FLASH Adobe Forward to v10.1

Consider immediately upgrading to Adobe Flash v10.1.Sharable Shortlink

June 10th, 2010 UPDATE:
Adobe dealt with the recent problems in v10.0.x.x of their always-troubled FLASH player by dropping it in favor of releasing v10.1 (Get v10.1 Here). Since this page had recommended doing exactly that four days earlier, anyone following this advice is already protected.
Note, also, that Adobe now says that the troubles with Reader and Acrobat will be allowed to persist until June 29th. So you should follow the recommendations below about Reader and Acrobat if you wish to protect yourself until those are updated.

Flash Broken AgainSECURITY ALERT: The threat posed by the new zero-day (no warning, discovered by its active exploitation “in the wild” against users) flaw in all released versions of Adobe’s FLASH player — on all OS platforms — which can also be vectored through malicious PDF files to invoke FLASH, appears to be growing rapidly.

The bad guys are jumping on this one hard and fast.

Given that Adobe first learned of this problem a little after 10 AM Friday morning, June 4th, and that their quickest previous response to a similar threat was 15 days, the world may be waiting several weeks for a fix from Adobe.

Two things must be done for you to be safe:

• First: The good news is that the next major release of FLASH, version 10.1, is reportedly NOT vulnerable to this attack. Although v10.1′s release is not yet official, it has had seven release candidates and is currently very stable and usable. Therefore, anyone whose Internet usage might subject their machines to malicious FLASH content (depending upon how widely you surf the web) would be well advised to install the next major release of Adobe’s FLASH player, version 10.1, immediately. You can find additional information, and everything you’ll need at the following Abode Labs link:
http://labs.adobe.com/technologies/flashplayer10/

• Second: (Windows ONLY) Both Adobe’s Reader and Acrobat contain their own built-in and equally vulnerable copies of FLASH in a file called “authplay.dll” (and most people have Adobe’s free Reader installed.) This allows PDF documents to contain and “play” embedded FLASH content — even though only malicious hackers ever do that. If by any chance you are still using version 8 of Reader or Acrobat, you are safe. But any 9.x and later versions are vulnerable. Therefore, the best thing to do would be to rename any copies of “authplay.dll” on your system to “authplay.xxx” so that your system won’t be able to find them. Once new versions of Reader and Acrobat are available they will bring a repaired copy of “authplay.dll” and all will be fine (at least until the next vulnerability is found). The “authplay.dll”s are typically found at:
C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.
You may also wish to search your system drive for any files of that name and rename them. Adobe’s vulnerability advisory is available here:
http://www.adobe.com/support/security/advisories/apsa10-01.html

Steve's Sig

Posted in Uncategorized | 118 Comments

Pads ARE Next

They’re being called “Media Tablets,” I call them the future.Post’s Permalink

Announcing my new “Pad-oriented” Twitter Account: @SGpad
I am splitting my Twitter Tweeting into two separate accounts: @SGgrc for non-Pad notes, thoughts, comments, observations and news… and a new account: @SGpad for Pad-specific content — And I don’t mean only “iPads,” I mean ALL pads. If the industry’s new “media tablet” computing phenomenon leaves you cold, please do not follow me at @SGpad — I don’t want to worry that I’m annoying you with endless drivel about which you couldn’t care less. But if you ARE as interested in the birthing of this truly significant new computing paradigm as I am, please DO follow me at @SGpad — and I won’t worry about pad oversharing. :)

It is so rare for us to be present to witness the birth of a major new computing paradigm. But we are at the beginning of one today. “Pads” are no more a passing fad than the Internet. A portable, long battery life, instant-on, color, responsive personal tablet that’s always connected to the Internet makes so much sense. Apple has demonstrated a new product category and most of the world has “gotten it” instantly.

Whether you’re a staunch Apple advocate who waited in line to be among the first to acquire an early iPad, or if you are holding out to see what’s next from Google with Android, RIM’s Blackberry pad, Hewlett Packard’s WebOS pad, or who knows what … pads are happening.

My previous posting “The Obvious Genius of iPad” outlined why I believe the “pad” paradigm represents a major breakthrough for the personal computing industry. You have likely heard by now that Apple sold more than 2 Million iPads in less than the first two months of the device’s availability. Analysts are now scurrying around revising their “numbers” (way upward) in the wake of that news. And we’re seeing a stream of articles by people who, after using their iPads somewhat skeptically at first, have confessed their conversion (much as I did after a few hours).

(I initially purchased the cheapest iPad since “Jobs was not going to get me.” But after playing with it for three hours, I jumped online to pre-order the most expensive one since… “this thing rocks!”)

Again, note that when I say “pad” I am deliberately NOT saying “iPad.” My intention is to use the generic term “pad” to refer to any long battery life (all day), instant on (very long standby), cellular connected, thin (pad-like) portable device which is more oriented toward consuming Internet media than producing it.

Although Apple showed the way with their iPad, this new product category will be getting very crowded very quickly. There will inevitably be many failures along the way, with companies throwing anything they can cook up against the wall to see what sticks. (And, believe me, there will be some real stinkers.) But don’t let the many failures confuse you; this is a bona fide new personal computing category that everyone wants in on, and there will be room for as many players as there have been for laptops … if not more.

I have spoken my peace on the topic for the time being, so I won’t be belaboring the point endlessly here. You know what I believe. If you do want to follow along with my future discoveries and observations, my new Twitter account @SGpad, will make that easy.

Whatever happens, and however it all shakes out, I know we’re in for some great fun!

Steve's Sig

Posted in Uncategorized | 36 Comments

The Obvious Genius of iPad

Thank goodness Apple can’t patent what it got right…Post’s Permalink

…because now the entire world “gets it” and we’re off to the races. In plenty of time for Christmas 2010, Apple’s iPad will only be one among many successful tablet devices.

Why? Because although no one else saw what to do beforehand, everyone can see what to do now. Now it’s obvious. Apple deserves genius-level credit for showing the way, but has no means for preventing everyone else from following. And follow they will. As many as 40 me-too pads are already in the works. They won’t all acquire critical mass, but many will. And many will dramatically undercut the cost of Apple’s higher-end iPads while offering significant additional features.

Pads, “i” or otherwise, can obviously succeed merely by up-sizing a touch-based smartphone OS — just as Apple did. Today we have Google’s already successful Android OS with deployment in smartphones now exceeding that of the iPhone. And we have the might of Hewlett-Packard to bring Palm’s WebOS to market. Both alternatives are ready-to-scale touch-based operating platforms capable of driving any non-Apple pad. And that’s precisely what they’re going to do.

Apple’s biggest problem is that the iPad was only incredible until the first moment of its existence. This explains why the world was instantly split in its opinion of the device. Yes, it’s spectacular, and also … No, it’s not.

Do I love my two iPads? Absolutely — more than any other gadget I can remember. But that’s only because, today, the iPad is the only pad available. A year from now I may well be more in love with an Android- or WebOS-based pad — because it’s the “Padness” that’s the point. And the likelihood of my disaffection from the iPad is increased dramatically by Apple’s self-defeating decisions, such as its obvious war with Adobe creating serious product deficiencies. Steve Jobs exaggerated when he said the iPad gives us the whole Internet. Without Flash, parts of the Internet everyone else has are offline and out of reach. And, of course, Apple’s famously horrible single-carrier (U.S.) choice of AT&T demonstrates just how much pain, and how high a price, the world is willing to pay to have Apple’s goodness. But that undeniable hubris only succeeds in the absence of alternatives.

There can be no denying that Apple does may things right. But in return for delivering world-class fit and finish Apple extracts a steep price from the consumer. And it’s not just the one-time cost of the device at retail, but the ongoing cost of having an important piece of highly used technology locked up behind the wall of iTunes. This operational model made sense when iTunes only provided DRM (digital rights management, i.e. copy-protection) for iPod music. And it still mostly worked after the iPhone and the App store were added. But for a device that is trying so hard to be a computer, locking up the iPad behind iTunes really starts to chafe.

So for the record, to help all of the me-too pads also get it right, exactly what did Apple get right?

• More than any other single thing, what Apple got right about the iPad is its more than twelve-hour battery life. People feeling the heft of the iPad for the first time are often a bit surprised by its weight. It weighs what it does because the iPad is best described as “a large flat battery with a screen.” If you’ve seen photos of the iPad’s innards you’ll have noticed that the entire interior, except for a small processor board, is filled by two batteries. That all-day-sucker battery life, coupled with cellular connectivity, dramatically increases the device’s value and utility.

• Long-term standby or “Instant On” [I added this 6/1/2010 since I forgot it initially!]
Just the thought of waiting to boot a Windows laptop is enough to squelch quick and casual connection to the Internet. So the importance of the iPad’s “instant on” always-ready-to-go availability cannot be overstated.

• The stunning In-Plane Switching (IPS) LCD display is another of those subtle things that Apple’s engineers got right. The color-faithful wide viewing angle of the iPad’s display lends a great deal to the feeling that this isn’t like other screens.

• And the “central committee” design of the iPad’s user interface delivers a uniquely coherent, highly usable, largely discoverable, and infrequently frustrating user experience. This is very important, and it is where the me-too wanna be pads are most likely to suffer: Android based pads, being inherently open and highly ad-hoc, are likely to be, like the Android phones, sort of a mess.

Regardless, non-Apple pads will be here very soon. They will be much less expensive, much less restrictive, loaded with many more features, and could arguably be called the pads for the rest of us. Until then, I’ll be using and loving my Apple iPads, not because they are from Apple, but because Apple was absolutely right about the previously unappreciated need for a large-screen, long battery life, touch-based Internet-connected appliance. That’s all the iPad is; nothing more, nothing less. Not magic, but a touch of obvious genius that everyone else now sees.

Steve's Sig

Posted in Uncategorized | 72 Comments

Facebook and the Ford Pinto

Cold-blooded Calculations for Corporate ProfitPost’s Permalink

The truth is, it is neither a corporation’s mission nor its obligation to serve its customers. A corporation exists as a soulless synthetic legal entity whose singular purpose is to maximize its shareholders’ wealth. This is something the public too often and so easily forgets in the wake of the mind-numbing marketing created specifically to cause us to misunderstand the corporation’s true raison d’être.

McDonald’s doesn’t serve hamburgers to feed us, they feed us to serve themselves.

When tension arises between the needs, rights, and expectations of the corporation’s customers and that corporation’s goal of wealth maximization, simple economics prevails: “What will make the company the most money?”

Anyone who was at least a teenager in the early 1970′s will recall the rather horrific case of the Ford Pinto: When the Pinto was “rear ended” in an auto accident, sharp pieces of the rear bumper system often pierced the gasoline tank, located just inboard of the rear of the car, causing it to catch fire and often incinerating the car’s occupants.

When this seemed to be happening more often than it “should,” it came to light that Ford’s management had long known of this literally fatal design flaw in their car. But many of these defectively designed Pintos had been manufactured and sold. Ford’s infamous “cost-benefit analysis” — subsequently obtained by the press — revealed that the company would be more profitable if it paid the statistically predicted number of wrongful death claims that it knew were likely to arise in the future, rather than recall the Pintos for an $11-per-car modification. That must have been some board meeting.

What does any of this have to do with Facebook?

Just this: Facebook is not working for the interest of its 400 million users. Facebook is a corporation like any other, whose sole mission is to maximize its corporate profits. Unfortunately, the only “asset” Facebook has to monetize is the wealth of personal information that has been poured into the system by every one of those 400 million users. Facebook has understood this from day one, its user community has not.

The public relations disaster Facebook brought upon itself by overreaching and overstepping might not have occurred. They might have gotten away with it. Or it might not have been so bad. Or it might have blown over. Or, or, or. But you can bet your last dollar that what just happened wasn’t a mistake. This was a calculation like any other — a calculated asset leveraging they hoped to get away with.

What was their mistake? They were too impatient. They pushed too far too fast. In retrospect, they would have been wiser to creep these changes out incrementally and more slowly, allowing each one to be digested and giving the world time to grudgingly accept the creeping loss of Facebook privacy and control.

So, that’s what they’ll do now, they’ll fall back to Plan ‘B’.

Facebook still has only one asset — its community’s personal information. Sooner or later that asset will be fully monetized. It now looks like it’s going to be a little bit later.

If you have friends who have been sucked (suckered?) into Facebook, consider helping them out with the valuable and nearly vital privacy settings management tool at: http://www.reclaimprivacy.org. They’ll almost certainly thank you.

Steve's Sig

Posted in Uncategorized | 96 Comments

Steve Gets a Blog!

Yes, it’s true…

Sheesh!   What’s next?   First it was Twitter accounts for GRC and me (@GibsonResearch and @SGgrc respectively) and now blogs for both?  Hmmmmmmmm.  But fear not, the world as we know it is not coming to an end.  er… or at least not for this reason (there’s always the annoyance of the random massive asteroid.)

But no, there does appear to be a method to my madness:

It all began with my wanting some means for letting people follow along with the development of the CryptoLink VPN product, which will be GRC’s next major offering (see the GRC Corporate News blog for additional information about CryptoLink). My plan is to deliberately take a development path that will quickly create a useful and workable product, rather than waiting until the end to have something finished. This approach will allow me to get feedback from early adopting users all along the way, will involve CryptoLink’s users by giving them an active say in the shape of the final product, and won’t make everyone wait years for a totally finished product. (My plan is to add a lot of features, but to do it incrementally with a large number of releases.)

But that approach meant that I needed to have some good means for communicating to an audience larger than the interested subset of people who hang out in the GRC newsgroups.

Another completely separate motivation for these blogs was that GRC’s own eMailing list had grown so ridiculously large (793,975 members at the time of this writing) that it had become impossible for me to send anything out through it without it being instantly shut down for eMail spamming the Internet.

So I figured that if I were to create Twitter accounts I would be able to send out news of updates, and anyone wanting to keep track of what was happening with GRC and me could subscribe to receive notices of updates to this blog. So GRC’s eleven year old eMailing system will soon be migrated to a modern blog-based model.

• Subscribing to this personal blog…
If you are curious to know more about what’s going on with me — a more “behind the scenes” view — you can subscribe to this personal blog (see subscription field in the upper right of this page) to be notified whenever I have posted anything here. You can also “follow” my personal twitterings (tweets) through Twitter at @SGgrc.

• Subscribing to GRC’s Corporate News blog…
For purely GRC work-related information and updates, you can subscribe to the GRC Corporate News blog (at blog.grc.com) to receive notices of any updates I post there. You can also “follow” my GRC work on Twitter at @GibsonResearch.

So, if you should choose to tag along, I think we’re going to have a LOT of fun! And, either way, thank you so much for your interest and support of GRC and of my efforts here.

Steve's Sig

Posted in Uncategorized | 99 Comments