First off, Happy St. Patrick’s Day.  Go forth and kill a snake.  Or drink a green beer.  Or … something!

Second off, sorry for the lack of updates lately.  I haven’t been feeling well.  I took my wife to the hospital for tests a while back and, of course, got sick.  (Because hospitals aren’t exactly places of congregation of the healthy.)  I got “well” in that I kicked the disease quickly enough.  But because I had to get some time-critical work done, I hadn’t been taking days off to rest, so it was just a struggle day-in, day-out, with weekends barely just giving me enough time to keep going.  I literally could pull myself together just enough for work.  I didn’t have enough left in me for blogging.  So anywhen, sometime in the future I’ll go through my notes and backdate posts, as I tend to do.  Now that I can take time to recover.

Third, the main point of this blog.  So I’ve been playing S.T.A.L.K.E.R.: Clear Sky lately.  I recently-ish bought it on Steam for dirt cheap.  Even though I hate, detest, abhor Steam, and almost always make sure to buy the disk instead of the music, game, or movie because of rights issues, this one time I caved and “downloaded” the game.  From Steam no less.  I’m a hypocrite of convenience.  I hate myself.  But I’ll get over it.

Anyway, so I’ve been playing S.T.A.L.K.E.R.: Clear Sky and enjoying it.  I think it might actually even rate as one of my favorite video games.  I wish I’d bought it sooner.  It’s a lot better than the first.  Not just in being more of a challenge, or in being able to do simple basic things like repair an item, but it just all plays / feels / works so much better.  I especially like the upgrades and the item maintenance.  (Even if I still don’t understand why you can’t do stupid things like permanently tack weld a scope to a Viper 5.)  Except for, you know, the bugs.  Those darn little things that forced me to restart the game because the main plot device broke and I was eternally stuck.  Nerf!  Oh well.

But so the thing is, just this weekend the darn game kept crashing.  Not even crashing out of the game, but in a weird in-game-ish stuck thing where it was like the underlying engine was still running, but the 3D graphics portion had crashed.  So there was no longer a user interface.  It just became a black screen with a mouse cursor.  That’s it.  Sometimes it’d be in the middle of playing.  Sometimes just in the menu trying to load a game or change 3D settings.  (Trying to debug the crashing.)  And sometimes even while the advertisement logo movies played while starting up the game!  It was absurd!

After much gnashing of teeth, trying offline mode in Steam, even trying to set the CD key in multi-player even though the single-player game doesn’t really use the CD key, I was going crazy.

Until I thought about it.  I’d just seen Windows do an update.  Could that somehow be it?

Yep!

I know, I know, I really should turn off the automatic updates because Microsoft does throw  out some real turds.  And this was one of them.

Update KB2670838 happens to update Windows 7 with some changes to Direct3D, DirectDraw, etc.  Yup.  Damn.  And sure enough, Microsoft “fixed” Direct 3D just enough to make S.T.A.L.K.E.R.: Clear Sky incredibly completely totally bonkers unstable.

Well nerds to that!

So I uninstalled Windows Update KB 2670838 and sure enough, S.T.A.L.K.E.R.: Clear Sky is nice and stable again.  Imagine that.

So if you still play S.T.A.L.K.E.R.: Clear Sky, I hope you find this blog because chances are, right now you’re not playing it because of this bug in Microsoft’s “fix” to whatever problems they thought they had.

Or, honestly, goodness how many other video games are crashing right now because of KB2670838.  Heck, programs in general.  Movie players.  Who knows what else uses those engines?  I don’t know what Microshaft is thinking about releasing that PoS, but that update was most definitely neither thoroughly tested nor kosher. 

So be warned!  If you play video games, pay close attention to how often things crash after you install KB 2670838.  You just may find yourself uninstalling that particular Microsoft update!

If you’ve updated your iPhone to iOS 6.1 and you’ve found your device constantly drained of battery life, or your data plan has maxed out really quickly for no apparent reason, or your network carrier has begged you not to upgrade to iOS 6.1 because it’s brought their network down (yes, that has happened), well, Apple finally has an answer: it’s the Sync of Doom!

Yes, from Apple, the same company that brought you Antennagate, now we have the Sync of Doom! (I love saying that!) What happens when you have an Apple iOS calendar app syncing to a Microsoft Exchange server for calendar information? Well, usually nothing unexpected.

But!

… If you do that and happen to change a single instance of a reoccurring event, an Apple bug will cause the iOS app to infinitely attempt to sync with the Microsoft Exchange Server.

Flooding all servers in between your iPhone and the Exchange Server with useless sync attempts, often dragging those servers to a crawl.

Not to mention causing your iPhone to chew up your 3G or 4G data plan like it was nothing.

Or for that matter eating up the battery of your iPhone by keeping the phone constantly communicating wirelessly and never able to go to sleep internally.

As the Sync of Doom! from Apple’s buggy iOS calendar app continues trying over and over and over to sync to the Exchange server.

Basically, this is really a bug that should have been caught long before release.

But wasn’t.

The Sync of Doom!

Brought to you by Apple.

There is some good news however. If your phone is suffering from the Sync of Doom! you can manually make it stop. Disabling and then re-enabling the connection to the Microsoft Exchange server seems to fix the Sync of Doom! (Which is basically to turn your calendar off, and then back on.)

Of course when the Sync of Doom! bug will actually be fixed is another matter entirely. It hasn’t happened yet, that’s for sure. When Apple will get around to releasing that fix, you’ll just have to wait to find out.

So if you’re an iPhone user and your calendar data comes from a Microsoft Exchange Server, you’re going to want to be extra careful.  Consider this your warning.  There’s a bug, but with diligence you can prevent it from eating up your data plan, eating up your battery life, and bringing networks to a crawl.  It’s not a virus.  It’s just Apple being Apple lately.

This Sunday I’ve got two things grinding my gears that I thought I’d share with world + dog.  The first is the Progressive Snapshot.  You know, Progressive auto insurance?  Their “Snapshot” device is theoretically a potential discount for you by monitoring your driving.  Because I guess when you tell your auto insurance company how much you drive, you’re not really believable?  So they have to GPS monitor you to make sure that you’re honest or something.  I don’t know.

Anyway, so yes, having Big Brother in the cockpit with you, watching your every move, is annoying.  But it can save you money.

But it can also drain your car’s battery and leave you f___ed.

No, really.  Apparently the darn thing doesn’t actually turn off when your car is no longer running.  It keeps slowly draining your battery.  I thought maybe it was just me at first.  I did have a battery that was getting old.  I even replaced it.  But it turns out, the batter may not actually have been bad at all.  Turns out, even though it was old, it may have been the Progressive Snapshot device draining it, making it almost impossible for me to keep a constant charge on it once my battery got low, so that I had to jump-start my Prius every time I needed to use it.  At least, until I replaced my car battery with a shiny new battery that was fully charged.

But as I said, at the time, I thought it was just my car battery.  It was five years old.  It was during winter.  It made sense.

Until my wife’s Honda Civic SI, an over-engineered performance vehicle, with a shiny new battery only a year old to boot, started acting up too.  We replaced her battery as well.  And then her new battery, only a few weeks old, started doing the same thing.  It just wouldn’t seem to hold a charge.  It’d be fine the day that we’d drive it to recharge it, but even the very next day, dead.

And then the “monitoring” period of the Progressive Snapshot insurance ended and we pulled the devices out of our cars and sent them back to Progressive and like magic, suddenly her car batter was fine.  As if nothing had ever been wrong, it held a charge just like it should.  Magic.

Which really made me think.  And the more I mull over the anecdotal evidence, the more I’m convinced that it was that darned little Snapshot GPS-monitor.

So if you’re a Progressive customer, and you signed up for Snapshot, and you inexplicably find your car battery dead and not holding a charge, try unplugging the darned thing for a week.  See if your car battery suddenly holds a charge again.

Another advantage of unplugging the Snapshot device is that it’ll no longer freaking beep at you for merely existing.  I swear to freaking god that thing is incredibly annoying.  It wasn’t a feature the first time that my wife and I signed up.  The first time it was blissfully silent.  But when we moved to a new state, they required us to put the darned things back into our cars.  A new “feature” of Snapshot is that it beeps if you slow down too quickly.  According to it anyway.  I could literally take my foot of off the gas pedal and it would beep.  That’s all.  No brakes whatsoever.  Just take my foot off of  my gas pedal and allegedly, according to it, I was rapidly decelerating.  As if!  Let alone stop lights that turn yellow, keeping a safe following distance in traffic, and every other perfectly sane reason to reduce speed and be safe in completely normal – and again, safe – in every-day driving would make the poorly programmed Progressive Snapshot device go beeping-spastic.  As if that’s not a driving distraction more likely to cause unsafe driving than prevent it!  What, like to drive safely you’re supposed to accelerate at a yellow light to blow through it after it turns red?  Because that’s what it beeps at you for not doing!

So yes, the Progressive Snapshot: a major nuisance in my opinion.  It drains your battery and beeps at you for not speeding like a maniac.  To slow down, ever, and drive safely is to pique the wrath of Progressive’s Snapshot gizmo.  Assuming you can drive at all on a constantly drained battery, thanks, once more, to Progressive’s poorly designed Snapshot gadget.

It’s bad enough having Big Brother monitor your every move, but to drain your battery and beep at you for not driving safely, Progressive Snapshot is just really darned stupid if you ask me.

So the year has only just kicked off, and yet we’re already being scared shirtless by vulnerabilities, holes, and hacks in the wild.  Normally I’d have covered all of these in separate blogs, but because I’m playing catch-up after having eye problems, I get to mash them all up into one super-security warning. Let’s get down to utter chip-chilling tales of terror:

Microsoft

When it comes to security, Microsoft is always down in the dumps. This year starts off no differently. Not only has Microsoft’s Patch Tuesday nuked 12 vulns for us, which is quite a lot for a Patch Tuesday these days, but on top of that it doesn’t include one whopper of a security hole found this Holiday season in older versions of Internet Explorer that allows malware to be installed on a PC just by visiting a malicious (or hijacked) website. Microsoft released a temporary workaround for the vulnerability to IE6, IE7, and IE8, but that workaround has already been … worked around.  Oh the irony.  In the wild I might add.  So take it with a grain of useless rocks. Maybe it’ll be fixed next month, but not this one.

nVidia

While it shouldn’t really be a surprise to anyone that something as common as a graphics driver used by probably at least half of computers out there is a point of attack, it was something of a shocker to hear that you should immediately update to nVidia GeForce display driver version 310.90 right now to close the mother of all security holes allowing network attacks to gain super-user level access to your PC and to elevate privileges to lower-level access. Why would a graphics driver have that kind of a network bug in it? And why would a graphics driver allow you to elevate your access level? Goodness only knows. But if you’re got nVidia graphics under the hood and you don’t update your graphics drivers this second, you’re sitting on a huge security hole.

EDIT: But be prepared for other problems with this driver update!

Adobe

Of course a lot of people choose not to use Adobe’s Acrobat Reader. Plenty have switched to third-party alternatives, such as Foxit. And now, they’re suddenly wishing that they hadn’t. Why? Well, as if Adobe software wasn’t bad enough when it comes to security, it turns out that Foxit has its own buffer overflow bug worse than anything from Adobe. It can’t handle very long query strings after a filename and can be used to overwrite the program’s memory to execute arbitrary code. Yes, that’s right, just opening a file with a maliciously crafted filename will allow Foxit to execute whatever code a malware author wants to. Oops. This is one time when Foxit is definitely not “better than Adobe.”

But fear not. Firefox is coming to the rescue. Usually when the words “Adobe” and “security” are used in the same sentence, it means trouble, but here’s one time when it doesn’t: Firefox is now including PDF reader straight into their web browser using some fancy HTML 5 footwork. No more plug-in is needed to view a PDF file in Firefox, so you can kiss your Adobe plug-in (or even more dangerous Foxit plugin) goodbye and say hello to improved speed and security. Huzzah! I guess.  If you don’t actually use Firefox, well then, sucks to be you.  :p  Just kidding.  I’m sure everyone will be doing it before too long.  Except, perhaps, for Internet Explorer that is.

Java

Well, next up on the list of lowest common denominators in the security world is … Oracle.  Who doesn’t want some Java lovin’. Or perhaps in this case hatin’. A new Java zero-day exploit can compromise PCs, allowing a hacker to, you guessed it, execute arbitrary code, escalate privileges, etc. Basically any hacker can own your PC just by you visiting any malicious (or hijacked) website. At least assuming that you have Java enabled. It affects the latest and greatest Java 7 update 10 and prior versions and is being used widespread in the wild. Hopefully Oracle will fix that up for us some day. In the meantime, time to turn off Java.  How many times have you heard that?  Why does anyone even have it enabled?

Ruby on Rails

And surprisingly, our last security warning of the New Year isn’t for Adobe Flash. Nope. It’s far worse than that. Ruby on Rails has been derailed! With two critical security vulnerabilities, anyone can perform remote code execution against any Ruby on Rails application that has the XML parser enabled. (Which just so happens to be the default setting, and for good reason as it is heavily used.) Which is bad enough. But these holes also allow hackers to run system commands on the server with the same privilege level as the application. So if you were wondering about how a hacker can hijack someone’s website to serve up all of those malicious web pages that can use those security holes in Java, Internet Explorer, etc. to infect anyone’s PC just by visiting the website, there you go.

Fortunately Ruby on Rails has been patched already and if you update to the latest version, you’re safe once more. But the key there is “if”.

Conclusion

So all in all, this 2013 year has sure started out with a bang! Insecurity: 2013 reminds us once again that security is far from a given. Take it seriously and get updating!

Still reeling from that rather egg-faced Maps app blunder, Apple goes ahead with another act of brilliance. From the people who brought you the marketing campaign of, “It Just Works” … we now bring you Apple’s latest iOS campaign, “It Just Works … Except For When It Doesn’t.”

What is it that Apple has somehow failed to properly test before pushing upon the world this time? That would be Apple’s Do Not Disturb, a feature just recently advertised to the world in what has to be one of the worst-timed marketing campaigns ever.

About as akin to a real working feature as “table tennis” is a sport to Serena and Venus Williams, Do Not Disturb is Apple’s latest gimmick to convince you that they know what they’re doing over there in the phone world. The new feature (if one can even call it that*) switches the phone over to a mode in which it rejects calls from most people … depending on how you set it up. One of the settings is that Do Not Disturb can expire at a given time. Unfortunately, Apple apparently forgot to actually test that feature of Do Not Disturb, because much to everyone’s chagrin, it doesn’t expire.  Ever. With no real warning you could find that having tried to use Do Not Disturb has put you into a permanent state of silence. While the “Sound of Silence” might be golden to the ears of Simon and Garfunkel, it’s not a state your phone should be in permanently.

Fortunately for iPhone users, Do Not Disturb can be manually cancelled, saving you from Apple’s bug. Until Apple pushes out an iOS fix for this buggy feature, manually turning the Do Not Disturb off would really would be the only way you can exit Do Not Disturb mode.

And while nowhere near as much of a facepalm as Apple’s ever-so-brilliant decision to boot Google’s Maps app from iOS (Thank goodness Apple did an about-face on that one!) this daffy bug in their just-advertised Do Not Disturb feature is definitely not something that is exactly winning wayward Android customers back to Apple.

It’s also rather a mounting pile of “Hmmmm…” atop the question of, “Can Apple really survive the death of Steve Jobs?” For a company whose reputation is practically built upon their ability to make things foolproof, they’ve been looking quite the fools as of late. One wonders when (or even if) they’ll get their act together once more, let alone when (or, again, if) they’ll actually wow the world. So far, it’s not looking so very good.

-hr-

*= Why do I question whether Do Not Disturb is even a new feature of cell phones? Well, for far longer than Apple has had Do Not Disturb, my good old Nokia C6-01 now running Symbian Nokia Belle has had a similar (but better) feature in that any time I switch to a different ringtone profile (such as “normal”, “vibrate”, “silent”, “airplane”, or any mode I’ve added and/or customized) one of the options there is to put that profile into a timed mode that expires. So it’s just like Apple’s Do Not Disturb feature … except that it’s even more flexible. Oh, and that it actually works. Right. Can’t forget that one.