[conspire] About conditioned helplessness
rick at linuxmafia.com
Fri Sep 2 15:38:50 PDT 2011
Quoting Luke S. Crawford (lsc at prgmr.com):
> But, okay, everyone at my company uses Linux. So this would mean
> prohibiting flash and PDF, and enforcing the use of noscript or the
Although both Flash and the proprietary Adobe Flash interpreter are
buggy rubbish, I don't think the holes in it are fatal as long as you
keep up with the patching treadmill. If I had such a firm, I might be
really tempted to have a go at doing without Adobe's Flash spaghetti
code and seeing if a well-crafted Gnash + Video Download Helper or one
of the many equivalents. However, the point is that I've never heard of
a Linux machine getting security compromised by an attack against the
current rev. of Adobe Flash.
PDF is a very slightly different case, in that the problem is severe
_and_ is pretty much entirely specific to Adobe Acroread. Acroread is
not only buggy rubbish, but also... were you aware that it has a
You can disable that support in Preferences, and I know all about the
interaction with certain PDFs. _However_, having that functionality
be present and enabled 24x7 in handling of arbitrary PDFs lobbed at the
software from arbitrary locations is ludicrous and proof-positive, as
if we didn't already know it, that Acroread is simply unacceptable
So, don't install it.
Evince works great. xpdf works great. PDFedit works great. Nobody
actually needs flippin' Acroread.
> What do you think my employees are going to say when I say they can't
> have flash and they can't have PDFs?
I expect they'd say 'What's wrong with Gnash and Evince, Luke?'
More information about the conspire