Droidpocalypse? Josh Drake says no.

Josh Drake, the researcher who discovered the Stagefright vulnerability in Android that lets an attacker hack into an Android device by sending a specially crafted picture or video in a text message, was on the Risky Business security podcast this week to talk about it. What he had to say was interesting.

Patrick Gray, the host, tends to be a pretty outspoken critic of Android and isn’t shy about talking up Apple. He tried to get Drake to say Android is a trainwreck, security-wise, but Drake wouldn’t say it. Drake actually went as far as to say he thinks Android and IOS are fairly close, security wise.

So why do we see so many more Android bugs? Drake had an answer.

Read more

Expect a rough road ahead for Flash

Adobe has patched Flash twice in two weeks now. The reason for this was due to Hacking Team, an Italian company that sells hacking tools to government agencies, getting hacked. Hacking Team, it turns out, knew of at least three unpatched vulnerabilities (also known as “zero-days” or “0days”) in Flash, and exploits for these vulnerabilities were among the things that got breached.

That’s why Adobe is having a bad month.

Read more

Cringely takes on Ashton Kutcher’s movie about Steve Jobs

Mark Stephens, a.k.a. Robert X. Cringely, wrote last week about his disappointment in Ashton Kutcher’s movie Jobs, about the late Apple co-founder and CEO.

Here’s the most important part of his quasi-review:

[S]omething happened during Steve’s NeXT years (which occupy less than a 60 seconds of this 122 minute film) that turned Jobs from a brat into a leader, but they don’t bother to cover that. In his later years Steve still wasn’t an easy guy to know but he was an easier guy to know. His gut for product was still good but his positions were more considered and thought out. He inspired workers without trying so much to dominate or hypnotize them.

Indeed. Read more

Where Microsoft lost its way

John C. Dvorak wrote an analysis of how Microsoft lost its way with Windows 8 this week.

All in all it sounds reasonable to me. His recollection of DOS and some DOS version 8 confused me at first, but that was what the DOS buried in Windows ME was called. But mentioning it is appropriate, because it shows how DOS faded from center stage to being barely visible in the end, to the point where it was difficult to dig it out, and that it took 15 years for it to happen. He’s completely right, that if Microsoft had pulled the plug on DOS in 1985, Windows would have failed. Read more

UEFI on ARM illustrates why we still have to watch Microsoft

UEFI is a technology that forces a computer to only load a digitally signed operating system. This has some security benefits, as it makes parts of the operating system unbootable if they become infected, since the viruses won’t be digitally signed by a reputable vendor.

Great idea, right? From a security perspective, absolutely. The more attack vectors for viruses we can eliminate, the better off we’ll be. But Microsoft’s policy on ARM systems shows how it can be abused.

Read more

Microsoft: No x86 apps for ARM

So, The Register reports that Windows on ARM will not have compatibility with apps compiled for x86. Intel has been saying this for a while, while Microsoft has been mum. So now we know.

There are arguments both for and against having an x86 emulation layer.
Read more

Microsoft sold 400 million Windows 7 licenses; what does it mean?

Steve Ballmer announced today that Microsoft has sold 400 million Windows 7 licenses, but anywhere from half to two-thirds of PCs are still running Windows XP and need to get with the program.

He also continues to insist Windows 8 will ship in 2012, which really makes me wonder why those XP users need to switch now. December 2012 is 17 short months away, and XP support runs until 2014. I see little need to rush out now and buy Windows 7, use it for 18-24 months, and then turn around and buy Windows 8. If XP is fulfilling users’ needs, what’s the hurry? Unless Windows 8 is going to be late, as bad as Vista, or both. But none of that can happen, right?

I’m sure the Windows 8 Police will be along to haul me away shortly for insinuating such things. But until that happens, that 400 million figure lets us do some other interesting extrapolation. Read more

So why are Apple and Google (and Microsoft) tracking us?

So what are Google and Apple doing with this location data? And Microsoft, now that it’s clear they’re gathering it too (but they claim they aren’t storing it anywhere on the phone).

They aren’t saying a lot, but they’ve said enough to take a pretty good guess. And no, I don’t think the intent is to be evil.
Read more

CD-ROM troubleshooting under Windows 9x

Occasionally, a PC’s CD or DVD-ROM drive will stop responding for no known good reason. Sometimes the problem is hardware–a CD-ROM drive, being a mechanical component, can fail–but as often as not, it seems, the problem is software rather than hardware.*
Troubleshooting an IDE CD-ROM drive that quit working is pretty much the same under Windows 95, Windows 95B, Windows 95OSR2.1, Windows 98, Windows 98SE, and Windows Me, whether you have a Compaq, Dell, eMachine, eMachines, Gateway, HP, IBM, Micron, Packard Bell, Sony, or clone PC.**

In an effort to avoid tech support calls about DOS games, most computer manufacturers load DOS-mode CD-ROM drivers in a file called config.sys. This reduces tech support calls but increases the chances of software failure by about a million percent. Open My Computer, navigate to Drive C, and locate the file config.sys. (It might just say “config”.) Rename it to something else.

Don’t reboot yet. Often, this will solve the problem in and of itself, but frequently there’s another problem on Windows 9x boxes.

Sometimes Windows has trouble deciding whether to use the driver specified in config.sys or its own built in driver, so it’ll bluescreen. Then, the next time you boot, it adds a key to the registry that disables the CD-ROM drive entirely and makes the rest of the computer run about as fast as a Studebaker.

Nice of it, eh? To check this, click Start, then Run, and type regedit. Double click on HKEY_LOCAL_MACHINE, then navigate to System\CurrentControlSet\Services\VxD\IOS. You’ll probably see a value named “NoIDE.” Right click on it and select Delete. Reboot. Your drive will likely come back to life.

If neither of these things work, you can determine for certain if the problem is hardware or software through a couple of methods. If your manufacturer gave you a restore CD, try booting off it. Hold down the shift key while it tries to boot in order to prevent it from doing anything nasty to your system–you just want to see if it boots up. If it doesn’t boot, you’ve got a hardware problem. Replace the drive. If it does boot, either try the above directions again, or you’ve got a problem I’ve never heard of.

If you don’t have a system restore CD, you can accomplish basically the same thing with a DOS boot disk. You can get one of those from bootdisk.com. Boot off the disk, pay attention to what drive letter the CD-ROM got (usually D: but it can vary), insert a data CD, and type the command DIR D: (substitute the drive letter that came up if it’s something other than D:). If you get an error message, you’ve got a hardware problem. Replace the drive.

Windows NT, Windows 2000, and Windows XP are immune to the problems I described here. If the drive quits working under one of those operating systems, either your drive lens is dirty or you’ve got a bad drive. Cleaning kits are hard to find and overpriced. As I write, an Artec 56X IDE CD-ROM drive costs $19 at Newegg.com, so outright replacement doesn’t cost much more than cleaning.

* Yes, I realize this is yet another boring troubleshooting entry. Having nothing interesting to say today, I’m writing entries that I know will get me Googlejuice down the road. Analysis of my early stuff and of some of the comments on this site has made me realize there are still some gaps in the Farquhar back-catalog.

** Yes, this is another paragraph written with the express design of getting hits from Google. If you can think of any search term I might have possibly left out, well, that’s what the comments are for.