Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Adobe Changes Its Tune On Forcing Paid Upgrade To Fix Security Flaws

Soulskill posted more than 2 years ago | from the give-the-people-what-they-scream-about dept.

Security 90

wiredmikey writes with a followup to Thursday's news that Adobe was recommending paid software upgrades in lieu of fixing security holes in some of its applications. After receiving criticism for the security bulletin, Adobe changed its mind and announced that it's developing patches to fix the vulnerabilities. "Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial. For a popular product that was just over two years old, providing a fix to address a serious security flaw its what customers deserve. And while Adobe may have originally tried to sneak by without addressing the issue and pushing users to upgrade to its new product, the company made the right move in the end."

Sorry! There are no comments related to the filter you selected.

Boohoo (5, Insightful)

SuperMog2002 (702837) | more than 2 years ago | (#39980001)

Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial.

Boohoo. Welcome to software development.

Re:Boohoo (5, Insightful)

david.emery (127135) | more than 2 years ago | (#39980035)

Well, maybe Adobe runs independent codebases for their projects, so some poor schmuck coder has to go to each projectbase, check out the offending file(s), and make the changes. That would run counter to a Product Line Approach as recommended by the SEI... :-)

Of course, if Adobe would tighten up on their security coding practices, they wouldn't have these problems in the first place. But judging by Flash's patch history, that's too much to ask.

Re:Boohoo (3, Interesting)

jhoegl (638955) | more than 2 years ago | (#39980339)

And that is the point... what incentive is there for Adobe to make sure there are little to none security flaws when they make consumers pay for the "fixes"?
None of course, and can even breed a corporate strategy of "who can hide the best security flaw so we force people to upgrade?".

Re:Boohoo (1)

david.emery (127135) | more than 2 years ago | (#39980905)

And that is the point... what incentive is there for Adobe to make sure there are little to none security flaws when they make consumers pay for the "fixes"?

None of course, and can even breed a corporate strategy of "who can hide the best security flaw so we force people to upgrade?".

Kinda... If Adobe had its sh*t together, it would make even more money through a reasonable approach that allowed them to fix once and charge multiple separate product upgrades. But I don't think Adobe's that smart. When it comes to the free Acrobat Reader, Adobe's lost a lot of market share, at least on Macs where PDF viewing and distilling is built into the OS/Apple applications. Acrobat Reader bugs don't generate income for Adobe, but they certainly generate negative perception/goodwill (which accountants do take into consideration for corporate valuations.)

Re:Boohoo (1)

Tough Love (215404) | more than 2 years ago | (#39980991)

Well, maybe Adobe runs independent codebases for their projects, so some poor schmuck coder has to go to each projectbase, check out the offending file(s), and make the changes.

If they need to make the changes in more than one place then their code structure is broken anyway and they should fix it in their own interest. Never mind that they benefit from giving away their free software and should recognize the cost of doing so as a legitimate business expense.

Re:Boohoo (1)

SwashbucklingCowboy (727629) | more than 2 years ago | (#39981423)

Not a chance. Too expensive to do that.

Re:Boohoo (4, Insightful)

lightknight (213164) | more than 2 years ago | (#39980055)

Seriously. We're talking about Adobe, which ranks up there with Oracle, MS, and friends. If they can all create security patches for their last several major products, as well as the variations for each, then Adobe can do the same.

And if you want to do something about bandwidth, just integrate a Bit torrent client into the downloader, like, I don't know, a fair number of other companies have done.

What more, Adobe has a really sorry record for security, plus some infamy associated with its upgrades. Adobe Acrobat Reader is constantly updating itself, to deal with security issues, which all, apparently, need a system reboot (why does an application like this need a system reboot, I wonder).

Adobe Reader has a browser plug-in (4, Informative)

tepples (727027) | more than 2 years ago | (#39980357)

why does an application like [Adobe Reader] need a system reboot, I wonder

Because Adobe Reader installs a plug-in into Firefox and IE. If either of those programs is running, even if in a disconnected session (Fast User Switching), an upgrade to a plug-in cannot complete because the plug-in's shared library is open for execution. And on some versions of Windows, I seem to remember that IE plug-ins can run inside Windows Explorer, and Windows Explorer is always running if a user is logged in.

Re:Adobe Reader has a browser plug-in (1)

Rutulian (171771) | more than 2 years ago | (#39981747)

That should only require a restart of the browser, not the whole OS. Plenty of other software manages this just fine.

Windows Explorer integration w/Internet Explorer (1)

tepples (727027) | more than 2 years ago | (#39981795)

I seem to remember that IE plug-ins can run inside Windows Explorer

That should only require a restart of the browser, not the whole OS.

Windows Explorer is the browser, and it's running whenever anyone's logged into the OS.

Re:Windows Explorer integration w/Internet Explore (3, Informative)

Rutulian (171771) | more than 2 years ago | (#39981919)

Nope. Not since IE7 and WinXP SP2. Explorer.exe and iexplore.exe are two independent processes.

Re:Windows Explorer integration w/Internet Explore (1)

dkf (304284) | more than 2 years ago | (#39982579)

But what libraries do they share? What configurations? If the Reader DLL plugs into both, an install is going to need a reboot (because of how Windows locks loaded libraries).

Re:Windows Explorer integration w/Internet Explore (1)

Anonymous Coward | more than 2 years ago | (#39982809)

But what libraries do they share? What configurations? If the Reader DLL plugs into both, an install is going to need a reboot (because of how Windows locks loaded libraries).

They don't share anything. WinExplorer uses the IE library as part of its rendering (not sure if they do that in Win7/Vista still) but its an embedded instance which doesn't load plugins.

The likely problem is what Microsoft calls a "Shell Extension" which is a DLL that is loaded into Windows Explorer to provide some random extension like a new context menu, custom icon overlays or document previews when you highlight a file. Adobe probably has one of these which is why the reboot is needed. Of course "needed" should be in quotes because lots of other programs add shell extensions to Windows but theirs are not utter garbage and can actually be unloaded without terminating Explorer, upgraded then loaded back in again. Apparently this 2000s era technology is beyond Adobe's crack team of highly skilled programmers.

Alternative theories are:
1) Adobe found "problems" in certain test configurations that went away with a reboot and couldn't be bothered to fix the actual issue.
2) The installer adds a service or preloader but Adobe haven't figured out how to start those manually and have to reboot so Windows will do it for them.
3) The reboot is completely pointless and accomplishes nothing (I wouldn't be surprised, I've encountered a few programs whose installers want reboots even though they work perfectly without it).

Re:Boohoo (1)

chienandalou (2637845) | more than 2 years ago | (#39981087)

Exactly. From the perspective of a pretty average user, Adobe has been my largest source of PC headaches for the last four years.

Re:Boohoo (0)

Anonymous Coward | more than 2 years ago | (#39982689)

Adobe Acrobat Reader is constantly updating itself, to deal with security issues, which all, apparently, need a system reboot (why does an application like this need a system reboot, I wonder).

And Acrobat Reader is such a bloated piece of shit too... I remember 10-15 years ago when it felt reasonably lightweight. Free readers like Foxit for Windows or Evince and Kpdf for Linux run circles around Acrobat Reader.

Re:Boohoo (1)

lightknight (213164) | more than 2 years ago | (#39983513)

The funny part (I own Adobe Acrobat) is that the PDF format is actually a lot more versatile that simply forms / documents, as it is commonly used.

Though I would love to know how to turn off the accessibility options in CS5. I have one of those drawing tablets (part of the package), so Adobe thinks I am physically handicapped, and wants to 'help' me by scanning the document or something before I can use it (and it takes forever).

Re:Boohoo (1)

drinkypoo (153816) | more than 2 years ago | (#39984665)

Seriously. We're talking about Adobe, which ranks up there with Oracle, MS, and friends. If they can all create security patches for their last several major products, as well as the variations for each, then Adobe can do the same.

Your logic doesn't follow. Adobe has consistently demonstrated their massive inability, not their astounding ability, in every area other than marketing.

Re:Boohoo (0)

Anonymous Coward | more than 2 years ago | (#39980207)

To fix part of that, they can just do the downloads through bittorrent with webseeds. No wait, what was I thinking the **AA has made quite clear that those are only used for piracy.

Re:Boohoo (1)

Kalriath (849904) | more than 2 years ago | (#40000491)

ActivisionBlizzard begs to differ.

No shit (5, Insightful)

Sycraft-fu (314770) | more than 2 years ago | (#39980435)

Look Adobe, I'd be in your corner if this were Photoshop 5, like pre CS days, we were talking about here. If people were saying "You have to go fix something from 1998 because we won't upgrade!" I'd be along with you saying "Look people, stop being cheap bastards, get out the wallet, and buy new software at least once a decade, that's not unreasonable."

However we are talking about CS5, as in the last major, released only 2 years ago (CS5.5 is a more minor update, and shares the same codename). You need to at least put out security fixes for the last version, support it for a few years. I don't expect you to do any feature updates, but security updates are not too much to ask.

Also they want to wine about time, QA, and bandwidth? Give Microsoft a ring, see how it goes for them supporting OSes for 10+ years (OSes that cost less than a single CS program I might add), doing regression testing against thousands of pieces of hardware and software, and then distributing them to the majority of computer users in the world. They seem to get on fine and still make billions, so I'm going to say you can put on the big boy pants Adobe, and patch this fucking issue.

P.S. Don't when to me about bandwidth when you offer downloadable trials of shit. A patch is going to be a couple hundred MB maybe, and more likely less. Your trial downloads can be GBs. You have bandwidth you whiny shits.

Re:No shit (0)

Anonymous Coward | more than 2 years ago | (#39980795)

to wine, to when, to where, or not?

Re:No shit (0)

Anonymous Coward | more than 2 years ago | (#39981005)

i will be advocate of devil here...
1) Adobe supports current version and current -1 version. Under circumistance, 5.0 is -2 versions back(5.0 and 5.5 are different major versions, even though it doesn't looks so)
2) Even with prices much higher for their software, they still have much smaller profit than Microsoft. So judging them on same scales is rather unfair.
3) Gigabyte demos may very well become fully pledged distribution for bought products. Demos are actually full versions of product technically limited until(and possibly after) SN activation.

Re:No shit (1)

paulej72 (1177113) | more than 2 years ago | (#39981311)

No matter what Adobe says CS5.5 is just CS5 with Acrobat 10 instead of 9 and all of the patches applied to the other software. They were not going to release a new CS with Acrobat 10 until CS6 but a lot of people bitched about it and they came out with 5.5. So since there is no real difference between PS 5 and 5.5 they should support it.

E.

Re:No shit (0)

Anonymous Coward | more than 2 years ago | (#39983297)

They didn't release 5.5 because of people bitching. They released 5.5 because they have adopted a corporate policy of an annual upgrade, ready or not. This is all part of their move to tempt/force people to a software rental model. They would far rather you pay them a monthly sub than an occasional upgrade fee. This is a MAJOR policy move for Adobe and all of their other decisions feed into this. Look at the language of their press release... 'we have issued a patch for the new vulnerability, its called CS6' my arse.

Re:No shit (3, Insightful)

Anonymous Brave Guy (457657) | more than 2 years ago | (#39982271)

Adobe supports current version and current -1 version. Under circumistance, 5.0 is -2 versions back(5.0 and 5.5 are different major versions, even though it doesn't looks so)

The typical expected lifespan for a modern business PC is 3-5 years. There is really no excuse for a piece of software that costs four figures per seat not to receive essential security updates for a similar period. If you don't like that, don't charge a premium price for the software. If you want to charge a premium price, you have an effective monopoly, you are too incompetent to write secure software in the first place, and you aren't even willing to cover the cost of essential security updates, then it's about time someone won a profit-eliminating lawsuit against you for selling a product that isn't fit for purpose.

Even with prices much higher for their software, they still have much smaller profit than Microsoft. So judging them on same scales is rather unfair.

No, it isn't. To any given customer, they are charging far more for a product than Microsoft. It is not unreasonable at all to expect a better standard of quality and support for the more expensive product. If they can't sell more copies of it to get the profits up, well, maybe they shouldn't have such a bad reputation for poor quality and security, and maybe they should consider not charging such a high price to incentivise more people to buy. Or maybe their product just isn't as useful to so many people. There's no magic entitlement to megaprofits.

Re:No shit (0)

Anonymous Coward | more than 2 years ago | (#39981109)

There's an easy way for Adobe to deal with Photoshop bugfix decisions - "Do we still provide Camera RAW updates for this version of Photoshop? Yes? Ok, fix the damn security problem."

Re:No shit (2)

Lord_Jeremy (1612839) | more than 2 years ago | (#39982255)

The situation surrounding Adobe software upgrades is pretty ridiculous. I work for a large independent Apple retailer that happens to do a lot of "pro services" business with things like video production companies and recording studios. Just about the only time a customer upgrades their Adobe CS is when they've bought new hardware that comes with a new OS version that their existing Creative Suite won't run on. Graphic designers tell me that everything they do in Photoshop CS6 they've been doing the same way since Photoshop 7.0. As far as I can tell the only real reason anyone buys CS upgrades is Adobe generally doesn't release compatibility patches. If the just-released Mac OS breaks the then-current CS, Adobe bumps the major version and tells everyone to upgrade. Hell, I don't even understand why Adobe software has broken so often with Mac OS version bumps. Their stuff is by far the worst, and "Pro" software in general is known to be finicky.

Re:No shit (1)

bitingduck (810730) | more than 2 years ago | (#39986323)

That probably explains why they don't seem to have a "save as previous version's file format". I needed to try out indesign and got the 30 day free trial. Aside from being buggy and fragile, it also doesn't have a "save as indesign for cs4" so when I was trying to work with someone who was on CS4 and send files back and forth, it was a one-way process-- once it's in the CS5.5 version the CS4 version can't read it.

Re:No shit (1)

Lord_Jeremy (1612839) | more than 2 years ago | (#39986789)

I remember at least one graphic design studio client (they never seem to catch a break) that was forced to upgrade because of precisely this problem. They were dealing with either other studios or their own clients and were having file compatibility problems between CS4 and 5.

Re:No shit (0)

Anonymous Coward | more than 2 years ago | (#39989813)

It's worse than that. They knew about this bug for > 6 months (since September 2011). How many people bought CS5 in that period of time but didn't know the policy was going to be "No further updates. You'll have to buy an upgrade when that comes out in 6 months". That's just cruel and stupid, because they're not even supporting the product while it is shipping for 6 months. Adobe's excuses are pathetic. Oh, it costs us so much to do development, and provide downloads, and blah blah blah. It's a cost of doing business, and if people are paying $2k for software, they better damn well support it while it's shipping when it comes to serious security flaws like this one. Maybe they could invest some of that money into developing a patch system that doesn't involve downloading any more than necessary, and they can stop investing in stupid "updater" programs and other bloat.

I'm particularly bitter because I bought my copy of CS5 three months ago and (of course) knew nothing about this flaw. HAD I KNOWN, obviously I would have waited until CS6 came out, ya dimwits.

Re:Boohoo (0)

shoehornjob (1632387) | more than 2 years ago | (#39980449)

LMAO STFU Adobe. ^^^ needs mod points. Adobe = security patches are our business model. Sure we'll let you torrent all our software but you'll pay in the end.

Re:Boohoo (1)

zalas (682627) | more than 2 years ago | (#39980919)

Well, Adobe isn't exactly complaining or crying about it since Adobe didn't write the lines quoted in the summary; the writer over at Security Week did. It seems the only thing we got out of Adobe so far is that now they're working on it.

Re:Boohoo (1)

thePowerOfGrayskull (905905) | more than 2 years ago | (#39981439)

On the other hand, how long should a company support someone who made a one-time purchase of software two-years ago, with the understanding that it was being bought as-is?

It's all well and good to say "get over it", but that doesn't address the question.

Re:Boohoo (4, Insightful)

Anonymous Brave Guy (457657) | more than 2 years ago | (#39982349)

If you're going to start playing the "as-is" card then I'm going to start playing the "fit for purpose" card. If it's a one-time purchase of software and what I get in the box is all I ever get, that means your software must do its job properly without any showstopping bugs, and must not damage my system in any way or create any security vulnerabilities.

If your software does have bugs that stop me from using it for its intended purpose, you can refund me the full purchase price and any additional costs for consequential losses to clean up the mess. And if your software is not 100% secure, you can have unlimited liability for any consequential losses caused by your negligence, just like any other product. Oh, by the way, I've got 10 expert witnesses who will testify that you could have made your software much more secure if you'd only spent more money on its development, chosen better tools, and followed better processes, so we'll be seeking punitive damages as well if they apply in your jurisdiction because you cheaped out instead of doing real engineering as befits a product with that price tag.

A lot of people have argued that giving liability to software makers for substandard products is somehow unreasonable, because software development just doesn't work like that. I think it's a relatively weak argument anyway, because while there is an element of truth to it and software engineering certainly isn't as well-developed a field as the major physical engineering disciplines, a lot of software bugs clearly are avoidable and leaving them in really is some combination of negligence or deliberate cost-cutting at the expense of quality. In any case, we are in the Internet era, when avoidable security screw-ups can cause very substantial damage to customers far beyond the purchase cost of the software. I think it's blatant mockery to make an argument that liability for shipping a flawed product is unfair because of the "reality" of the industry, yet then to claim with a straight face that customers are not entitled to ongoing updates to fix any security vulnerabilities or bugs in advertised functionality, free of charge and on the same terms as the original purchase, as such problems are discovered throughout the reasonably expected lifetime of the software.

Bandwidth? Seriously? (1)

gr8_phk (621180) | more than 2 years ago | (#39981601)

And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial.

Seriously? What's the bandwidth cost for an update vs. the cost of that copy of the product? Like 3 cents vs Umm I dunno what those professional products cost, but I'm sure the bandwidth cost is essentially nothing in comparison.

Re:Boohoo (1)

hairyfeet (841228) | more than 2 years ago | (#39981793)

Wellll...that depends. is it for software they are still selling? Then yes they should have to support it. But I think we would all agree there has to be some sort of time limit on these things otherwise you end up in MSFT crazy support land.

Now don't get me wrong, I quite like the fact that computers i sold in 2004 are still getting updates or that the little 1.8GHz Sempron is still getting patches after all these years..but can you imagine what a gigantic PITA it must be to patch something like XP? i mean when that thing came out a 400MHz with 128Mb of RAM was the average office box and now you can get dual cores on CL for like $50. Trying to just do testing for patches on code that damned old with that much of a variable when it comes to CPU and RAM alone, not to mention the bazillion and one damned drivers has GOT to be an ulcer inducing job if there ever was one. Hell i doubt that any of the guys that actually originally designed XP are even at the company anymore.

So as long as they give you a set number of years so you know "This software will work for X number" then i see no problem with dropping support for old versions. hell if I was MSFT I would have dropped XP support 2 years ago when it was obvious Win 7 was a good OS, of course I would have offered a cheap upgrade path for those that wanted to keep their old hardware, say $50 Win 7 Home and $75 pro when you gave them the XP key off the side, but that is just me.

I don't know how old this software is since I'm not a Photoshop guy but if PS is as high as it was last i looked at it I'd say 5 years support should be about bare minimum for software that high. But if its just a year or two old at $500+ a license? yeah cough up the patch already. in the end its all about giving a reasonable level of support and for most places I'd say 3 to 5 years ought to be about right.

The least Adobe could do ... (0)

Anonymous Coward | more than 2 years ago | (#39982641)

Massive customer base? We all know that Microsoft is more evil and more massive than Adobe, and yet Redmond is still angelic enough to issue security patches for a ten-year-old product like Windows XP. Okay, maybe it's proprietary software company to hoard all the latest "features" for a paid upgrade, but security is the least that a company with a supposedly massive customer base could do.

Re:Boohoo (0)

Anonymous Coward | more than 2 years ago | (#39982821)

The problem exists in CS4 as well.

Re:Boohoo (0)

Anonymous Coward | more than 2 years ago | (#39983519)

Perhaps if they didn't write shoddy code to begin with that was ripe for exploits, then they wouldn't need all these extra QA processed patches. Will it stop all bugs? No, but perhaps would stop the most braindead of them that slip through.

Wow. (1)

Anonymous Coward | more than 2 years ago | (#39980011)

Way to sound like a dick even when you're doing the right thing.

Write fewer bugs. (5, Insightful)

Alex Belits (437) | more than 2 years ago | (#39980029)

Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial.

You know what is cheaper? Hiring developers with a clue, so they won't write bugs by the bucketload.

Re:Write fewer bugs. (0, Troll)

Anonymous Coward | more than 2 years ago | (#39980441)

Adobe software manager here. You have no clue what you're talking about. Outsourcing all of our development to India is much cheaper than hiring competent programmers. And competent programmers would rather tell us how stupid it is to rewrite our user interface in Flash. I'm not paying you to tell us what's stupid, I'm paying you to do stupid things.

Re:Write fewer bugs. (0)

Anonymous Coward | more than 2 years ago | (#39980471)

lol that must be it. You're a genius mister triple digit UID. Adobe must hire shitty developers.... Microsoft too right? All praise teh lunix and teh opensauce!!!1

Glad we have a guy with the massive title of 'Software developer' for his day job and 'VP of Engineering' for his play job to tell us how it goes down.

Re:Write fewer bugs. (0)

Anonymous Coward | more than 2 years ago | (#39980625)

Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial.

You know what is cheaper? Hiring developers with a clue, so they won't write bugs by the bucketload.

But then they'd have to stop outsourcing everything and pay decent salaries.it's a case of pay me now or pay me later. With a lot of whining when it doesn't work.

massive sales (4, Insightful)

gbjbaanb (229885) | more than 2 years ago | (#39980053)

And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial

you know what, if they such a massive customer basse, then they would have already made massive profits from those 'massive' sales. So the company just forgot to factor in the percentage for maintenance from those sales.

Its a bit pathetic really, unless their development costs are so great - but then I'd say the management and developers are at fault, patching isn't a particularly difficult task once you've done the fixes for the current version anyway.

Re:massive sales (5, Interesting)

dgatwood (11270) | more than 2 years ago | (#39980301)

Dude. It's Adobe. Judging from their outward appearance, I suspect that their management chain actively discourages fixing bugs because it gets in the way of adding new bloat... err... features.

For example, we've been complaining that the entire CS suite fails to work correctly on case-sensitive HFS+ since... well, since support was introduced back in 10.4. To this day, their shovelware still does not work on Macs so configured. This problem is entirely caused by Adobe being too damn lazy to fix their build scripts to use correct capitalization during the linking phase—a set of fixes that would take at most a couple of hours for a single competent engineer to fix using shell scripts and sed. And some folks have been complaining about this serious flaw in their products for seven years now.

Even more hilariously, Adobe blames Apple, claiming that there are dozens of compiler bugs that they've reported that haven't been fixed, which prevent them from fixing this problem. However, thousands of companies out there have no trouble working on case-sensitive volumes. Likewise, random users have gone through and created symbolic links to work around Adobe's typos and have been able to get it working, which completely invalidates Adobe's ludicrous claims.

Frankly, given how long it has taken them to fix something that simple, it'll be a ***king miracle if Adobe fixes this security bug in less than a decade. After all, if it takes them that long to fix something that would take me a few minutes, they either have to have the most complicated, snarled pile of source control ever seen in the history of the universe or they're all grossly incompetent beyond measure, neither of which inspires much confidence in this security fix for me.

Screw Adobe. The only thing that could make their software quality any worse would be if they got bought by Symantec.

Re:massive sales (0)

Anonymous Coward | more than 2 years ago | (#39981147)

the entire CS suite fails to work correctly on case-sensitive HFS+ since... well, since support was introduced back in 10.4

Symantec Endpoint Protection doesn't work on case-sensitive volumes either.

Re:massive sales (1)

paulmac84 (682014) | more than 2 years ago | (#39981201)

I'd be surprised if anything by Symantec worked correctly, regardless of the case sensitivity of the underlying file system. The only way to get Symantec software to work correctly is format & reinstall. Not even their uninstallers work correctly.

Re:massive sales (0)

Anonymous Coward | more than 2 years ago | (#39984497)

Funny to read this now, as just yesterday I repaired my parents pc booting issues, caused by norton quarantining ntosketrn.exe

Re:massive sales (0)

Anonymous Coward | more than 2 years ago | (#39983205)

You don't know whether or not those thousands of smaller companies have the same bugs. Again, why would anyone bother attacking a piece of software that isn't necessarily running - and more importantly, have no real way of triggering?

I mean...
1) When's the last time you opened something inside of [insert program name]? When's the last time you downloaded something from the internet to open in [insert program name]?

2) Time and again, you'll see higher marketshare software being hacked more often: Microsoft Office vs OpenOffice/LibraOffice/etc. Windows vs anything else. Adobe PDF vs FoxIT. No black or white hat hacker is going to bother with a puny 10-15% marketshare.

Re:massive sales (1)

Man Eating Duck (534479) | more than 2 years ago | (#39985463)

Dude. It's Adobe. Judging from their outward appearance, I suspect that their management chain actively discourages fixing bugs because it gets in the way of adding new bloat... err... features.

Yes, that's a very nice summary, and our experience as well. It seems that each new upgrade aims to add bullet points to their feature list, once a bullet is on there, Adobe doesn't give a flying fuck whether it actually works well or not. If it doesn't work well expect to have to upgrade in order to see improvements (or not). To your examples I'll add epub export, which has been a "feature" since CS3, and as of CS5.5 it's still *horrible*. Image handling has actually degraded from CS4 (no "Keep original" anymore), and a blindingly obvious flaw like support for manual page breaks is still not part of it. Since our source documents are indd we still use it to export epubs, but I have to do an embarrassing amount of manual postprocessing to make them usable. Luckily *good* tools like Calibre and Sigil make that process bearable, but there should be no reason to replace font files manually because Adobe performs a ridiculous XOR mangling of fonts when embedding them in an epub.

New versions will bring new features while leaving all the old ones flawed, maybe with minor improvements, and of course bugs in the previous version is perceived as upgrade drivers (we were promised by support that the regex replace bug with \n and styles would be fixed with CS5.5, and... it's not. Same with the shitty support for hyperlinks and "invalid" destinations from Word, which will make Indesign crash instantly and optionally corrupt your document). Add to this that they make it impossible to plan for upgrades since every new version is a surprise release, and that Adobe actually sells "upgrade insurance", and it comes across as a goddamn racket.

Re:massive sales (1)

dgatwood (11270) | more than 2 years ago | (#39995651)

Yeah, that XOR mangling is intended to be a lightweight DRM to make it slightly harder to copy fonts out of an EPUB, but no EPUB readers support it except Adobe Digital Editions, AFAIK—possibly the Nook reader, since that is based on ADE, but I haven't tried it.

I hate this. (-1)

Anonymous Coward | more than 2 years ago | (#39980069)

I don't want Adobe focusing on two year old software patches when practically nobody else in the industry does the same for similar software. This isn't an OS that gets used by millions of people. This is not a high target application.

I'm better served as an Adobe customer if Adobe focuses on innovating for the future and stops being held to higher standards than anyone else by bloggers who have an agenda against them.

Re:I hate this. (1)

Anonymous Coward | more than 2 years ago | (#39980099)

Thanks for your insight, Adobe CEO Shantanu Narayen.

Re:I hate this. (-1)

Anonymous Coward | more than 2 years ago | (#39981975)

Oh, he's got brown skin! THAT'S why Slashdot readers hate Adobe! It all makes sense now.

Re:I hate this. (2)

ColdWetDog (752185) | more than 2 years ago | (#39981045)

I don't want Adobe focusing on two year old software patches when practically nobody else in the industry does the same for similar software. This isn't an OS that gets used by millions of people. This is not a high target application.

I'm better served as an Adobe customer if Adobe focuses on innovating for the future and stops being held to higher standards than anyone else by bloggers who have an agenda against them.

******

You'd be better served as an Adobe shill if you made an ounce of sense.

Actually, you'd be better served after vigorous braising on both sides with garlic butter and a nice red whine.

Support (1)

girlintraining (1395911) | more than 2 years ago | (#39980083)

This just in: Companies would rather you throw money at them to fix products that are badly designed as well as throw money at them to get features. Long-time pirate girlintraining had this to say on the news "Pirate Bay has better support, current patches, and can be had quicker and with less hassle than how Adobe sells its own products. I wouldn't be opposed to paying for the product once, but after that, if you screw it up, I'm going to another vendor of your product." Adobe spokespersons had no immediate comment, but the CEO was making subtle hand gestures to the paramilitary men in the background, who left the room shortly after.

Hangon, someone's at the door...

Adobe realized (1)

triplaA (2606771) | more than 2 years ago | (#39980093)

No company can beat public shame except MPAA.

Re:Adobe realized (0)

Anonymous Coward | more than 2 years ago | (#39980387)

And Phillip Morris, General Motors, McDonald's, and Disney, and well, the list goes on.

Call the waaambulance (5, Insightful)

wickerprints (1094741) | more than 2 years ago | (#39980131)

So what it if it costs you money? It's your error, and your responsibility to fix it. We're not talking about a version that you stopped selling years and years ago. We're talking about a version that stopped selling only recently--in fact, more recently than when the security flaw was reported.

What are you doing with the several hundreds of dollars each licensee pays you for a copy of Photoshop? Or the $2000 that they pay for an edition of CS? Wiping your asses with it? Rolling it into a joint and letting your developers smoke it?

Adobe (like another tech company that starts with an "A") was once a stand-up company. Ironically, the CEO of that "other company" accused Adobe of being LAZY. And he was 100% correct. Lazy and bloated and coasting on their monopoly success. Again, the principle holds: the more trust and power the consumer gives to a corporation, the more they will abuse it.

Re:Call the waaambulance (2)

Clsid (564627) | more than 2 years ago | (#39980437)

And Jobs did say the the company wasn't about technology anymore and was just being run by a bunch of suits. Your comment was right on the spot.

Re:Call the waaambulance (5, Funny)

Anonymous Coward | more than 2 years ago | (#39980499)

And Jobs did say the the company wasn't about technology anymore and was just being run by a bunch of suits.

So what'd he have to say about Adobe?

Cry me a river... (5, Insightful)

Lohrno (670867) | more than 2 years ago | (#39980199)

The base non-student version of their software costs 1299.

I do not want to hear ANY complaints about money from them with that kind of audacity.

Re:Cry me a river... (2)

AmiMoJo (196126) | more than 2 years ago | (#39981881)

The base non-student version of their software costs 1299.

So if according to the RIAA a $0.50 song is worth $80000 when uploaded via P2P that means each uploaded copy of Photoshop is worth over $200 billion. Adobe must be losing trillions of dollars, no wonder they can't afford to do bug fixes or hire competent programmers.

Adobe's real value (0)

Anonymous Coward | more than 2 years ago | (#39980205)

And with that utterly incompetent reason, Adobe has shown their true value: VERY LITTLE!

They're complaining about having to do thorough software development. Really? REALLY? If there was ever a reason to jump ship from Adobe products, this should be a clear indicator of just how stupid they think the tech. community and user base is.

Absolutely unbelievable!

Adobe's prime reason for existing (0)

catmistake (814204) | more than 2 years ago | (#39980215)

is so that consumers might realize the truth... that Microsoft is actually a decent software company that benefits technology markets and humankind immensely. Apple is not the new old Microsoft, because Apple never floods markets with crappy products. Adobe, however, really is and has been the new old Microsoft. (And I apologize that this comment is so obvious its hardly worth making.)

Re:Adobe's prime reason for existing (1)

Lohrno (670867) | more than 2 years ago | (#39980271)

MS has their own faults as well, but yes, credit where it's due.

Other than possibly IE (which has gotten better) I can't think of much to complain about MS doing lately. Possibly because I've been doing Apple development heh... I can think of some things Apple does which piss me off a bit - device limits in iTunes, their provisioning scheme, xCode not being very snappy... but you're right, I can't really say Apple is the old MS...

Re:Adobe's prime reason for existing (1)

catmistake (814204) | more than 2 years ago | (#39983847)

While Mr. Gates was always a personal hero of mine, I used to hate Microsoft with passion. Now, I only hate Windows, and give Microsoft a pass, because Microsoft also made Active-Directory, Exchange, and XBox... almost makes up for Windows, and for all the good companies with better product they ran out of business in the mid/late 90's. Also, Linux and the OSS community tends to mitigate how crappy Windows is, by fixing pretty much everything that is broken in Windows, or that Windows broke.

Re:Adobe's prime reason for existing (1)

the eric conspiracy (20178) | more than 2 years ago | (#39980349)

Apple ... never ... crappy....?

I guess you never owned a Nubus PowerPC Mac running MacOS 8.

Re:Adobe's prime reason for existing (1)

Windows Breaker G4 (939734) | more than 2 years ago | (#39980423)

MMMMM x100 series powermacs. Actually 8100 with G3 card was surprisingly a good machine.

Re:Adobe's prime reason for existing (1)

gstrickler (920733) | more than 2 years ago | (#39980467)

And apparently, neither did you. I owned several, liked them all.

Re:Adobe's prime reason for existing (1)

the eric conspiracy (20178) | more than 2 years ago | (#39986585)

You were in a minority. I had an 8100. These POS machines were horribly unstable, and much of the software running on them was emulated making performance crap. Not only that but there were few add ons available because of the poorly supported NuBus.

And despite the nice CPU the OS architecture was still based on an schlock memory and multitasking model.

The fact is these were the worst architected and poorest performing machines I've ever owned.

Re:Adobe's prime reason for existing (0)

Anonymous Coward | more than 2 years ago | (#39980575)

The 6200/6300 machines would have been a better example - pure fucking shit!

Not a surprise (2)

ZigZagJoe (1724868) | more than 2 years ago | (#39980243)

They made the right move... after they got curbstomped by public opinion. No doubt they would have maintained their original position without external impetus to change it.

Sad bit is this appears to just be a bug in whatever custom tiff library they wrote; fix bug, recompile applications, if need be, then test everything tiff related. Not really a demanding undertaking. Given the exorbitant prices they charge for PS and friends, the very least they can do is keep them patched when yet another security hole is found. Don't get me wrong, PS is a superb piece of kit (if bloated) - but it doesn't command the premium it once did.

Re:Not a surprise (1)

ColdWetDog (752185) | more than 2 years ago | (#39981067)

Except is probably a bug in a library that was first developed for PS 7 when the redid the code base.

This means it's likely in CS1, CS2, CS4 as well as CS5.

Oopsie.

A compromise (1)

WhitetailKitten (866108) | more than 2 years ago | (#39980305)

Tell you what, Adobe. I'll pay for security patches to your near-ubiquitous software products if you accept criminal liability for any damages incurred if I get keylogged and my bank accounts emptied/credit cards stolen/identity stolen/network compromised as a result of an Adobe software flaw that led to me being exploited.

Deal?

Re:A compromise (0)

Anonymous Coward | more than 2 years ago | (#39980533)

Tell you what, Adobe. I'll pay for security patches to your near-ubiquitous software products if you accept criminal liability for any damages incurred if I get keylogged and my bank accounts emptied/credit cards stolen/identity stolen/network compromised as a result of an Adobe software flaw that led to me being exploited.

Deal?

Adobe's response:

Dear Money Transfer Conduit #886108,

Allow us to make you a counteroffer:

1. You continue giving us money,

Seriously, is this REALLY that hard to understand? Christ, it's like all you money transfer conduits went defective at once. That's your primary function, too. Who could've designed such faulty products like you? So either fix your own damn bugs or I'll replace you with NON-malfunctioning units and report you to your supervisors.

Making Software is Hard (5, Interesting)

10101001 10101001 (732688) | more than 2 years ago | (#39980335)

"Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, ..."

Developing software, especially three different applications, can be costly and time consuming. Developing software consumes development resources, then must run through a QA process (which obviously failed here) ...

... and the patch needs to be communicated and distributed to users. ...

.. and creating a marketing campaign and distribution channels is a large and complex process. ...

... And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial. ...

ditto

... For a popular product that was just over two years old, providing a fix to address a serious security flaw its what customers deserve. ...

Creating stable, secure products is what customers deserve.

... And while Adobe may have originally tried to sneak by without addressing the issue and pushing users to upgrade to its new product, the company made the right move in the end."

Adobe may want to cut corners, but in the end, they don't have the lock-in to really piss their customers off. A lot of their larger consumers (corporations) who were planning to upgrade by choice who felt they were being made to by Adobe's decision now have reason to reconsider, even if they "made the right move in the end". Because who knows if they'll "[make] the right move in the end" the next time? The one good thing? Journalism and popular opinion made a difference.

PS - It's really hard to not be overly snarky, since Adobe's very business is software development. So, trying to spin it as some sort of extra cost to do patching seems even more absurd than all those businesses which could at least say that IT and software development is there for support to do their job and not as an end in itself. Given how much of Adobe's business is in high ticket software, it's especially hard to understand why they were so slow to be committed to support, since beyond the direct software itself, one presumes the high price is tied to a commitment. Certainly, it's the other way around--even corporations with middle management mostly shielded from their decisions don't seem likely to blow potentially millions on a product and a company who, in company terms, will disappear support-wise overnight. I mean, isn't it just standard process in most companies to, even if they're internally dead-set against doing work on an issue, to smile politely and say how they will/are looking into the issue? Otherwise, you may end up with a PR snafu.

I sometimes wonder if PR is dead (4, Interesting)

SmallFurryCreature (593017) | more than 2 years ago | (#39980351)

Do these companies even hire a PR expert anymore? EA/Bioware recently made a big mistake as well. With their MMO SWTOR they have been having some small problems. The game is boring all around and end-game is non-existent. So... they came up with an idea. How about we give everyone, regardless of how long they played a free month... BUT only if they reached level 50...

Reaching level 50 since launch isn't that hard to be honest HOWEVER it is not how some PAYING customers play MMO's. Especially since one you are there, there is nothing to do. Some play lots of alts, some play very infrequent. BOTH these groups PAY. But customers with an account a month old who grinded to 50 got a free month, customer who subscribed since launch did not.

There was much outrage and Bioware/EA relented and made the condition level 10 legacy which is still forcing you to play for level but doesn't require you to play an account till level 50 but one to (25 or something when legacy points start counting) and then you can play as many alts (on a single server) as you want.

IT IS STILL A FUCKING STUPID bit of logic but far few people didn't qualify because of it.

And all this? A promotion campaign to keep paying customers from leaving a game that is considered unfinished (what is there works, there just isn't a lot there, it is one of the most bare-boned MMO's I ever seen. Blizzard refined Sony's Everquest and made it into WoW. Bioware put WoW through a filter and published it as SWTOR sadly all the taste was left behind in the filter. It is a very smooth drink, but then so is a glass of water. But I ordered Whiskey!) and so why the qualification of how many XP points of whatever kind a player accumilated. PAYED subscribers are the ones you hope to keep, so, let the qualifier be, payed subscribers.

No, I am not just going off topic, basic PR is like basic laywer advice. SHUT THE FUCK UP. In any case, your lawyer will tell you to keep your fucking mouth shut. Let your lawyer speak for you and even then, 9 times out of 10 the best thing to say is NOTHING.

Neither of these fuckup's should have gotten past PR, there is no way anyone with a brain could not see the shit storm these announcements would raise while accomplishing NOTHING. I do not use Photoshop and I wasn't unhappy with SWTOR... BOTH these PR goofballs made my blood boil with nerd rage and you can find me ranting my impotent rage on the net...

Someone somewhere could have done cost benefit analysis and reasoned out that simply fixing the bug and simply giving all accounts of say 2 months a free month would have cost far less and would have given them POSITIVE feedback rather then now it costing MORE and leaving a NEGATIVE impression.

PR isn't about spinning things, it is about effective communication with the public (as said, I am not a Adobe customer) so that what you do, benefits you. Some beancounter might do some sums but if the most economic sum ends up raising a storm of protest so you have to do the more expensive solution anyway, you not only wasted time on two approaches, you now have to pay extra for negative publicity.

If you EVER have to deal with the public, just keep this in mind. If there is a change the cheap plan is going to cause protest, go with the more expensive one. It will be cheaper in the long run.

Just run both examples here with the more expensive plan from the start.

Adobe announces patches for its popular Photoshop product free for all version still in use.

Bioware rewards long standing customers with a free month as thanks for their support.

Hoora's all around, what good chaps these megacorps really are.

PR, it is really simple once you stop listening to the beancounters.

id rather they not (0)

Anonymous Coward | more than 2 years ago | (#39980579)

positions like that mean prices have to go up just to cover the salary

Re:id rather they not (1)

ThatsMyNick (2004126) | more than 2 years ago | (#39984879)

Sadly true. No one likes to hear sad news. You state a problem to the managment only if you can find a way to workaround it and your expected earnings still ends up to be the same.

Seriously? (1)

Anonymous Coward | more than 2 years ago | (#39980447)

What the hell is up with company's lately..
At&t ceo is 'losing sleep because he gave unlimited data, and imessage is taking away from his text plans"
Now a company not wanting to take care of their own coding issues.

Face up and deal with it. You should always support at least 2 versions, especially when the new version was released what less then a month ago?
With that logic, car manufacture's should stop making break pads, windshield wipers, etc once they release the next years model to force you to buy the new years model...

Doing the right thing (0)

Anonymous Coward | more than 2 years ago | (#39980475)

"And while Adobe may have originally tried to sneak by without addressing the issue and pushing users to upgrade to its new product, the company made the right move in the end."

Public shaming often "inspires" doing the right thing. There is unprincipled and there is unprincipled and stupid...

I keep wishing (0)

Anonymous Coward | more than 2 years ago | (#39980487)

...that Adobe crapware will go away, people will really truly embrace open standards for multimedia and move on to the next big thing.

Nice quote in summary, /.... (0)

Anonymous Coward | more than 2 years ago | (#39980895)

One question: whose quote is that anyway?
</if I wanted to click every link to see what the stories are about, I would use an RSS reader, not visit the website>

Something is rotten in the state of Denmark (1)

AlienIntelligence (1184493) | more than 2 years ago | (#39981077)

Ok, so since this backtracking happens frequently now there
are only a couple modalities that can be occurring here.

1) Companies really ARE that stupid and greedy.

2) See #1, but not stupid... they are being sly and try to see how much they can get away with til backlash happens.

More and more... I'm starting to believe it's the second one.

-AI

Shakespeare nor I mean any disrespect to any danes.

Not because of complaints (0)

Anonymous Coward | more than 2 years ago | (#39981887)

Adobe didnt do a 180 because of complaints. It's my guess they don't like the idea of people considering alterntives.

For the little bit of light photo editing I do, I find GIMP to be a fine tool. Why would I want to buy CS6 or even just Photoshop alone? In addition to having to buy a Windows OS license, and learn a platform I am unfamiliar with.

No longer use adobe, Google does it for me (0)

Anonymous Coward | more than 2 years ago | (#39985777)

let google generate an html file of the proposed pdf.... ignore worthless foot in the door middleman adobe.
they have no service and no market. I want plain text and html... THEY want proprietary. ty google,....
now stop being evil ffs.

Adobe patches (0)

Anonymous Coward | more than 2 years ago | (#39987665)

Too late. All my Flash plugins have already been deleted. The Internet still seems to be functional.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?