Google Releases Chrome 27

May 21, 2013

Google today announced the release of a new version, 27.0.1453.93, of its Chrome browser for all platforms: Mac OS X, Linux, Windows, and Chrome Frame.   The new version incorporates some capability iimprovements:

  • Web pages should, on average, load a bit faster (about 5%)
  • The chrome.SyncFilesystem API for access to Google Drive is available
  • Better spell checking and input prediction

The new release incorporates the latest version of the bundled Flash Player, as well as fixes for 14 identified security vulnrabilitues, 10 of which Google rates as High severity.  Further information is available in the Release Announcement.

Because of the security content of this release, I recommend that you update your systems as soon as you conveniently can.   Windows and Mac users can get the new version via the built-in update mechanism; Linux users should check their distribution’s repositories for the new version.  If you need to get a complete installation package, you can download it here.

Update Wednesday, 22 May, 17:35 EDT

Ars Technica has an interesting short article on the changes in Chrome 27.  The increase in page loading speed was accomplished by switching from a per-tab scheduler to a global scheduler, which allows some additional optimizations of network utilization.

Triclosan, Still

May 21, 2013

I’ve written here a number of times over the past couple of years (most recently here) about triclosan, an anti-bacterial and anti-fungal agent that is used in a wide variety of consumer products, including anti-bacterial soaps, toothpaste, deodorant, mouthwash, other cosmetic products, and household cleaning supplies.   The US Food and Drug Administration [FDA] has been conducting a safety and effectiveness review of triclosan for some time now. The review was originally scheduled to be released in April, 2011; last summer, it was promised by the end of the year (2012).  We’re all still waiting.

The Singularity Hub site has an article on this ongoing saga.  It gives a bit more of the history: the FDA issued draft guidelines in 1978, which classified triclosan as “not generally recognized as safe and effective”.  Since the guidelines were never finalized, nothing changed.

The FDA has not given an updated timetable for the release of its review.

Is It Warm in Here?

May 18, 2013

The May 11 issue of The Economist has an interesting, though disturbing, short article on one measure of global climate change: the percentage of carbon dioxide [CO2] in the atmosphere.  This has recently reached a new high in recent history.

AT NOON on May 4th the carbon-dioxide concentration in the atmosphere around the Mauna Loa Observatory in Hawaii hit 400 parts per million (ppm).

Now, 400 ppm does not sound very high; after all, it is only 0.04%.  However, as the article goes on to point out, this concentration of CO2 has not been routinely present since the Pliocene epoch, about 4 million years ago.

The data series  is from the observatory at Mauna Loa in Hawaii, run by the Scripps Institution of Oceanography, part of the University of California at San Diego.  This series (sometimes called the Keeling Curve in honor of the scientists who initiated the project) is of particular interest for two reasons:

  • The observation site is remote from large centers of human population, minimizing fluctuations due to temporary pollution spikes.
  • The observations have been made consistently, at the same place, since 1958.

There is a regular seasonal fluctuation in CO2 levels, tied to plants’ growth cycles.  In the northern hemisphere, levels tend to peak in May, and then fall until about October, as plants’ growth removes carbon dioxide from the atmosphere.

Carbon Dixoide Levels at Mauna Loa

Source: Scripps Institution of Oceanography

The seasonal pattern is clearly visible in the graph.  The more striking thing, of course, is the steady rise in the carbon dioxide levels, an increase of more than 25% over the observation period.  And there is no evidence that the rate of increase is getting smaller.

Social Network Risks

May 17, 2013

Yesterday’s Washington Post has a report on the concerns raised by parents and child advocates about the use of social networks by pre-teenagers.  The story focuses on the photo sharing service, Instagrambut the general issues are relevant to other sites as well: is the site collecting the personal information of susceptible children, and does it do enough to protect them from miscellaneous predators.

The Instagram service is an offshoot of Facebook, the social networking giant, which has about 1 billion users.  The company’s policy requires users to be at least 13 in order to open an account, but the Instagram site does not even ask the user’s age when (s)he signs up.  (The main Facebook site does require a bit of verification, requiring the user’s real name and age; however, the effectiveness of this is questionable, since there is no way to check the user’s answers.)  The result is that many children under 13 have set up Instagram accounts.

There is some reason for concern about this; looking at the site (or at Facebook, for that matter, where I have an account) shows that many users post a great deal of what might be regarded as fairly personal information.  Most readers are probably familiar with news stories of people whose employment or other prospects have been damaged by indiscreet posting and photos on Facebook and other social sites.  Even if one grants that adults have a right to behave like complete idiots if they wish to, it seems reasonable that children, who lack both mature judgment (such as it is) and experience, deserve some protection.

However, people need to realize that, outside the realm of science fiction, this is not a problem that has a technological solution.  Even if it were possible to develop a peripheral device that would automagically detect a persons age, it really wouldn’t solve the problem; all the server on the other end of the transaction can do is to verify that the bit pattern it receives indicates the user is 13 (or 18, or 21).   Were such a device to be developed, I would not expect it to be long before some enterprising teenage hacker produced a “spoofing” device.

Facebook and other social-media sites have said that authenticating age is difficult, even with technology. A Consumer Reports survey in 2011 estimated that 7 million preteens are on Facebook.

It’s not difficult; it’s effectively impossible.

The other thing that all of us, kids and adults, need to remember is how businesses like Facebook work.  It may seem, as you sit perusing your friends’ postings, that you are a customer of the service.  But the customers are actually the advertisers who buy “space” on the service, which has every incentive to provide the customer with as much personal information as possible, in order to make ad targeting more effective, thereby supporting higher ad rates.  When you use Facebook, or other similar “free” services, you are not the customer — you are the product.

Mozilla Releases Firefox 21, Updates Thunderbird

May 14, 2013

Not wishing, apparently, to be left out of the Patch Tuesday festivities, Mozilla today released the next major version, 21.0,  of its Firefox browser for Mac OS X, Windows, and Linux.  This version fixes eight security vulnerabilities, three of which Mozilla rates as critical.  The new version also incorporates some new features, including:

  • Enhanced “Do Not Track” interface
  • Support for multiple providers in the Social API
  • Suggestions on how to improve application start-up time, if needed

Further information on the new version is available in the Release Notes.  You can download installation packages, in a variety of (human) languages.

Mozilla also released a new version, 17.0.6, of its Thunderbird E-mail client, for all platforms.  The new version provides an update to the Twitter API is uses, and also fixes six security vulnerabilities, three of which Mozilla rates as serious.  Further information is available in the Release Notes.  You can download installation packages for all languages and platforms.

Because of the security content of these releases, I suggest updating your systems as soon as it’s convenient.

Microsoft Patch Tuesday, May 2013

May 14, 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are ten bulletins, addressing 32 identified vulnerabilities.    Two bulletins have a Critical severity rating, and the remaining eight are rated Important.   Five of the bulletins are for Windows and its components; every supported version of Windows is affected, and all desktop versions have one or more Critical vulnerabilities.

The remaining five bulletins, all of which are rated Important, apply to other Microsoft software products.   There are three bulletins for Microsoft Office and its components (including Word Viewer).  Microsoft Lync has one bulletin, and there is one for Windows Essentials.

Microsoft says that three of the Windows bulletins will definitely require a system reboot, and the others may require one, depending on the configuration of your system.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for May 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.

Update Tuesday, May 14, 14:40 EDT

According to the folks at the SANS Internet Storm Center, one of these bulletins, MS13-038, which applies to Internet Explorer 8, fixes a vulnerability that is being exploited currently.

%d bloggers like this: