Slashdot Mirror
Adobe Changes Its Tune On Forcing Paid Upgrade To Fix Security Flaws
wiredmikey writes with a followup to Thursday's news that Adobe was recommending paid software upgrades in lieu of fixing security holes in some of its applications. After receiving criticism for the security bulletin, Adobe changed its mind and announced that it's developing patches to fix the vulnerabilities.
"Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial. For a popular product that was just over two years old, providing a fix to address a serious security flaw its what customers deserve. And while Adobe may have originally tried to sneak by without addressing the issue and pushing users to upgrade to its new product, the company made the right move in the end."
Boohoo. Welcome to software development.
Sunwalker Dezco for Warchief in 2016
Way to sound like a dick even when you're doing the right thing.
Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial.
You know what is cheaper? Hiring developers with a clue, so they won't write bugs by the bucketload.
Contrary to the popular belief, there indeed is no God.
And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial
you know what, if they such a massive customer basse, then they would have already made massive profits from those 'massive' sales. So the company just forgot to factor in the percentage for maintenance from those sales.
Its a bit pathetic really, unless their development costs are so great - but then I'd say the management and developers are at fault, patching isn't a particularly difficult task once you've done the fixes for the current version anyway.
This just in: Companies would rather you throw money at them to fix products that are badly designed as well as throw money at them to get features. Long-time pirate girlintraining had this to say on the news "Pirate Bay has better support, current patches, and can be had quicker and with less hassle than how Adobe sells its own products. I wouldn't be opposed to paying for the product once, but after that, if you screw it up, I'm going to another vendor of your product." Adobe spokespersons had no immediate comment, but the CEO was making subtle hand gestures to the paramilitary men in the background, who left the room shortly after.
Hangon, someone's at the door...
#fuckbeta #iamslashdot #dicemustdie
No company can beat public shame except MPAA.
Thanks for your insight, Adobe CEO Shantanu Narayen.
So what it if it costs you money? It's your error, and your responsibility to fix it. We're not talking about a version that you stopped selling years and years ago. We're talking about a version that stopped selling only recently--in fact, more recently than when the security flaw was reported.
What are you doing with the several hundreds of dollars each licensee pays you for a copy of Photoshop? Or the $2000 that they pay for an edition of CS? Wiping your asses with it? Rolling it into a joint and letting your developers smoke it?
Adobe (like another tech company that starts with an "A") was once a stand-up company. Ironically, the CEO of that "other company" accused Adobe of being LAZY. And he was 100% correct. Lazy and bloated and coasting on their monopoly success. Again, the principle holds: the more trust and power the consumer gives to a corporation, the more they will abuse it.
The base non-student version of their software costs 1299.
I do not want to hear ANY complaints about money from them with that kind of audacity.
They made the right move... after they got curbstomped by public opinion. No doubt they would have maintained their original position without external impetus to change it.
Sad bit is this appears to just be a bug in whatever custom tiff library they wrote; fix bug, recompile applications, if need be, then test everything tiff related. Not really a demanding undertaking. Given the exorbitant prices they charge for PS and friends, the very least they can do is keep them patched when yet another security hole is found. Don't get me wrong, PS is a superb piece of kit (if bloated) - but it doesn't command the premium it once did.
MS has their own faults as well, but yes, credit where it's due.
Other than possibly IE (which has gotten better) I can't think of much to complain about MS doing lately. Possibly because I've been doing Apple development heh... I can think of some things Apple does which piss me off a bit - device limits in iTunes, their provisioning scheme, xCode not being very snappy... but you're right, I can't really say Apple is the old MS...
Tell you what, Adobe. I'll pay for security patches to your near-ubiquitous software products if you accept criminal liability for any damages incurred if I get keylogged and my bank accounts emptied/credit cards stolen/identity stolen/network compromised as a result of an Adobe software flaw that led to me being exploited.
Deal?
Developing software, especially three different applications, can be costly and time consuming. Developing software consumes development resources, then must run through a QA process (which obviously failed here) ...
.. and creating a marketing campaign and distribution channels is a large and complex process. ...
ditto
Creating stable, secure products is what customers deserve.
Adobe may want to cut corners, but in the end, they don't have the lock-in to really piss their customers off. A lot of their larger consumers (corporations) who were planning to upgrade by choice who felt they were being made to by Adobe's decision now have reason to reconsider, even if they "made the right move in the end". Because who knows if they'll "[make] the right move in the end" the next time? The one good thing? Journalism and popular opinion made a difference.
PS - It's really hard to not be overly snarky, since Adobe's very business is software development. So, trying to spin it as some sort of extra cost to do patching seems even more absurd than all those businesses which could at least say that IT and software development is there for support to do their job and not as an end in itself. Given how much of Adobe's business is in high ticket software, it's especially hard to understand why they were so slow to be committed to support, since beyond the direct software itself, one presumes the high price is tied to a commitment. Certainly, it's the other way around--even corporations with middle management mostly shielded from their decisions don't seem likely to blow potentially millions on a product and a company who, in company terms, will disappear support-wise overnight. I mean, isn't it just standard process in most companies to, even if they're internally dead-set against doing work on an issue, to smile politely and say how they will/are looking into the issue? Otherwise, you may end up with a PR snafu.
Eurohacker European paranoia, gun rights, and h
Apple ... never ... crappy....?
I guess you never owned a Nubus PowerPC Mac running MacOS 8.
Do these companies even hire a PR expert anymore? EA/Bioware recently made a big mistake as well. With their MMO SWTOR they have been having some small problems. The game is boring all around and end-game is non-existent. So... they came up with an idea. How about we give everyone, regardless of how long they played a free month... BUT only if they reached level 50...
Reaching level 50 since launch isn't that hard to be honest HOWEVER it is not how some PAYING customers play MMO's. Especially since one you are there, there is nothing to do. Some play lots of alts, some play very infrequent. BOTH these groups PAY. But customers with an account a month old who grinded to 50 got a free month, customer who subscribed since launch did not.
There was much outrage and Bioware/EA relented and made the condition level 10 legacy which is still forcing you to play for level but doesn't require you to play an account till level 50 but one to (25 or something when legacy points start counting) and then you can play as many alts (on a single server) as you want.
IT IS STILL A FUCKING STUPID bit of logic but far few people didn't qualify because of it.
And all this? A promotion campaign to keep paying customers from leaving a game that is considered unfinished (what is there works, there just isn't a lot there, it is one of the most bare-boned MMO's I ever seen. Blizzard refined Sony's Everquest and made it into WoW. Bioware put WoW through a filter and published it as SWTOR sadly all the taste was left behind in the filter. It is a very smooth drink, but then so is a glass of water. But I ordered Whiskey!) and so why the qualification of how many XP points of whatever kind a player accumilated. PAYED subscribers are the ones you hope to keep, so, let the qualifier be, payed subscribers.
No, I am not just going off topic, basic PR is like basic laywer advice. SHUT THE FUCK UP. In any case, your lawyer will tell you to keep your fucking mouth shut. Let your lawyer speak for you and even then, 9 times out of 10 the best thing to say is NOTHING.
Neither of these fuckup's should have gotten past PR, there is no way anyone with a brain could not see the shit storm these announcements would raise while accomplishing NOTHING. I do not use Photoshop and I wasn't unhappy with SWTOR... BOTH these PR goofballs made my blood boil with nerd rage and you can find me ranting my impotent rage on the net...
Someone somewhere could have done cost benefit analysis and reasoned out that simply fixing the bug and simply giving all accounts of say 2 months a free month would have cost far less and would have given them POSITIVE feedback rather then now it costing MORE and leaving a NEGATIVE impression.
PR isn't about spinning things, it is about effective communication with the public (as said, I am not a Adobe customer) so that what you do, benefits you. Some beancounter might do some sums but if the most economic sum ends up raising a storm of protest so you have to do the more expensive solution anyway, you not only wasted time on two approaches, you now have to pay extra for negative publicity.
If you EVER have to deal with the public, just keep this in mind. If there is a change the cheap plan is going to cause protest, go with the more expensive one. It will be cheaper in the long run.
Just run both examples here with the more expensive plan from the start.
Adobe announces patches for its popular Photoshop product free for all version still in use.
Bioware rewards long standing customers with a free month as thanks for their support.
Hoora's all around, what good chaps these megacorps really are.
PR, it is really simple once you stop listening to the beancounters.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
why does an application like [Adobe Reader] need a system reboot, I wonder
Because Adobe Reader installs a plug-in into Firefox and IE. If either of those programs is running, even if in a disconnected session (Fast User Switching), an upgrade to a plug-in cannot complete because the plug-in's shared library is open for execution. And on some versions of Windows, I seem to remember that IE plug-ins can run inside Windows Explorer, and Windows Explorer is always running if a user is logged in.
MMMMM x100 series powermacs. Actually 8100 with G3 card was surprisingly a good machine.
brickspeed.net for your old Volvo performance addiction
Look Adobe, I'd be in your corner if this were Photoshop 5, like pre CS days, we were talking about here. If people were saying "You have to go fix something from 1998 because we won't upgrade!" I'd be along with you saying "Look people, stop being cheap bastards, get out the wallet, and buy new software at least once a decade, that's not unreasonable."
However we are talking about CS5, as in the last major, released only 2 years ago (CS5.5 is a more minor update, and shares the same codename). You need to at least put out security fixes for the last version, support it for a few years. I don't expect you to do any feature updates, but security updates are not too much to ask.
Also they want to wine about time, QA, and bandwidth? Give Microsoft a ring, see how it goes for them supporting OSes for 10+ years (OSes that cost less than a single CS program I might add), doing regression testing against thousands of pieces of hardware and software, and then distributing them to the majority of computer users in the world. They seem to get on fine and still make billions, so I'm going to say you can put on the big boy pants Adobe, and patch this fucking issue.
P.S. Don't when to me about bandwidth when you offer downloadable trials of shit. A patch is going to be a couple hundred MB maybe, and more likely less. Your trial downloads can be GBs. You have bandwidth you whiny shits.
What the hell is up with company's lately..
At&t ceo is 'losing sleep because he gave unlimited data, and imessage is taking away from his text plans"
Now a company not wanting to take care of their own coding issues.
Face up and deal with it. You should always support at least 2 versions, especially when the new version was released what less then a month ago?
With that logic, car manufacture's should stop making break pads, windshield wipers, etc once they release the next years model to force you to buy the new years model...
And apparently, neither did you. I owned several, liked them all.
make imaginary.friends COUNT=100 VISIBLE=false
I don't want Adobe focusing on two year old software patches when practically nobody else in the industry does the same for similar software. This isn't an OS that gets used by millions of people. This is not a high target application.
I'm better served as an Adobe customer if Adobe focuses on innovating for the future and stops being held to higher standards than anyone else by bloggers who have an agenda against them.
******
You'd be better served as an Adobe shill if you made an ounce of sense.
Actually, you'd be better served after vigorous braising on both sides with garlic butter and a nice red whine.
Faster! Faster! Faster would be better!
Ok, so since this backtracking happens frequently now there
are only a couple modalities that can be occurring here.
1) Companies really ARE that stupid and greedy.
2) See #1, but not stupid... they are being sly and try to see how much they can get away with til backlash happens.
More and more... I'm starting to believe it's the second one.
-AI
Shakespeare nor I mean any disrespect to any danes.
For me, it is far better to grasp the Universe as it really is than to persist in delusion
Seriously? What's the bandwidth cost for an update vs. the cost of that copy of the product? Like 3 cents vs Umm I dunno what those professional products cost, but I'm sure the bandwidth cost is essentially nothing in comparison.
I seem to remember that IE plug-ins can run inside Windows Explorer
That should only require a restart of the browser, not the whole OS.
Windows Explorer is the browser, and it's running whenever anyone's logged into the OS.
Nope. Not since IE7 and WinXP SP2. Explorer.exe and iexplore.exe are two independent processes.
But what libraries do they share? What configurations? If the Reader DLL plugs into both, an install is going to need a reboot (because of how Windows locks loaded libraries).
"Little does he know, but there is no 'I' in 'Idiot'!"
But what libraries do they share? What configurations? If the Reader DLL plugs into both, an install is going to need a reboot (because of how Windows locks loaded libraries).
They don't share anything. WinExplorer uses the IE library as part of its rendering (not sure if they do that in Win7/Vista still) but its an embedded instance which doesn't load plugins.
The likely problem is what Microsoft calls a "Shell Extension" which is a DLL that is loaded into Windows Explorer to provide some random extension like a new context menu, custom icon overlays or document previews when you highlight a file. Adobe probably has one of these which is why the reboot is needed. Of course "needed" should be in quotes because lots of other programs add shell extensions to Windows but theirs are not utter garbage and can actually be unloaded without terminating Explorer, upgraded then loaded back in again. Apparently this 2000s era technology is beyond Adobe's crack team of highly skilled programmers.
Alternative theories are:
1) Adobe found "problems" in certain test configurations that went away with a reboot and couldn't be bothered to fix the actual issue.
2) The installer adds a service or preloader but Adobe haven't figured out how to start those manually and have to reboot so Windows will do it for them.
3) The reboot is completely pointless and accomplishes nothing (I wouldn't be surprised, I've encountered a few programs whose installers want reboots even though they work perfectly without it).
While Mr. Gates was always a personal hero of mine, I used to hate Microsoft with passion. Now, I only hate Windows, and give Microsoft a pass, because Microsoft also made Active-Directory, Exchange, and XBox... almost makes up for Windows, and for all the good companies with better product they ran out of business in the mid/late 90's. Also, Linux and the OSS community tends to mitigate how crappy Windows is, by fixing pretty much everything that is broken in Windows, or that Windows broke.
The Admin and the Engineer
Sadly true. No one likes to hear sad news. You state a problem to the managment only if you can find a way to workaround it and your expected earnings still ends up to be the same.
You were in a minority. I had an 8100. These POS machines were horribly unstable, and much of the software running on them was emulated making performance crap. Not only that but there were few add ons available because of the poorly supported NuBus.
And despite the nice CPU the OS architecture was still based on an schlock memory and multitasking model.
The fact is these were the worst architected and poorest performing machines I've ever owned.