Archive for January, 2010

Today we released a Cumulative Security Update for Internet Explorer.  We’ve released this Cumulative Security Update earlier than originally scheduled based on malicious activities reported on the web. The update is available via Windows Update and Microsoft Update. Most users configure their machines to update automatically; you can find more information on that here.

This update actually includes 236 separate packages for all the different languages and versions of Windows and IE that customers run and Microsoft supports worldwide. We release these packages simultaneously for all supported products and languages as part of this update. The complete matrix of browsers, operating systems, and languages is available in the security bulletin. At a high level, these packages cover:

• Seven operating system versions: Windows 2000, Windows XP, Windows Server 2003, 2008, and 2008 R2, Windows Vista and Windows 7. Customers run 32-bit, 64-bit, as well as Itanium versions of some of these operating systems, as well as a variety of different service packs.
• Four different versions of IE: 5.01, 6, 7, and 8.
• All supported languages. Older versions of Windows require separate language-specific packages, typically between 18 and 25. Windows Vista and later operating systems have a single language-neutral binary to update IE.

We test each security fix thoroughly with different variants of the security issue. We also test the entire package extensively for compatibility and reliability, as well as any setup, deployment, and manageability issues. Also, security updates are cumulative and contain all previously released updates for each version of Internet Explorer, to make securing any system (one updated a month ago or never updated at all) easy.

This update addresses several vulnerabilities including the one described here. Other blog posts describe specifics. Some of these vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.  Note that IE8 users on Windows 7 have extensive defense in depth protections with DEP, ASLR, and protected mode that make remote code execution from a malicious site extremely difficult.  Microsoft therefore strongly recommends customers upgrade to IE8 to benefit from these extensive defense in depth protections.

For detailed information on the contents of this update, please see the following documentation:

• Microsoft Security Bulletin MS10-002
• Microsoft Knowledge Base Article 978207

We encourage everyone to set their operating system to automatically update with the latest security updates for all their software.  You can find more information here.

 

Dean Hachamovitch

IE General Manager

 Wednesday’s 6.1 magnitude aftershock in Haiti is a jolting reminder of a tragedy whose scale we struggle to comprehend. The world has responded with resources and compassion, but a disaster of this size will be with us for years and years. 

The Internet can help us zero in on the specifics of a challenge and empower us to help in more direct and potentially more effective ways than ever before. My Yahoo! can simplify and expand the information at your disposal.

 

•  The Haiti Sun – Produced by the Haitian community abroad and at home, provides a unique perspective on the tragedy.
• The New York Times – Some of the most moving international coverage has come from the New York Times, providing an extraordinary mix of personal stories, breaking news and analysis.
• The Red Cross – Just one organization providing relief to Haiti but it is a great way to keep track of the progress being made to help the millions of earthquake victims.
• United Geological Survey’s shaker maps and alerts - If you want an up-to-the-minute alert about temblors and where they occur.

 A sign of hope coming out of Haiti’s calamity is the way technology has hastened the exchange of information and stirred people to action. May these resources help you feel connected to the plight of Haiti’s people and their path to recovery.

Apps showcased in this post:

• Add The Haiti Sun
• Add The New York Times
• Add The Red Cross
• Add United Geological Survey’s shaker maps and alerts

 Jay
- My Yahoo! Editorial

Users are experiencing problems playing videos in Blogger blogs. We are investigating and will send an update when fixed.

News and notes follow from the past week in the YUI community. As always, please let us know via the comments or @yuilibrary if we missed something good.

• YUI DataTable, TabView and More on SpokenWord.org (thanks, @dougkaye): Doug Kaye wrote in to tell us about YUI use at SpokenWord.org, his fantastic audio content portal.  They’ve done a nice job bringing TabView and DataTable together in their feed browser — check out the IT Conversations feed for a sample. (Original source.)
  
• YUI 2.7.0 on the Palm WebOS App Directory: Although I imagine this site is going to evolve a lot over the next year or so, the directory of WebOS applications on the Palm website is currently running YUI 2.7.0 (including Core, Animation, Selector, Connection Manager, and JSON).
  
• YUI 2.7.0 on Reuters.com: The Reuters news service has long used YUI 2 on its news portal site.  These days, they’re running an array of YUI 2.7.0 utilities, including YUI Core, Connection, Animation, and Cookie.
  
• “YUI 3, Présentation Générale,” En Français: Philippe Le Van has created some introductory material in French for YUI 3; merci, Philippe! After you click through, use the links in the right nav to browse his YUI 3 content. (Original source.)
  
• Dan Wellman’s YUI Compressor Automator Desktop Application for Windows: Dan Wellman, author of Learning the Yahoo User Interface Library, has issued a wrapper application for the YUI Compressor.  Writes Dan: “My application wraps the YUI Compressor in a visual GUI, shielding you from the command-line scaryness that would otherwise ensue (ok, CLI’s are nice and friendly once you’ve used them a few times, but a lot of non-developers shy away from them). To minify files you just select them in Windows Explorer and drag them into the application window. The application then spits the files out into a folder on your desktop.”
  
• Iain Lamb’s Scale, Rhythm, and Typography Exploration Using YUI 2: Writes the always-thoughtful Iain Lamb: “This page is both an essay and a tool. It sets out to explore how two, intertwined concepts, often playful but sometimes cheeky, can be encouraged to dance in web pages. Drag the colored boxes along the scale to throw these words anew. For the most part, this text is just a libretto for the performance you are about to play upon it.”  Intrigued?  Check it out here. (Original source.)
  
• Matt Snider on “transition Animations” (using YUI 3): YUI contributor (and Mint.com frontend engineer) Matt Snider writes about his “transition animation” technique in the latest installment of his blog.
• Logging In With YUI and CakePHP AuthComponent: Les Green has a new YUI/CakePHP authentication tutorial up on his GrasshopperPebbles blog. (Original source.)
• Generic YUI 2 Login Widget: Les Green from GrasshopperPebbles, who has a variety of YUI 2-based modules, released a generic login widget that leverages the YUI Container class.
• Multiple Combo-boxes with YUI and CakePHP: Les Green is on fire this month with YUI-related blog posts.  This one looks at doing multiple combo-boxes using YUI on the frontend and CakePHP on the backend.  Writes Les: “I’m working on a project where I use YUI and CakePHP to fill multiple combo boxes on a page using Json data. At first, I wrote separate code with the same functionality for each combo box. Every time I needed to change the functionality, I had to change it for each combo box. After doing this multiple times, I decided to combine the functionality on both the front-end (YUI) and the back-end (CakePHP).”  Check out his full post for all the details and code samples.
  

2009 + 1 = a whole new year. We’re starting it off running working on a new set of features to enhance My Yahoo!.  I’ll start off by letting you know that we have a series of fan apps for all your favorite NFL football teams. With the playoffs here, you may want to add a few of these to your page:

• Arizona Cardinals
• Baltimore Ravens
• Dallas Cowboys
• Indianapolis Colts
• Minnesota Vikings
• New Orleans Saints
• New York Jets
• San Diego Chargers

In addition, we upgraded our Horoscope feed so that should be working for you again. We also fixed the bug where sometimes the Fantasy Sports app’s layout didn’t display correctly.

Apps showcased in this post:

• Add Horoscopes
• Add Fantasy Sports
• Add Arizona Cardinals Fans
• Add Baltimore Ravens Fans
• Add Dallas Cowboys Fans
• Add Indianapolis Colts Fans
• Add Minnesota Vikings Fans
• Add New Orleans Saints Fans
• Add New York Jets Fans
• Add San Diego Chargers Fans

Michael
- My Yahoo! Team Lead

A new version of the Crawler Toolbar has recently been released and comes with many improvements to the user experience similar to the changes we described in a previous post about the AVG Security Toolbar. It’s another great example of the Guidelines for add-on developers in action. Here are some high-level examples of the changes they’ve made:

• The close button is visible so that users can manage it like other toolbars. Additionally, the toolbar is positioned in a supported location which improves stability and performance.
• It no longer modifies the new tab page to maintain a predictable new tab experience for users.

Many thanks to the Crawler Toolbar team for the work they’ve done to provide a more predictable and reliable experience, keeping users in control of the browser.

-Paul Cutsinger and Herman Ng

Before: Previous version of Crawler Toolbar

After: Newest version (5.1.0.177) of the Crawler Toolbar provides a more predictable experience and lets users stay in control of their browser

Like many of you, we watched in horror as news emerged from Haiti about yesterday's disastrous earthquake. For those of you who publish your blog with Blogger, we built a couple of widgets that make it easy to invite your readers to contribute money to the Red Cross's international disaster relief effort. Pick a size that best fits your sidebar:

After clicking the appropriate button, select which of your blogs you want to add the widget to, then click "Add widget". The Red Cross assures us that 100% of the money raised is going to disaster relief efforts in Haiti — we and they thank you for your support!

Not on Blogger? Be sure to visit the Red Cross's Haiti banners page with banners that you can add manually, or visit Google's page containing information about relief organizations, news and contact info relating to the earthquake.

As you may have heard from our announcement this morning, registration for Google I/O is now open. In addition to publishing access to registration, we've also included event details on the I/O website.

We already have quite a few Google Web Toolkit I/O sessions and Developer Sandbox demos lined up, and we expect this number to grow over the coming months. Here's a partial list of the GWT sessions that are already listed on the I/O website:

• GWT + HTML5 can do what?!
• Architecting GWT applications for production at Google
• Measure in milliseconds redux: Meet Speed Tracer
• Faster apps faster: Optimizing apps with the GWT Compiler

Over the next couple of months, we'll be adding new GWT sessions and more GWT Developer Sandbox participants to the I/O website. For updates on when new content is added, follow @googleio on Twitter.

Registration for Google I/O (at the early bird rate of $400) is open as of today. We hope you'll be as excited about this year's I/O as we are, and we look forward to seeing everyone in May.

Google I/O
May 19-20, 2010
Moscone West, San Francisco
http://code.google.com/io