I’ve mentioned Asus parental controls on its Android tablets such as the Memo Pad 7 HD, but never elaborated on them. Here’s how I set them up and why, so you can make your own decisions about how best to set an Asus tablet up for the child in your life.
So the sales fliers for the 2014 Christmas shopping season are out, and I’m seeing tons of cheap laptops. If you only have $200 to spend, they have something for you.
Some of them look like they’re even worth having. Yes, I’m shocked too. Here’s how to figure out which ones are worth taking home, and which ones are best left for some other sucker. Whether you’re shopping for yourself or someone else, you’ll probably want to keep the following in mind.
Back in the spring I bought a used computer. My wife wanted one, and while I probably could have cobbled something together for her, I didn’t have any extra Windows 7 licenses. So I bought a home-built Pentium D-based machine with Windows 7 on it from an estate sale for $70. The Windows license is worth that, so it was like getting the hardware for free.
When I got the hardware home to really examine it, it turned out not to be quite as nice as I initially thought. It was a fairly early Socket 775 board, so it used DDR RAM and had an AGP slot, limiting its upgrade options. The system ran OK, but not great, and it was loud.
The hard drive was a 160 GB Western Digital IDE drive built in 2003. That’s an impressive run, but a drive that old isn’t a good choice for everyday use. It’s at the end of its life expectancy and it’s not going to be fast. This weekend I got around to replacing it with an SSD. Read more
I’ve been having problems with Firefox for a while now–crashes and other odd behavior. I’ve put up with it for a while, but I shouldn’t have to. It turns out the fix is very easy, but non-obvious.
Mozilla’s documentation is abysmal. When you move stuff around for no reason, change your docs to reflect the move, so people can find what you’re talking about. Or better yet, leave well enough alone.
If you actually want to fix the problem, don’t fiddle with the menus. Do this:
- Type about:troubleshooting in the address bar
- Click “Reset Firefox” in the upper right corner Read more
In the wake of Truecrypt’s sudden implosion, someone sent me a link to this curious blog post. I can see why many people might find the timing interesting, but there are a number of details this particular blog post doesn’t get correct, and it actually spends most of its time talking about stuff that has little or nothing to do with Truecrypt.
What’s unclear to me is whether he’s trying to say the industry is deliberately sabotaging Truecrypt, or if he’s simply trying to make a list of things that are making life difficult for Truecrypt. His post bothers me a lot less if it’s just a laundry list of challenges, but either way, the inaccuracies remain. Read more
I probably ought to know better than the venture into the topic of web browsers by now, but since I stepped into it Friday, I guess there’s no point in staying in the shallow end.
The problem with web browsers is that they all require you to trade one thing for another, and if anything, that’s more true today than it ever has been before. Read more
A week or two ago, Chrome quit working–I would launch it, and EMET would give me a message that it detected Caller Mitigation. It turns out that particular setting isn’t compatible with Chrome 35 and up.
The fix is easy. Launch EMET, click “Apps,” scroll down to Chrome, and uncheck the 10th item from the left.
Google doesn’t recommend EMET because Chrome already does most of the things that EMET forces, and the EMET mitigations that Chrome lacks can be bypassed. To me, that doesn’t make them worthless. It filters out the unsophisticated attackers. And if you make the advanced adversary make the attack more complex, there’s a greater chance of being caught. Security isn’t about preventing everything–you can’t–but you can raise the stakes.
That’s why I disabled Caller Mitigation and keep EMET enabled on Chrome.exe.
I also saw this week that Google is working on a 64-bit version of Chrome for Windows. Finally! Once it comes out of beta, that’s something I’ll be installing. That may be what makes me change allegiances from Firefox.
I’ve been listening to Patrick Gray’s coverage of the AusCERT security conference, and I walked away with two major takeaways, one for security professionals and one for everyone.
Everyone first: Use SSL (https) everywhere you possibly can. Generate superfluous https traffic if you can.
Network professionals: Block as much UDP at the firewall as you can.
Read on for more. Read more
This week Microsoft disclosed a critical 0-day flaw in Internet Explorer. Microsoft is considering an out-of-band patch, but regardless of when the patch gets released, no Windows XP patch will be coming, except for the companies and governments who are paying a large fee for end-of-life support.
This was about 20 days later than some people estimated, but now it’s happened. The mitigation is to run EMET. But in the long term, getting to a new version of Windows is the only viable option. You can do this on the cheap if you need to.
While we’re talking about browsers, Chrome has the most CVEs associated with it, making it numerically the least secure of the browsers, but they have the fastest time to patch, by far, so the numbers are very deceiving. So using Chrome isn’t a bad choice, especially on XP where Internet Explorer is out of date and forever EOL.