Slashdot Mirror
The US Government and Open Standards: a Tale of Personal Woe (thevarguy.com)
An anonymous reader writes: This article details a Linux user's struggles to submit a grant application when the process requires finicky, proprietary software. It also covers familiar ground made timely by the upcoming elections: the U.S. should prefer open source software and open standards over proprietary alternatives. The grant application required a PDF created by Adobe Acrobat — software Adobe no longer supports for Linux. Once the document was created, attempting to submit it while using Ubuntu fails silently. (On Windows 7, it worked immediately.) The reader argues, "By requiring Acrobat the government gives preference to a particular software vendor, assuring that thousands of people who otherwise would not choose to use Adobe software are forced to install it. Worse, endorsing a proprietary, narrowly supported technology for government data poses the risk that public information could become inaccessible if the vendor decides to stop supporting the software. Last but not least, there are privacy and fairness issues at stake. Acrobat is a totally closed-source program, which means we have to take Adobe's word for it that nothing sketchy is going on in its code. ... It would seem to be in the interest of the public for the government to prefer an open source solution, since it is much harder to hide nefarious features inside code that can be publicly inspected."
The government (or a corporation's lobbyists) have no problem with a requirement to trust them.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
"On Windows 7, it worked immediately."
Oh, you fixed it. I don't have time to be outraged about this. Get a citizens united corporate backing and fight, otherwise fuck off Bennett hassleton.
I didn't ask why I should care, I know that. I just don't have time to do more than ask if anonymous helpless cares more than just preach to the choir.
If the bidding was rigged in favor of one particular supplier you'd have a right to complain, but this is just a typical bug. Most likely, the people who ran the process was platform neutral (frankly I did too, since I print PDFs from Ubuntu almost every day).
Grow a pair and quit whining, maybe you'll win once in awhile. The world is not going to be made perfect even if everyone on /. agrees to boycott a (lengthy) list of companies and opportunities.
but to be fair, by asking for grants from same entity, one must realize, one is selling oneself to it, more or less.
By requiring Acrobat the government gives preference to a particular software vendor, assuring that thousands of people who otherwise would not choose to use Adobe software are forced to install it
Adobe paid good money for that preference and those politicians, in exchange for business to be forced their way.
That's how the crony-capitalist system works. Didn't you know that? What those with money and power want, they get. Until everything eventually falls apart and chaos ensues.
since it is much harder to hide nefarious features inside code that can be publicly inspected
Not THAT crap again.
Heartbleed should put that right to bed.
I don't understand your point here. It was found and then fixed in a few days, and the patches were widely released to anyone willing to update. The system worked exactly like it was supposed to: the fact that a single critical bug garned that much attention should give you an idea of how uncommon it is.
In contrast, Adobe Reader has had not one, not two, but 26 different cripplingly severe vulnerabilities in the last six months alone, and that's only because I got tired of counting after #26. How many people patch Adobe Reader? Would you like to compare Libreoffice to Microsoft Word, FreeBSD to Windows, or Internet Explorer to Firefox? Maybe Apache to IIS, or perhaps OpenJDK to Sun java? Amarok to Itunes? Our very own Adobe Reader to Okular or Evince?
Open source software does indeed have a demonstrably better security record than closed source software, that is undeniable. Further more, even if it didn't, it wouldn't matter because the statement was that it was easier to discover vulnerabilities in open wource software. And he's right. What do you rather do: read source code, or dissassemble a binary?
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
... Is the worst program to use to create PDFs. Just use one of the free applications.
PDF is the open standard for sharing documents. Adobe does not offer any open source or free creation tools, but there are half a dozen great PDF creation tools available some of them open source, many of them free.
Troll is not a replacement for I disagree.
Um, does the OP mean that using the default bundled browser on Ubuntu fails? Because that could just be Mozilla's fault for not following standards on their Ubuntu branch.
Troll is not a replacement for I disagree.
And complaining about the process... How quaint!
More likely IIS is designed to not working correctly when it don't detect MICROS~1 Windows.
Surface Tablets sabatage AFC Championship Game
To add to this: why the hell does it even matter if one particular software solution contained a serious security issue? The whole point of having open standards is the ability to have multiple software solutions all capable of interoperably working on the same data formats. This is one area where HTML shines, though HTML isn't quite well suited for physical paper print material though.
Just fyi OpenSSL was vulnerable to heartbleed for over 2 years before it was discovered then it was fixed at the same time it was announced.
Otherwise yeah adobe reader is large security risk for Any windows computer...actually now that I think of it wasn't jailbreakme.com based on a PDF exploit?
So even just PDF in general seems to have security problems in implementation for some reason.
Minimum threshold fixed. Thanks!
"The tablets are connect to dedicated private wireless networks for security, and are restricted to running a single app used to look at real-time photos of previous plays and study the opposing team." ref
"Open source software does indeed have a demonstrably better security record than closed source software" And you can prove this statement?
'What do you rather do: read source code, or disassemble a binary?" I would rather do neither and focus my attention on the actual functionality of the application I am developing. And you gloss over the fact that just looking at the source code you can identify vulnerabilities.
Most vulnerabilities are found through binary analysis not reading the source code. And, yes, that is even true for open source software.
When opened in Acrobat Reader it had a form with a button at the bottom to submit the information. He tried to process it using the most recent version of acrobat for each of the following operating systems:
The takeaway is this: a government process used a supposedly open format but ruined it by using a proprietary extension that only worked on a recent version of proprietary software running on a recent version of a proprietary operating system.
IIS is a web server retard, it happily works with all browsers. however you can write shit code that may not work with a browser. This could easily be bad coders on the website end or on the Linux browser end, both are common problems. why you would link a surface device (client side) issue is beyond me, I can only guess you just don't know much about IT.
My guess is that this was one of Adobe's form systems. Those produce overly-complex PDF's that then submit the form content back to specially crafted servers in a non-documented way. Creating these "workflow systems" are how Adobe has been making money on the Acrobat "platform" for some time now. So none of this corresponds to any standards, so nothing works except Adobe Acrobat (usually only on Windows, even MacOS need not apply).
Five years ago I might have thought that using these systems was an ok idea, but web forms have long since surpassed what is possible on these systems, and since mostly they just produce XML it should be cheap and easy to replace them. My guess is that this is an old system, and it just works, so it is hard to justify the money of replacing it. If someone really wanted to do some good, they could organize a hackathon to replace this.
While Linux hasn't always been known for having the most supportive community, things have gotten particularly bad lately.
Like your comment shows, it's getting quite routine for a user to describe some problem they're having with open source software, and instead of getting anything resembling help we instead see Linux and open source supporters just flat out deny that the problem exists. This isn't a case of giving snooty answers, or even just ignoring the questions. It's outright denial we're seeing now, typically without any sort of evidence to support this denial.
It's an extremely disrespectful attitude to have, and when you direct it towards somebody asking for help then you'll most likely just drive them away to proprietary software.
We see this attitude from the GNOME 3 community, which now consists of a small number of people trying to force their awful software on a much larger community. These GNOME 3 supporters just deny that the UI is now unusable.
We see this attitude from the systemd community. Again, this is a relatively small number of people trying to force their awful software on a much larger community. These systemd supporters just deny that their init system is bloated, full of architectural flaws (binary logging and doing everything are to examples), and has caused a lot of people a lot of problems.
We see this attitude from the Firefox community. Once more, this is a relatively small number of people trying to force their awful software on a much larger community. These Firefox supporters just deny that the UI is now awful, that there are performance issues, and that there are years-old bugs that haven't been fixed.
When users come forward with problems with GNOME 3, systemd or Firefox we just see open source supporters like you treat these people like they're total shit.
It isn't Microsoft, or SCO, or Apple, or Adobe, or any other company that truly harms the adoption of Linux and open source software. It's the Linux and open source communities themselves who cause this harm, all thanks to how poorly they treat so many of the users of this open source software.
yeah I am sure it is IIS's fault that Adobe isn't supported on Ubuntu and that it is IIS's fault that older versions of the dodgy adobe extension don't work on various OS's. For fucks sake did you even read the article before you posted your fail?
that the US government is Bad At Computers? Where have you been this whole time? And are you interested in buying a bridge? I've got in Brooklyn that just happens to be for sale.
...only the most secure channels should be used for communication.
Time is what keeps everything from happening all at once.
between Acrobat and Flash, Adobe provides the bulk of the vulnerabilities the NSA needs to operate. Quid pro quo.
I don't understand your point here. It was found and then fixed in a few days
A few days? Heartbleed went undetected for several years, not a few days.
What do you rather do: read source code, or dissassemble a binary?
It is almost always easier to find vulnerabilities through binary analysis. If you try looking for bugs by reading the source code, odds are that you'll make the same mistake that the original author of the bug made. It's just like doing an algebra problem on math exam. You don't check your work by redoing the problem because you'll just end up making the same mistake a second time; instead you do plug in some numbers and see if your equation spit out the right result.
Our purpose:
1. The United Fascist Union exists to promote a revival of the Republican Commonwealth of Imperial Rome and stand against liberalism, public corruption, decadence and Democracy in all the evil forms they manifest themselves in. The United Fascist Union will not discriminate on the basis of race, color, sex, creed, national origin or disability, provided that the applicant is a conservative of national origin. Nor will the U. F. U. endorse any type of racial hatred, such as that being practiced by conventional rightist groups. We will also not accept those that hate minorities, practice discrimination or that would do violent, stupid things as members.
2. The main objectives of the United Fascist Union shall be: (a) To institute a military Dictatorship form of government over the Earth. (b) To create and establish a "Universal Price Index" which will regulate costs. (c) To corporatize utilities (making them agencies of the United Fascist Union). (d) To establish a "Transferable Work Point Card" which will replace paper money and to replenish heavy industry wherever the empire is the organ of state by creating new construction projects.
3. Under the corporate dictatorship the global government will function like a corporation; powere being vested in the dictator of Nova Roma who sits atop the pyramid of government, acting as both a receiver and transmitter of the peoples general will. The collective will of the masses would travel up the pyramid of state and be channeled through the office of the dictator and would be transformed into constructive benevolent programs, then travel back down the pyramid of state, through which it would be distributed to the masses in the form of constructive social programs.
4. The people will be regimented, disciplined and controlled and they will stop thinking of themselves as individuals and act as components of the corporate collective. Being organized as employers, merchants and workers, they will function as members of the collective for a common effort towards development and production, as per the Italian model of government.
The easiest solution is to get rid of these grants.
Don't get me wrong, with all of the imaginary rights the Supreme Court has been finding in the 14th amendment, the one I'd most like them to find is the right to a federal government that exclusively uses Free Software and open standards.
But I don't really have a lot of sympathy for this guy's difficulty in getting my tax money. He calls himself "The VAR guy", which strongly suggests that he's not asking for money to perform some obligation of the federal government as spelled out in the Constitution.
See that "Preview" button?
since it is much harder to hide nefarious features inside code that can be publicly inspected
Not THAT crap again.
Heartbleed should put that right to bed.
Heartbleed had nothing to do with the potential for "nefarious" hidden functionality in closed-source systems. If anything, Heartbleed might be a counterpoint to Eric Raymond's proposal that "given enough eyeballs, all bugs are shallow" -- but the truth is that complex problems usually have complex solutions, and the more complex the solution the smaller the percentage of those eyeballs that has expertise.
As far as the article's argument goes, I'm torn. I can see immense value in requiring the software that government uses be open source. It levels the playing field in terms of accessibility while promoting the transparency required for a successful democracy. It also falls in line with other existing aspects of the government, such as the requirement that any works created by the Federal government (generally) are put into the public domain.
However I can see the argument that computers and software are just tools to get stuff done. Interoperability can be simplified when you target specific application versions (say, "MS Office 2010 and newer") rather than a more squishy target such as "Open Document Format". While there's no reason you couldn't do that, it seems like when it comes to software today, sadly, sticking to an implementation of a (possibly proprietary) standard rather than a generic standard itself ends up causing fewer problems.
That said, I'd definitely agree that it should not be required to use Adobe Acrobat to submit a grant application.
"What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
/)
The PDF security problems stem from its early days when they were trying to get their adoption rates up. In order to try and get every business to adopt it, they asked people at the companies what features they would like to see in Acrobat. And they got mostly marketing managers replying with every bell and whistle they could think up: scripting support with system and drve access, embedded binaries, ability to connect and send commands to Outlook, etc. I'm not sure anyone at Adobe cared if they were a good idea, much less secure. All they cared about was adoption. They've been trying to clean up the mess ever since. Many of these features have had to be removed or severely restricted just to try and put their fingers in the gaping holes that is Acrobat security.
"Be particularly skeptical when presented with evidence confirming what you already believe." -
This is one area where HTML shines
It is also an area where PDF shines. PDF is a license free open standard, and there are open source tools that can generate and manipulate the format. It isn't as easy to work with as HTML, but it isn't that hard either. TFA is just uninformed whining. PDF is a perfectly acceptable open format for the government to use, and it is a big improvement over requiring something that is actually proprietary, such as MS-Word.
I delt with this problem a lot actually. Some out there made a browser string check that would modify the layout and code of the page. It became very popular and got dropped in to so many pages. The problem is that browsers updated and the code didn't and it started breaking more pages than solving issues. I've seen ones still in use that reference Netscape navigator and ancient IE versions but, no current browser. What's worse is that they don't leave things alone on a non-recognized browser, it does a non-supported mode that breaks most modern code. I have no idea where these webdorks get this code as none of the reputable code repositories seem to have these ancient code samples. Thankfully this happens less now but, I still run into government sites with truly ancient code.
"Be particularly skeptical when presented with evidence confirming what you already believe." -
I'm old enough to remember when governments mandated this in the name of openness/comparability.
That worked out well.
I say let the marketplace decide what's what
Not having looked at the actual grant, or a sample grant application, I can see why those in charge of processing grant applications would want submissions to be highly structured, formal, and consistent.
How many applications are expected? If you can't at least pre-process them electronically to identify the first round of refusals (e.g. for not meeting one or another requirement, or not using enough jargon), then a person has to eyeball them, and that costs money that would be better spent elsewhere.
If I had to process many different formats by eye, I wouldn't be a happy bureaucrat.
OTOH, why not move the whole process to a html form?
They sentenced me to twenty years of boredom
But finding a vulnerability is only half of the problem of "fixing a bug". The other half is actually fixing the bug. Guess which one makes it easier to do so: closed source or open source?
From TFA:
"In reality, the form and submission process are rife with problems that stem from lack of support for open standards. First, you have to use Adobe Acrobat to open the file. If you try to use any other PDF reader, the document appears as an otherwise blank page with an error message telling you to use Acrobat."
I am sorry, but if it was fixed in few days, it was not found in few days. This bug existed for many versions of OpenSSL before being finally discovered. That's not quite true to say it was discovered in days.
Achille Talon
Hop!
FUCK OFF no it hasn't.
Just had to be loud so people would notice.
The base version of PDF which displays static text is well supported and open. PDF has many many weird and wonderful features, like embedding videos which are not standardised and where successive versions are mutually incompatible.
You know the latest PDF version requires a full flash player to embed stuff, right? Where's the standard for that?
Ans sometimes the man requires you use some stupid-ass feature that no on else's PDF reader works with (including the windows and in-browser ones which have gone a long way towards getting Acrobat installs off people's machines).
So, not PDF is not a real standard. It's one of those fake ones where bits are standard, but the full thing is really "whatever works in Adobe (r) (tm) (bend over) Acrobat (r)(tm)(fuck you) today". And that's anything but standard.
The OP is just setting up a straw man and grandstanding.
No, you've never had to deal with the government and its love of obscure PDF features. Naturally in the way of slashdot, you display your ignorance loudly and proudly and with insults and get modded up.
SJW n. One who posts facts.
Except that the "open" PDF standard you're talking about is only a small subset of the oldest, most primitive image/text drawing features of said file format, and the aforementioned government website is not only requiring use of a PDF document that used some of the newer (massively insecure) JavaScript-enabled interactive form input/validation features not included in said "open" PDF standard or implemented outside of Acrobat, but apparently they even then used said features to code the document such that it blocks you from even trying to read the document without Acrobat.
Go ahead. Go download it and try to open it with Xpdf, let us know how that works out.
PDF is NOT an open standard. Oh sure little bits of it are (the document part) but the bulk is not. Adobe's PDF has loads of weird and messed up features that are 100% proprietary and that for some reason government IT wonks absolutely love for no discernible reason.
This story is about one of these bits.
SJW n. One who posts facts.
I am sorry, but if it was fixed in few days, it was not found in few days. This bug existed for many versions of OpenSSL before being finally discovered. That's not quite true to say it was discovered in days.
Microsoft had a flaw in Windows that lasted for almost 20 years before being fixed, and they also had one that took 17 years to fix, and another one that took 15 years to fix. There are many, many more with shorter lifespans but are just as severe in terms of how much they compromise. Heartbleed was in use for 2, being introduced in March 2012 and fixed April 2014.
My point here is that open source software has a better track record for security, and you don't seem to be really disputing that.
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
In order to get this working under Linux, you have to install the (Ancient) Adobe 9.5.5 Reader and its associated npppf module. Then it will work. I have alot of experience with this. While Okular, Evince, and XPDF can fill out forms, there is no support for submitting an XFA Form under anything other than the real Acrobat Reader.
Last year, I complained bitterly to the Treasury Department that I had to install a proprietary product (Adobe Acrobat Reader DC) to file the required foreign assets report. Not only is this product not available on Linux, I had to download it and install it on my wife's Macbook. The EULA required me to let Adobe receive my personal information including the bank accounts that I have in Europe. Fortunately, this year the Treasury has provided a non-Adobe option for individuals: http://bsaefiling.fincen.treas.gov/NoRegFBARFiler.html.
From TFA:
> You may be thinking, "If you just wanted things to work you should have used a supported version of Windows. No one forces you to use Linux."
The reasoning should be the exact opposite of that! One should NOT need to use ANY proprietary system. The underlying assumption is that Microsoft Windows is a standard (perhaps because it became ubiquitous)... it is not! It is just a product. Others came before and were considered the most common OS (like CP/M), there are alternatives more or less widely available (OS X) and free alternatives (like Linux) for those who don't want or can't purchase commercial products.
The government (at least in my country, which is not the USA) should be legally obliged to use the most democratic solution (e.g. Linux or BSD) instead of promoting the use of a proprietary system -- specially if that system is a monopoly. Besides the transparency obligation, there's also the need to avoid condoning a monopolistic situation, a clearly anti-capitalistic move.
> True, using Linux is my choice. I know that lack of compatibility is one of the prices I pay to run a free operating system.
No, no, no. This has been solved long ago -- both with PDF becoming a standard and with ODF formats. Lack of compatibility is a collateral effect of modern paid software not being compatible with previous versions (and many say this seems to be intentional). Libreoffice folks already said compatibility is a moving target. Governments should work against that not participate in it.
It's not rocket science! It's just an application entry!
> But that response misses the point. The issue is not that I couldn't submit the file using Linux. It's that the government requires applicants to use Adobe's proprietary software and extensions to submit files, when it could instead adhere to open standards.
Now we're cooking. Well said and that is what is at center of this turmoil.
> The whole point of PDF -- or portable document format -- files is that they are supposed to look and behave the same on any platform that supports the PDF standard, which has been an open standard since 2008. Making PDF files work only with a specific PDF reader gives you the opposite of portability.
Indeed, that's what "portable" in Portable Document Format means.
I won't say we've covered every single feature and that PDF is 100% compatible, but we're quite close.
But that's beside the point.
The main thing is not to demand that the user acquire a new OS/computer to comply with an official system. More than ease of use, availability of software or price, that is what makes a monopoly. This has been the essence of de facto schemes like Wintel -- and also Adobe products (PDF/Flash/Photoshop) have always favored the dominant platforms (particularly Microsoft), with versions for others OSes remaining underdeveloped, receiving only security patches or simply not being available.
The government should care about antitrust laws, not contribute to aggravate the problem.
Please stop your whining. There's an easy answer. Get a job instead of trying to get free money from the government. If you want someone to do something for you, you play by their rules. This discussion has nothing to do with open standards. In fact, you think everyone should conform to your beliefs while at the same time you're begging them to give you something for free.
The Poppler Project, which both Okular and Evince use was supposed to start work on figuring out how XFA Worked years ago when adobe Dropped support for Acrobat 9.5.5 on Linux. They never completed their work. There was too little demand for it.
Except that the "open" PDF standard you're talking about is only a small subset of the oldest, most primitive image/text drawing features of said file format
That's not even remotely true. Read the PDF 1.7 specification (chapter 8, specifically) and you'll see all of that stuff documented. JavaScript has been part of the spec since PDF 1.3. The fact that some viewers don't implement features that have been part of the spec for over 10 years is not the fault of the spec.
You might be thinking of the PDF/A family of standards. These are ISO standards for long-term document archiving and specify an intentionally restricted subset of PDF features to ensure that it will always be easy to implement readers for them.
I am TheRaven on Soylent News
Have you actually read the PDF spec? All of the interactive forms stuff is documented (see chapter 8), as are the multimedia parts (see chapter 9).
I am TheRaven on Soylent News
Have you actually read the PDF spec? All of the interactive forms stuff is documented (see chapter 8)
Have you? Because the whole of the XFA stuff says to look elsewhere.
8), as are the multimedia parts (see chapter 9).
Oh yes "just use flash" for embedding multimedia stuff. And, uhhh, where's the spec for that? And no before you ask, simply embedding videos doesn't work on the latest version (it works perfectly on older versions). On the latest acrobat reader versions you need to embed a flash video player and an FLV.
Yes I had to go through this recently. I could have it either work in an old version or a new version using the two methods but not both. New version requires proprietary stuff for videos: Flash.
So very open.
And as for you blaming everyone but adobe: even they haven't implemented half this stuff on the mobile PDF reader and have stated they WON'T.
SJW n. One who posts facts.
Open or not, PDF is the standard for portable documents. Has been for so long, the cost of establishing and implementing another format is prohibitively high. Also, there are alternatives to Acrobat/Reader.
That syndrome is in no way restricted to Adobe or Acrobat. It is endemic to proprietary software, where one of the easiest forms of competitive advantage is to bundle functionality into one big lump where the features have complicated interactions -- basically the antithesis of the Unix philosophy.
I filed my state tax return a few days ago and had to use my work laptop (a POS Dell) instead of my Mac because I refused to install Adobe software on it. They even prevented me from SEEING the form on my Mac so that I could print it out and fill it in by hand, it just showed an error page instructing me to install Adobe software. Even after completing and submitting the form I couldn't convert it to a flat file that was readable on my Mac, which is just fucking stupid.
Before that I couldn't even access parts of their website because those parts are only tested with Internet Explorer, and the security certificate clashes with Safari. So basically the state of NJ wants me to use the least secure browser, and software with a reputation for security holes to submit my CONFIDENTIAL TAX information!
Bureaucracy expands to meet the needs of the expanding bureaucracy.-Oscar Wilde
I wonder if 18f is going to weigh in on this. I am a researcher who submits grants and I would definitely like to switch 100% from Windows to Linux as soon as Windows 7 support is discontinued. It would be very helpful if govt forms in the US were open.
Oh yes "just use flash" for embedding multimedia stuff. And, uhhh, where's the spec for that?
Google swf format spec produced a specification for SWF in PDF format as the first result, readable in the free PDF.js reader included in Firefox.
The bottom line here is that the government wants you to help make their life easier. The carrot is to make your life easier too, but as the article points out, it isn't working. So don't make their life easier. Download those PDFs, print them out, fill them out by hand, and make the govt. do some work for the information they are demanding. This applies especially for f1040.pdf and its kin. In the rest of the civilized world, governments do most of your tax paperwork for you, sending it to you for corrections, omissions, & signature. Only the US govt. requires you to be a servant to the so-called public servants at tax time. They already have all the info they need!
Apple had a flaw in a version of Java they distributed in OS X that was discovered, then *not* fixed for a whole year. Viva la closed source! The fixing time was what was referenced in the "open source bugs are shallow" quote, not the discovery time.
Acrobat reader is free, dumbass, and if you can afford a computer it will come with a Windows license.
There is no acroreader for Windows 98/me
Support for Windows 98 and Windows Millennium Edition ended in July 2006. If you are still using one of these two operating systems on a PC connected to the Internet, you are using software with exploitable security vulnerabilities that will not be fixed this century.
and yes, all sorts of new computers are sold without Windows or a Windows license.
I know. Many are servers, which are not intended to display GUI apps in the first place. Many are made by Apple Inc., and they come with an OS X license that can run Acrobat for OS X. Many are ARM-based devices, and you have a valid point that Adobe refuses to port the features at issue to Acrobat for mobile operating systems.
On Windows 7, it worked immediately.
Oh, you fixed it.
That's not fixing it. That's paying Microsoft Corporation to fix it. And if this were required for a grant in any country but the United States, that would be paying a foreign company to fix it.
Where PDF shines is its ability to accurately render a document pretty much EXACTLY the way its author intended. HTML usually can't do that. Nor was it intended to. The M stands for MARKUP -- which is not the some thing as LAYOUT.
Other than that, I can't say much nice about PDF. When confronted with a purportedly editable pdf form, my experience has been that trying to edit the bloody thing without paying for Acrobat is a waste of time in both Linux and Windows. (foxit purportedly can edit pdfs, but I found the user interface to be beyond my limited comprehension). Anyway I just convert editable pdfs to Jpeg and use an image editor like kolourpaint. Probably not what the agencies distributing the stuff have in mind, but it satisfies MY obligations.
In fairness, government folk face a major problem when trying to gather data in a usable format other than unadorned ascii text. There really doesn't seem to be any such format. Those folks have a day job and that job surely is not dealing with the IT industry's near total lack of meaningful standards.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Except that the bug was in OpenSSL for years. It did not work the way it is supposed to at all. One of the big problems we are having with FOSS is the same that we are having with COTS software and that is monoculture. A few programs dominate certain spaces so when you have a vulnerability in one of those programs it is a huge issue. OpenSSL, MySQL, Windows, PHP, Flash, Outlook, Bind, and so on are all programs that carry a very high price tag for error.
OpenSSL is a great example of a failure in the FOSS model. Just about everyone depends on OpenSSL but for many years it was starved for resources. People took but very few ever gave back. Just about the only FOSS projects I know of that are not really starved for resources are Linux and maybe Firefox and Firefox gets paid money by setting a default search engine.
FOSS has a problem in that everyone sees it as free as in beer and almost no one gives back and no I really do not feel that being an FOSS advocate as giving back anything.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
At work, my clients use PDFs to submit to us regularly. We immediately convert this to a TIF for our use...
This is not so good as it seems.
We have one client that uses a custom font. Yeah, really. Being not just custom but copyrighted, and they do not include it in the PDFs, when they submit, and our converter makes the best choice it can to make this into something we can use internally. Sadly, the mapping is off by one character code. The original word 'carrot', for instance ends up being 'dbsspu'. Really. They could not change this. We could not change this. They submit using PNGs now. 'Solved'.
Another client uses some third-party PDF software to send those to us. Their solution results in perfectly readable files that our converter refuses to recognize as a PDF. I looked at the data, and it looks ok to me with an unuusal qualifier in the header. Seems their software creates PDFs with version numbers that can't really exist... Solution? Open the PDF before they send ti to us, save it, and magically somehow it changes things.
Another client sends us PDFs that often convert perfect images, hidden behind what can be described as zebra stripes. Except for when it looks like black & white leopard stripes. Solution? Send us JPGs.
PDFs are a lot more complex and difficult than people think. So many third-party apps that generate almost-compatible PDFs, Adobe probably trying to kill these by modifying the file format, adding features that just don;t come out so well, it's not bliss with PDFs.
But to the OP, what open document format would we want the government to use? It should be first, read-only when needed, for instance for applications and submissions, though read/write as an option, of course. Signable. Able to secure, probably via certificate. Forms capability of course. Does this readily exist?
deleting the extra space after periods so i can stay relevant, yeah.
I'm a programmer who works for the government. I've used open source projects in the past, but there are some concerns. For instance, it's not just government that works in an open source project (kind of the point - mostly this is a positive thing). So, if you have another party that knows a government organization is using a certain open source project, they can attempt to insert malicious code and hope we'll update our software version in the future. So I have to be very careful how I institutionalize usage of different projects, even though I really love using open source. I'm not even going to pretend that I am any good at spotting malicious code - really wish I was better, but not sure I have that much time to invest in that.
The closed-ness or openness of the code doesn't make the bug easier or harder to fix. It just makes fixing it more public with a potentially larger pool of people looking for the bug.
True, in FOSS you don't get any features at all.
I am an Administrative Official for a large organization. Uploading grants is literally a major part of my job. (As a research scientist, I also write my own grants - so I understand this from several angles.)
The argument that open standards should be used is a fair one, but it is missing the bigger picture here. The vast majority of grants (NIH, NSF, Veterans Affairs, DoD, etc.) are SF-424 NIH standard packages obtained through Grants.gov and submitted by an AO such as myself, not by the applicant. Very few grants require the person authoring them to be the signing official who agrees on behalf of the organization to administer funds if the grant is successful. The vast majority of the applicants therefore route grants through a corporate or University network, where Windows (and to a lesser degree OS X - I'm a Mac user myself) predominate. In all of these cases, the organization will be providing the tools necessary - Acrobat is handed out like candy in my organization. It's part of the corporate image for all computers. Using Acrobat forms streamlines and simplifies submission for 99% of the applicants. The government is not going to change this to address a few edge cases.
The suggested alternative - web forms - is laughable. It might be good for one person, but in an average submission cycle I am sending 10-15 grants with widely varying requirements including esoteric formatting issues, hard-coded naming conventions, and etc. - not to mention that the typical grant includes dozens of required components and attachments, each with set formatting restrictions. It is hard enough to comb through an assembly SF-424 package to check for errors prior to submission as it is. If I had to manually upload each of these grants, one at a time, one piece at a time, into a web forms system, I would not be able to do my job. Period.
Post-submission, forms are processed by a clunky system in eRA Commons, then get referred to Grants.gov for eventual routing to the reviewing agency. The system has a series of automated checks built in to verify that the package is complete before it is assembled. This requires the various bits and pieces to be separate documents, as they are in an Acrobat package (and it is a package, with embedded attachments, not a flat PDF). This process is flaky and fragile enough as it is. Web forms are not going to improve the process, but they certainly would increase the workload for the AO by about 1000% and would definitely increase the error rate. This is also ignoring the fact that the forms are modular, in that some sections (like the budget) are only inserted as needed, and the necessity of being able to assemble and pre-check these things offline precludes any kind of web form system. The article writer is being intentionally obtuse and a bit naive here to make a shallow argument in favor of open standards. Heart is in the right place but reality is being ignored here.
Tl;dr version: it's hard. We do the best we have with the tools provided. Just be glad Grants.gov didn't decide to use InfoPath instead of Acrobat.
Are you arguing that you don't want the submissions in standards compliant PDF?
Or does my sarcasm detector need a 50,000 mile service?
Sent from my ASR33 using ASCII
Treasury Dept requires the use of Adobe Acrobat to fill out and submit the 'foreign bank account' form (I have to report every year on my Canadian RRSP - 401k equivalent- since it's more than $10k.)
You would think the obvious way to do this is with a (secure) website. But no, that's not how Treasury does it. Instead, they have to have some back-end that extracts information from the specially crafted PDF that can only be submitted through Acrobat Reader (you can't just email or upload the filled-out PDF form.)
So every year I install Acrobat, fill out the form, and then uninstall Acrobat Reader (letting Mac OS X Preview.app handle all other PDF duties.)
A few years back the tax authority demanded Adobe software to see your tax return. It was due to a new embedded PDF viewer in Internet Explorer, where the tax authority could not make sure the private documents were removed from the HD after the user logged off their site - which would be a problem for people, who used PC at a public library. Their server therefore enforced Adobe on every user. The uproar was large enough that they changed it though.
The public TV broadcaster - to which we have to pay a license fee for just owning a computer, because of their online content - now uses Flash 12. Not available on Linux except through Chrome. And not on the embedded Linux in my TV. But for some reason they allow another, flash free solution on iOS.
It was bad in the 90s, but got better in the 00s so you could use Linux interacting with almost anything on the net. But recently it seems to go the wrong way again. I wonder if this is due to the "app" concept on phones making developers thinking in special solutions for each client platform?
Look, anyone making a grant application who can't beg or borrow someone else's computer for a bit and thinks that the solution is to whine about it has bigger problems. When you're asking for money, better to just go with the flow. Maybe include the purchase of a windows computer in the request. Or get one of those cheap windows tablets.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Except HTML does not look the same and frequently breaks despite the best efforts of web developers to tweak their HTML for all standards unless the HTML is extremely simple.
The closeness of the code means that fewer people can look at it, but it also means that when a bug is found the proprietary owner of the code can pretend the bug is not there, hope for security by obscurity, and otherwise extend the time before a fix is installed. Often bugs in proprietary code remain in the code base for years after the company finds out they exists, and are never fixed until they are publicly revealed in the media, though the company and often the government security agencies, know the exploit exists.
since it is much harder to hide nefarious features inside code that can be publicly inspected
Not THAT crap again.
Heartbleed should put that right to bed.
I don't understand your point here. It was found and then fixed in a few days, and the patches were widely released to anyone willing to update. The system worked exactly like it was supposed to: the fact that a single critical bug garned that much attention should give you an idea of how uncommon it is.
Well the Heartbleed bug was introduced in OpenSSL 1.0.1 (March 2012) and wasn't fixed until 1.0.1g (June 2014). So the bug sat there for 2 years (and through 6 OpenSSL releases) without anybody noticing it.
Don't get me wrong, having open access to source code is great. But simply assuming open == safe/secure is naive. If few people actually look at the code or (in areas like cryptography) if the people looking at the code don't have the specialist knowledge and experience required, then bad code can slip through.
...of 135 ISIS agents working within Adobe, Microsoft, and Apple.
Look, it worked for McCarthy. I know it's mean, but we're playing for keeps here.
HTML forms are a bad idea for proposal submission.
I've written quite a few grant submission systems (I have a grant cycle running right now, with a deadline of this Friday...yay...). It's a pretty standard deal- web based system that allows for a fair amount of meta data (PIs, co-operators, institutions, name of grant, funding request, etc.). These of course are all part of the HTML forms.
BUT- the proposals themselves- the 2-20 page document where they explain the project- is always a complete mish-mash of stuff that could never go into an HTML form. Formulas, images, etc. Tons of formatting. And typically it is a document that has been shared/edited with other researchers. I ran one system about 15 years ago that was HTML only, and the number of projects that had 8 different PIs, who all wanted edit rights at the same time was way too high. This was pre-Google Wave, and the idea of 8 people simultaneously editing the same text on the web was insane then...as it is now.
Plus, the way that researchers/PIs handle these submissions is to turn everything in at the last possible minute. Any complication on the receiving system will just cause you to get your ass chewed out in the hallway at the next big conference.
I absolutely, 100% never ever want to hear someone say, "I tried to submit my proposal, I typed everything in, then there was an error." Because really, these people will open the page, then sit on it for 3 days as they dink around. When they finally hit 'submit' they're surprised that there was an error. Yes, there are technical ways to mitigate this problem...and the very best way is to have the applicants submit documents.
But, in the case of this article...I usually provide support for these systems. I've been doing this for about 20 years, so I'm fairly good at it. And the absolute quickest way to provide support to someone having problems is to say, "Just email me the document, and I'll submit it for you." 90% of the time I get an email that says, "I figured it out...thanks for your help." 8% of the time people say, "I tried to email the document, but it failed...my file was corrupt, so I re-saved it and then submitted...thanks for your help." The last 2% send me the file, I convert it if necessary, and we move on. (that's 2% of the problems, not 2% of the submissions)
There is no reason for me to make a 100% bullet-proof, all-inclusive system that will handle every single different scenario perfectly. It would take too much time. For the very small number of people with a problem, I just do it the old fashioned way. So if somebody told me, "I'm on Linux, and I can't convert my file to PDF, and I don't want to use one of the billion on-line PDF conversion tools, why is the government supporting Adobe and Microsoft!!!, blah blah blah" I just tell them to send me the file. In about 3 minutes I'm done and they are happy. Once upon a time I even hired temps to do this work- but these cases are really about .5% of submissions, and it just isn't worth it.
The article wasn't about the practical aspects of using PDF, it was about the (crap, can't think of the word...) aspect, where someone got their panties in a bunch because the government doesn't facilitate their worst-case-scenario approach to proposal submission.
Source: Been doing this for 20 years for the gub'ment. Yes, there is a guy like me behind most of those systems. See the part of the submission site that says, "For technical assistance...". Yeah, call me or send me an email and I'll take care of it for you. That's why they pay me, and good service is how I make the system look good.
***On the other hand, when you send an email to me, my boss, the funding organization and the overarching agency describing how the system does not function properly, and you were not able to submit your proposal...yes, I will send back a very detailed screenshot laden email pointing out step by step how you failed, and probably send the logs showing that you logged on one time 3 hours before the submission deadline. Goddam I hate it when people blame their failings on the system.
No reason to lie.
Look, I have some sympathy with the concept of moving towards open standards. I also believe that compatibility with multiple computing systems is a general Good Thing.
However then I read the following: "Acrobat is a totally closed-source program, which means we have to take Adobe's word for it that nothing sketchy is going on in its code."
This is nothing more than the FUD that FOSS users routinely accuse other of. Source code access might be a generic good but in reality, multiple additional conditions must exist before any business value is realized from that. Adobe is a reputable company and smearing their reputation with allegations of "sketchiness" is nothing more than character assassination. If this were done to a FOSS company, product, or community, the FOSS world would go insanely defensive, with justification.
The FOSS world has had more than enough security blunders, quality control problems, UI design fails, toxic interpersonal problems, and all the rest. If you feel free to take shots at the proprietary source world then be prepared to keep your own house in order. Or get called out for having feet of clay.
There are sound reasons why the computing world sometimes gravitates towards de-facto standards, proprietary software, or other systems that might not scratch your Free itch. When FOSS works it can be wonderful. When it fails or underperforms, there's a litany of excuses, rants, and ideology readily trotted out. This kind of reaction is unprofessional and blames the user when most often they are blameless.
Not everyone cares about what you care about. Your agenda is not necessarily my agenda. And when people want to get work done, on time and on budget, you really can't blame them for adopting what helps them do that. FOSS or otherwise.
Javascript should not be part of standards to be relied upon. Javascript itself changes depending on the interpreter and environment used and its behavior cannot be guaranteed without significant investment--even Google struggles with it, so much so they run a few million automated tests per feature for each web-based software/service they provide.
Archiving is about ability reproduce, exactly, data, look thereof, etc. without deviation. I'll take PDF/A any day with no hesitation for that sort of thing or hell--give us paper or microfilm all over again if that's what it takes (at least proper formatting due to strictly defined standards + providing a decent environment = guarantee so long as those specs + conditions are maintained, and you don't need billions in ongoing investment to upgrade infrastructure + build backwards-compatibility into new services and systems to maintain such access).
You are correct. You only get what you ask for and nothing else. The way it should be. My pdf viewer doesn't need cloud access.
Except for systemd, but that's another topic.
Ahhhhh. The real story! Thx!!!!
Don't step on the baby.
I am having the same problem with the EU, trying to submit a funding application to the ERC. They also require the same Adobe form process... and Adobe only support Windows and OSX software.
Have you made a more public complaint that the EU is requiring the purchase of a proprietary foreign product? Microsoft, Apple, and Adobe are all foreign.
If the bidding was rigged in favor of one particular supplier you'd have a right to complain
It is rigged in favor of Microsoft Corporation and Adobe Systems.
Could you have obtained a paper form and used that instead of Adobe software to file a New Jersey income tax return? I'm trying to rule this out because I'm looking for evidence for the claim that governments' revenue departments have gone paperless and proprietary.
Javascript should not be part of standards to be relied upon.
JavaScript is the combination of ECMAScript and the HTML DOM. ECMAScript is a standard published by Ecma International, and the HTML DOM is a recommendation published by W3C. Yes, some implementations fail to conform, but some implementations of PDF/A likely also fail to conform.
I ... have to look very hard for computers not sold without Windows or MacOS
"not sold without" doesn't mean what you intended. I'll assume you meant "sold without".
"computers" includes devices with Android or iOS. I'll assume you meant "desktop or laptop computers".
A few months ago, I bought a Lenovo ThinkPad laptop on eBay that came with Windows 10 and had its Certificate of Authenticity torn off because it was from a lot of computers that were on a volume license. After a system update, it failed to activate because it couldn't connect to the volume license server. I asked the seller, and he said the whole lot was like that, and I could either provide my own Windows license or mail it back. Instead, I kept it and put on Debian.
If you bought a computer in the last 20 years, you will have noticed it comes with Windows
The process only works with Windows 7.
What, computer operating systems can't be upgraded?
PC hardware manufactured 20 years ago is unlikely to meet the system requirements of any currently supported Windows operating system.
Can that particular form be filed on paper instead?
Having a philosophical preference for Linux is not a disability, and not catering to that preference is neither discrimination nor harassment or persecution.
Um, no. The government has never had a policy of not requiring citizens to deal with a particular for-for-profit company.
NO! I should have mentioned that. THE ONLY WAY to file this form ("substantial penalties for failure to file" and they will go after you because of money-laundering initiatives) is through Adobe Acrobat!!
Maybe the contents of the document fell foul of Mozillas anti free speech PC brigade
Can the U.S. Treasury's foreign bank account form be submitted on a copy of Adobe® Reader software installed on a PC at a public library, or does it have to be submitted from a PC that you own?
Uh huh! You're a researcher who submits grants? You're a researcher who submits grants. researcher submits grants submits grants Dubious poster alert!!! You aren't a researcher who submits grant applications but a researcher who submits grants. I'll buy that for a dollar!
Hmmm... my information seems to be outdated. Thank you for the correction. I still think it doesn't really excuse them implementing explicit vendor lock-in with said PDF file though.
I keep reading all this about how open the PDF standard is. Get this through your thick skull: if there are no *other* implementations that do everything that the reference implementation does (for PDF this is Adobe Acrobat Reader) then the "openness" of the format is an illusion. None of the alternative PDF readers, of which there are many, handle *all* of the things supported by the format, much as none of alternative flash encoders/decoders actually support everything done in Adobe flash. My question to you guys is this: Is there any real reason left for not implementing things like this as web applications which run in browsers? Has not our modern HTML5/javascript/css stuff progressed to the point that *everything* in Adobe Reader could actually be done in-browser? Not only should one not be forced to use a specific program for submitting forms to the government, but also one should not be required to use a PC, regardless of OS. Millions of people around the world now use smartphones/tablets as their primary computing devices. But again unless the supposed *openness* of the format actually translates into real existing independent implementations, we're stuck at square one. IF the government is going to require us to make use of Adobe PDF reader, then Adobe PDF reader should *be* a website that works in any current browser. Then the government agencies could host their own PDF reader server, subject to public accountability requirements, and the the browser client could perform all of its operations locally on the target platform(no cloud shit).
If you want to be in the game, you have to go by the rules of the people handing out the money.
Then is it reasonable to include the cost of complying with the rules, including the cost of a Windows license for said $20 computer, in the grant request?
Considering that the $20 computer already has a windows license, why?
It may in fact come with unlicensed Windows. I recently bought a used PC whose included copy of Windows ended up having been activated to some company's volume activation server that it could not reach. I concluded that said server was almost certainly behind the previous owner's corporate firewall. And a lot of thrift shops have an "AS IS" policy on electronics purchases.
hmm yeah tell that to the people embedding programs into pdf's and all that. flash files, what have you - and adobes publisher makes files for adobes reader. other readers might work or might not. .zip is a perfectly open license free standard! so lets have government just zip the files and we're golden!
anyways, the latest pdf format version apparently isn't open, apparently, so it is just as good as docx or whatever in practice. might just as well export to html or whatever.
world was created 5 seconds before this post as it is.
I've also found no open source PDF reader that implements the full standard. Specifically, it is possible to embed 3D models in a PDF file so that they can be manipulated, and this is covered in the PDF standard. It's possible to create these with open source software, such as libharu and the crawling horror known as U3D. (Protip: when outsourcing go all the way across the Pacific. Do not stop at Rl'yeh, no matter how tempting the contract is.)
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Do you normally enter your financial information onto a public computer? I wouldn't.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Where is the public notice from the U.S. Government that it does not make this particular form available through paper?
You can read about it here: https://www.irs.gov/Businesses...
Regarding the individual FBAR (FinCEN Report 114), the link you gave me confirmed that it "is only available online through the BSA E-Filing System website." But I clicked through "BSA E-Filing System" and saw this:
Online Form: Adobe Reader NOT required
Considering that many distros ship with multiple window managers, trying to identify a distro by its' windows manager doesn't work.
Which is why I mentioned X11, the one thing that all Desktop/Linux/That/Isn't/Android window managers and toolkits have in common. The X Window System allows use of any of several window managers, the vast majority of which allow overlapping windows, tiled windows, or both. Desktop/Linux/That/Isn't/Android uses X11; Android doesn't.
Just use linux or android - everyone will understand the difference.
It turns out that not "everyone will understand the difference". Some Slashdot users tell me that Linux has already "arrived" (in the "year of the Linux desktop" sense) because it is the kernel of Android. And when I clarify in a reply that Android doesn't count because an all-maximized workflow is impractical for many desktop use cases, I get called out for the fallacy of "moving the goalposts". Because I've been harassed so often in the past for "moving the goalposts", I have been trying to find a term that is correct the first time. Historically, there has been a very strong correlation between GUI Linux distros that use Bash and GNU Coreutils and GUI Linux distros that use X11, which has allowed "GNU/Linux" to be understood as clearly excluding Android. And it sounds less paraphyletic than saying "Desktop/Linux/That/Isn't/Android".
Do I need to try using only "Linux" for a while and collecting evidence of actual confusion?
Not all distros come with a windows manager. It's not needed, for example, in server installs and mini and recovery distros.
These have not been suggested as substitutes for a desktop distro in the way that Android often has been. Once netbooks were discontinued at the end of 2012, people have recommended that netbook users instead buy an Android tablet and a keyboard, which doesn't fit my work flow well. So I have been trying to come up with a precise yet concise name that includes desktop distros while excluding Android, and the closest I have is "X11/Linux" or (when already in the topic of daily-use GUI distros) "GNU/Linux".
android tablets can already run two apps side-by-side
All Android tablets? My Nexus 7 (2012) got Lollipop but never got this feature. I know a tiling window manager ships with some tablets, such as the Samsung Galaxy Tab A that I bought a week ago. When I tap the Recents button, each app's title bar has an icon for whether it supports the tiling window manager. This icon looks like the logo of the Nintendo DS, and tapping it activates the tiling window manager. But a lot of apps that I use do not have this icon, because the app's manifest does not explicitly opt into the tiling window manager, and can thus run only in the full-screen. Examples of incompatible apps include the official Stack Exchange app. If I open a tiling-compatible app in one window and press Recents in the other window, only those few tiling-compatible apps appear in the resulting Recents list. Nor can I run two instances of the same app in tiled windows on the same device.
linux, freebsd, android, osx, windows, microsoft, apple, os/2, pc, mac - people will figure it out. :-)
There's a certain pedantic personality endemic to Slashdot, people who think "technically correct" is the best kind of correct, as Number 1.0 from Futurama put it. They see the success of Android, claim it as a victory for Linux, and ignore the fact that a tablet is not always a close substitute for a laptop, especially in their respective support for offline use. In Chromium or Firefox for X11/Linux, for example, I can load a dozen web pages in tabs, put my laptop on suspend, resume later, and read the pages even while offline. (The city bus that I ride to and from work does not provide Wi-Fi, and I currently do not subscribe to a cellular Internet service plan that allows tethering.) When it runs out of memory, it swaps the affected pages' memory to disk. But in Chrome or Firefox for Android, the browser is likely to purge the pages from memory instead of swapping them to the device's SSD, with the intent of reloading them when I switch back to the page's tab. But when it tries to reload a purged page, I get an error that I am offline. And even when I'm online, reloading the page is likely to erase the contents of text areas, especially on Slashdot's comment form.
Just download the app - there are plenty of them, for android, ios, and windows. That "might" get you around apps that don't explicitly have resources for tiling on the display embedded into the apk.
Enjoy :-)
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.