?

Log in

No account? Create an account
Flash - brad's life [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Flash [Mar. 16th, 2006|05:02 pm]
Brad Fitzpatrick
[Tags|, ]

More reasons to hate Flash....
http://www.us-cert.gov/cas/techalerts/TA06-075A.html
LinkReply

Comments:
[User Picture]From: lithiana
2006-03-17 01:17 am (UTC)
well, if 'has had a security issue' is reason to hate software, i imagine you'll stop using an awful lot of your current software quote soon? :-)

Flash certainly seems to have security problems less often than even supposedly "secure" software like Mozilla, unless i'm just not paying attention.
(Reply) (Thread)
[User Picture]From: brad
2006-03-17 01:22 am (UTC)
I said _more_ reasons to hate. And never did I say "stop using".

However, I already block Flash by default. And I get depressed every time I see a website which pretends to "depend" on it, only to have me enable it, click a rotating thing with some beats, then see the real content on "content.html". All the while thinking, "That's why I just ran some binary-only code, probably with security problems (yup!), which is trying to twist itself into the web's core? Nice!"

This is just me broadcasting my disappointment.
(Reply) (Parent) (Thread)
[User Picture]From: weswilson
2006-03-17 02:08 am (UTC)
Flash is BINARY? I thought it was a set of vector instructions.
(Reply) (Parent) (Thread)
[User Picture]From: mart
2006-03-17 08:11 am (UTC)

Those “vector instructions” won't do much without an interpreter, which is implemented as a native code and is thus entirely able to contain various security vulnerabilities.

(Reply) (Parent) (Thread)
From: evan
2006-03-17 02:26 am (UTC)
I wonder how hard it would be to analyze a flash file and extract all the links from it. Then you could write an anti-flash plugin that just replaces every flash control with an iframe containing HTML of what the real "content" is behind the flash. (You could even imagine the iframe having a "show original flash" button, to make this envelop the functionality of flashblock.)

And now that I'm wishing, it'd also extract all the movie URLs and make them nicely clickable in such a way I could download movies embedded within flash. Yep.

[sorry for triple-post -- when you hit "back" after commenting it loses the parent]
(Reply) (Parent) (Thread)
[User Picture]From: drbrain
2006-03-17 03:20 am (UTC)
webmasterworld.com had rumors about search engine spiders indexing flash files over two years ago. I don't know if this was actually true or not.
(Reply) (Parent) (Thread)
[User Picture]From: ciphergoth
2006-03-17 07:24 am (UTC)
If you write it I will love you forever.
(Reply) (Parent) (Thread)
[User Picture]From: xlerb
2006-03-17 09:25 am (UTC)
Anyone tried strings? Failing that, wasn't at least some previous version of the format publically specified?

Failing yet that, for the case of a site with flash splash page but normal content, a search engine may have helpfully indexed the contents.
(Reply) (Parent) (Thread)
[User Picture]From: lithiana
2006-03-17 11:25 am (UTC)
oh, i agree about flash in general - i hate it (and don't have it installed anyway) - it just seems a bit harsh to hate it more because of some security issue that could happen to anyone :)

(cue comment: "well it wouldn't happen if you wrote it in $my_language...")
(Reply) (Parent) (Thread)
[User Picture]From: kunzite1
2006-03-17 01:40 am (UTC)

Flash

(Reply) (Thread)
(Deleted comment)
From: evan
2006-03-17 03:02 am (UTC)
You must not use the web from the same computers I'm using, then -- I can always tell a page is using sIFR 'cause it makes my browsing experience sucky enough (gray boxes, slow scrolling, breaking highlighting) to stick out.
(Reply) (Parent) (Thread)
[User Picture]From: brad
2006-03-17 04:04 am (UTC)
Totally.

I wrote an un-sifr greasemonkey, but loading still sucked because greasemonkey (at least at the time) couldn't get involved early enough.
(Reply) (Parent) (Thread)
From: evan
2006-03-17 04:13 am (UTC)
Mart's got his funny filtering proxy. I'd bet it's written in Perl...
(Reply) (Parent) (Thread)
(Deleted comment)
From: evan
2006-03-17 05:48 am (UTC)
Firefox. It's mostly because Flash on Linux sucks. I have Flash (because plenty of sites break without it) but I use Flashblock (because plenty more / most sites just use it for animated ads).
(Reply) (Parent) (Thread)
[User Picture]From: bostonsteamer
2006-03-17 07:54 pm (UTC)
print out your Outlook calendar for the day at the beginning of each work day. or have someone else do it for you.
(Reply) (Thread)
[User Picture]From: bostonsteamer
2006-03-17 07:54 pm (UTC)
ugh...i had two brad lj tabs open. obvs. this was supposed to go on the calendaring thread.
(Reply) (Parent) (Thread)