First off, Happy St. Patrick’s Day.  Go forth and kill a snake.  Or drink a green beer.  Or … something!

Second off, sorry for the lack of updates lately.  I haven’t been feeling well.  I took my wife to the hospital for tests a while back and, of course, got sick.  (Because hospitals aren’t exactly places of congregation of the healthy.)  I got “well” in that I kicked the disease quickly enough.  But because I had to get some time-critical work done, I hadn’t been taking days off to rest, so it was just a struggle day-in, day-out, with weekends barely just giving me enough time to keep going.  I literally could pull myself together just enough for work.  I didn’t have enough left in me for blogging.  So anywhen, sometime in the future I’ll go through my notes and backdate posts, as I tend to do.  Now that I can take time to recover.

Third, the main point of this blog.  So I’ve been playing S.T.A.L.K.E.R.: Clear Sky lately.  I recently-ish bought it on Steam for dirt cheap.  Even though I hate, detest, abhor Steam, and almost always make sure to buy the disk instead of the music, game, or movie because of rights issues, this one time I caved and “downloaded” the game.  From Steam no less.  I’m a hypocrite of convenience.  I hate myself.  But I’ll get over it.

Anyway, so I’ve been playing S.T.A.L.K.E.R.: Clear Sky and enjoying it.  I think it might actually even rate as one of my favorite video games.  I wish I’d bought it sooner.  It’s a lot better than the first.  Not just in being more of a challenge, or in being able to do simple basic things like repair an item, but it just all plays / feels / works so much better.  I especially like the upgrades and the item maintenance.  (Even if I still don’t understand why you can’t do stupid things like permanently tack weld a scope to a Viper 5.)  Except for, you know, the bugs.  Those darn little things that forced me to restart the game because the main plot device broke and I was eternally stuck.  Nerf!  Oh well.

But so the thing is, just this weekend the darn game kept crashing.  Not even crashing out of the game, but in a weird in-game-ish stuck thing where it was like the underlying engine was still running, but the 3D graphics portion had crashed.  So there was no longer a user interface.  It just became a black screen with a mouse cursor.  That’s it.  Sometimes it’d be in the middle of playing.  Sometimes just in the menu trying to load a game or change 3D settings.  (Trying to debug the crashing.)  And sometimes even while the advertisement logo movies played while starting up the game!  It was absurd!

After much gnashing of teeth, trying offline mode in Steam, even trying to set the CD key in multi-player even though the single-player game doesn’t really use the CD key, I was going crazy.

Until I thought about it.  I’d just seen Windows do an update.  Could that somehow be it?

Yep!

I know, I know, I really should turn off the automatic updates because Microsoft does throw  out some real turds.  And this was one of them.

Update KB2670838 happens to update Windows 7 with some changes to Direct3D, DirectDraw, etc.  Yup.  Damn.  And sure enough, Microsoft “fixed” Direct 3D just enough to make S.T.A.L.K.E.R.: Clear Sky incredibly completely totally bonkers unstable.

Well nerds to that!

So I uninstalled Windows Update KB 2670838 and sure enough, S.T.A.L.K.E.R.: Clear Sky is nice and stable again.  Imagine that.

So if you still play S.T.A.L.K.E.R.: Clear Sky, I hope you find this blog because chances are, right now you’re not playing it because of this bug in Microsoft’s “fix” to whatever problems they thought they had.

Or, honestly, goodness how many other video games are crashing right now because of KB2670838.  Heck, programs in general.  Movie players.  Who knows what else uses those engines?  I don’t know what Microshaft is thinking about releasing that PoS, but that update was most definitely neither thoroughly tested nor kosher. 

So be warned!  If you play video games, pay close attention to how often things crash after you install KB 2670838.  You just may find yourself uninstalling that particular Microsoft update!

While in the United States people are lobbying, once again, to stop video games by claiming that violent games make people go crazy (as if the opposite weren’t true, that crazy people just happen to enjoy violent video games) over in China the Communists are contemplating making video games legal again.  It’ll probably never happen.  They even admit as much, since it’d require everyone to agree and how often does that ever happen?  But at least they’re mulling over the idea that maybe video games don’t need to be banned.

That’s right, banned for sale in 2000, China has been keeping video games out of everyone’s hands for fear that the children won’t get out and play as much. (And such.) So except for overlooking those (rampant) illegal imports, and use of video game like devices for educational use and research, and, err … calling a console something other than a video-game console like the Eedoo “sports and entertainment machine” … except for all of that, China has been video game free.

In theory.

But now that Sony has set up R&D in China, and Microsoft’s Kinect has potential for non-gaming applications, and basically everyone has started slipping China some cash under the table … allegedly … suddenly China is considering re-ruling on that video-game ban. Funny that.

Still, like they say, it’ll likely not be overturned.  Just like the sale of violent video games in the US won’t be banned.  Such is life and the world we live in.

Looks like all is not well for Atari Interactive Inc, as they just entered Chapter 11 bankruptcy protection, showing signs of a severe struggle to stay aloft and relevant in today’s world. In today’s spiraling economy, Atari certainly wasn’t the first icon lost, nor will they likely be the last.

Though, technically speaking, it isn’t game over just yet. In theory they may still find a way to pull out of their slump and return to video game success.

And maybe Pong will make a comeback.

And dance with Hostess Twinkies in my dreams.

There goes my childhood.

(Though, in theory, it could happen.  Every new programming language I learn, my first program is “Hello world” and my second is some kind of Pong tribute.)

Following a rash of violent shootings that started about a month ago the executive vice-president of the NRA, Wayne LaPierre, was quoted as saying, “Guns don’t kill people. Video games, the media and Obama’s budget kill people.” It comes as highly ironic then that the NRA just released its latest iOS app, NRA: Practice Range … a first-person shooter video game!

Admittedly, in NRA: Practice Range you don’t kill people, you just kill targets. Some of them may be little round things, and some skeet shooting, but some of them are human-representative cut-outs. Still, more than likely the most damning feature of NRA: Practice Range (besides it’s ill-timed release) is that while the app is free, you have to pay extra to unlock weapons like the AK-47 assault rifle, or the MK11 sniper rifle.

(Just why would you want an AK-47 for skeet shooting? Because you can! Blam blam!)

So in all fairness, as far as video games with guns go, NRA: Practice Range is about as far from violent as you can get. If the iTunes comments are to be taken into account, it’s also about as far from real as you can get. And the app does pester you with safety tips and other allegedly relevant infotainment “facts” … handpicked by the NRA to their own benefit of course.

But why after so publicly denouncing violent video games the NRA would choose to release an app to iTunes that isn’t an informational tool like their other apps, but is in fact a vaguely violent gun-toting shooter of a video game itself, is up to anyone and everyone to ponder.

Now, again, normally I try to steer far far away from politics. And far be it from me to suggest that we take away anyone’s Second Schamendment Right To Keep And Arm Bears, but it seems to me that if it comes down to personal protection, the most anyone should ever sanely need to defend themselves is a revolver. And if you’re a hunter, the most that you should ever sanely need to hunt any game would be a bolt-action rifle or a breech-fed shotgun. (After all, if you miss with your first shot, or even wound without killing, your target is going to be running very fast in the opposite direction in short order, so your chance for a clean kill – or likely any kill at all – is long gone.) So it stands to reason that with the exception of military, police, and security, there’s no reason for the common civilian to need any weapon using a clip or magazine. They might be fun to have, but they’re certainly unnecessary to anyone’s wellbeing.

So it is of this moron’s personal opinion that, all things considered, laws limiting sales for typical civilians to non-clippies-only really wouldn’t hurt anyone, and might actually save one or two lives by causing nuts on a rampage to partake of more reload time, thereby giving standers by an opportunity to jump in … if anyone has the balls … and preferably some kind of weapon.

Of course the law being the useless beast that it is means that all prior sales would of course remain legal, and likely all prior guns would end up being grandfathered in as the law would be turned to the manufacture of instead of the sale of as we have with fully automatic weapons. (How many people even realize that you can legally purchase a fully automatic weapon, if you know what you’re doing and don’t mind one with a little age on it?) And that, of course, all sorts of other watering-down of the intent would occur rendering it nearly useless by the time everyone was done with it. Not to mention that illegal sales would still occur all the time as they already do because if there’s one thing we know, it’s that law doesn’t prevent, it just gives us a way to prosecute after the fact, if parties are caught, and enough evidence obtained, and the jury can make sense of it.  Etc.

So while I’ll personally support reasonable limitations, I’ll cynically deny that they’ll ever actually be useful. But at least they’re not likely to be harmful, unless you’re planning on repelling a Chinese invasion or overthrowing your local government for failing to represent you. But seeing as how this is ‘Merica! … I doubt we’ll see sanity in weapon regulations anytime soon no matter what the tragedy that inspires people to care for all of five minutes.

In fact, being a resident of Wisconsin, I’m quite sure of it. Because while it may be legal for me to conceal a full-auto Uzi under my jacket, tucked into my belt (on the off chance that someone tries to mug me and I need to mow down a whole neighborhood in the pretense of self-defense), it’s still completely illegal for me to carry a non-lethal Taser past the limitation of my doorstep. Regardless of if the Taser is the kind that shoots darts on wires or just zaps in your hand. (Or even if it’s a self-contained shotgun dart round in a shotgun which would be otherwise legal to carry were it not for the zappy shells loaded.) Even if worn openly instead of concealed. Heck, even if it has no battery inserted, cannot possibly harm a fly, and is just there to scare off predators. In Wisconsin non-lethal is just not-okay. Thanks to the way that law works. Or rather, doesn’t. Because if you leave them alive, they’ll sue. So in Wisconsin at least it’s shoot to kill or don’t defend yourself at all.

And don’t even get me started on the inconsistencies between non-shooting weapons and firearms. Of controllable self-defense weapons vs. bullets that don’t just magically stop if you miss. Etc.

But all that inanity aside, if the NRA believes that guns don’t kill people; video games do, then why oh why did they release their own (kind of) violent video game? What kind of message is the NRA trying to send here? It makes about as much sense as PETA releasing a gore-fest video game to massacre turkeys for Thanksgiving…

Oh … right.

Never mind then.

Carry on.

Nothing to make sense of here.

Still, don’t download NRA: Practice Range. Not because it’s hypocritical. It is, but who cares? Don’t download it because according to the reviews, it’s crap. And they make you pay for all of the really good guns anyway. How lame is that?

So the year has only just kicked off, and yet we’re already being scared shirtless by vulnerabilities, holes, and hacks in the wild.  Normally I’d have covered all of these in separate blogs, but because I’m playing catch-up after having eye problems, I get to mash them all up into one super-security warning. Let’s get down to utter chip-chilling tales of terror:

Microsoft

When it comes to security, Microsoft is always down in the dumps. This year starts off no differently. Not only has Microsoft’s Patch Tuesday nuked 12 vulns for us, which is quite a lot for a Patch Tuesday these days, but on top of that it doesn’t include one whopper of a security hole found this Holiday season in older versions of Internet Explorer that allows malware to be installed on a PC just by visiting a malicious (or hijacked) website. Microsoft released a temporary workaround for the vulnerability to IE6, IE7, and IE8, but that workaround has already been … worked around.  Oh the irony.  In the wild I might add.  So take it with a grain of useless rocks. Maybe it’ll be fixed next month, but not this one.

nVidia

While it shouldn’t really be a surprise to anyone that something as common as a graphics driver used by probably at least half of computers out there is a point of attack, it was something of a shocker to hear that you should immediately update to nVidia GeForce display driver version 310.90 right now to close the mother of all security holes allowing network attacks to gain super-user level access to your PC and to elevate privileges to lower-level access. Why would a graphics driver have that kind of a network bug in it? And why would a graphics driver allow you to elevate your access level? Goodness only knows. But if you’re got nVidia graphics under the hood and you don’t update your graphics drivers this second, you’re sitting on a huge security hole.

EDIT: But be prepared for other problems with this driver update!

Adobe

Of course a lot of people choose not to use Adobe’s Acrobat Reader. Plenty have switched to third-party alternatives, such as Foxit. And now, they’re suddenly wishing that they hadn’t. Why? Well, as if Adobe software wasn’t bad enough when it comes to security, it turns out that Foxit has its own buffer overflow bug worse than anything from Adobe. It can’t handle very long query strings after a filename and can be used to overwrite the program’s memory to execute arbitrary code. Yes, that’s right, just opening a file with a maliciously crafted filename will allow Foxit to execute whatever code a malware author wants to. Oops. This is one time when Foxit is definitely not “better than Adobe.”

But fear not. Firefox is coming to the rescue. Usually when the words “Adobe” and “security” are used in the same sentence, it means trouble, but here’s one time when it doesn’t: Firefox is now including PDF reader straight into their web browser using some fancy HTML 5 footwork. No more plug-in is needed to view a PDF file in Firefox, so you can kiss your Adobe plug-in (or even more dangerous Foxit plugin) goodbye and say hello to improved speed and security. Huzzah! I guess.  If you don’t actually use Firefox, well then, sucks to be you.  :p  Just kidding.  I’m sure everyone will be doing it before too long.  Except, perhaps, for Internet Explorer that is.

Java

Well, next up on the list of lowest common denominators in the security world is … Oracle.  Who doesn’t want some Java lovin’. Or perhaps in this case hatin’. A new Java zero-day exploit can compromise PCs, allowing a hacker to, you guessed it, execute arbitrary code, escalate privileges, etc. Basically any hacker can own your PC just by you visiting any malicious (or hijacked) website. At least assuming that you have Java enabled. It affects the latest and greatest Java 7 update 10 and prior versions and is being used widespread in the wild. Hopefully Oracle will fix that up for us some day. In the meantime, time to turn off Java.  How many times have you heard that?  Why does anyone even have it enabled?

Ruby on Rails

And surprisingly, our last security warning of the New Year isn’t for Adobe Flash. Nope. It’s far worse than that. Ruby on Rails has been derailed! With two critical security vulnerabilities, anyone can perform remote code execution against any Ruby on Rails application that has the XML parser enabled. (Which just so happens to be the default setting, and for good reason as it is heavily used.) Which is bad enough. But these holes also allow hackers to run system commands on the server with the same privilege level as the application. So if you were wondering about how a hacker can hijack someone’s website to serve up all of those malicious web pages that can use those security holes in Java, Internet Explorer, etc. to infect anyone’s PC just by visiting the website, there you go.

Fortunately Ruby on Rails has been patched already and if you update to the latest version, you’re safe once more. But the key there is “if”.

Conclusion

So all in all, this 2013 year has sure started out with a bang! Insecurity: 2013 reminds us once again that security is far from a given. Take it seriously and get updating!