An Adobe product manager has apologized for allowing a potentially serious bug in Flash Player to remain unfixed for more than 16 months. The admission, by Emmy Huang, product manager for Flash, came a week after Apple CEO Steve Jobs lambasted Adobe engineers as "lazy" and said when Macs crash, "more often than not it’s because …
Someone from adobe finally fessing up??? Next thing you'll see is Toyota admitting to issues with its cars!
Still gets a BIG fail for not listening in the first place. If I did that I would (and should) be fired.
The demo took out Firefox 3.5.7; and upon a reload all the tabs came back which meant, potentially, the browser could have kept dying as soon as it was restarted. Thank goodness for NoScript!
I'm not worried that Flash crashed (I'm not even surprised). What I do find to be a worry is that it took the browser with it. The browser should be written to expect plugins and addons to do stupid things as a result of clueless design. Ideally they'd be sandboxed, but I understand this might make an unacceptable lag in performance (though, security-wise, it mightn't be a bad idea). They should at least run as a separate process with reasonable time privs and the bare minimum of system privs.
The most annoying thing of all, however, is that I couldn't kill IE8. Running this in one tab would result in the tab "recovering" itself. So I got smart and tried a second tab. This caused a fatal error notice to appear, but after okaying it, IE8 would not die. The second time disappeared and reloaded. And this is where things got interesting. Further attempts on the demo site would either result in the site with the bad Flash simply omitted (it is to the right of the first line, not the big blue square), or I'd be taken to the following local URL which is something of a hint:
I can't believe it. Score one for IE. O...M...G...!
Safari (at least 4.0) runs Flash as a separate process, so it was not brought down either (though Flash did crash). I believe Chrome runs each tab as a separate instance, so I wouldn't expect it to crash either. It's odd that in this case, Firefox seems to be the only browser that will crash. While I prefer Safari, I've always considered Firefox to be the more secure/stable browser.
Firefox has a recovery mechanism, for when restoring a session causes problems.. the "How embarassing" screen comes up, and lets you decide to start a new session, or selectively recover tabs.
"How embarrassing"? Only it didn't appear...
...else I would have mentioned that.
Simpson, Homer Simpson...
IE vs Firefox crash
IE8 runs each tab as a separate process while Firefox runs all tabs as 1 process. This makes IE8 much more robust - the only downside is IE8 consumes more RAM than Firefox. At this moment in my PC Firefox (5 tabs) uses 190MB while IE8 (3 tabs) uses 290MB.
re: IE vs firefox
by default, IE is process for every 3 tabs I think (though it's tunable)
I suspect a lot of the extra memory usage is because of having to run flash etc. multiple times
it's just a shame they didn't take it to the logical conclusion and let you move tabs between frames, like chrome
Only true for small values of "crash"
Shrug. It's pretty innocuous for newer browsers (Mozilla 3.7, Chrome 4), which report the plugin crash but keep on working. Given the hype around IE8, I'd hope that it handles plugin crashes gracefully too.
The main problem is when naive web developers use plugins to implement mission-critical applications -- I'm willing to allow Flash to watch skateboarding cats, for instance, but I wouldn't go near a banking website that used it.
Opera 10.10 is stable. It did not crash (on two platforms: Windows XP and Windows 7 64).
Wow, I'm impressed!
Opera's installed in two places? Who knew?
It's probably more than the voluntary Safari userbase..
OpenSUSE 11.2 FF 3.5.7 doesn't crash.
By the way 5 tabs open : 70MB + 23MB shared memory
Can I has more links like that?
The whole, "warning, this will cause the browser to crash", statement, followed with the imminent example of it successfully doing so - the existential humor of that moment is too rich for money to buy.
Safari 4 with Flash 10.1 beta didn't crash. Didn't do anything except display a blue square.
Opera is fine
Yepp, no problem with Opera.
Still I am annoyed that Opera now and then is not not responding but actually starts ignoring anything clicked besides the close buttons. Otherwise I love it and it's the default browser on all our household computers.
Flash makes your Apple crash
So get a better OS then. I've never seen Windows or Linux crash when Flash did something weird in my browser. Kill the browser and restart it (FF will reopen the tabs I was using).
So here's a message for Mr Jobs: that really was a LAZY EXCUSE for not having flash...
Apple didn't create the flash plugin...
...so why blame them?
Flash on mac is poorly coded anyway and this has nothing to with apple, more the laziness of adobe. All the CS4 products (demos) crash on my mac and Flash often decides that a simple 2D game needs 80% of my CPU (3.06GHz Core 2 Duo).
According to you logic I could import some low quality tire for my car then when it went flat blame the car and buy a new one.
I'm not just on about Macs either, it's the same with AVs on Windows - so many of them have bad coding which makes them run incredibly slow .
How does that help anyone?
For the last fucking time; the OS doesn't crash, the fucking app crashes. Just like it can (and does!) in Linux and Windows!
"So here's a message for Mr Jobs: that really was a LAZY EXCUSE for not having flash..." No. It's entirely valid, what with this, the fact that it currently renders ASLR utterly pointless on Windows and all the other shit that Adobe foist on us. You are just another excuse of a LAZY, guffawing, know-nothing, gobshite troll!
On Ubuntu 9.10 found Opera 10.10 stable as well, but Firefox 3.5.7 died when running it. Thankfully I have noflash installed so restarting did not result in another crash as it restored the page.
Just reminds me of how crap Flash is, and how much I detest web monkeys that use it for everything.
XP / Vista / Windows 7 64 bit OS ? You have to run a 32 bit version of a browser if you want Flash. It's been several years, Adobe are not capable of developing a 64 bit version.
Same for Photoshop Elements and Premier Elements - even the latest versions are not supported on a 64 bit Windows operating system (though they appear to work but Premier is not very stable) - in this case, let alone providing a 64 bit version (useful if you have the RAM) even the 32 bit versions are not supported on the OS so Adobe will not provide support.
I guess when the base products have serious flaws then those take priority... however, on this occasion Steve Jobs is right.
"We don't ship Flash with any known crash bugs."
Well, none that the CTO knows about, anyway. I mean, you don't expect him to be familiar with the bug tracker for the products he's in charge of, do you?
Adobe still haven't 'fessed up really...
IMHO, That reads more like an excuse! Out of interest I have checked the site on a Mac. Firefox 3.6 crashes, as expected. In Safari the sandbox works, with the plugin crashing without taking down the browser and in Chrome (5.0.307.5 dev). The same is true for Chrome (126.96.36.199) on WIndows. This story is tired. Adobe are clearly a shower. No argument. In fact the way that Adobe have conducted themselves over this has been pathetic. It's no secret that their software is bug ridden bloatware! Look at the "related stories" at the bottom of the article; of the 9 stories, 6 are about security issues with Adobe products! It's one thing that can happen when a business is a de facto monopoly (I'm not suggesting that Adobe are unlawfully manipulating the marketplace - they're not. They are FAR too lazy to do that...) They need to pull their socks up. There is better (and cheaper) software out there from independent developers and Microsoft's Expression suite really is impressive; it won't happen, but it'd be nice to see it ported to Mac!
Sometimes a crash is only a crash.
If this was a potential hack, they'd typically say so, surely?
It may also be rather difficult to achieve? Presumably it was reported when someone wrote a Flash program that crashed, but it doesn't happen every day. You have to do the particular thing that causes the crash.
No crash here on IE or FF
Neither IE8 nor Firefox 3.6 crash for me. I get a blue box, nothing more.
Running XP, Flash Player 10,0,42,34.
Re: No crash here on IE or FF
My bad - they BOTH crash now!
FF didn't crash at first because I hadn't realised there were two flash elements on the site. You need to allow them both, then it crashes as described.
IE8 crashed the second time I tried it. Wierd.
Nice proof of concept, and bad Adobe for not fixing it...
Reader 64-bit: Another example of laziness
Another example of Adobe's laziness is Adobe Reader on 64-bit Windows.
People have been complaining for 2 or 3 years that the thumbnails and preview handler didn't work.
Who finally fixed them? Not adobe. Me, in my spare time.
One of the fixes was just a registry key set incorrectly because Adobe cannot read API specifications (something I've noticed a lot when trying to make their stuff work). So far, Adobe can't even be bothered to incorporate that fix into their installer, several MONTHS later.
How many Adobe engineers does it take to change a registry setting?
The fix for thumbnails, just released, required some coding but still should have been done by them years ago, not by a third party in his spare time.
Fixes are free for anyone who want's 'em:
Adobe = FAIL and I'll buy you a beer.
I'd rather give you some cash than give more money to Adobe. Seriously. Your page just fixed something that has been annoying me for months.
Also I suspect Autodesk use the same sloppy coders as Adobe (same offshore sweatshops maybe) as Autodesk Revit has a similar preview-and-die bug. I'm guesing that if I can understand how your fix works, I might be able to get it to fix Autodesk's junk as well.
As for Adobe, there is not enough FAIL to describe it.
Fix Flash once and for all
A few of the folks that I worked with @ Berkeley developing BSD pointed me at this tool which solves Adobe Fl^&*@sh problems. Click-2-Flash http://rentzsch.github.com/clicktoflash/ disables Flash completely in Safari and leaves the box where the poisons sits in your browser. If you are foolish enough to let Adobe Fl^&*@sh run promisously turning on Click-2-Flash also means Safari runs a HECK of a lot less RAM, and you CAN click on a Adobe Fl^&*@sh box @ the * in the LH corner to enable it.
Jim Bob Says Take Adobe Out!
I'm surprised how many people have actually checked to see if that link would crash their browser... Let's hope El Reg never publishes a story regarding the supposed lethality of sticking one's head in an oven!
Re : Surprised
Don't know about others but I ran in virtual OpenSUSE 11.2 on OpenSUSE 11.2. I've tried every thing with FF 3.5.7 & I can't get it to crash
Take the lead
Never has a better opportunity for Microsoft to get it's Silverlight into the frame, get the suite ported over to all the creatives on the Mac bench and leave these idiots in the dust.
Adobe: "We will have a beta release later this year" Are they serious?
CEO: "We are flawless, take that back"
Product Manager: "I'll chase that up. It'll never ever happen again. Please don't kill me. It's my first day. It was reported nearly a year and a half ago. It all happened under George Bush's regime. At least Saddam isn't there now. Look, a bird! <sound of running away>"
(Steve jobs: "ha ha!" in a Nelson stylee)
Modern life == reliance on increasing bloated complex software systems == continuous low-level fail, resulting in continuous low-level annoyance, no matter what platform you're using (your annoyance may vary depending on your chosen OS / supplier).
As for the fipshit who reckoned flash caused "apple crash" - dear god man, read the story again. Then read the comments. Then come back after you've thought about what you did.
How odd - tried it with IE7 and nothing appeared to happen. Made sure Flash was running, yup (v10) so was a tad disappointed, then I tried to open new links.... Seems that whilst the IE7 process didn't throw any exceptions it did get in all of a muddle - couldn't get any new pages open in either existing or new tabs - they just sit there spinning, waiting for data.
Haven't got any netmon stuff here at work so don't know if the network code gut munged and it isn;t even trying to connect to remote servers, or it's something else. Interesting anyway.
Perhaps Steve Jobs
will be rooting for Silverlight
opera & xp ok
My system OK -
Opera Version 10.10
System Windows XP
Java not installed
XHTML+Voice Plug-in not loaded
Next thing, they'll fix the bug with Acrobat files crashing browsers since 9, thus neccessitating saving each one instead of viewing it in situ :p
Yup, here too
FF 3.5.7 on Ubuntu 9.10 -- only crashed when I allowed the second Flash instance, on the top right corner (running FlashBlock). Running just the big one only gave the blue box.
Who's minding the shop?
Does anyone know if Adobe has offshored Flash development or if it's still in the US?
Long before Flash was born, Director ruled the multimedia roost, and was a pretty decent program. Recent versions of Director (still not dead, but pretty marginalised) have been buggy rubbish, and people on the Director mailing list attribute this to Director development having been moved to India, to be taken on by an entirely new team who've never worked on it before. Clever clever Adobe for throwing away all the human capital that Director had accumulated over the years.
If (purely speculation) Flash was rubbish because Adobe had pulled a similar cost saving trick, it would make sense. On the other hand, if they're still developing in the US with the original team - well, they'll have to find another excuse then...
IE8 + Win 7 + Flash = No crash.
Don't see the problem. Crome 5 + Win 7 + Flash, same system = Flash Crash.
"if there was such a widespread problem historically Windows could not have achieved its wide use today."
"if there was such a widespread problem historically Apple could not have achieved its wide use today."
"if there was such a widespread problem historically LINUX could not have achieved its wide use today."
I think I see a pattern here.
(Liked it better when history sat in the corner and mumbled "you will get yours." while holding a rather large knife.)
ZDNet has details
According to http://blogs.zdnet.com/security/?p=5422
"If a Flash 9 [or 10.0] SWF loads the same URL twice with the first returning a Flash 7 SWF and the second time returning a Flash 8 SWF, or vice-versa, the Adobe Flash Player plug-in will attempt to dereference a null pointer, crashing the browser."
I'm not quite following... but it seems to be saying that if one URL - one web page? one Flash object address? I think the latter - sends you a Flash 7 program and then is reloaded and sends you a different program - a Flash 8 program - then Flash will crash. But... is that as far as it goes?
How often will this actually happen?
IE7.0.5, FF3.5.1, Flash 10.0.42.34, bluebox.swf
No crash. IE7 is rather stubborn about opening the flashcrash page in two tabs of the same window, but aside from that, no ill effects. (It's not that IE7 won't open the flashcrash in two tabs, but that the second tab takes 10 - 20x longer to load than the first tab did.)
FF had no problems with it.