Sunday, March 17, 2013

Abandon Hope all ye who log into the Web…


I really shouldn’t have read Bruce Schneier’s CNN Opinion post over the weekend: The Internet is a surveillance state

I’m not a tinfoil-hat wearing guy…Stetson is more my thing, but I think he makes a valid point. The rate at  which we generate capturable data in our daily lives continues to get easier and easier. Almost every local or national store I do business at wants to capture my email address or phone number. More than a few look offended at me when I decline to immediately sign up for a “consumer rewards” card at checkout.

Our ISP’s and our cellular providers likely capture more data about our web-habits, our locational habits, and all points in between.

I seriously doubt we could successfully fly “under the radar” even if we ditched all things electronic, because even if we don’t directly create “data track patters” via digital activities, our “off-line” actions would continue to get logged by others who remain plugged in.

I’ve come to accept that -- even it my head is dizzy from the constantly accelerating pace of data collection we subject ourselves to -- what really, truly, frightens me are the following things;

  1. Others who collect that data just don’t seem to be able to keep it secure.
  2. The personal consequences for data loss/theft/abuse become larger and more catastrophic in impact.
  3. More and more people seem to just not know or care about data collection or protection.
  4. Data collection to these business, organizations, entities seems to be a right -- not a privilege.
  5. Your rights to control (and knowledge about) the data collected on you seems to get more and more removed from your ability to do anything about it.

In many people’s minds it has just become another price to pay for the privilege of eating at the trough.

The consumers are the consumed. Reminds me of a digital version of a certain classic film.

Bruce’s well composed post reminds us in IT…gatekeepers, sysadmins, for/sec incident responders, and policy makers that our own cry should be “Data is people!”  And never, ever forget it.

Filed under “Oh Bother”

Cold Java

I was feeling so smug and confident having recently thrown in the towel with Java here at the Valca homestead and removing it from all of our Windows systems.  At seeing notice of the latest Java releases I automatically began moving towards my Java download site to snag the updated…when I realized I didn’t need to.

When I set up my father-in-law’s new (to him) laptop with Windows 7 I didn’t install Java. He asked me about Java when I was showing him just how similar Windows 7 would be to him from his old XP system. He said he was wondering how he needed to update Java since it was always complaining on his old XP system. He looked relieved when I told him he probably wouldn’t need it so I didn’t event install it. The Java update notices in the system tray just confused him to no end.

So Saturday, Alvis started complaining about her on-line college class course not working on her laptop.  A “sidebar” was missing used to navigate the course and material.


At first I thought it had something to do with the upgrade to IE 10 I did on her Windows 7 laptop. It’s been Spring Break so she hasn’t worried about classes since the update.

I added the college domain into the IE compatibility mode and that helped (the site now saw the browser engine as IE 7) but didn’t fix the issue.

According to the college, their program was only supported on IE, not Chrome or Firefox or Opera. I tried.

More troubleshooting with their helpfully unhelpful wizard.

Eventually I figured out it was trying to call to Java. Well, that made sense since I removed it at the same time I upgraded to IE 10.

So I did the “correct” thing and installed the latest, most secure version of Java, 1.7.17.  Only it still didn’t’ work as that was an “unsupported” version of Java.

SO I did the next-best “correct” thing and installed the latest, most secure previous version of Java, 1.6.43…and went into the Java control panel applet to disable use of the 1.7.17 version (and showed Alvis how to toggle between them). That works for me at work with a particular Symantec Java console applet that likes 1.6 but not 1.7. Alas, the college’s web portal still saw the 1.7 version and wouldn’t run.

(Side note: The Java 1.6 download versions aren’t easily accessible to install directly from as it is no longer being publically made available.) I had to grab a copy off a trusted third-party software mirroring site. Later I was able to finally find a public link to it on Java after-all: Java Downloads for All Operating Systems Version 6 Update 43). That will probably be the end of the line for 1.6 so you better bookmark this link if your Java app doesn’t like 1.7 builds.

SOOOO I uninstalled Java 1.7.17 completely.  And then the web-app portal was happy and Alvis could finish the course homework she had put off over Spring Break.

And all the hard work and victory I felt about us “plain home users” not needing to fuss with Java evaporated.

So it looks like I will have to continue to regularly scratch that itch on at least one of our home systems for the foreseeable future.

..and the Emperor Flash is found to have no clothes…

For those who care…

Stay safe.

--Claus Valca.


FF Extension Guru said...

For the most part I have been able to get away with not having Java on my desktop, just the laptop. The college district is transitioning to a new online course system. I am attending two different schools in the same district, one uses the new system and one uses the old system. Neither of them require Java, but they don't seem to like Chrome. However, for my Cisco Network Security class (how ironic), to access the course labs which control the equipment virtually, we need to have Java installed and it doesn't seem to like the newer version of Java.

Bret said...

There's no need to go to a 3rd party site for Java, but is not where I go when I have the unfortunate need for it. The latest Java Runtime Environments (JRE) for both version 6 and 7 are available from links on Oracle's Java Standard Edition page:


Claus said...

@ Bret - You are right. I always do prefer to get all my downloads/updates (especially third-party browser plugins) directly from the source rather than download sites. I do "cheat" by RSS feeding a site like FileHippo to keep me abreast of updates as it seems to have the most that I use. There are times that FileHippo can serve downloads faster than from the source. But there are security concerns (is your binary good or tainted) with any "mirrored" source.

For Java downloads I like using this source myself:


--Claus V.