Firefox 3.6 is here!!

The new version of Firefox is here, and I think you should try it.

If you have been following the news lately about Internet Explorer, you will know that 3 government; France, German, and Australia - have all recommended their populations turn away from Internet Explorer and try something else, at least until they insteall the latest patch.

For most business users, they probably will not get that patch for a long time, since the IT department will have to test it all kinds of ways.  Supposedly, Microsoft needed 6 months to test it.

Might want to sit a few of these Microsoft IE disasters out, and find another browser.

Good time to try Firefox, Chrome, or Safari.  Considering that a new version of Firefox is here, it might be a good one to use for a while.

Stop using Internet Explorer

If you are looking at this web page in Microsoft Internet Explorer, you must not have figured it out yet.  It is dangerous.  It has a backlog of critical security flaws.

Small team of experts outside out Microsoft can find a deadly bug, the one that stole the source code from 34 Silicon Valley high tech companies for example - in a couple of weeks.  Fixing just that one bug takes Microsoft 5 months.  There are lots of those small teams all around the world. You do the math.

Some of those teams are good.  Some are evil.  In the case of this bug, at least one of each of them found that bug.  One team turned in a report of that bug.  Nothing happened.  Until another team, and evil one, figured out that bug and hacked over 30 companies including some very huge ones.

 This week was a mass of contradictions.  Basically, Microsoft was saying things - all the experts were proving them wrong.  Not just saying they were wrong, proving it.

Microsoft indicated they had just found out about the bug recently.  Actually, that is not what they said precisely, that is what it sounded like.  But it was false.  They announced they had started working on the bug in September.  Again, deceptive.

Someone else in Israel announced they had found it, and turned in a report to Microsoft.  Microsoft waited a couple weeks to start working on it.  Couple weeks is the same time it took to find it.  So it was inevitable someone else would be finding it.  They did.  You know the results.

Microsoft indicated they had protective measures built into IE7 and IE8 that would prevent this flaw, which was in them from becoming a problem.  That was false

Their security and privacy manager said that in the UK Monday. The next day researchers announced they had gotten the exploit working in IE7 and published the source code to do it!  That forced Microsoft's hand

All right, upgrade to IE8 they said.  The next day, French researchers announced they had the flaw exploited in both IE7 & IE8 on the newest Windows operating systems.

Even with Microsoft's security measures turned on. In other words, the emperor had no clothes.  The security of IE7, IE8, Vista, and Windows 7 was an illusion.

In the midst of that mess, Google tossed a surprise of its own.  The kernel of Windows - that is like the cereberal cortex, the center of the brain in a person, was flawed.  All versions of 32-bit Windows from 1993-present have this flaw.

The same researcher reported a serious kernel flaw in Linux 5 months ago (a couple of months after he reported the Windows kernel flaw to Microsoft that was ignored).  Red Hat did not ignore the Linux kernel flaw report.  It called the affected parts of Linux to be disabled.  They responded immediately. The disclosure was made August 13, the mitigation recommendation from Red Hat was published on August 14.

Now, we look at Microsoft's response to the the same researcher's announcement about their kernel flaw.  All Microsoft announced was two things.

One, that the flaw exists - and in a roundabout way said if the attacker has a user name and password (or yours) and someone who is logged into Windows executes the code, they can run any code in kernel mode.  The second thing they said, was what the original report sent to them 7 months ago said: disable 16-bit Windows emulation mode.

Maybe I missed something, but it sounds like anyone who can has a username, password, and a program that includes the published code they can do basically anything on that computer.

If so, that basically means no data is safe on any 32-bit Windows computer.  Sure, if someone bothered to set up logs and stuff, and the attacker does not obliterate them, their actions will be recorded or something.

That is one crazy bug.  Have you seen some of the places that are running Windows?  Seems like today, Windows is running on the honor system.  Not a security system.

I harbor a lot of doubts a virus or Trojan will be unable to get someone to give their credentials, or find them Conficker-fashion.

Run any web browser than IE to access the Internet.  Give Microsoft 6 months to clear out their queue of security flaws in IE, and then wait until they have at least 6 more months with no security flaws in IE.  At that point, it might be safe to try it again.  Do not relax before then.   About 30 people in Silicon Valley trusted Internet Explorer.  Look what happened to them.

Firefox 3.6 came out yesterday.  It is very fast.  Has some improvements.  Has been hacked a lot less than Internet Explorer.  Try something other than IE for a while.  Be smart, like the French.  They switched - in the nick of time.

Firefox 3.6 almost here (RC1 was released in early January)

Mozilla started the new year by releasing Firefox 3.6 RC1.

No telling how many RCs (release candidates) there will be.  I have given up trying to predict that sort of thing. I have seen many products go final after RC1.  I have seen others get to RC7 before going final.

I would like to use the new JavaScript interpreter.  Faster performance would be great.  Just as long as there are no memory leaks, security flaws, or stability issues introduced in the process.

No TABLE support in Google Wave yet

Google Wave seems like a pretty nice little service.

So far, it has not exactly rocked my world.  I use it a little for brainstorming and organizing.

I usually hit a wall when I try to be really detail-oriented with it.  I have been using HTML for over a decade and a half to do that.  I am frustrated by Wave in that it cannot do things that are pretty simple in HTML:  tables, numbered lists, and so forth.

Not being able to do tables is particularly bad.  Outlines are okay for simple stuff.  However, when you are dealing with rich information, you need tables.

I understand it is probably possible to do this by programming a Java gadget.  However, this is not super appealing for several reasons.

It adds an extra dependency, making it somewhat brittle in a couple of ways.
It will be obsolete and difficult to convert from when Google finally adds table support.
It is an extra program to have to write and maintain.

Another thing I discovered recently has to do with tags in Google Wave.  You cannot edit them!  As far as I can tell, once you tag a wave you have no way to edit or delete tags.  It just supports adding more tags.  Tags are not delimited by commas when you enter them either.  The data entry field asks for tags, but assumes you will only put one tag in that field at a time.  Tags are not well-implemented at all at the moment.

Google wave still needs more work to make it a super useful tool in my opinion.  You get out of it what you put into it, so long as you do not put very much into it.  This contrasts sharply to other technologies:  word processing, databases, spreadsheets, email, etc.

Adobe released an update for Flash plugin yesterday

Flash was getting attacked again this winter from some of its software vulnerabilities.  Yesterday, Adobe released a new version of Flash to address some of its problems.