Slashdot Mirror
Adobe Introduces the Paid Security Fix
Nimey writes "Adobe has posted a security bulletin for Photoshop CS5 for Windows and OSX. It seems there is a critical security hole that will allow attackers to execute arbitrary code in the context of the user running the affected application. Adobe's fix? You need to pay to upgrade to Photoshop CS6. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources."
Almighty dollar wins again!
It isn't in the league of PS, although it tends to do almost as much.
Adobe already got brickbatted about security... are they just trying to get clubbered again? Only difference is that not as many people will get nailed by Photoshop holes as opposed to a hole in Flash or Acrobat, mainly because spending $2000 or so for the CS suite is out of the price range of all but the dedicated artists.
I can see it now, all software vendors are going to introduce security flaws or wait until one is discovered to release the next paid upgrade release.
I think a class action suit is in order for all the holders of the older version. It their software causes a security hole and if one person gets hammered by it then like the car companies having to recall and fix cars, software vendors will have to do likewise.
Are you listening Adobe.
If this was a years-old version, I'd understand, but CS5 was the latest version until literally days ago!
This is akin to buying a 2010 Chevy (under warranty), then finding out that the brakes catch on fire under certain circumstances, and the company's suggestion: buy a 2012.
Be a shame if something bad happened to it...
Wow... Actually sounds like our medical system. And just about every other "system" we have. Cars, houses, etc...
Wow, now that I think about it, that sucks.
Blech.
"Helping to keep you two steps ahead of the Thought Police!"
Sorry but Microsoft does the best at offering security fixes at no cost. I can't think of another company that does it better than Microsoft.
Since I can't mod Adobe "-1 flamebait" I'll just say it again. Fuck you, Adobe! I'd like to go on record as stating that you should all be ashamed of yourselves.
Interesting enough, the CS collections aren't listed on Adobe's products and Enterprise Technical Support Lifecycle Policy.
Intuit.
When you have nothing to say, blame Microsoft.
The difference is that Microsoft supports multiple old versions of their OS. This is only one version more than the previous Adobe, and its only been a couple of years max since the other.
Seriously. This is why people download pirated versions. Even if you have a paid version of something, the damned thing "phones home" every time you launch it, the bozos are so paranoid. You can disable this in /etc/hosts, but it's still indicative of greedy grubbing stupidity. If they charged a third of the price, they'd sell 3 times more copies. Look what Apple did with FCP -- they made it affordable (yes, I've read the complaints, but it works fine).
Doh.
"Just released, and coming in at 370 MB in size, the Mac OS X 10.7.4 update includes general OS fixes, and addresses more than 30 security vulnerabilities. But aside from typical security fixes, Apple has made an interesting move in an effort to protect users. Through this latest software update, Safari 5.1.7 will now automatically disable older â" and typically more vulnerable â" versions of the Adobe Flash player. While many software vendors would prefer OS makers to keep their hands off their software, the move appears to be welcomed by Adobe, which has constantly battled vulnerabilities in its widely installed Flash Player."
Maybe Apple should disable Photoshop CS5 as well?
[Fuck Beta]
o0t!
When you buy a piece a software (or "license it", if you will), you buy it as is, defects and all - typically with no warranty or merchantability for any particular purpose. From that standpoint, consider yourself lucky if you get someone to provide an update at no charge. Besides which - how long is a manufacturer supposed to be "on the hook" for supporting an old version? And a "0.01" version difference IS an old version. Frankly, I'm amazed at companies continuing to provide updates for older stuff. On the other hand - it is GOOD BUSINESS to do so, to at least some degree. What better way to bring on a unnecessary (even if meritless) lawsuit, than to get popped for not fixing known security issues, even in old software. Given the general uselessness of juries, you're just ripe for trouble. But failing to do good business (generally) isn't "wrong" from some kind of moral perspective....it is (often) just not very smart.
CS5 was released only 24 months ago, whereas Win98 was EOL'd when it was a little over 8 years old. Say what you will about Microsoft, but they look pretty good in that particular comparison.
You couldn't be more wrong. Nobody provides for longer support than Microsoft.
I don't respond to AC's.
Three orders of magnitude is very large in real life.
Windows 7 Ultimate: $200
Photoshop CS6: $700
Oh yeah, Microsoft is so much worse.
>Adobe's fix? You need to pirate the upgrade to Photoshop CS6.
Fixed.
I'd call em back with my lawyer on the line. Or a friend who can do a passable imitation of a lawyer, at least. They wouldnt know the difference.
You're dealing with low-level drones that have to just follow the scripts they are given. Escalate it and force the issue. Companies setup ridiculous policies like this because they know it will cost the customer a lot more to get legal relief than it would be worth, and count on that. The moment they believe they are dealing with a customer who is stubborn and irrational enough to sue them anyway that attitude should do a 180.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Good point, though Adobe's gone one step further... Microsoft ends "mainstream" support fairly consistently (and longer than Adobe, to be sure), but extended support is not so bad (XP will be dead to the world in 2014).... I'll keep my XP machine running until it dies of old age (gotta play all my old games and the machine's woefully underpowered for Win 7.... heh.)
So in Adobe's case, they support only the current version, it seems... no patches.. gotta upgrade for those. If they offer free patches to other problems with CS 5.5, and this one is so systemic they had to rewrite it for CS 6.. makes you wonder who's running QC there at Adobe.
It's the Stay-Puft Marshmallow Man.
There is an old story I will retell that should serve as a warning for all customers.
Once upon a time, there was a transport company employee charged with replacing a large segment of the companies trucks made by Volvo. The employee, being a bright individual called up a sales clerk from Ford that had been trying to get a foot in the door and asked him to send three Ford trucks for testing. The day the Volvo sales clerk came to make discuss the purchase of new Volvo trucks, these three Ford trucks happened to be parked on the lot. When the trucking company employee saw the Volvo sales clerk glance at them, he said "Yeah, the boss has been looking them, he seems to think they are an alternative worth looking into. But that is for later, lets discuss the deal you were going to offer us".
In another company far far away, an CTO who loved IBM hardware knew it was time to discuss the purchase of new hardware, so he ordered an underling to set up a trial project with HP servers, just to see what the competition was doing. When the IBM man came by he of course showed him the workfloor including the corner where the junior was working on those shiny new HP servers, "Got to give the kids their toys to play with " the CTO told the IBM sales clerk. "Btw, what was the price you were going to ask for again".
But in the dark and damp lands of Mordor, a very different tale was playing out. There the CTO invited the MS and Abobe sales clerk and proudly showed them how his entire business depended completely on their software product and how not only did they need the software to work flawlessly or they would be bankrupt in seconds, all the staff could only use the latest software and their customers demanded that they use the latest software. "BTW", The CTO asked, "what was that deal you wanted me to sign in my own blood again while bending over"? And there was much rejoicing among the Tribes of MS and Abobe, for they knew exactly who was calling the shots. One lockin to rule them all and in Eula bind them. For the users of MS and Abobe where greedy and feeble minded and could not break free of the spell.
---
Really, this is nothing new. In the land of NAS and control systems, this is par de course. You let a supplier control you, control you they will. Want to break free? Good luck, your company needs the new version, license or risk being unable to produce so you hand them the cash and lock yourself in just a little bit more.
Not a SINGLE Photoshop user will invest in his own freedom by making sure there are alternative methods to do his production. They will grind their teeth buy the latest version and invest yet more to make sure their production is entirely locked into Adobe clutches.
Cue countless protests about how there are no alternatives... no, there are none because any who dares to try is ridiculed for not instantly producting a 100% compatible product for free because freedom should be free of effort and cost.
You gave Adobe the control, enjoy it.
It is not as if you are alone. Governments often dictate that procurement must be regulated, meaning that once a procurement contract has been done, all interest in customer satisfaction goes out the window because the contract is fixed, can't be ended and renewal depends solely on the price offered (not charged) so fuck you peon.
I seen it to often in other industries, entire production line depended on one type of machine, fired your own maintenance team and anyone who could switch them out with other hardware. Goes, the "extra" charges sure went up a lot didn't they? Suddenly maintenance must be done by their certified team, at weekend charges.
Lockin, avoid it or pay the price.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
When I was a teenager, I knew that I wanted to be a software developer. I thought one of the coolest jobs would be to work at Adobe. How amazing would it be to add improvements to software used by famous graphic artists and video studios all over the world?
Now, I'm glad that I never even attempted to work there. They've become known for security holes all over the place in Flash and Acrobat, glacial pace of development, one poor design decision after the other, and no shortage of performance issues. It really is a shame how much they've stagnated, and in some cases regressed.
This is not only not new, but the exact same thing happened for CS4 -> CS5. I still use CS4, because I spent so much time waiting for CS5, which kept missing its release dates, that I bought CS4 instead. Then they wanted me, TWO MONTHS LATER, to shell out another $400 for what amounted to a security/bug fix, as I didn't need any of the new features included in CS5, just the bugs fixed -- and they weren't willing to fix the bugs.
At least at this point, all the attacks are targeting CS5, so CS4 isn't getting any worse than it already was....
I'm starting to think I should try migrating to another package again... anyone know of decent (yes, decent) equivalents for Photoshop, Distiller, InDesign and Illustrator? GIMP takes care of many of the Photoshop issues, but Inkscape isn't there yet, Ghostscript has the wrong feature set for me (and I don't have the time to write my own scripts to fix that), and nothing else I've found is integrating these other apps into one workflow package the way InDesign does, nor will they read InDesign templates or publish to industry workflows with proper color and bleed profiles.
Indeed... this even lines up with Adobe's "trade in" policy -- and the prices for a Chevy and Adobe CS are starting to equalize too. Of course, having your DTP business go under due to getting hacked via CS isn't really comparable to dying at the wheel.
I'm sorry, but even "Non-Genuine" copies of Windows still get security fixes. There is no comparison here.
Windows: Pirate our software, we'll still give you security fixes (although we might put a watermark asking you to stop pirating it)
Adobe: Buy our software, but you only get security fixes if you give us even more money.
Hell, MS gives security fixes even to XP until 2014 (13 years after its release). CS5 is less than 2 years old.
AccountKiller
More importantly, if you bought CS5 for $2000 just three months ago, you have to pay to upgrade. It's like your iPhone 4 warranty running out when the 4s was released, even if you just purchased a v4 a couple weeks before hand.
Is it just my observation, or are there way too many stupid people in the world?
CS5 just passed its 2 year mark
AccountKiller
If it's broken, get them to buy something to fix it.
Oh come on, this 'oh Microsoft is just as bad' is the biggest cop-out. In this case it's just a blatant lie, CS5 was released early 2010 and this announcement means they've discontinued support for it, Windows XP was released in 2001 and is still supported now and will be until mid-2014.
I made the switch to the Gimp years ago. I got tired of pirating Photoshop. Then, when I switched to Linux, Photoshop doesn't run on Linux. Lo and behold, Gimp is an easy install, and I learned that. Now that I've switched to Mac (for the desktop), I still use Gimp. Ooh, and there's a new version out, and the development version handles high-bit images!
gimp.org
I do stuff Zhrodague
or maybe it was the last week of February. That's a mighty short support cycle for an expensive product. Perhaps a class action would be nice.
(note: I did not pay retail, but having essentially a 3 month supported period on a major software suite is pretty crappy)
Is it just my observation, or are there way too many stupid people in the world?
Aren't ya glad you switched to gimp like a decade ago? I sure am!
Adobe's fix? You need to pay to upgrade [from CS5] to Photoshop CS6.
Ah yes, I would be delighted to buy more software from you, since it worked out so well last time around.
No kidding.. I'm still using CS3, and I've never run into a virus/exploit for it. It's a 700-2500$ program... there can't possibly be as many people with CS as MS Office, outlook, firefox, or a dozen other programs that have holes discovered all the time.
This is especially egregious since according to the researcher's announcement, Adobe has been sitting on this bug since last September. Users of CS5 should demand a patch.
1000 / 3.5 ~= 285. Of course, that assumes you believe the OP's billions vs millions claim.
Sources claim 650M for windows 7:
http://news.softpedia.com/news/Windows-7-Approximately-650-Million-Sold-Licenses-by-the-End-of-2011-202026.shtml
http://finance.yahoo.com/q/ks?s=ADBE+Key+Statistics
If 100% of Adobe's 4.2B revenue comes from $700 Photoshop sales, that's 6M units/year, call that 24M units over the lifespan of windows 7 since release in 2009.
So for every unit of Photshop, you have at least 27 units of windows. Factor in the 3.5X price and you still have about 8 equivalent units of windows for every photshop over which to amortize costs.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Here's the problem with that - they were told about the issue in September 2011. They didn't address it then, but apparently decided to wait until well after the public advisory.
My paid Acrobat 9 isn't much better -- some of the key features, such as Cleartype OCR, just don't work. Period. Adobe's response? Upgrade because they don't support it anymore (despite the fact that it didn't work when they sold it to me right off their own website).
I had that licensing issue with a previous version of an Adobe product, and ended up finding a cracked version of the product I'd purchased, just to get around it not working. This, to me, is entering MPAA territory of the pirates putting out a better product than the original producers.... It's a pain when you have to work so hard to do the right thing, only to find that it's a temporary solution.
I wonder if this is starting to enter class action "deceptive sales practices" territory?
>>>This is only one version more than the previous Adobe
So basically it's like Apple, who does not support anything older than 10.6. They tell you to go buy the new OS (or if you are on a powerPC, a whole new PC).
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
This isn't support. This is a big gaping FLAW in their product. So they should fix their flaw. They can patch it or give away CS6, I don't care.
This isn't a feature I woudl like. This isn't wanting more default objects. This is a major flaw.
The Kruger Dunning explains most post on
CS6 is not available in some markets. And this is going to be a real killer for chunks of the corporate world. My pet artists are going to be on a sneakernet if they want to keep CS5 and are going to have to learn a new toolset in the meantime if they want to come back onto my network. (The one hooked up to the internet with support contracts and enterprise agreements and production web servers)
PAIN.
A sig is placed here
To display how futile
English Haiku is
It's different. You're talking about something that came out almost 15 years ago. We're talking about something that's not even 3 years old (and way more expensive than Win98).
I've got better things to do tonight than die.
Thoughts on a way to fix this sort of thing generally:
The government should define a minimum support window for software, say 5 years or so. From the point where you purchase a software product at retail (not resold), you are entitled to support for critical security flaws (ie: exploitable risks which you cannot mitigate with normal usage) during that period. At the vendor's option, that support can be either free software patches (with no degradation of functionality or additional licensing requirements/terms), full version upgrades (under the same conditions), or the release of the complete source for the product into the public domain (BSD-style). The last option would be the legally-mandated requirement if the vendor was unwilling or unable to supply one of the first alternatives. Companies could, of course, adjust pricing of their software as appropriate to comply with the mandate.
It's not a very clean solution, but it would do wonders to curtail the "forced paid upgrade" trend in software. Plus, companies with "good" support policies in place (both large and small) would benefit.
*cough*IBM typewriters*cough*
They sentenced me to twenty years of boredom
Intuit has been doing this for years. That's why we moved to SQL-Ledger.
Check your sources again. $50 / mos for the entire Adobe CS6 suite. All the packages.
Actually, if by "RHEL from 2008" you mean RHEL5 then you were quite wrong. Apparently, redhat promises security updates at last until sometime in 2017:
https://access.redhat.com/support/policy/updates/errata/
Do you really expect a virus or exploit to announce to you that your system has been pwned?
They used to do that but it's rare now.
These days all that saying you have never run into a virus or exploit means for many people is that they are silently pwned.
... Adobe has 100 words for "won't fix it"
"Factor in the 3.5X price and you still have about 8 equivalent units of windows for every photshop over which to amortize costs."
Because, as we all know, developing a whole OS it's at the same cost tag than a graphics manging app that runs on top of said OS.
You forgot that Adobe offers upgrade protection. Now all those people who bought this "protection" won't have to shell out quite as much as those who tried to snub the "Familia". I'm being snide not at you but at adobe.. This almost makes it look like they set up this scenario.
Beware of those who profit off the docile and persecute the unbelievers.
CS6 just launched and I mean JUST. It shipped on May 7th. So this isn't a case of an old version where Adobe is saying "Look guys, we are discontinuing support, have to buy the new one if you want it." The "old" version is only "old" by 3 days now.
Windows ME got 6 years of support (Microsoft offers a minimum of 10 years of support for Business and Developer products). Mac OS 10.3 got 4 years of support (Apple don't have a defined policy for their life cycle, just a general rule that they offer support for the current and previous version). REHL will get 13 years of support.
Two years of support for CS5 is not just "a *bit* quick" for such expensive, professional software. It is an insult.
Exactly. If people don't like this, they should find another vendor.
This is not support. This is fixing something that was broke in the first place.
I void warranties.
MS security fixes are not "no cost".
They just look cheaper on the surface, because the cost is amortized across BILLIONS of forced Windows licenses, instead of MILLIONS of Photoshop licenses.
Three orders of magnitude is very large in real life.
Does not compute. Windows XP has been around for a decade. XP will have received "free" updates for 12 years when support is finally dropped. On the other hand, Adobe Photoshop has had 8 major version releases during that time. According to Adobe's website site, 4 of those versions are no longer supported...and apparently we need to add another few versions to the list.
Bitch about MS all you want, but their support of security fixes for Windows and Office has been excellent compared to companies like Adobe. If I were a Photoshop user I would have spent thousands of dollars to keep my version in support compared to the $200 that XP costs up front. And yes, it really isn't fair to compare OS support to application support.
"A plan fiendishly clever in its intricacies"- Homer Simpson
You're not a programmer, are you?
You certainly know nothing about how impossible it is to write "perfect" software.
Thanks, now I'm having flashbacks to repairing Selectrics. Those things are tanks. Now get off my lawn.. darn kids
Don't blame me for redundant posts. I can't type very fast. Hence the user ID.
Pixologic's Zbrush.
If you buy their software, the upgrades come with it. All of them. Forever.
From the bulletin:
Adobe released a security upgrade for Adobe Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
Adobe has released Adobe Photoshop CS6, which addresses these vulnerabilities. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.
Sure sounds like CS5 had upgrade released that addressed these vulnerabilities. I think it also says that released version of CS6 is not vulnerable. Probably marketing people got involved to try and write this to encourage upgrades, which may have backfired a bit.
. 62,400 repetitions make one truth -- Brave New World, Aldous Huxley
"For desert, we have an ice cream peanut butter pie, blueberry cake, or the antidote for the poison you ate earlier."
Gently reply
That could be true, but in fairness at this point both companies are leveraging past investments and are mostly just sprinkling on a small dev effort for new features.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
No cost for the fix, you do need to pay pretty handsomely upfront for the software iteslf. The cost can be as extravagant as over a week's worth of salary on non-firstworld countries.
I do admit though, it's way more transparent than this crap Adobe is pulling.
Is that the RedHat (or rather OpenSource) method?
Adobe has crossed over to the dark side. Now they are officially Evil.
"Bitch about MS all you want, but their support of security fixes for Windows and Office has been excellent compared to companies like Adobe"
I have to agree, MS has indeed patched XP for a long time. MS gets lots of practice in patching security holes but to their credit (I never thought I'd say that about MS!) they have not charged anything for it. I can't even complain about them dropping support for XP in 2014; they've carried it for a long, long time and that is pretty responsible behavior (given the very slow move away from XP). Neither did they need to provide patches to pirated versions, but they did that in the best interests of the worldwide computing community.
IIRC Adobe is not the first to pull this "buy the new version" stunt.
GIMP? ...lol
makes you wonder who's running QC there at Adobe.
the original release of photoshop cs5 for the mac, didn't give itself the right permissions to write to it's own pref file. they're number one, why try harder
Except: 1) Practically nobody has CS6 yet, it is completely brand new. We're not talking about supporting Photoshop 2 or something, this is the active, in-use-in-the-world-right-now version. 2) Adobe releases major versions on a very quick schedule compared to many vendors, many of which have no obvious reason to upgrade at all from the consumer perspective. Every time I get a release notice for a new version, I have to hunt very hard to find any clear benefits. Most of the time, they put across the very strong image that they're just fishing for repeat spending by calling something a major version that really should just be an incremental upgrade.
in fairness the upgrade to 10.6 was $20
They moved to software as a service model in the last year.
You can now pay your adobe fees monthly (couple hundred/month) -- if you want the yearly plan, you buy all new versions at a discount.
If you don't want to upgrade right now, that's fine...
When you do, you can either pay full price (~30-50% more), OR you can pay for each upgrade between your current version and the current.
They shut down email and online support without paid contracts ON TOP of the SOFTWARE cost. (i.e. when you "buy" their software, it gives you a license to install it and they will give you help with installing it. That's it. Any bug fixes you want addressed?: you pay extra.
They also decided to merge the mac and windows support forums -- because their needs are the same (that's working out real well, ha).
And closed most of their product forums -- moving them to professional "customer handler" ("Get satisfaction")...
Yeah.. they've been pretty evil for some time now.
I've had to call and beg for 'reactivation' on windows 7 probably near a dozen times now -- because whenever win7 would hiccup, adobe's license mechanism would try to issue another license as it would think you were a different computer. Think of the MS-HW detection algorithm, but with the number of allowed changes in HW = zero or one (depending on the part).
It wouldn't be so bad if they were actually innovating, but they generated a V5.5 in between V5 and V6 just to create more revenue -- and force customers to pay double upgrade costs to get to V6 -- and it doesn't have much in the way of new features either.
Their biggest nightmare -- people weren't upgrading because their engineers stopped innovating as quickly, so people were using the same SW for 3-5 years... while adobe wants payments every year.
"More importantly, if you bought CS5 for $2000 just three months ago, you have to pay to upgrade."
Good reason not to pay for it in the first place.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
You just said "two or more out of date". The bug affects CS5. CS6 came out this month. See the problem now? Their support for a product lasts exactly up until the next one comes out, and that's not cool.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Yes, GIMP. Is GIMP identical to CS? No. So you need to weigh the alternatives: use GIMP for free, which has continuous security updates (for free), but get less convenience than PS CS. Or, buy PS CS and put up with having to buy a new version for $$$$ after a few months. No one owes you top-of-the-line software for a low price and with indefinite security fixes.
Again, if you don't like it, don't buy it.
Where are you from? There are no consumer protection laws where you live?
How is selling a defective product without warranty different from fraud?
Rethinking email
As I said before (received with the standard mockery and excuses), it's hard to empathize with Windows or Adobe users. You know you're buying a paid service. You know they're in it for the money. They aren't your friends or your Mommy or your guardian angel. You give them money, they give you a license to use their product for a while, with premium services at extra cost. It's all in the EULA. You did read it, didn't you?
Where are you from? There are no consumer protection laws where you live?
Probably from the US, and none worth mentioning outside of food and phramacy, respectively.
I'm pretty sure that Adobe doesn't have to plan security bugs... They just unlock the cages that they keep the Flash dev team in and let them use their keyboards for a few minutes.
$50/mo for 12-24 mos (until CS6.5/CS7 upgrade time) = $600-$1200, and you don't even have a license to use the software if you stop paying $50/mo.
Nope, doesn't sound like a good deal to me.
make imaginary.friends COUNT=100 VISIBLE=false
That's news.
Vote monkeys into Congress. They are cheaper and more trustworthy.
I'm calling bullshit on your post.
Other than trojans being bundled with pirated copies, do you ACTUALLY know of a photoshop virus?
I wasn't able to find one using google.. so they're definitely rare.
But since you think viruses for CS are all over the place.. why don't you post your proof.
Make sure you understand what they actually use Adobe products for, what the workflow is. Don't just glibly say "Oh GIMP will work!" because you heard they are both image editors.
See you discover that the problem is sometimes there really aren't options. Pre-press products just seem to be one of those cases. Adobe seems to be it for something, particularly an end-to-end solution.
Also please note "Just write it yourself," isn't a realistic suggestion nor is "Well just spend more time and effort to work around problems with a hacked together situation." Since the whole talk here is about money unless you can show how that saves money (and remember staff time is the biggest cost you have) then unless it does, it isn't a realistic suggestion.
How about "Every Linux distribution ever"? No need to wait until 'Patch Tuesday', either.
Leela: "Is all the work done by children?" Alien: "No, not the whipping."
First, it's a joke, Microsoft fanboy. Second, they may not charge you for security fixes, but they do for FEATURES of the OS... get the point?
Some people really need to get off the Bill Gates worship.
It's the Stay-Puft Marshmallow Man.
"... exercise caution when opening files from unknown or untrusted sources."
Untrusted sources, you mean like Adobe?
Canada.
And it wasn't intended as complimentary. But if you buy a pen what is the warranty on it? How about a chair? How about a chair from an antique shop? How about a house?
A 2 year warranty of business software is simply part of the TCO. If you don't like it, buy something else. If there isn't a competing product then you're stuck paying it and you have to suck it up, that's business. I used to buy (from europeans) electrical equipment, that was designed to operate for testing at european power standards, so we could export the actual products from here to europe. Care to guess how much that costs? Manufacturers warranty doesn't cover shipping costs outside of europe (duh), nor are they obliged to.
'Consumer' protection is a concept to protect consumers from unscrupulous vendors. If you're buying professional software you're not buying a consumer product. You're now into business contract law. Whole other ball game. We have consumer protection, that for example, houses can be sold 'as is', but if you fraudulently represent the state of the house then you could be liable. That's all well and good, but Adobe doesn't say 'we have a 10 year support policy we're amending to 2 years', they couldn't get away with that even in the US (remember Sony removing the 'other OS' from the PS3 and the legal fight they're having over that?), they're saying our product that you're paying X for has a 2 year support warranty with it. So... you knew that when you bought it, or at least, you should have read the licence agreement. And knowing that you shouldn't have bought it unless you had to.
So are you offering to pay $10K or more for this hypothetical near-perfect software?
or will you pay $200 and accept that there may be bugs (and that the company will offer fixes for major security issues for x years) ?
It all comes down to economics at some point.
This seemed like a reasonable sig at the time.
Microsoft sends out security updates for free.
Adobe also charges for added features, not just version upgrades (like 5 to 6) but even 5.0 to 5.5
Are you graphic artists really that dense or do you love me so much you want to make sure everybody understands how valid my points are by proving me right?
Maybe you just don't understand the rather simplistic story of how to deal with sales people?
This is not about GIMP or anything else, it is about how YOU allowed YOUR means of an income to come to depend on a single supplier. Others have given other examples. Would you build your loading dock to allow only one model of car? Would you pack your packages so only one package company can deal with them? Would you reshape your body so you can only fit in one airliners seats? Would you change your digestive trackt so that you can only digest McD hamburgers?
No?
It is not up to me or anyone else to provide you alternatives. When you are that depended on a product, you ROLL YOUR OWN. Pixar does, why do you think they support GIMP anyway? Because they don't want THEIR production line to depend on someone elses. THAT is why companies support Opensource software, why Vavle is looking at Linux despite its tiny marketshare. Because once you are open, someone else doesn't control you.
Back in the days of DOS, there was Blue Isle and the Battle Island series of games. Then MS announced Windows 95 and Blue Isle announced a Windows 95 only game. And then Windows 95 got delayed and the game had to be held back because it could not launch without the OS. Blue Isle had tied themselves to another companies products and so became tied to another companies goals.
iD did not do the same, they launched Quake with both DOS and Windows support. Guess which company did better with there game?
Oh okay, it is not as simple an example as the car example. Car examples are clean and simple but since you are not getting them maybe a game one will strike closer to your heart.
Graphic artists have locked themselves into a company that has shown multiple times to not have the same goals. They can either SHUT THE FUCK up about it OR do something about it. Moan about it while keeping the lockin going on, is just going to result in ridicule.
Ready? Okay, HAHA!
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
It's not released "knowingly defective."
With millions of lines of code they also can't test every possible application and error. What you're suggesting is that no OS could be released until there are no errors whatsoever. In this case, no OS would ever be released.
An OS can't anticipate the future.
A lot of patches and drivers have to be written after gold release, because of changes and new versions of hardware, new third-party software and apps, and new types of attacks.
Sorry but Microsoft does the best at offering security fixes at no cost. I can't think of another company that does it better than Microsoft.
Three off the top of my head: Mozilla, Canonical, Apache.
Oh, you probably mean to limit the discussion to companies whose primary goal is profit. WRT providing users with a secure computing experience, that certainly raises a lot of conflict of interest issues.
Will
If they pirate, they'll certainly download VLC. VLC can play the DVD, with or without the Windows codec.
The right to protest the State is more sacred than the State.
JUG
Just Use Gimp
aaaaaaa
Perhaps it was a clue when the /. Gates-Borg icon was redesigned all happy, and then mostly disappeared from articles in the last few years.
Gates is no longer running MS. Compared to a company like Apple, MS is no longer the "evil" company it was. Why would /. continue to use that icon?
So what you are saying is that you want MS to program protocols, drivers and other applications for things that haven't been invented yet?
So, buying it as a consumer, I now have no rights because it's "not a consumer product"? I really have no care for patriotism, but I'm ashamed that you're Canadian (because what you're spouting is retarded).
MS has a support policy of "minimum of 5 years from the date of a product’s general availability, or for 2 years after the successor product (N+1) is released". Regardless of the reason that they still support XP, they are doing it.
The better quesition is, why did /. CHANGE that icon? I dunno how many decades you've been in the industry, but still. Think about it.
you can't tell at the same time "it's impossible to write zero bug software" and "but I didn't know my software had bugs"
Excuse me, I'm not sure if you are aware of it but your post has an identifyable bug, it contains an obvious strawman that your proof-reading appears to have missed. Can you please patch your original post and remove said strawman. Note, I don't want a new post, I want you to fix the original. I've donated to slashdot several times over the last decade to the tune of maybe $30 total, I know it's not a lot but nevertheless I didn't pay to see your bug ridden posts. /sarcasm
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
And this seems to be a disincentive to "upgrade".
I think you're just being obtuse for some sort of personal pleasue but I'll bite anyway. Ten seconds to google MS's official list of known problems for win7 using the 'site:' switch. You can redefine that list as 'defective software' and argue about it if that's how you get your jollies, but the rest of the software industry will keep on being grown-ups about it and acknowledge such things as real world limitations to be worked around in the present and overcome at some undefined point in the future. Engineering and software are "best effort" endevours, you can go to jail for failing to make a "best effort" which is what the term "due dilligence" is all about.
Obligatory car analogy; A road is not defective just because you have to patch a few potholes after it's construction.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
tell 'em not to accept .tiff's.
the vulnerability is in .tiff. it's not really _that_ big of a thing. of course because it could be just renamed to .png you'll need some auto tool to go through the files before they open them.. depending a bit on where they get the files, of course.
world was created 5 seconds before this post as it is.
Truthfully, it is the morally correct thing for MS to do, with an operating system so troubled with security issues (historically) which cause real problems worldwide.
Class action lawsuite time.
What makes anyone think that the security bugs in CS6 won't be just as bad as the bugs in CS5.
I wholeheartedly agree. If you don't want to pay, you have free and legal options. You don't even have to pirate stuff.
You act as if people are forced to use Windows. They are not. Just like people aren't forced forced to use Photoshop. HOWEVER, if I wanted a PC with supported software from both Microsoft and Adobe I would have only paid $200 to Microsoft over 12 years and over $1,000 to Adobe.
I know that Windows support isn't free. Neither is Mac OS. And technically some Linux support isn't free either. The cost of owning and receiving security/bug fixes (and sometimes new features) is built into the price.
"A plan fiendishly clever in its intricacies"- Homer Simpson
At Brazil, if you are a consumer, and the seller didn't say anything, the warranty lasts for 90 days. Even for a pen. Of course, if you are not a consumer, you are expected to have lawyers to review the contract, and the means to get the seller into court, thus no protection (small business, as always, get the short end of the stick). By the way, one can't wave out the fact that he's selling for consumers just by saying that the equipment is professional.
In fact, if there is any power disparity when selling a house (for example, when you are buying from a big company), the seller must provide warranty on it. The same is true for used cars and other complex stuff. A consumer isn't expected to be able to discover hidden problems on such itens at negotiation time, but a big company is. About EULAs, nobody could ever enforce one here at Brazil, not even against other business.
If all our laws were as good as our consumer protection laws...
Rethinking email
No, if you're buying a business product expect to have to actually read the licence agreement, I know EULA's suck right, that's why it's for professionals and you have a legal team. 2 years of support for software would even meet EU standards for consumers btw.
There's nothing in a contract that includes support for 2 years that would reasonably fail any consumer rules. If they were amending an agreement after the fact down to 2 years (think about the sort of things Rogers does where it reserves the right to change your cell contract even during your 3 year contract period) that's bullshit, but 'we will only provide support, or this price or whatever' for 2 years is a business contract matter, not a consumer protection one. You can't even argue 'similar products' all carry a 10 year warranty but this one doesn't. E.g. would be a TV with a 30 day warranty and all other TV's have 2 year, because CS6 isn't similar in any way to Windows and its 10 year lifecycle.
And yes, businesses are out to screw you, especially if you're a business client and they think they can get more money from you. If you don't like it find an alternative, develop your own or suck it up and pay it and consider it part of the cost of doing business. If you think adobe is unlawfully leveraging its monopoly in the content creation suite file an anti trust complaint.
I live in Australia but that's besides the point, all roads get potholes even new ones. The fact you don't see them means your road maintenace crews are doing their job.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Sigh.
/. "corporate masters".
UID > 2mil spreading FUD about
Seriously though, people are missing your point mainly because it's a fairly weak point to begin with. It's obvious from context that the poster meant "at no additional, post-sale cost", and anyone with a modicum of experience has to give a least a little respect to the Microsoft update machine.
"Excuse me, I'm not sure if you are aware of it but your post has an identifyable bug"
You tell me where is it and I gladly produce a new release without it.
"it contains an obvious strawman"
It maybe obvious to you; it is not obvious to me so I advise you to produce a valid bug report in order for me to be able to fix it.
But first I want to make sure the problem is in my post and not in your ability to parse the source code: you are aware "I didn't know my software had bugs" != "I don't know where are the bugs in my code", aren't you?
"Note, I don't want a new post"
Then you get to stay with the old one.
Even if I could fix the original, which I can't, it would be the original no more. You are aware of Heraclitus's "you can never step into the same river twice", aren't you?
"I've donated to slashdot several times"
Not *my* problem, unless you donated to *me*, which I know for sure you don't.
I know, I know... tongue in cheek.
"And after all, OS/2, MVS, and UNIX never had patches and shipped complete and flawless, with all possible features"
New features != bug fixes.
"It's all completely inexcusable."
It is not inexcusable that they released software with bugs, but yes, I find certainly inexcusable, as long as the companies stay in business, that they don't fix bugs for them when a customer asks for it.
"Such a reasonable standard you have set."
The only one I find reasonable, yes.
"Good luck with your software company."
It's doing well, thank you very much. I produced software more than a decade ago and I for certain would fix any bug the customers could come to me with as I've already done up to this day.
And you know what? As long as they contracted support I managed not only the bugs but the new features too -the latter on a one-by-one basis, some of them we in common accorded that basically went into the original spec, so I covered them as a matter of respect my contract, others were priced apart, but bugs, always as a given.
I know that some of that software is still in use but there've been years that no new bug reports have come for them. I leave as an exercise to reader to imagine why.
http://slashdot.org/comments.pl?sid=2842341&cid=39970629
"So what you are saying is that you want MS to program protocols, drivers and other applications for things that haven't been invented yet?"
No.
UID of current account is meaningless. I've been on /. since its inception.
You're obviously either a youngster, another corporate tool with no mind or soul of your own, or a bot. Too difficult to determine which one, from where I stand.
In any case, you = jackass^2.
I guess you think the world functions on the Plato's form model, where things achieve some kind of software perfection. They don't. Not with software or most any other product.
Manufactures don't have to make things perfect or even try. They only have to build something slightly better than the competition. For a real world example, look up the story of Henry Ford looking at his cars in the junkyard.
Here's a car analogy for you; By your standard, if you buy a new car, and the manufacture 'knows' that the hoses and tires will wear out after so many miles/years, then they:
1. Sold it to you knowingly defective.
2. Have a responsibility to give you free tires, hoses, belts, etc. forever.
I was talking in extremes and speaking generally - and I agree with you regarding Adobe.
Is there any Adobe software that is not riddled with security holes? photoshop?
I was a bit against Apple dumping flash in the beginning but its looking more and more like it was the right thing to do.
This seemed like a reasonable sig at the time.
"By your standard, if you buy a new car, and the manufacture 'knows' that the hoses and tires will wear out after so many miles/years"
Perfect analogy, yessir. Because the ones and zeroes in a computer program wear out too.