Slashdot Mirror
Adobe Changes Its Tune On Forcing Paid Upgrade To Fix Security Flaws
wiredmikey writes with a followup to Thursday's news that Adobe was recommending paid software upgrades in lieu of fixing security holes in some of its applications. After receiving criticism for the security bulletin, Adobe changed its mind and announced that it's developing patches to fix the vulnerabilities.
"Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial. For a popular product that was just over two years old, providing a fix to address a serious security flaw its what customers deserve. And while Adobe may have originally tried to sneak by without addressing the issue and pushing users to upgrade to its new product, the company made the right move in the end."
Boohoo. Welcome to software development.
Sunwalker Dezco for Warchief in 2016
Developing a patch, especially for three different applications, can be costly and time consuming. Developing these patches consumes development resources, then must run through a QA process, and the patch needs to be communicated and distributed to users. And for a company like Adobe with a massive customer base using its Photoshop, Illustrator, and Flash Professional, the bandwidth cost alone can be substantial.
You know what is cheaper? Hiring developers with a clue, so they won't write bugs by the bucketload.
Contrary to the popular belief, there indeed is no God.
So what it if it costs you money? It's your error, and your responsibility to fix it. We're not talking about a version that you stopped selling years and years ago. We're talking about a version that stopped selling only recently--in fact, more recently than when the security flaw was reported.
What are you doing with the several hundreds of dollars each licensee pays you for a copy of Photoshop? Or the $2000 that they pay for an edition of CS? Wiping your asses with it? Rolling it into a joint and letting your developers smoke it?
Adobe (like another tech company that starts with an "A") was once a stand-up company. Ironically, the CEO of that "other company" accused Adobe of being LAZY. And he was 100% correct. Lazy and bloated and coasting on their monopoly success. Again, the principle holds: the more trust and power the consumer gives to a corporation, the more they will abuse it.
The base non-student version of their software costs 1299.
I do not want to hear ANY complaints about money from them with that kind of audacity.
Dude. It's Adobe. Judging from their outward appearance, I suspect that their management chain actively discourages fixing bugs because it gets in the way of adding new bloat... err... features.
For example, we've been complaining that the entire CS suite fails to work correctly on case-sensitive HFS+ since... well, since support was introduced back in 10.4. To this day, their shovelware still does not work on Macs so configured. This problem is entirely caused by Adobe being too damn lazy to fix their build scripts to use correct capitalization during the linking phase—a set of fixes that would take at most a couple of hours for a single competent engineer to fix using shell scripts and sed. And some folks have been complaining about this serious flaw in their products for seven years now.
Even more hilariously, Adobe blames Apple, claiming that there are dozens of compiler bugs that they've reported that haven't been fixed, which prevent them from fixing this problem. However, thousands of companies out there have no trouble working on case-sensitive volumes. Likewise, random users have gone through and created symbolic links to work around Adobe's typos and have been able to get it working, which completely invalidates Adobe's ludicrous claims.
Frankly, given how long it has taken them to fix something that simple, it'll be a ***king miracle if Adobe fixes this security bug in less than a decade. After all, if it takes them that long to fix something that would take me a few minutes, they either have to have the most complicated, snarled pile of source control ever seen in the history of the universe or they're all grossly incompetent beyond measure, neither of which inspires much confidence in this security fix for me.
Screw Adobe. The only thing that could make their software quality any worse would be if they got bought by Symantec.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Developing software, especially three different applications, can be costly and time consuming. Developing software consumes development resources, then must run through a QA process (which obviously failed here) ...
.. and creating a marketing campaign and distribution channels is a large and complex process. ...
ditto
Creating stable, secure products is what customers deserve.
Adobe may want to cut corners, but in the end, they don't have the lock-in to really piss their customers off. A lot of their larger consumers (corporations) who were planning to upgrade by choice who felt they were being made to by Adobe's decision now have reason to reconsider, even if they "made the right move in the end". Because who knows if they'll "[make] the right move in the end" the next time? The one good thing? Journalism and popular opinion made a difference.
PS - It's really hard to not be overly snarky, since Adobe's very business is software development. So, trying to spin it as some sort of extra cost to do patching seems even more absurd than all those businesses which could at least say that IT and software development is there for support to do their job and not as an end in itself. Given how much of Adobe's business is in high ticket software, it's especially hard to understand why they were so slow to be committed to support, since beyond the direct software itself, one presumes the high price is tied to a commitment. Certainly, it's the other way around--even corporations with middle management mostly shielded from their decisions don't seem likely to blow potentially millions on a product and a company who, in company terms, will disappear support-wise overnight. I mean, isn't it just standard process in most companies to, even if they're internally dead-set against doing work on an issue, to smile politely and say how they will/are looking into the issue? Otherwise, you may end up with a PR snafu.
Eurohacker European paranoia, gun rights, and h
Look Adobe, I'd be in your corner if this were Photoshop 5, like pre CS days, we were talking about here. If people were saying "You have to go fix something from 1998 because we won't upgrade!" I'd be along with you saying "Look people, stop being cheap bastards, get out the wallet, and buy new software at least once a decade, that's not unreasonable."
However we are talking about CS5, as in the last major, released only 2 years ago (CS5.5 is a more minor update, and shares the same codename). You need to at least put out security fixes for the last version, support it for a few years. I don't expect you to do any feature updates, but security updates are not too much to ask.
Also they want to wine about time, QA, and bandwidth? Give Microsoft a ring, see how it goes for them supporting OSes for 10+ years (OSes that cost less than a single CS program I might add), doing regression testing against thousands of pieces of hardware and software, and then distributing them to the majority of computer users in the world. They seem to get on fine and still make billions, so I'm going to say you can put on the big boy pants Adobe, and patch this fucking issue.
P.S. Don't when to me about bandwidth when you offer downloadable trials of shit. A patch is going to be a couple hundred MB maybe, and more likely less. Your trial downloads can be GBs. You have bandwidth you whiny shits.