Feeds:
Posts
Comments

Strange how things go: the “critical security issue” Adobe reported on March 22, 2021 seems to be less critical than originally thought – the severity of the issue has been lowered to “moderate” (whatever that means).

Click the image to see the original tweet

The offending line…? (Source: Dave’s Twitter feed)

The issue, of course, is that we have no way to verify what is going on: Adobe remains mum on the exact nature of the issue, refuses to engage with the ColdFusion community on the subject (cf. the CFML workspace on Slack), and as developers we can only ask the question: is this the support we’re supposed to pay for?

John Udell made it to my RSS reader a long time ago. His writing, often on subjects that I’m interested in, is thoughtful and deep. In this age of disinformation he calls for an approach I find evident, but that needs repeating: in real life there is more than just black and white, there is lots of grey.

Teaching students to value sources that acknowledge uncertainty, and discount ones that don’t, ought to be part of any strategy to improve news literacy.

The “Acknowledgment of uncertainty” is a nice term to describe the need for reasoned thinking and talking about complex subjects like vaccination or politics. The SIFT method mentioned in the text might help with that, so why not give a go?

Sifting for Gold – Image by Won-Tolla (CC BY-NC-ND 2.0)

Samsung seems to be serious about its commitment to keep the Galaxy Note 10+ (and several other devices) up to date: on April 7 the latest Android security patch level (1 April 2021 to be precise) was already available for installation on my phone. Keep it up, Samsung!

More than just a security patch, says Samsung

How a few people can have a big impact in social media: “The Disinformation Dozen. Why platforms must act on twelve leading online anti-vaxxers“.

Just twelve anti-vaxxers are responsible for almost two-thirds of anti-vaccine content circulating on social media platforms.

Click on the image to see the report

Adobe has reported a “critical” security issue with the latest versions of ColdFusion, although the page titled “Security updates available for Adobe ColdFusion | APSB21-16” currently does not give many details.

At work we’re still running ColdFusion 11, and that version is not mentioned in the report (probably because it is already out of support). Nevertheless I would to know whether CF11 is also concerned by this issue – if only to tell our IT security office that we have no problem with vulnerability CVE-2021-21087 in our configuration ;-)

The only information I have found so far is unofficial: if I understand things correctly, Dave Walker is telling us that the error is an unchecked input in the CFAJAX package:

Click the image to see the original tweet

The offending line…? (Source: Dave’s Twitter feed)

I would love to see confirmation of that, and I wonder: do earlier versions of ColdFusion already contain the same error?

99% of the average solar energy production for the previous 11 months of March – that’s average enough for me ;-)

Not that temperatures are very average these days. Belgium has been hitting record temperatures for this time of the year: on March 30, the KMI (Royal Meteorological Institute) registered a maximum temperature of 23.9 ° Celcius, and that is the highest temperature measured there since the start of the measurments in 1892.

All in all, a great time for hiking all day!

In Has Microsoft 365 Been Clinically Tested? James Robertson poses a few hard questions, and rightly so. I do not want to enter into the debate about the nature of AI (is it intelligent, or just algorithms?); regardless of the answer to that question what interests us here is the relevance, accuracy, usefulness, reliability and sustainability of the solutions offered – and of course, not just Microsoft but any provider of AI-based solutions should be able to provide us with clear answers to those questions.

One of the core problems with AI is bias, and in the words of Julia Powles and Helen Nissenbaum (in “The Seductive Diversion of ‘Solving’ Bias in Artificial Intelligence“) all AI “bias is social bias”. Even if we ignore the (much larger) problems AI bias can cause in society at large, there is the issue of how well an IA solution will work for company X if it was built/trained by a company on another continent, in a different culture, and even with a different company culture.

Will be be able to “Build our own AI”? What mechanisms and tools will we have to investigate the workings of an off-the-shelf AI? Should we avoid AI altogether (there is excellent SF literature that makes this point – try Frank Herbert’s “Dune”)? Or do we have to teach all AI the equivalent of Asimov’s three Laws of Robotics?

Thanks for the image, XKCD

Personally, I would not mention “the next level”, because expensive and complex devices like smartphones should not be thrown out every two years or so. But that’s how Samsung describes its new policy: “Samsung Takes Galaxy Security to the Next Level by Extending Updates“.

Having 4 years of regular official updates for a substantial number of devices is a good thing (and we can always hope for more in the future). In the words of Ron Amadeo on Ars Technica: “Android’s update situation is slowly getting better, one baby step at a time“.

Someone at Samsung must be in a good mood: just three weeks after the February 1 security update there is already a new software update for the Galaxy Note 10+. This time it’s more than a security update to the March 1 level: the announcement for build N975FXXU6FUBD mentions functional updates to the Agenda, the camera app, reminders, and more. Keep up the good work, Samsung!

The nice weather of the last two weeks is drawing out motorcyclists by droves. No wonder then that the number of secondhand motorcycles also increases. While browsing the offers, I noticed a surprising numbers of BMW R1100S’s for sale – quite a change from the last few years, when they seemed to be pretty rare. And a few of those offered nice pictures of the machine. So if those pictures tempt you, head over to the Belgian classifieds site https://2dehands.be and hope the bike is still for sale!

I’m not a fan of the blue, but: nice setting!

 

Classic yellow.

 

Nice action shot – well done!

 

February 2021 started with grey and dark days, but in the end our solar panels were quite happy: production numbers for the past 28 days are 121% of the February average for our installation. That makes up for what happened in January ;-)

Not only was February rather sunny, we have also had unusually warm days. That was a surprising experience: one week it was cold enough to freeze pools, and a few days later it was more than 20 degrees Celsius warmer. Mother Earth always has a few new tricks up her sleeve…

TED-Ed has a nice intro to the “Dune” saga, written by Frank Herbert decades ago:

Click on the image to see “Why you should read Dune” on YouTube

Being just an intro, there is no room to illustrate the richness of the book, in terms of literary qualities as well as in details about the universe constructed by Herbert. I have (read) a large collection of science fiction books, and “Dune” is still one of my favourite books (series, actually). Highly recommended, even for people who are not (yet) into SF. Just remember that you’ll need more than a weekend to work through each of the original books ;-)

(I’m using the Build number now to identify the version)

A One-Trick Pony

A browser that can only access a single site: I call that an app ;-)

Link to the source

Source: Still reliant on Flash, South Africa’s tax agency creates its own Flash-compatible browser (BoingBoing)

Just a quick follow-up: on February 3, the January 2021 Android security patch was pushed to the Samsung Galaxy Note 10+. Nothing spectacular to report: it seems that patch really was the only change in the 124MB download.

That’s what the About Software screen now looks like