Adobe and Microsoft have released updates to several of their products. Many of these updates address critical vulnerabilities. Here are the fascinating security bulletins:
Update (14 May): Adobe released another Flash player update.
WordPress has released v4.5.2, and it addresses at least two security problems. The developers strongly urge that users apply the update. So if you host your own wordpress blog, have a look at running the update.
Here are a couple of “life in IT” horror stories, both involving desktop scanners. This is to give some idea of what it’s like when things go wrong while working in information technology. These particular misadventures were more frustrating that terrifying.
While my main responsibilities at work involve programming, I’ve ended up helping out with our imaging system. This means that I set up desktop scanners and configure desktop software to interface with the document management software running on one of our servers. I’ve probably done this kind of thing several dozen times. Although it can be time-consuming, it usually goes pretty smoothly.
Last week it didn’t go smoothly.
It was a brand new scanner and a brand new computer. I installed the scanner drivers off the installation CD, told the installer to download and apply the latest driver updates, hooked up the scanner, and configured the software to allow the user to scan pages (things like transcripts, release forms, etc.) into the imaging system. Like I’ve always done, I enabled the image processing feature to do things like deskew the images (that helps if the paper feeds into the scanner a little bit crooked). Every time I tried scanning a page into the imaging system, the desktop software would crash.
I un-installed the drivers, re-installed the drivers, reconfigured the desktop software, and the same thing happened. So I called technical support at the imaging system software company. A very patient technician made a remote connection to the PC so that he could try fixing it. For two hours I watched him do the same things I’d done with the same result.
He finally tried configuring the software without enabling the image processing feature. I saw him skip that step and almost said something about it, but I was tired and didn’t say anything. And of course that time it worked. Then I asked him to enable the feature, we tried it again, and the software was back to crashing. Disabling the feature again made the software start working again. So we left that feature disabled and called it “good enough.”
So as near as we could determine, the only thing wrong was enabling a helpful feature that I’ve used for years.
The other scanner nightmare was a few years ago. This one was a flatbad scanner–the type where you open a lid, put a single sheet of paper on a glass pane, close the lid, and the scanner moves a lamp back and forth under the page, taking a picture of it.
This was an older scanner that had been in storage for a while. That fact turned out to be significant.
I installed the drivers, hooked up the scanner, and tried to scan a page. I could see the lamp come on, and I could hear it trying to move. It made a delightful kuh-KUNK noise, and it was clear that the lamp wasn’t moving back and forth like it should.
This episode also involved a long phone call to the software vendor. In retrospect I probably should have called the scanner manufacturer, but it wasn’t clear to me where the problem was. The help desk at the software vendor has lots of experience with scanners, and I think they must have a room that’s nothing but scanner after scanner sitting on shelves, because they came up with a scanner just like the one I was struggling with–same manufacturer and model.
After an hour or two, the two technicians on the call were finally able to reproduce the problem I was having. I could hear them chuckling as one of them said, “Pick up the scanner and look on the bottom. Do you see a black slider switch with a couple of little padlock icons? And is the switch in the LOCKED position?”
Some helpful soul had locked the scanner when they put it in storage. So I moved the little switch, and was done setting up the scanner a few minutes later.
This is what happens when they put a programmer in charge of things with moving parts. It always ends in tears.
Oracle has release patches to many of its products, most notably Java. Oracle rates this as a critical update to address serious vulnerabilities. So if you have Java installed, head over to Oracle’s catchy Java+You site for an update (or to uninstall). Here’s Oracle’s April 2016 security bulletin.
In the previous post we saw that data breaches in higher education can affect a large number of people, and that state legislatures and university administrations really want this problem to go away. (Spoiler: it’s not going away.)
One result of this is more and more information security audits at universities. Auditors start by reading the university’s policies pertaining to information resources, and then they look to see if the university is following its own policies. The auditors interview people all over the university about the details of their processes, and they portscan networks looking for out-of-date software and poorly-configured servers. They inevitably find fault with the policies and/or some discrepancy between what’s written in policy and what’s actually happening. The auditors write up their findings in a report, and they submit the report to high-level administrators. The administrators read the report and send it (along with some harshly-worded threats) down to the next level of management, and this process repeats until the report finally reaches someone who can actually do something about it (the hapless front-line pukes who administer networks and servers).
Reactions frequently include one or more of the following:
Administrators and auditors have little sympathy for these reactions (however legitimate they may be), and these audits are becoming increasingly adversarial. People at all levels of the organization lose their jobs over these things.
So if you’re writing about a character who works in IT, and you want to increase the tension this character is experiencing, put her through an audit.
It was the second Tuesday of the month this week, so Microsoft has released updates to its products. Microsoft characterizes some of these updates as critical. Here’s the April 2016 Microsoft security bulletin.
Adobe has updated its April 2016 security bulletin from last week’s out-of-band announcement. The updated bulletin adds some new items that need updates.
WordPress has released version 4.5. That looks like more of a feature update than a security update. Still, if you host your own wordpress blog, you should probably update. (If, like me, your wordpress blog is hosted on the wordpress.com servers, you don’t need to do anything.)
And if you happen to run SAMBA on Linux (or similar), you need to run your updates, too. There’s a new man-in-the-middle exploit called Badlock which is getting some attention.
Adobe released another out-of-band update to flash player yesterday. They categorize this as a critical vulnerability. Here’s the security bulletin.
This post is to give an idea of one of the less glamorous parts of working in information technology. Everybody answers to somebody, and sometimes that somebody wants to inspect your work.
Disclaimer: I’m speaking from my own experience, which is in higher education at a public university, and that university is a member of a larger university system. My own chain of commands looks something like this:
And somewhere between #4 and #5 there’s an office of internal audit.
Although my university usually does pretty well, higher education in general has at times had a poor record of information security. The office of inadequate security has plenty of announcements involving higher education institutions.
When an organization experiences a data breach, they frequently don’t discover it themselves. Notification sometimes comes in the form of a phone call from the Federal Bureau of Investigation. The university administrators have to notify the entire university community, and the university typically has to pay for credit monitoring for everyone affected. That can add up quickly, because a higher education data breach can potentially affect a lot of people: students and their families, alumni, staff and faculty (past and present), job applicants, even donors. Larger universities mean larger numbers of people.
Imagine that you’re on the board of regents, and you’re addressing a bunch of donors. Some freaked-out-looking assistant hands you the phone, and it’s the feds telling you that they’ve discovered people selling the names, dates of birth, and social security numbers of thousands of students currently attending the university for which you are at this very moment trying to convince these donors (who are staring at you wondering why you’re talking on the phone and not to them) to cough up money for a new sports facility. Awkward.
So when this kind of thing happens, breach victims (understandably) tend to complain to their elected leaders. State legislatures have taken notice and are increasingly putting the screws to state agencies to get their digital affairs in order.
In the next post we’ll see what security audits are like (and how they affect people who work in IT).
Apple released a boatload of updates a couple of days ago: OS X El Capitan v10.11.4, Safari v9.1, iOS v9.3, and others. So head to the App Store and click on Updates, and then plug in your iPhone and run iTunes. Some details are available on the Apple security updates page.
Did you know that an experienced blind person can use a computer at least as efficiently as a sighted person? If you want to write about a character with a visual (or some other physical) impairment, it doesn’t preclude that character from using a computer.
There’s a whole class of technology that helps people with physical challenges use computers. This is called assistive technology (AT). A lot of AT is focused on helping people with visual impairments, and that will be the focus of this post. But AT helps lots of people: Stephen Hawking is able to use a computer just by moving his cheek.
(The following paragraphs have a couple of YouTube links. If those links no longer work, try searching for “using a screen reader” on YouTube.com.)
People with diminished vision may use a screen magnifier, software which magnifies part of the computer screen. Here’s a short video of someone using a screen magnifier.
A person with little or no vision probably uses a screen reader, software which interprets what’s on the screen. Here’s a video (around 13 minutes long) of a woman using a screen reader. She has the screen reader set to read pretty fast (the reading speed is configurable), and it can go even faster. Someone who is good at listening to a screen reader can consume content even faster than a sighted user reading it off the screen.
I’m a web programmer, and there is a vast array of techniques available to me to make web pages and web applications easier to use for people with certain types of difficulties (especially visual impairments). If you hear someone talking about web accessibility, they’re probably referring to these techniques. I don’t know nearly as much about this as I wish I did, and I quickly feel overwhelmed by the staggering amount of literature on the topic.
Making web pages accessible is important work. And it’s more than just the right thing to do. There is federal legislation requiring it, and there are real consequences in failure: there have been successful (and costly) court decisions requiring Netflix, Target, and institutions of higher education to make their electronic resources available to people with disabilities.
Here are a few simple things you can do to make your web pages more useful:
At the time of this writing, I’m hosting this blog on wordpress.com using their free plan. As such I’m limited in the variety of themes I can use. The theme I selected (the twenty sixteen theme) is pretty bland, but it has better accessibility than most of the nicer-looking themes (which is why I picked it). Even so, it’s not perfect: the share this buttons have poor color contrast. This blog is still an experiment. If it seems successful, I’ll probably upgrade to one of the paid plans which claim to offer greater theme customization.
So if you have a character who’s as blind as a bat, she can probably use a computer even better than some 20/20 mouth-breather.
Carl Welch: Writing Tech 