Mozilla Releases Thunderbird 17.0.3

February 20, 2013

In addition to the release of Firefox 19.0 yesterday, Mozilla has released version 17.0.3 of its Thunderbird E-mail client, for Linux, Mac OS X, and Windows.   This release corrects eight security vulnerabilities, four of which are rated Critical.  (These are the same vulnerabilities that were fixed in Firefox 19.0.  The two packages share a significant amount of code.)  A bug with handling attachments in the message composition window was also fixed.  More information is available in the Release Notes.

Because of the security fixes incorporated in this release, I recommend that you update your systems as soon as you conveniently can.  You can use the update mechanism built into the software (Help / About Thunderbird / Check for Updates), or you can get a complete installation package, in a variety of languages, from the Thunderbird download page.


Adobe Patches Reader, Acrobat

January 8, 2013

As noted in a preview announcement last week, Adobe has released a Security Bulletin [APSB13-02] for its Reader and Acrobat software.  The bulletin addresses 27 identified security vulnerabilities, and is rated Critical.  According to Adobe, the affected versions of the software are:

  • Adobe Reader XI (11.0.0) for Windows and Macintosh
  • Adobe Reader X (10.1.4) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.5.2 and earlier 9.x versions for Windows and Macintosh
  • Adobe Reader 9.5.1 and earlier 9.x versions for Linux
  • Adobe Acrobat XI (11.0.0) for Windows and Macintosh
  • Adobe Acrobat X (10.1.4) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.5.2 and earlier 9.x versions for Windows and Macintosh

For the corresponding new version numbers, please see the Security Bulletin.

Users of Reader on Windows or Mac OS X can get the new version via the update mechanism built into the software, as can Acrobat users.  Alternatively, you can download an update package for Reader for Windows here, and for Mac OS X here.  Linux users can download an installation package  (via FTP) for the new version.  Download links for the new versions of Acrobat are in the Security Bulletin.

I recommend that you update your systems as soon as you conveniently can.


Smart Meter Interference

November 24, 2011

I’ve written here before about the growing interest in the use of “smart” electricity meters, often visualized as part of a larger “smart grid” initiative.  There are good reasons to pursue this technology: it can enable the power distribution grid to respond more nimbly to changes in the supply and demand for electricity, and help manage demand by introducing variable electricity rates.   But there are also some concerns about the proposed smart grid.  The GAO has identified several areas of security risk. and there is a risk that variable rates might actually decrease the stability of the system ,if implemented incorrectly, by inducing large fluctuations in demand more quickly than the power generators can adjust.

A recent deployment of smart meters to utility customers in New England has illustrated another potential problem area with these devices, according to an article at Security Week.

About 200 customers of the Central Maine Power Company recently noticed something odd after the utility installed smart meters in their homes: in some cases other wireless devices stopped working, or behaved erratically.

These meters use wireless communications in the 2.4 GHz frequency band, an unlicensed bit of spectrum that is also used by WiFi networks, security systems, garage door openers, and baby monitors.   As anyone who has installed a home WiFi network is likely to know, occasional interference and “dead spots” do occur.  Usually, these can be resolved by moving some of the equipment, or by changing the frequency “channel” on which the device operates.  Moving one’s electric meter or garage, however, is not always a practical option, and some devices are preset to a single channel.

(As the article points out, a similar sort of problem is occurring in many hospitals and other medical facilities, stemming from interference between electronic monitors and other equipment.)

As someone who has spent a few hours now and then pulling network cables, I do understand the appeal of wireless connections.  Apart from the convenience of wireless, the hope is that someday, your energy-intensive appliances (say, a clothes dryer) will be able to communicate with the smart meter in order to run at off-peak times when electricity rates are low.  I just hope someone will think this all through a little more carefully than they seem to have done so far.

 


Finding a Better Kilogram

October 12, 2011

I have posted a couple of notes here about the kilogram’s weight-loss problem, and about some of the efforts to develop a new definition of this basic unit of mass.  The kilogram is the only fundamental unit of the SI [Le Système International d’Unités] system of units that is defined by a physical object: the mass of a particular cylinder of platinum/iridium alloy, stored in a vault at the Bureau International des Poids et Mesures [BIPM] at Sèvres, outside of Paris.    The other six primary SI units (ampere, meter, second, mole, kelvin, and candela) are defined in terms of fundamental physical processes.   For example, the kelvin is defined as 1/276.13 of the thermodynamic temperature (above absolute zero) of the triple point of water.  The meter is defined as the distance that light travels in 1/299,792,458 second.   So far, however, no one has come up with a similar sort of definition for the kilogram.

Wired magazine has an excellent article on the two main efforts that are underway to develop a new definition of the kilogram.  One, dubbed Team Avogadro by the author, Jonathon Keats, and based in Brunswick, Germany, at the Physikalisch-Technische Bundesanstalt, is attempting to develop a definition  using a silicon-28 [28Si] sphere containing a known number of silicon atoms, and relating its mass to Avogadro’s Constant, the number of particles in a mole (approximately 6.02 × 1023).  The other, Team Planck, based in Gaithersburg, Maryland at the National Institute of Standards and Technology [NIST], is working on using a watt balance to define the kilogram in terms of Planck’s constant, which relates the energy of a photon to the frequency of its associated electromagnetic wave:

where E is the energy in  joules, ν is the frequency in Hertz, and h is Planck’s constant, whose value is approximately 6.62 × 10−34  joule-seconds.

The folks who are responsible, at places like the NIST and the BIPM, are appropriately conservative when it comes to changing the definition of fundamental units, and it is by no means clear what any new definition of the kilogram might be.  The article gives a good overview of the process, along with some of the history of measuring systems; it’s an interesting read.


The PC Turns 30

August 13, 2011

Yesterday, August 12, was the 30th anniversary of the introduction of the IBM Model 5150 Personal Computer.  It was by no means the first computer for individual customers; the Apple II was available, along with machines from Commodore and Atari, and a variety of machines running the CP/M operating system.  The 5150 used an Intel 8088 CPU, a 16-bit processor with an 8-bit data bus, running at a blistering 4.77 MHz.  The most basic model had only 16 KB of RAM, and no other storage; more advanced models had one or two 5.25 inch floppy diskette drives (each diskette held 160 KB of data), and could use as much as 256 KB of RAM.  It was possible to use either a monochrome text or color graphics display.

The original IBM PC was never a great success in the consumer market, being somewhat pricey, but did get an unexpectedly positive reaction from businesses.  The timing of the introduction was good; spreadsheet programs had recently been introduced (VisiCalc, initially for the Apple II, and then Lotus 1-2-3 for the PC), and were proving to be a popular business tool.  And, of course, the new PC was from IBM, making it respectable to corporate customers.

In the longer term, the PC took off; in part because, ironically, it was not a typical IBM product.  The design had been produced by IBM’s Entry Systems Division in Boca Raton FL, and employed standard, off-the-shelf components.  Furthermore, the architecture of the system was unusually open; the original Technical Reference Manual included circuit diagrams, technical specs, and a complete assembly-language listing of the machine’s ROM BIOS [Basic Input-Output System].  (A site dedicated to the IBM 5150 has a downloadable copy [PDF] of the Technical Reference Manual, as well as some other documentation.)  Taken together, these characteristics meant that other manufacturers could build similar “clone” hardware, and reverse engineer the BIOS firmware, without infringing IBM’s copyrights.  Also, of course, the machine used Microsoft’s MS-DOS operating system (branded as PC-DOS by IBM), which Microsoft was more than happy to sell to the clone makers.

(I had been using IBM computers at work for more than a decade when the IBM PC was introduced, my first real personal computer was a PC clone made by Leading Edge.  I added an internal hard disk to the basic configuration, with a whopping 20 MB capacity.  While I had the cover off, I noticed that all of the memory slots seemed to be populated, even though the machine was sold as having only 128 KB of RAM.  With a little digging, I discovered that flipping a DIP switch on the motherboard gave me an instant 640 KB, which, as someone once said, ought to be enough for anyone.)

Although the original PC was not inexpensive (top-end models could run ~$6,000), the rapid growth of the clone market soon drove the price of hardware down; the open architecture of the system meant that all kinds of add-on products, from floppy diskettes to software, could be successfully sold as “IBM compatible”.  Apple, in contrast, made its own hardware and software, generally elegantly designed, but was unable to match the breadth and vibrancy of the PC market.   Microsoft, of course, benefited enormously from this expansion of the market for MS-DOS, and the opportunity it gave them to supplant IBM as a system software provider.  Ironically, as I discussed in an earlier post on the 20th anniversary of Microsoft Windows, it was the widespread availability of cheap PC  hardware  that made open-source projects like Linux and Mozilla Firefox possible.

Wired‘s “Gadget Lab” blog has an interesting photo essay on the evolution of the PC, starting with an image of one of the early IBM advertisements.


Oracle Releases Java 7

July 29, 2011

Oracle has announced the release of the next major version of Java, Java 7.  The new version incorporates a number of new language features and APIs; more detail is given in the Release Notes.  The new version can be downloaded here.

At present, this release will primarily of interest to developers, and to those who have a portfolio of existing applications that they wish to test against the new release.  I see no reason for ordinary users to be in any hurry to update their systems, until some time has passed, and the new features begin to show up in real-life applications.  It is a fact of life that major new versions of software tend to have at least their share of bugs and problems.  (You should, though,  make sure that your system is running the latest release of Java 6, version 6 update 26.)

In fact, even developers might wish to tread cautiously for a bit.  There is a report at the Apache Lucene project site of some compiler optimization  bugs in the new version.   So be careful out there.


Adobe Security Updates

May 12, 2011

Adobe today released a new version, 10·3·181·14, of its Flash Player, for Mac OS X, Linux, Windows, and Solaris.  (Users of the Google Chrome browser should note that this update is included in the latest version of Chrome, 11·0·696·68, released today.)   The new version fixes 11 identified security vulnerabilities, many of which are rated Critical; further information is available in the Adobe Security Bulletin [APSB11-12].

This is one of four security bulletins issued by Adobe today, and the one most likely to impact typical users.  The other bulletins released are:

The bulletins for these products contain details for the fixes, and links to the updated versions.

You can obtain the new version of Flash Player from the Adobe Download Center; alternatively, Windows users can the auto-update mechanism within the product.  As always, Windows users should note that they may need two versions of the update: one for Internet Explorer, and one for all other browsers.

Flash Player is a very popular attack vector for the Bad Guys; I recommend that you install this update as soon as you conveniently can.


%d bloggers like this: