Mostly about my amusement

Month: September 2009 (page 2 of 2)

F.E.A.R.2: Reborn (DLC)

fear-2-rebornI wanted to get a new FPS so I installed F.E.A.R.2 via Steam and bought F.E.A.R.2: Reborn (DLC) (also via Steam).

So far it’s plain fun mayhem.  This expansion is supposed to be short (plays in less than 2 hours) but maybe I’ll re-play F.E.A.R.2 once I’m done.

Thank you Adobe, but no thanks

Update: Look before you click.  The McAfee component is optional and you are given the chance to not install it on the Abobe web page.

-Original posting below.-

So I downloaded the updated Firefox 3.5.3 and when it came up it said “Hey, your Flash player is outdated. Click here to get an upgrade”. You can read about this feature here.

I keep my software up to date so this was news to me. But what the heck, Mozilla’s rep is good and Adobe Flash and Acrobat are popular attack vectors. Why not upgrade? So I ran Adobe’s download manager extension in Firefox which promptly installed the updated Flash and McAfee System scanner.

I was not asked if I wanted the McAfee software, it installed it without my permission.

I have no problem with being provided the option, but seriously, installing third party software without getting explicit approval from the end user is just plain stupid.

Keeping up your software is a responsible thing to do especially if you want to keep the use of your PC to yourself. Why rent out your PC to a zombie army? But installing software without your permission is a tactic of the “bad guys”.

I don’t care if it’s an anti-virus company or not, don’t put software on my PC without my permission. I promptly went to my control panel and removed the McAfee software.  I already have an up to date anti-virus product on my PC and don’t need unwanted code.

WordPress: Upgrade or DIE!!

That’s a catchy title. Keeping up with the versions of any software that you have installed is almost always a good thing. If you have any WordPress version pre-<insert-latest-version-here> then you should upgrade.

To me, open source software is best if only for one reason: vulnerabilities get discussed openly and often fixed very quickly. Open discussion is not a bad thing; people who exploit software on the Internet have their own forums too.

There is currently some hacks going on involved with older versions of WordPress. I am sure the details will come out but for now the remediation is upgrade to the latest version.

That’s not unreasonable. WordPress is not a paid software company (spare me the comments about Automattic, that’s a service company and the service they provide is the blog hosting) and there are no SLA or support contracts on a specific version of WordPress. Why should developers maintain multiple version trees of the software? That was tried with the 2.0.x release for Debian reasons but that didn’t work out.

Using software on the Internet is a game of keeping up with the Joneses and being responsible.  Your hacked server is not just hurting you, it’s making the whole neighborhood look bad and ruining it for everyone else.

So Upgrade or Die. Keep your software current.

Update: This is a fun read on the WordPress support forums. Most of the hacked/security threads turn into real name calling entertainment which in turn targets people who are trying to help them. Here’s how it works: someone gives solid practical advice, and someone else complains that their feelings were hurt. Name calling ensues.

Sad to say, but some people believe that free open source software means that the community must keep them safe from their own laziness ignorance stupidity inability to manage their own installations.

Sometimes a site gets hacked regardless of best effort. It happens and you deal with it. But these end users who don’t do what they need to? They continue to hang out in Darwin’s waiting room.