homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

The Geek Culture Forums


Post New Topic  New Poll  Post A Reply
my profile | directory login | | search | faq | forum home
  next oldest topic   next newest topic
» The Geek Culture Forums   » News, Reviews, Views!   » Rants, Raves, Rumors!   » Dear Adobe... Stop Being Stupid

 - UBBFriend: Email this page to someone!    
Author Topic: Dear Adobe... Stop Being Stupid
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted October 05, 2009 13:37      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
Dear Adobe,

Javascript in a document format? Letting PDF files launch non-PDF attachments? Really?

As I install your latest patch and then have to disable those and other security holes since your idea of security is to re-enable options that compromise security without notifying the user, I find my mind wandering.

I imagine paying someone with a botnet to spam every email at your company with PDF files filled with attachments that exploit every Windows component vulnerability ever released. I don't know how many of your employees would open them, but some would. Once a few systems on your network were rooted, it would be so very gratifying to provide their details to the botnet owners so that they could tear your company's network apart.

Sincerely,
A pissed off 'customer' who only uses your shit because his company forces him to.

--------------------
Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
Ugh, MightyClub
BlabberMouth, the Next Generation
Member # 3112

Member Rated:
5
Icon 1 posted October 05, 2009 19:14      Profile for Ugh, MightyClub     Send New Private Message       Edit/Delete Post   Reply With Quote 
Amen, brother.

--------------------
Ugh!

Posts: 1742 | From: Ithaca, NY | Registered: Dec 2004  |  IP: Logged
quantumfluff
BlabberMouth, a Blabber Odyssey
Member # 450

Member Rated:
5
Icon 1 posted October 05, 2009 19:40      Profile for quantumfluff     Send New Private Message       Edit/Delete Post   Reply With Quote 
Adobe seems to be missing the distinction between presentation formats and application delivery systems. Presentation formats should be very static, for a variety of security and archival issues. Then they decided that Flash should be a presentation format and an application language - and things went down hill. Then again, trying to supplant freely implementable technologies like javascript and html with proprietary ones like Flash or Sliverlight is the name of the game if you want to lock people in.
Posts: 2902 | From: 5 to 15 meters above sea level | Registered: Jun 2000  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted October 05, 2009 19:49      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Well, to play devil's advocate...the JS makes it easier to use fill-in forms.

Fill-in forms are far superior to printing out forms and using pen/ink or a typewriter† to fill them in. JS helps perform simple calculations, or prefill certain fields -- most useful for tax forms (IRS & NYS tax forms are fill-in forms, some with basic field carrying and/or math).

Unfortunately, this has led to a giant mess when the interpreter is vulnerable.
I'm not sure what the best solution is, but their motivations for adding JS weren't completely misguided. (Perhaps there should be a 'simple .pdf' and a 'dynamic .dpdf' set of file formats instead; the former not requiring any interpreter.)

† Hell, that's how I filled out my college application (a tri-fold form, before the Interweb had handy forms...).

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted October 06, 2009 06:18      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
Oh my yes, typing a little less and not having to use a calculator for that one day a year that I fill out a tax form would more than make up for opening up my computer to root kits, viruses, trojans and all manner of malware.

I have seen the light and it totally makes sense to me now when Adobe overrides a user's preferences and makes the system less secure when a security patch is installed.

--------------------
Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted October 06, 2009 08:58      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
The fact that Adobe is broken when JS is turned off is totally their fault.

That's utterly ridiculous...and dreadful.

All I'm saying is that there are ostensibly some useful business cases for the tech. Alas, the problem it seeks to solve could be better solved by a use of smarter technology -- namely good web forms. Perfectly replicating paper forms, and enabling people to fill them out on a computer and then /print/ them is actually a sign of very dated processes, rather than a clever embrace of technology. However, it does fill a need, and I think that it would be better solved by a related, but not identical format, allowing *anyone* to open 'normal' PDFs safely, and the fancy ones could be opened with a clear understanding of what's inside.

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
GrumpySteen

Solid Nitrozanium SuperFan
Member # 170

Icon 1 posted October 10, 2009 10:23      Profile for GrumpySteen     Send New Private Message       Edit/Delete Post   Reply With Quote 
Thanks Adobe! Javascript is still fucking AWESOME!

--------------------
Worst. Celibate. Ever.

Posts: 6364 | From: Tennessee | Registered: Jan 2000  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted October 10, 2009 21:17      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Grr...why the hell can't Adobe actually FIX THEIR PRODUCTS?!

My favorite was the last exploit, which resulted in a response of "Yes, we know about it, but won't have an update out for a month or so."

I used to think it was the stuff of tin-foil hat wearers, but after one of these charming incidents† awhile ago, I started to use NoScript for Firefox. That pretty much guarantees you won't open a PDF unless you intend to, as well as all sort of bad things on the Interwebs. It's sometimes a little bit of a nuisance, but that just serves to highlight how many websites use Javascript unnecessarily.

† The long-term existence of a zero-day, not getting burned by one...

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
Snaggy

Sir Snaggalot!
Member # 123

Member Rated:
5
Icon 9 posted October 10, 2009 21:59      Profile for Snaggy   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
They wrecked Fireworks too. :-(
Posts: 8111 | From: Canada | Registered: Jan 2000  |  IP: Logged


All times are Eastern Time  
Post New Topic  New Poll  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:

Contact Us | Geek Culture Home Page

© 2015 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0



homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam