The Joys Of C Programming
..realizing themselves periodically.
Adobe plans to release a patch for an unpatched cross-platform flaw in Flash on Thursday (10 June), as a partial response to a critical bug that has become the target of hacking attacks over recent days. However, updates for Adobe Reader and Acrobat - which is also affected by the same zero-bug thanks to a vulnerable component …
It seems that Flash and PDF files have become Adobe's version of Microsoft's failed ActiveX tech. Both were full of security flaws.
I wonder at what point common marginally tech people start talking about PDF in the same way. My guess is soon. Very soon.
@Adobe: Here's a hint. Fix the problems, fast. Don't do "quarterly" updates. Do weekly if you have to. Then when it's finally getting stable, give the products a new name and say they are brand new replacements.
There is nothing like announcing that your buggy and insecure code is only going to be patched four times a year to deter attackers from swarming on you. Not that that means much. With all the love they are getting from the black side of the fence, they might as well give up and announce a monthly patch update schedule like everyone else. If they are worried that the black hats and IT security reporters won't hang out with them anymore they can always offer them a complementary foot massage and a bottle of scotch.
They wait until their world is coming down around them before they release a fix.
Then, they focus on their latest version and it progressively get's more and more hard to maintain your older version. (The whole never ending CS upgrade) It feels like a chronic "top poster" living on the edge of spam where the older stuff becomes extremely hard to find through 600 versions of a webhosting offer. They also have 404 errors deep linked to old articles out in the wild on the web. Which is cause they're moving their dynamic site around constantly to (I can only guess so they can stop supporting old version) No wonder specialty troubleshooting sites pop up everywhere, where folks can actually talk about their real Adobe problems.
Not even a logical
Adobe.Com/CS/
Adobe.Com/CS1/
Adobe.Com/CS2/
Adobe.Com/CS3/
Adobe.Com/CS4/
Adobe.Com/CS5/
method is employed.
Half Adobe's problems would be solved if the management of the program files were logical.
When I make an FTP site, I wouldn't make dir 8473487324y6342jdsf8324 and use that for flash version 5.1.34.666 and expect folks to find it each month when .667 comes out.
They talk about version numbers yet average Joe can't find the version of flash they have. How about you frigging make a TOOL adobe? So we can find out what versions we have even, oh and no "We don't want the TOOL to run as a another service" by the way.
Their updater is a plethora of nonsense, leaving files behind, and many times exploitable files
I am never sure if I have to look in my documents and settings ~ user, C:\program files\adobe, c:\program files\common files\, c:\windows\system\Macromed\ or in our http/https browser(s) wild oak tree of sub dir's. Can't artists deal with the painting the TREE instead of the ROOTS?
C:\WINDOWS\system32\Macromed
──────────────────────────────────
+│ │ ├──IME
+│ │ ├──inetsrv
+│ │ ├──LogFiles
│ │ ├──Macromed
+│ │ │ ├──Director
+│ │ │ ├──Flash
+│ │ │ └──Shockwave 10
And when we get there, the files are locked by our shell's environments.
It's like your not even paying attention to your own program's files and what they really do in the real world.
Their updater is now PLURAL (updater's) and yet it still fails: for example the "linear patching of acrobat" vs a "non linear patching method" ..
(This example is simply making numbers up. Say you want to go from v 8.1 to v8.9 you would need to download and patch 8.2, 8.3, .4, .5, .6, .7, .8 before you finally land with v8.9 - Again average Joe, applies 8.2 and see's "patch successfully applied" and thinks great, I'm finished. When really Joe is wide open still behind by at least 3 patches/updates. Or worse applies some higher number and thinks it's done.
When will the CEO get these security guys at Adobe together, and give them a whack on the side of the head and get them to fix this nonsense.
It really wouldn't be a problem if we didn't have the web, we could just edit videos and photos offline backstage in the shade at a concert all day. But some of us do work in both arts and media and do have to communicate to the web real time.
Until then folks who have to use Adobe to get work done and have tcpip working are going to be in constant peril.
So, here's some more for you, Adobe... FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL FAIL
Oh, BTW I can't wait until the day Adobe is bought out by Microsoft, Google, Apple or Autodesk, or a merger of all 4. With the average Flash user's luck, they'll get bought out by Oracle. FAIL.