Category Archives: Software

I was a happy user of Firefox Privacy extension TACO ever since I met its author, Christopher Soghoian, at a privacy conference. It did one thing really well – block tracking cookies. Regular cookie managers do a bad job of this, because their approach is to delete cookies, when in fact often what one needs to do is locate (often not easy) and then preserve opt-out cookies.

The other day, however, TACO — which stands for Targeted Advertising Cookie Opt-Out — got 'upgraded' and now pops up and offers many optional and proprietary modules by a company I never heard of called Abine. The modules do…stuff…some of which may want to be paid for or might do stuff I didn't want or didn't understand. This all looked more complicated than I wanted. So I'm delighted to learn that someone has forked TACO, putting it back like it was only better. The retro-TACO is available for your enjoyment as Beef Taco.

Note that I'm not saying that the new improved TACO 3.0 is evil, or the proprietary stuff is bad, just that I can't be bothered right now. For more on all this see Forking TACO 2.0 by Beef TACO author John Hobbs, which pretty much captures my feelings and includes a very gracious response by one Rob Shavel from Abine. There's even more at Slashdot.

(Post date corrected)

All hail EFF's new Encrypt the Web with the HTTPS Everywhere Firefox Extension.

A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

So says Adobe's Security Advisory for Flash Player, Adobe Reader and Acrobat. There's a Flash Player 10.1 Release Candidate available that Adobe says “is confirmed not vulnerable”.

This is the advice (for Windows) Adobe Reader and Acrobat:

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader 9.x and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.

The authplay.dll that ships with Adobe Reader 9.x and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

The real fix is some ways away:

We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010.

Then again, I can't recall if I've ever gone to a legitimate .pdf file that had SFW content embedded in it, so I guess I wouldn't miss it.

I love that my email sp*m filter, Sp*mAssassin, has a category called “VANITY” which it defines as “Vanity or fake awards” and assigns 2.1 of the five points needed to be flagged.

And it seems to work. Although weirdly this test is not listed among the official tests performed. (Is it something special for the academic edition?)

It seems there's a nifty new free tool out to explain Where has your Windows memory gone?:

… for us Windows geeks, today is a red-letter day, … RAMMap is a memory analyzer, a lightweight tool (272KB) that gives you a very detailed look at exactly what is your system’s memory is up to right now. It presents its report in a tabbed dialog box whose opening page is a colorful, well-organized bar graph

Download RAMMMap or read more about it.