David L. Farquhar on technology old and new, computer security, and more
Well, crud. Not all long passwords are good passwords.
I’ve suspected for a long time that street addresses aren’t good to use–the formula is too simple–but now it seems that even mashing together a sentence into a long password doesn’t work. (That isn’t something I do often, but I’ve done it at least once or twice.) Read more
I helped a friend of a former coworker with his resume this week. He’s looking to get their first jobs in IT, and found it difficult, even though he was applying for an entry-level helpdesk position.
His resume certainly indicated he was educated and able to hold down a job, but that wasn’t quite enough. Here’s what I had him do to beef up that resume to get past those initial rounds of screening and get interviewed.
If you want to quickly and easily calculate the pixels per inch of a display, here’s a useful tool:
Rapid7’s Chief Security Officer, HD Moore, estimated it will take two years for Oracle to fix all of the current issues with Java, not counting anything new that happens in that timeframe.
Futhermore, Kaspersky states that 50% of cyberattacks in 2012 utilized a Java exploit. Among those is the newly discovered Red October.
Think for a minute. Antivirus software is anywhere from 75 to 90% effective. Assuming the worst, that means the simple process of removing Java from your computer does 2/3 as much good as running antivirus software. Of course, you shouldn’t do one or the other; you should do both.
If you have a legitimate need for Java in your web browser, such as commercial intranet applications built with Java, enable Java in one and only one browser, then use that browser solely for accessing those Java-powered web sites.
But the best thing to do is just get rid of Java. And if you have something that uses Java, find something else to use.
It took Microsoft about two weeks to fix a critical vulnerability in Internet Explorer. It took Oracle five months. I never thought I’d say this, but Oracle needs to be more like Microsoft.
Yeah, you can quote me on that if you want.
But until Oracle gets religion on security like Microsoft did around 2002, we really have two choices: Avoid Oracle products whenever practical, or keep getting hacked. I’d rather you not choose the latter option.
Now Asus is jumping into the sub-$150 tablet range too, but with a device that’s much more subdued than what Polaroid and Archos are offering.
It appears to me that Asus is trying to remain mid-tier, and hope that name recognition and reliability advantages (whether perceived or real) keep their tablet in the game.
Their $149 Memo Pad has a 7-inch 1024×600 display and a single-core VIA WM8950 CPU, running at 1 GHz. It will be running Android 4.1 Jelly Bean, and has the precious microSD card slot, which accepts up to a 32 GB card. Read more
I like the idea of a really big tablet, but I think Viewsonic and I have different ideas of “really big.”
This week Viewsonic announced a 24-inch Android 4.1 tablet. Read more
Internet pal Rob O’Hara wrote last week about why he hasn’t published a book in five years. The resulting discussion has the potential to get ugly–not that I think it will, but the potential is there. Writing about writing, and criticizing writing, is difficult.
I don’t have the solution–I can just tell you it’s difficult.
I’m making some minor updates to the stylebook that my workplace’s technical writers use, and I ran across a weird problem. Some, but not all of the numbered headings had the numbers mashed up against the text. It didn’t the last time I looked at the document, but, guess what? That was when we were still running Word 2007.
It took some investigating, but I traced the problem to the margins. For some reason, Word 2010 decided to apply custom margins of 0.38 inches on the left and 1.0 inches on the top, bottom, and right. Moving the margins back to something more conventional fixed that issue for me.
In case you haven’t seen, there’s a terrible unpatched vulnerability in Java right now that baddies are using to install randomware on PCs. Then, this morning, I saw that Oracle has known about this vulnerability since August, and hasn’t bothered to fix it properly yet. That should be criminal negligence, but the rules are different for billionaires.
Of course, I’ve been saying for ages that we’d all be better off if we just uninstalled Java completely, but I know very few people who’ve done it, out of fear they’ll break something. (Those same people often refuse to patch Java, out of the same fear.) I was trying to figure out why anyone would want to run Java these days anyway, and then I saw this quote, via David Huff:
“Given a choice between dancing pigs and security, users will pick dancing pigs every time.” –Edward Felten and Gary McGraw
That explains everything. Java is exceptionally good at making animated dancing pigs.
All of the major sites are recommending that you disable Java in your web browser. I continue to recommend just uninstalling it entirely, since Oracle is more interested in dancing pigs than in security.
Ars Technica has a story about SSD news coming out of CES.
Basically, they’re predicting that the big news this year will be consolidation and lower prices. That may be bad news for someone who writes about SSDs for a living (I don’t), but good news for consumers. Read more