT researchers found [paper PDF] that there is a risk of making the system too responsive.

Recent work by researchers in MIT’s Laboratory for Information and Decision Systems, however, shows that this policy could backfire. If too many people set appliances to turn on, or devices to recharge, when the price of electricity crosses the same threshold, it could cause a huge spike in demand; in the worst case, that could bring down the power grid

Although the pricing information can be delivered quickly, the utility cannot necessarily respond to changes in demand quickly.  It takes time to start up or shut down a coal- or gas-fired power plant (these restrictions are called “ramp constraints”).  Moreover, events in other markets that feature nearly real-time information show that instability is not just a theoretical concern.  The “flash crash” in the equity market in May, 2010 is one example.

The authors do find that there are some relatively simple changes to reporting mechanisms that could reduce this risk.  Their paper is highly technical, but a first step might be to present a “smoothed” price value to consumers, so that short-term fluctuations would not lead to instability.  The authors suggest that, down the road, a market with more complete information, including information on customers’ preferences, could lead to even better results.

There is still a good deal of work to be done on resolving these issues; I hope it is done before, rather than after, the smart grid is fully implemented.


%d bloggers like this: