[LINK] Any one else suffering Adobephobia?

Stephen Loosley stephenloosley at outlook.com
Sat Jul 11 22:13:59 AEST 2015 

Hi Rick and all,

You write ..

> .. banish Adobe Flash to the trash-heap of crapuscent (my word) software for eternity.

Agreed. And for many of the reasons you note, we have chosen not to install Flash for a few years.

It's not missed.

Cheers,
Stephen

> Date: Thu, 9 Jul 2015 18:12:31 -0700
> From: rick at vitendo.ca
> To: Link at mailman.anu.edu.au
> Subject: [LINK] Any one else suffering Adobephobia?
> 
> Gentle Linkers,
> 
> Late in June, Adobe issued YAFU (Yet Another Flash Update). And then yesterdaym YAFU,
> this one quite serious. It is being exploited in the wild. You are advised to update to Adobe Flash
> 18.0.0.203 (Windows and Mac), 11.2.202.481 (Linux).
> 
> I decided to read all about it here:
> 
> https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
> 
> Here is a summary of what went wrong in the penultimate release of Flash, along with my
> observations of this billion dollar companies programming skillset:
> 
> heap buffer overflow:
> programmer unable to count from one onwards correctly, i.e. he or she stuffed too many characters into a string buffer ... this is kindergarten stuff
> 
> memory corruption vulnerabilities:
> programmer unable to stay within memory limits, i.e. he or she wrote code that accessed and wrote memory that does not belong to the Flash program - very naughty, stupid and once again,
> kindergarten level programming
> 
> null pointer dereference:
> this is plain silly: the programmer used an invalid (zero) pointer to access computer memory from within Flash. sheer idiocy
> 
> type confusion:
> kindergarten programmers have trouble distinguishing apples from oranges, well, erm, integers from real numbers, that sort of thing
> 
> use-after-free vulnerabilities:
> more kindergarten stuff - after freeing up system memory when it is no longer needed, the programmer went and reused that memory for another purpose, which of course would confuse the underlying 
> operating system who will give that same memory (since it is now free) to another piece of software to use.
> 
> I would fail a year one programmer for a piece of software that had all of the above bugs been present in a programming assignment.
> 
> A question arises from the above list of country bumpkin programming gaffs. Can Adobe not afford
> software sourcecode analysis kits? They ain't that expensive and would at least alert programmers at this
> august company to the presence of ALL of the above exploits.
> 
> Why the rant? Because of all the software I use that must be updated, Adobe Flash is by far the software
> that requires the most updates. Besides that, their update "app" for Macs running Mtn Lion is broken,
> and one has to engage in a near fruitless and time consuming search through their tortuous website to
> find a direct download for the DMG file containing the update.
> 
> Adobe bullied itself into web applications since the early days of the internet. As such, they have a responsibilty
> to provide thoroughly tested and vetted plug-ins that guarantee online user safety. They have failed miserably
> in their remit and deserve all of the flack and bile we hapless users can direct at them.
> 
> Bring on HTML5 with its embedded video and audio capabilities and banish Adobe Flash to the trash-heap
> of crapuscent (my word) software for eternity.
> 
> regards
> rickw
> 
> 
> -- 
> ------------------------------------
> Rick Welykochy || Vitendo Consulting
> 
> I contend that for a nation to try to tax itself into prosperity is like
> a man standing in a bucket and trying to lift himself up by the handle.
>      --Winston Churchill
> 
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list