[HN Gopher] Adobe uses DMCA to nuke project that keeps Flash ali...
___________________________________________________________________
Adobe uses DMCA to nuke project that keeps Flash alive, secure and
adware free
Author : CTOSian
Score : 244 points
Date : 2021-10-12 19:05 UTC (3 hours ago)
(HTM) web link (torrentfreak.com)
(TXT) w3m dump (torrentfreak.com)
| jeroenhd wrote:
| The most astounding thing in this article is that the developer
| is denying copyright infringement.
|
| There are many arguments to be made for preserving flash and
| providing a clean, easy way to install a modified version of
| Flash with the necessary security updates. But claiming that
| there was no copyright infringement? The Gitlab screenshot [0]
| uses Adobe's copyrighted logo, looks suspiciously like it's
| affiliated with Flash by mimicking its installer and installs an
| illegally distributed Flash binary.
|
| The real problem here is that the binary does contain propietary
| Flash code, but the code itself doesn't. I can't verify if the
| releases page hosted the full-fat executables or not; if they
| did, the DMCA seems quite standard. If they didn't, the DMCA was
| definitely filed under false pretenses because it claimed a
| violation of _Adobe's code_ rather than their resources.
|
| [0]: https://user-content.gitlab-
| static.net/7cd707fa280480fd2947d...
| commoner wrote:
| The use of the Flash logo may be a trademark violation, but
| it's not a copyright violation. The logo is so simple that
| Wikimedia Commons has it labeled "does not meet the threshold
| of originality needed for copyright protection, and is
| therefore in the public domain":
|
| https://commons.wikimedia.org/wiki/File:Adobe_Flash_Player_3...
| quotz wrote:
| On another note, Adobe keeps downloading bloatware on my laptop
| anytime I open creative cloud. Such a disappointment they've
| become
| heavyset_go wrote:
| One way the developer can work around this is to provide a
| program that doesn't distribute Flash at all, but allows the user
| to either modify the Flash installer or binary, or modify the
| system post-install, to achieve what the original project
| achieved.
| flatiron wrote:
| Wouldn't be too hard to extract the files out of the installer
| and install it yourself with a companion program and just hot
| link the installer. No clue why they didn't just do that.
| pkstn wrote:
| https://github.com/open-source-flash/open-source-flash/
| particulars02 wrote:
| Why do we want to keep Flash alive?
| jjj123 wrote:
| There's a lot of original content (animations and games mostly)
| that only lives in .swf format. It would be nice to keep flash
| around if just for archival purposes.
| rzzzt wrote:
| So that Ferry Halim's Orisinal page does not have to show this
| message instead of presenting you with wonderful games:
| https://www.ferryhalim.com/orisinal/
| eric__cartman wrote:
| Maybe you want to play/watch the thousands of Flash
| games/animations that exist? Use legacy software that depends
| on Flash?
|
| I agree that it's an insecure piece of crap that shouldn't be
| used in any modern system, but that doesn't mean that everyone
| should be restricted from trying to use old software that
| depends on it, as long as they asume the security risks of
| doing so.
| klyrs wrote:
| Strong Bad. Probably Badger Badger Badger and some games, but
| mostly Strong Bad.
| iKnowKungFoo wrote:
| Strong Bad lives on YouTube now.
| https://www.youtube.com/user/homestarrunnerdotcom/featured
| squeaky-clean wrote:
| There's no interactive elements on YouTube though. I'm sure
| 99% of viewers don't really care, but it's not entirely the
| same.
| [deleted]
| sam0x17 wrote:
| It's more about the precedent set by the ease with which large
| companies can issue takedowns like this. Eliminating that
| ability is the issue at hand.
| idonotknowwhy wrote:
| Same reason we have SNES emulators, or the MiSTer fpga project
| Shadonototra wrote:
| they should have open sourced everything.. adobe keep making bad
| decisions, no wonder they are slowly decaying
| skinnymuch wrote:
| Obviously the decay effects on finances aren't seen for a
| while. However Adobe is currently around a top 25-30 company in
| the US by market cap. Their profits and revenue are enormous
| nowadays.
|
| The decay is glacial at best right now.
| p1mrx wrote:
| Oh good, they're not going after https://ruffle.rs/ -- that
| project is a much better idea than repackaging old Adobe
| binaries.
| TravisHusky wrote:
| That looks like a sweet project. I'm happy to see web assembly
| being used in it too. I'll have to add it my long list of
| things I want to get around to tinkering with.
| db48x wrote:
| https://archive.org/details/flash_badger
| heavyset_go wrote:
| They're actually up-to-date Adobe binaries as the article says
| that Adobe's Chinese Flash subsidiary still maintains Flash and
| releases security updates for it each month.
|
| > _The Chinese version of Flash receives one security update
| per month and can be freely downloaded from Flash.cn but also
| has significant strings attached. It comes preinstalled with an
| adware program called Flash Helper which, according to security
| sources, exhibits malicious behavior. Developed by 'darktohka'
| and previously located on Github, Clean Flash Installer solves
| these problems and more._
|
| > _"Clean Flash Installer installs this up-to-date freely
| available version of Flash, but it comes WITHOUT the adware
| program," darktohka informs TorrentFreak._
| Causality1 wrote:
| I will never understand the perversion of walling off
| security updates behind paywalls or geographic walls.
| zeruch wrote:
| ...depending on your legal department, it might be to ward
| off out of geo liabilities or expectations of support
| (whether actual or simply perceived).
| chuckee wrote:
| I've never heard of a company being held liable for
| releasing even a paid product with defective security,
| let alone a free one. They're not even held liable for
| deliberately including spyware [1]! That any lawyer would
| believe a company would be held liable for releasing an
| imperfect security patch is beyond absurd, and nothing
| more than a convenient excuse for abusive practices.
|
| [1] https://arstechnica.com/information-
| technology/2013/11/lg-sm...
| maverwa wrote:
| thats what I was thinking as well when I read the title. Good
| to hear its not about ruffle.
| Animats wrote:
| Yes.
|
| Is there a non-Adobe authoring tool for Flash that's still
| around?
| grishka wrote:
| One thing I can't understand is why Adobe is so insistent on
| keeping Flash really actually dead by saying it's "unsupported"
| yet still keeping the sources to themselves. If they aren't
| gaining anything from it anyway, why can't they just open-source
| it? I mean they won't lose anything either by doing that, right?
| The community would fix all the bugs eventually. Probably quicker
| and better than Adobe, too.
| mensetmanusman wrote:
| Usually stems from lack of leadership. Different legal arms not
| knowing what the mission of the company is, etc.
| nightfly wrote:
| Flash player is dead. Flash is still used for animation though,
| so they are still making money off it.
| codetrotter wrote:
| Correct. It now goes by the name Adobe Animate.
|
| https://en.wikipedia.org/wiki/Adobe_Animate
|
| https://www.adobe.com/products/animate.html
| rsj_hn wrote:
| My guess is that to Adobe, "flash" was a set of authoring tools
| (developer IDE and bespoke language) and a runtime that allows
| execution in the browser.
|
| Adobe, as a company, sells authoring tools. It doesn't make
| money building runtimes and then giving them away. Even the
| money from licensing runtimes (Air) is insignificant. The
| runtime was just a necessary overhead due to inconsistent and
| poor native rendering capabilities in the browser - it existed
| solely to allow the development of powerful authoring tools.
|
| So after browsers improved their native support and announced
| they are dropping support for the plugin, Adobe migrated to a
| new version of the authoring tools (Adobe Animate) that can
| compile to the legacy flash player runtime if needed, but also
| to html/js, or svg, or other targets.
|
| They still want to sell more of the authoring tools. They don't
| particularly care about flash, and are probably happy to be rid
| of it.
|
| What they don't want is someone else taking control over the
| runtime and then building rival authoring tools for it, opening
| it up to other authoring tools, or creating any kind of rival
| authoring eco-system.
|
| It's like if you give away razors to sell your own blades, and
| then you come up with razor 2.0, you still don't want people
| taking the razor 1.0 and keeping it alive by selling their own
| blades for it, or even giving away their own blades for it, as
| then you would be in competition with yourself.
|
| Whether these business concerns are justified or not, or
| whether our IP laws are too extreme, is a separate question.
| These aren't simple questions.
| kstrauser wrote:
| They may not be legally able to. It's likely that Flash
| includes some 3rd party code that they've licensed under
| commercial terms from other vendors and which they can't
| release.
| [deleted]
| kvark wrote:
| Doesn't give them anything. Even adds some risks that people
| sue them for copyright infringement. E.g. from using GPL
| projects.
| grishka wrote:
| > E.g. from using GPL projects.
|
| Interesting -- I just checked the standalone flash player I
| still have (and use sometimes), the "about" window doesn't
| list any free software. So either they aren't using any,
| or... But I find it unlikely that a company with this many
| lawyers would not read every letter of the license of every
| library they include in any of their projects.
| georgemcbay wrote:
| I've worked with the Flash Player source code in the far
| off past (I worked for a company called Chumby which
| licensed Adobe's Flash Player to power apps running in a
| device similar to the modern Amazon Dash Look) and while
| you would see things in that codebase that make your head
| spin, improper use of GPL libraries was not one of them.
| cylon13 wrote:
| As someone who got into game development by making Flash games
| as a kid, I would love to see Flash open sourced. I don't think
| it's necessarily true to say they have nothing to lose by open-
| sourcing it though. Who knows how many private shared libraries
| are in there that are still required by other still-active
| Adobe software. And they're also probably not excited to give
| up rights to a massive pile of code which they could
| conceivably want to use in future projects.
|
| In other words Flash likely isn't some isolated directory they
| can just zip and share to the world, and even if it is they
| might want to pick the bones later so why throw it away? (from
| their perspective)
| grishka wrote:
| Can relate. Flash literally changed my life. I wouldn't have
| been the person I am without it. And my career path would've
| definitely been _very_ different. I wouldn 't have known most
| of my friends without those VKontakte Flash apps, because the
| connections to most of the people I know right now can be
| traced back to someone from that Flash app developer
| community.
|
| I'm somewhat hopeful that Ruffle will somehow drive its
| resurgence. Older versions of Flash (the authoring software)
| aren't that hard to find, and maybe in due time someone would
| even build an open-source reimplementation of that, too. The
| SWF format itself definitely won't ever be dead by any means.
| slimsag wrote:
| Flash being dead, and yet many enterprises still relying on it,
| opens the opportunity for Adobe to sell a pricey contract that
| allows an enterprise servicing company to provide Flash
| support.
| cgarvis wrote:
| Just looked into this with CheerpX. You need the CheerpX
| license (15k/yr) and Flash license (25-50k/yr).
| cronix wrote:
| > I mean they won't lose anything either by doing that, right?
|
| Not directly, but if someone were to use some of that code that
| a company put significant resources into developing, in a
| product that made someone else money, most companies would
| probably have a hard time mentally justifying that.
| thayne wrote:
| So license it as GPL, so that someone else would also have to
| make their source code public.
| notananthem wrote:
| Flash isn't and wasn't secure and keeping any part of it alive is
| a huge liability.
| josefx wrote:
| Still waiting for the day JavaScript isn't one of the top
| Pwn2Own contenders. The idea that there is any part of the web
| stack that isn't a Swiss cheese of security issues would be
| funny if reality wasn't so depressing.
| brutal_chaos_ wrote:
| I read elsewhere in these comments that Adobe keeps Flash alive
| in China. If this is true and Adobe doesn't want China to take
| over Flash (Re: China & ARM), they won't open source it and
| they'll keep clones down/DMCA requests going to keep business
| with China. Just my 2C/.
| heavyset_go wrote:
| Lack of open source licenses haven't stopped Chinese government
| or industries from stealing IP in the past.
| aasasd wrote:
| Sounds exactly like those frivolous complaints that afaik are
| prohibited by DMCA.
| DoctorOW wrote:
| How so? This is identical to piracy. Taking IP one doesn't own,
| stripping it of it's ability to make money (removing ads), and
| redistributing it without permission.
|
| Copyright infringement can get complex but this is one of the
| simple cases. Was the software under protection? Yes. Did the
| redistributor have permission? No.
| aasasd wrote:
| Did you read the article?
| bitwize wrote:
| I thought they were going after Ruffle. I was all ready to be
| outraged and -- nope, if he's illegally redistributing the binary
| that's a legit action. If he distributed a patchkit, maybe that
| would technically be on the right side of copyright law (at least
| in the USA), but Adobe would still probably cry havoc and let
| slip the dogs of lawfare.
| seanieb wrote:
| "Secure"... not a chance. Flash was a tyre fire and even Adobe
| would say so. They did their best with massive resources, and
| still couldn't claim it was secure. Please please please don't
| claim this project is secure. It isn't.
| bbarnett wrote:
| Adobe may have had massive resources, but either they are
| incompetent, or didn't spend any time on flash.
|
| Multiple times, single devs working solo, wrote full flash
| interpreters over a few month.
|
| Adobe just doesn't know what they're doing. Look how they
| cratered cold fusion too.
|
| They also had a security / license daemon, lmgrd. What a joke,
| used MAC addresses for license issuance, was buggy, could be
| defeated with a simple ifconfig command.
| speedybird wrote:
| Adobe is competent in some regards, but seemingly not in
| others. Flash was riddled with bugs and vulnerabilities, so
| in this regard Adobe seems incompetent, or lazy at best. But
| the flip side to this coin is the reason flash became so
| popular; artists and designers saw in it a tool that
| scratched their itch well, not knowing or caring about the
| technical shortcomings. In this particular regard, making
| software that designers and artists like to use, Adobe seems
| to have a track record of competence.
| grishka wrote:
| Flash wasn't their own technology. They got it by acquiring
| Macromedia.
| paavohtl wrote:
| And Macromedia acquired it from FutureWave:
| https://en.wikipedia.org/wiki/Adobe_Flash#FutureWave
| hnzix wrote:
| _> or didn 't spend any time on flash_
|
| This is the same company that assigned a whopping 0.5 FTE to
| porting the Director plugin from OS9 to OSX, which
| subsequently took years and killed the platform.
|
| I would not make the assumption that Flash development was
| well resourced. Which is a shame because despite the bad rep
| it was an amazing tool for creatives.
| ofrzeta wrote:
| I am still running an outdated version of the flash plugin shared
| library plugin that I downloaded and installed manually because I
| need it to handle some tasks for a specific client. Maybe one day
| I will have a monopoly and become really rich.
| short12 wrote:
| Good job adobe. Flash and everything related to it simply needs
| to die off
| jdlyga wrote:
| When people say to not rely too much on proprietary software,
| this is why. "Oh, flash will be around forever! There's nothing
| to worry about". Same could be said about so many other things.
| rmason wrote:
| What's even stranger is that there is an open source project
| under Apache for Flex. One that even has not only the blessing of
| Adobe but the support of the company. Their answer has been write
| an app in Flex and get in compiled to JS. No need for Flash!
| Several developers using it happily in the Lansing area.
|
| http://flex.apache.org/
| Aissen wrote:
| This is the company that blocked Ninite from having automated
| Flash installs, so... more of the same from Adobe ?
| phendrenad2 wrote:
| > alive, secure, and adware free
|
| But not open-source. Follow the rules, people.
| jimbob45 wrote:
| Is it not still possible to run an outdated browser version with
| Flash installed in a container? Don't get me wrong, that's a
| hassle but at least it's not lights out for Flash for these
| people.
| johnebgd wrote:
| Why stop there? You could virtualize an outdated operating
| system with an outdated browser.
| cardosof wrote:
| You can buy old hardware and have the whole vintage web
| experience!
| EamonnMR wrote:
| With great difficulty now, due to pervasive HTTPS
| denton-scratch wrote:
| Ooh, I don't think I've ever visited a Flash site with
| HTTPS.
| remexre wrote:
| I'm now imagining an old beige-box desktop with a
| Raspberry Pi acting as a de-HTTPS proxy... with more
| compute power than the desktop
___________________________________________________________________
(page generated 2021-10-12 23:01 UTC)