Adobe goes out of band to fix frightful Flash flaw • The Register http://feedly.com/k/1bsyJwR
Note that there are NO further updates for Flash Player on Linux *except* through the built-in Flash player in Chrome. -Adam
On 2014-02-04 Adam Thompson wrote:
Adobe goes out of band to fix frightful Flash flaw • The Register http://feedly.com/k/1bsyJwR
Note that there are NO further updates for Flash Player on Linux *except* through the built-in Flash player in Chrome. -Adam
OK, so what are we supposed to do if we don't like Chrome and Google's omnipresent spying? What if we really like our Firefox plugins?
I have Firefox noscript which also blocks embedded flash until I allow it, so am I mostly protected as long as sites I trust don't get hacked?
Why support one browser and not others? I mean, you're already porting and compiling anyhow, is the decision political? Snubbing FOSS like that does not endear a company to me.
Are we yet at the stage where Flash can be abandoned completely without too much inconvenience? Are we to rpm -e our flash-plugin?
And you keep saying "there are NO further updates" but my current version is from Jan 16 and I see the new update for this flaw is already on the repo. Sure looks like they're still updating it!
If the open source community can come up with a Mono, why not an OpenFlash? Flash is pervasive, yet it is obscure, unused Silverlight that gets a clone? Huh?
And why is it that Adobe can't program worth beans? Their stuff has become the #1 vector for malware. Their record exceeds that of even Mighty Malware Magnet Microsoft!
--- Trevor Cordes wrote:
And why is it that Adobe can't program worth beans? Their stuff has become the #1 vector for malware. Their record exceeds that of even Mighty Malware Magnet Microsoft!
Microsoft actually put a pop-up blocker into IE at one point. The point was to block pop-up ads. So Adobe wrote Flash to bypass that. Flash has been written specifically to bypass all Microsoft efforts at web security and anti-spying. They designed it to have features like video streaming that would attract web users, but the main purpose was to get past any and all ad blockers. We could get into a discussion of third party ad blockers, but Adobe did bypass all Microsoft efforts. I suspect that's one reason Microsoft stopped: advertisers were using Adobe's product instead, and computer users didn't seem to care, so they catered to advertisers instead. Computer users are their core customers, but they calculated they would get more revenue by catering to advertisers.
The malware guys love it because Flash is specifically written to bypass security. It's already a trojen carrying ads, so piggy-backing malware is trivial.
The real question is how can you provide those services that Flash provides, without using Flash. Make Flash as obsolete as IE6. I suppose Microsoft tried to do that with Silverlight, but really? How about using core features of modern browsers, without the need for Flash at all? Who here is willing to take that on?
Rob Dyck
-
Adam Thompson -
Robert Dyck -
Trevor Cordes