Might as well stick this item here:
Apple’s Chief Makes Case Against Flash(
It seems that the views from the Flash Bashing Express (phrase coined by David Chartier, see ‘Microsoft echoes Apple
’ link below) merit a separate thread. The starting post of this thread, Grelber's reply to this post by Hal Itosis, was detached from the iPad thread. Alternaut)
‘Real’ world follow ups:
This whole issue runs pretty deep. What with patents, licenses, law suits, settlements, fees, "open" standards, documented standards, approved standards, proprietary standards, cross-platform issues, revenue from sales, revenue from advertisments, etc., ... it's one ugly mess.
Good thing the world didn't have to depend on these guys to develop TCP/IP, otherwise there never would have been any Internet. Can't the government fund a couple of geniuses from MIT (or wherever) to get together and crank out a video format + hardware decoder for the world/posterity so we can move forward already?
Anyway, more links to peruse:
[oh, i intentionally left slashdot out of the picture... as FTM is a friendly, family-oriented place.
]
[oh, i intentionally left slashdot out of the picture... as FTM is a friendly, family-oriented place.
I know you'll find a few +5's in there from me on the subject.
Here are a few words from one of the founders of Ansca Mobile, makers of Corona (an iPhone simulator):
Thoughts on Apple and AdobeSurf around that entire site for more info, and check out this Wired article too:
Ex-Adobe Engineers Weigh In on Jobs’ Flash Attack
Feds may launch inquiry into Apple's Flash stance
I thought they were focusing on the "have to use C for store apps" limitation?
Apple vs Adobe: Steve Jobs is Emperor Ming
That article does briefly add in a bit of historical context. So —while we're collecting all the Apple vs. Adobe linkages into one thread —here is another person's overview of the clash:
Sorry, Adobe, you screwed yourself I thought they were focusing on the "have to use C for store apps" limitation?
True (i believe). Yes, the overall "issue" is actually divided into two areas: Flash Player for web video and Flash Professional developer environment for cranking out cross-platform code. The two often get conflated (or confused) in forum discussions, but that only serves as further evidence of Adobe's omnipresence.
--
What i find most often missing in all the media coverage are references to the fact that Apple/Jobs isn't the
only entity dissatisfied with Flash. [e.g., the
Free Software Foundation and probably any Linux fan feel about the same, to mention two.] It's just that Apple/Jobs is the most notable figure actually *doing* something about it. So i guess that's where the focus will go... but the full story encompasses a wider swath.
I’m not familiar with every avenue potential litigants may be exploring, but some of them don’t look all that promising according to this:
Lawyer: Antitrust move against Apple would 'sink'.
--
“And now for something completely different...â€
Almost unclassifiable. (unintended satire perhaps?):
Apple's 'Disruptive' Strategy Targets New RivalsWatch CNBC's in-depth coverage of Apple all day
Tuesday—part of our special week-long series '
American Titans.'
- Monday, May 10: Exxon Mobil
- Tuesday, May 11:Â Apple, IncÂ
- Wednesday, May 12:Â Boeing
- Thursday, May 13: McDonald’s
- Friday, May 14: Google
--
This article by RoughlyDrafted's Daniel Eran Dilger describes the multi-faceted dispute, and links to his many other articles detailing the matter:
Why Steve Jobs Loves Adobe Flash
Watch CNBC's in-depth coverage of Apple all day Tuesday—part of our special week-long series 'American Titans.'
It's on now as well (8pm EST).
/posted from my iPad.
Edit: more info at planetoftheapps.cnbc.com
This one seem be stirring up the pot significantly:
[Brimelow doesn't need to use the term "lie", as Flash minions are spreading the word everywhere. There may be something fishy behind the scenes... i.e., it's a newer version of Flash, therfore... what Jobs said was probably still true *
when* he said it.]
"Flash Works On Touch-Based Devices"
It's not so much a matter of running it, it's an interface implementation problem.
Think of all the flash based games you've played in the past. Think of how you move the mouse around, and for example, a hand or a crosshairs moves, or maybe your guy starts waking toward where you have the arrow now. Or you have to swing the mouse around between targets.
AND then at some point of course you have to click the mouse.
These two operations can be independent because Flash has "mousehover". It means the app can tell where you've moved the mouse to, before you click it. This is a very handy control feature, and not surprisingly, and to no fault of the devs, they use it. A lot. Almost 100% of the time.
Problem. Touch interfaces don't currently have any way to indicate you are say, sweeping your finger across the surface without clicking. As far as the touch interface is concerned, your "mouse button is down" the entire time. This is the primary problem. There's no way to move the pointer on a touch surface without it interpreting a click down. The only way around this is to require the user to do some other additional interaction, like a quick release and tap down. This is something of a hack, but it will suffice for many of the games. BUT it's likely to require a recode of the app to smoothly support.
Second problem, much less frequently noticed. Your finger is in the way. It's often very important to get a very precise position in those games, AND you often need to see when the pointer changes colors, patterns, etc, indicates you're over the thing you can click on etc etc. On a touch interface, your finger is covering the pointer. It doesn't need you to see the pointer because you can't hover anyway. So if you fix hover, you have this new problem. This can also be hacked around by feeding such apps false touch information, such as placing the input 1/4" up from the actual finger location. This would either require a switch on the device or modifying the app.
There are other issues that are also less obvious. A few games have a very real need to intercept when you sweep your cursor over certain things. They could be walls or enemies or whatever. Basically pointer-to-object collision detection. For example, navigate your man through a maze. You can't cheat them because your pointer is always on the screen, and you can't move from A to C without crossing B. Except if you can lift your finger off the touch screen. So this breaks some game dynamics. (your man could teleport to the exit) This too could be hacked around, we could say that if you lift your finger and drop it somewhere else, the ipod feeds a fast hover sweep from A to C, crossing B, and causing whatever that may cause to happen.
So... yes, it can be done, but there are several severe limitations you have to work around. It could be done, and we may yet see it happen, especially if touch interfaces continue to increase in popularity. But these problems cannot be dismissed or ignored. They are legitimate, serious problems to be addressed.
Second problem, much less frequently noticed. Your finger is in the way. It's often very important to get a very precise position in those games, AND you often need to see when the pointer changes colors, patterns, etc, indicates you're over the thing you can click on etc etc. On a touch interface, your finger is covering the pointer. It doesn't need you to see the pointer because you can't hover anyway. So if you fix hover, you have this new problem.
Very perceptive! (do you have an iPad?) Anyway, you are correct... and that aspect has
not been discussed much. Even for insertion point positioning and text selection (such as I just did while editing this post), Apple pops up a little magnifying glass which shows me (from its offset location) the area under my finger. So yes, I would certainly think that any game (or website gateway even) in which any degree of precision when pointing is needed, would also require retooling.
Excellent... I'll keep this in mind now, as I do battle in forum threads.
__
Here are two old articles which provide some perspective (on the Flash topic in general, not the touchscreen issue):
/posted from my iPad
do you have an iPad?
Nope, but I do have an ipod touch, and I use it quite a lot. That's one of the big issues with my use, trying to figure out exactly where it thinks my fat finger is.
I have a flip case for it that comes right up to the edge of the screen left and right, and makes it hard to move the insert to the far left side of the screen because the cover's edge is in the way and I have to sort of mash my finger into the corner where the side of the cover bezel meets the ipod.
My mind tends to fall immediately into "devil's advocate" mode during discussions like this - I tend to analyze problems from all alternate angles trying to spot problems before they get a chance to attack me.
I had another revelation when pondering flash on a touch device... lets say you are a man walking on a map. One of the terrain types is swamp. When you walk your man through the swamp, he walks slower.
This works because the position of your mouse or finger on the trackpad is not 1:1 with the movement of the man on the map. You may move your mouse 3" to the right and the man crosses the entire map, or maybe only 1/3 of the map. It works because you are moving the pointer/man, and it's ok for it to move at a different speed (or stop completely) even if your mouse keeps moving. Say you hit a wall and stop. You can continue to move your mouse to the right as the man tries to push through the wall and gets nowhere. Eventually you move your mouse up instead and he continues up.
Now think about how weird that would get on a touch interface. You move your finger past the wall and the man stops at the wall. Your finger continues moving right for several inches as the man "jogs in place". Then you start swiping upward.
Now the man is at a different location on the screen than your finger is.
I have no idea how you'd work around that as a developer. Probably your only sensible solution would be top STOP the movement until the user stopped swiping, and picked up his finger and put it back down on the man and re-acquired control. Clumsy but I suppose doable. Absolutely would require recoding the app.
The same problem would come up with the swamp example above. I can think of several other games where you can get "nommed" by critters that you have to "shake off" or they slow you down or stop you completely. Games like that would have the above issue.
Of related interest: Ted Landau on
Solving Flash problems on a Mac.
[ I don't envy you mods/admins here, having to decide what belongs where.
]
But I think these go here:
^ some stuff i missed apparently, while away for the summer.
In other third-party plug-in news, looks like Java may be on its way out as well:
Apple hints no Java in Lion's tank.
These "developments" seem strange, to say the least.
A dumb question perhaps, but ...
Given that Flash Player is used by innumberable sites and that Java and JavaScript even more so, how might one continue to access those sites which make use of same?
These "developments" seem strange, to say the least.
A dumb question perhaps, but ...
Given that Flash Player is used by innumberable sites and that Java and JavaScript even more so, how might one continue to access those sites which make use of same?
I can't speak for Java, but its elimination will not affect JavaScript (*), and Flash will remain downloadable at user option, although it will be up to individual users to make sure they're current, particularly security-wise.
(*)Extracted from
Java vs. JavaScript:
"Now let's talk about how Java and JavaScript differ. The main difference is that Java can stand on its own while JavaScript must be placed inside an HTML document to function."
These "developments" seem to have to do with Apple's inability to ensure that such third-party components function consistently, reliably, and securely within the context of the iOS/OS X operating systems. The recent preview of OS X 7 shows that the computer and "mobile device" versions of the OS are increasingly being developed as superset and subset, respectively, part of Apple's attempt to create a user experience which translates seamlessly between devices.
These moves are about control; but interpreting whether it's in the sense of an attempt to lock users into the Apple ecosphere, or in the sense of "quality control," seems to depend on one's prior disposition regarding Apple.
These "developments" seem strange, to say the least.
A dumb question perhaps, but ...
Given that Flash Player is used by innumberable sites and that Java and JavaScript even more so, how might one continue to access those sites which make use of same?
Very few sites use Java.
However, it should be kept in mind that Apple is not doing anything particularly unusual here. They are not forbidding Java or Flash on the Mac. They just aren't going to provide it any more; if you want it you will have to download it.
That is exactly how it is on other operating systems. If you get a Windows computer, it won't come with Java or Flash. The first time you visit a site that needs either one, you'll be asked to download them.
Same for Linux. Apple was the only major OS vendor supplying Java and Flash out of the box. Now they aren't going to; OS X will be exactly like Windows and Linux in that regard.
So all in all, no big deal, really.
RE These moves are about control; but interpreting whether it's in the sense of an attempt to lock users into the Apple ecosphere, or in the sense of "quality control," seems to depend on one's prior disposition regarding Apple.
Methinks you're being too kind ~ diplomatic. It's all about control, pretty much in the Orwellian sense — which, given Apple's one-off Macintosh ad in 1984, has a peculiar irony attached to it.
I had thought, even way back then, that Apple/Macintosh was a boon to those of us who stared at the C: prompt flashing, not knowing what to do. And I further projected that such systems would become more and more user friendly, to the point that the human-machine interface would be seamless. Sadly, it all has become most unseemly, and now human-machine interface (to me, at least) has become so cumbersome as to make me want to become a Luddite troglodyte.
My singular comment, the same in oh, so many languages, is: merde/mierda/Scheiße/govno/....
RE These moves are about control; but interpreting whether it's in the sense of an attempt to lock users into the Apple ecosphere, or in the sense of "quality control," seems to depend on one's prior disposition regarding Apple.
Methinks you're being too kind ~ diplomatic. It's all about control, pretty much in the Orwellian sense — which, given Apple's one-off Macintosh ad in 1984, has a peculiar irony attached to it.
I had thought, even way back then, that Apple/Macintosh was a boon to those of us who stared at the C: prompt flashing, not knowing what to do. And I further projected that such systems would become more and more user friendly, to the point that the human-machine interface would be seamless. Sadly, it all has become most unseemly, and now human-machine interface (to me, at least) has become so cumbersome as to make me want to become a Luddite troglodyte.
My singular comment, the same in oh, so many languages, is: merde/mierda/Scheiße/govno/....
 Hilarious.
You've never even used an iPad... have you?
And what else? Installing software is
cumbersome? LOL.
Perhaps you should just stick with a television then.
RE iPad (~tamPod)
Nope. No desire or need. What I have seen in terms of functioning of such items (including smart phones) is completely foreign (maybe even counterintuitive) to the way I carry on every-day life.
And guess what? I don't have/want/need a cell phone either. Or cable. Or satellite.
Which means I don't have whopping big 'communications' expenditures.
As I said, I love my cave (and my preserved bank account).
Which means I don't have whopping big 'communications' expenditures.
FWIW —even though my iPad is
WiFi-only (no 3G builtin) —i have "installed"
both Skype and
sipgate (
free apps).
I did sign up with sipgate (absolute zero 'monthly' charge, no charge for any incoming calls, and 1.9 cents/minute for outgoing calls to international landlines, and 17.9 cents/minute to international cell phones (in 'modern' countries that is).
E.g., using my iPad on my home WiFi setup in the USA, i called my old college friend in Australia (house phone) and spoke for
55 minutes. My credit dropped a whopping dollar and five cents ($1.05 USD). Also —while visiting Stockholm recently —I was also able to call USA for that same low
1.9¢ per minute by using the free WiFi at McDonald's (and many other establishments, including pubs).
Of course, either program can also be installed on regular computers as well... and both can call totally free to other "users" across the Internet. [e.g., i can talk computer-to-computer over the web with my Skype-using friends in Sweden (from whence Skype originally hails, btw) for
free... literally
endlessly.]
After decades of getting fleeced by Ma Bell, it's amazing to see how cheap calls can be via VoIP.
> After decades of getting fleeced by Ma Bell, it's amazing to see how cheap calls can be via VoIP.
By way of comparison, and for the benefit of the rest of the luddites out there, I use prepaid AT&T cards that I get from Sam's Club...$0.03/minute (all taxes and fees included) for state-to-state calls and $0.09/minute (also all-inclusive) for in-state calls. (Prices are for calls placed to either land-line or cell phones.)
If I needed to make international calls I'd most assuredly follow your lead.
After decades of getting fleeced by Ma Bell, it's amazing to see how cheap calls can be via VoIP.
I think it's fair to say that external forces (VoIP is probably one of them) have helped force prices down at the phone companies, because they now have package deals that dramatically lower costs.
For about five years we had a separate long distance deal with Primus - 19.95 per month for 1,000 minutes in Canada, and very low rates to other countries. During that time our phone company (Telus) constantly sent glossy brochures and phoned us trying to get our long distance business back. The answer was always "Sorry. You're too expensive."
Earlier this year they finally came up with a even better deal than Primus and we switched back.
ryck
I switched my LD service over to Yak Communications (3.5¢/minute anywhere in Canada and USA).
I used to use Yak's dial-around service (at 5¢/min) and also their LooneyCall ($1.00/100 minutes, which I can still use with their own LD service).
Yak is available throughout Canada and in many of the States; as far as I'm aware, LooneyCall is available only in Canada.
Getting back to the bash-fest:
Critical zero-day flaw in Flash, Reader, etc. (seems to be a re-run of what they supposedly patched last summer, or?).
[i.e.,
June,
Sept.]
Have there been any "HTML-5" security bugs? or is it even possible as such, since it's interpreted by the browser instead of via a close-ware plugin like flashplayer?
(clutches chest) Say it ain't so!
Here's a pretty cool trick John Gruber has devised to get many sites to serve HTML 5 video in place of Flash video to folks running Safari in Mac OS X:
Masquerading as Mobile Safari...
Flash plus MS Word - a match made in heaven.
(apparently Windows is part of the recipe too)
"Now let's talk about how Java and JavaScript differ. The main difference is that Java can stand on its own while JavaScript must be placed inside an HTML document to function."
I use swfplayer so I can play .swf games locally
(*)Extracted from
Java vs. JavaScript:
"Now let's talk about how Java and JavaScript differ. The main difference is that Java can stand on its own while JavaScript must be placed inside an HTML document to function." I just ran across this comment and found the quote to be overly simplistic and taken out context it is grossly misleading. You would have been more accurate to quote the entire paragraph which reads
Now let's talk about how Java and JavaScript differ. The main difference is that Java can stand on its own while JavaScript must be placed inside an HTML document to function. Java is a much larger and more complicated language that creates "standalone" applications. A Java "applet" (so-called because it is a little application) is a fully contained program. JavaScript is text that is fed into a browser that can read it and then is enacted by the browser--although today's web apps are starting to blur the line between traditional desktop applications and those which are created using the traditional web technologies: JavaScript, HTML and CSS.
For a more complete unserstanding of the difference in Java and JavaScript you should read the entire article. By-the-way, to be completely pricise, JavaScript is a
dialect of ECMAScript which is the ruliing standard.
Adobe Flash update puts users in charge of privacy.
Would improved Flash cookie management for end-users matter (much)?
I installed AFP 10.3 yesterday and was looking at its preference pane (in System Preferences). The Storage tab has an option to "Block all sites from storing information on this computer." When I checked its radio button, a warning popped up that says:
Disable Local Storage
Blocking all sites from storing information my disable functionality on some web sites.
This will also delete all data stored by previously visited sites, which may include game progress, login data, saved work, or preferences.
Then, one can either cancel or confirm the choice.
I opted to cancel, not knowing which sites this might affect. Thoughts or explanations?
Unless you're an online gamer (where such might be a liability), click "Confirm choice", in IMHO.
Any site where that might prove to be a problem should evidence itself the next time you log in, but it's unlikely that anything seriously detrimental to you would happen.
Done! I'll post back if there are any problems.
I tend to agree with Grelber re picking ‘Confirm choice’, except perhaps when you have important cookie functions that may be affected. In that case, a more fine grained approach would be preferable, i.e., as offered by
Cookie Stumbler*, with which Flash cookies may be removed individually, rather than wholesale.
*)
while I’m a CS user, I do not intend this example to be an explicit endorsement of this utility.
Thanks, Lee. I'll look into it. Your link, by the way, is faulty. Luckily, the page points to another link that gets you there. The correct one is
Cookie Stumbler. You may want to edit your post.
If you do any banking or other financial transactions online, you may find that disallowing Flash cookies prevents logging in to some sites. These would be sites which use a personalized image-and-caption combination to guard against phishing attacks: when your computer is recognized, the combination is displayed, and only then do you enter your password.
I installed AFP 10.3 yesterday and was looking at its preference pane (in System Preferences). The Storage tab has an option to "Block all sites from storing information on this computer." When I checked its radio button, a warning popped up that says:
Disable Local Storage
Blocking all sites from storing information my disable functionality on some web sites.
This will also delete all data stored by previously visited sites, which may include game progress, login data, saved work, or preferences.
Then, one can either cancel or confirm the choice.
I opted to cancel, not knowing which sites this might affect. Thoughts or explanations?
I installed the Flash beta and reported on the pref pane
almost two months ago.
I'm not a gamer, and I opted to "Block..." at the outset and have never looked back. (The disappearance of my prefs that I reported early on has not recurred.)
I use
Safari Cookies to facilitate and fine tune my control over cookies, Flash cookies, and databases; its only "downside" is SIMBL, but Apple has not yet provided the functionality necessary to make it an extension.
Yes, I was afraid of that. I haven't experimented but I switched my preferences back to defaults.
If you do any banking or other financial transactions online, you may find that disallowing Flash cookies prevents logging in to some sites. These would be sites which use a personalized image-and-caption combination to guard against phishing attacks: when your computer is recognized, the combination is displayed, and only then do you enter your password.
I access Vanguard (with Firefox) and Ally Bank (with Safari), both of which use the login sceme you've described, and neither has ever tried to stick me with a Flash cookie.
Edit: Note that the option in the Flash pref pane is to block Local Storage, and that differs from Flash cookies.
Edit 2: In fact, I've got a Flash cookie for each of the three sites for which I've specifically blocked Local Storage.
And, further, the Flash pref pane allows you to set your prefs
by site in both its "Local Storage Settings by Site" and "Camera and Microphone Seeting by Site" sub-panes.
Edit 3: And, finally (I think), Adobe has given us the option to block assorted stuff, but Flash cookies are
not included in the mix.
OK, I experimented. I blocked all Local Storage and then successfully logged into my Bank of America, Key Bank, PayPal, and Discover Card accounts.
OK, I experimented. I blocked all Local Storage and then successfully logged into my Bank of America, Key Bank, PayPal, and Discover Card accounts.
All the options we've been given in the Flash pref pane were previously available to us on Adobe's website, but they were a nuisance to access and didn't seem to be as reliable as far as "sticking" as are the new ones.
[off-topic]
Although kinda on-topic... Does anybody know what's up with Hal? He's only posted once in the past month, and it's not his usual time to be on hiatus.
[/off-topic]
All the options we've been given in the Flash pref pane were previously available to us on Adobe's website, but they were a nuisance to access and didn't seem to be as reliable as far as "sticking" as are the new ones.
My preferences aren't sticking in the Storage tab of the new one. I looked for a suitable plist to trash but can't find it. Does anyone know what it's called and its location?
EDIT: I may have solved the problem. I looked at ~/Library and saw that Caches had been modified today. Looking inside Caches, I found an Adobe folder that had a Flash Player folder inside. That folder had also been modified today. Consequently, I used OnyX to clean caches, restarted, and my preferences had stuck. I'll post back if the problem reappears.
I still don't know where the preference file for Adobe Flash Player is located.
My preferences aren't sticking in the Storage tab of the new one. I looked for a suitable plist to trash but can't find it. Does anyone know what it's called and its location?
EDIT: I may have solved the problem. I looked at ~/Library and saw that Caches had been modified today. Looking inside Caches, I found an Adobe folder that had a Flash Player folder inside. That folder had also been modified today. Consequently, I used OnyX to clean caches, restarted, and my preferences had stuck. I'll post back if the problem reappears.
I still don't know where the preference file for Adobe Flash Player is located.
See the "Flash Cookies Raise Privacy Concerns" thread, starting
here.
Also (re: previous posts), the location referred to by "storage" is: ~/Library/Safari/LocalStorage
As you said in your link, the location is ~/Library/Preferences/Macromedia/Flash\ Player/macromedia.com/support/flashplayer/sys/settings.sol
Wow, that's convoluted. No wonder I didn't find it. Since Adobe makes FP, I went under the erroneous impression that it would be listed under Adobe, not Macromedia. I never would have thought to look there. Leave it to Adobe to make things "interesting".
Slightly off topic: Like Artie, I too was a bit worried about you because you hadn't posted in awhile. I'm happy to see you back!
Since Adobe makes FP, I went under the erroneous impression that it would be listed under Adobe, not Macromedia.
Here's my guess as to why that's the case: Since Flash was developed by Macromedia prior to Adobe's acquisition of same, the creation of various support files during the installation and/or initial launch included, reasonably enough, the Macromedia name.
On the theory that rewriting software is costly, and "if it ain't broke, don't fix it," Adobe didn't. I suspect Firefox uses the Mozilla name for much the same reason.
As you said in your link, the location is ~/Library/Preferences/Macromedia/Flash\ Player/macromedia.com/support/flashplayer/sys/settings.sol
Wow, that's convoluted. No wonder I didn't find it. Since Adobe makes FP, I went under the erroneous impression that it would be listed under Adobe, not Macromedia. I never would have thought to look there. Leave it to Adobe to make things "interesting".
The script i posted there is still the version i use today. If you run...
cfc
it will list all flash cookies and caches.
If you add
*any* argument...
cfc x
...it will delete all
non-Adobe flash cookies. [perhaps not a great idea if doing online banking, as Dave mentioned above.]
Slightly off topic: Like Artie, I too was a it worried about you because you hadn't posted in awhile. I'm happy to see you back!
Thanks gents, i was unavailable since my father passed last month. [please, post no condolences... it was expected/natural, and mostly painless.]
Wishfull thinking or whistling in the dark on Adobe's part?
It seems to me when Microsoft not only climbed on the HTML 5 wagon with Apple, they leapt on, the conflict was over. Flash is in danger of joining the ranks of also rans like Betamax, and 8 track tapes.
It sounds like an exercise in semantics: the row may be over, but the issue is still alive, at least for the time being.
In fact, the argument was never really about Flash technology itself, said Narayen, but Apple’s control over the iOS platform.
Fiddlesticks.
As usual, folks start to (deliberately?) conflate/confuse the Flash Player Plug-in for web browsing with the Flash Pro IDE for creating smart-device apps. Of course Apple will totally control the iOS platform... it's only purpose is to run on Apple's hardware devices. That's exactly as things should be. But for the multi-platform world which needs to access the Internet as a whole, there needs to be a "universal" standard for accessing regular (non-DRM) video which doesn't require folks to install some (proprietary) Adobe plug-in. If PDFs, PNGs and JPEGs (etc.) required such doodads, we'd be in a real mess now.
Die Flash, die.
[if folks want to run Flash to view wiggly web pages which look like some sorta playstation game, fine... let them. But regular viddy should be served in a totally "open" fashion.]
it seems that the ipad clones are coming up out of the ground all around me like zombies digging their way to the surface, and every single one of them flaunts flash support somewhere in their top 5 bullets. So not everyone has gotten the message yet.
from yesterday (a Sunday):
Security bulletin
Security update available for Adobe Flash Player
Release date: June 5, 2011
Vulnerability identifier: APSB11-13
CVE number: CVE-2011-2107
<snip>
There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.
Adobe recommends all users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris upgrade to the newest version 10.3.181.22 (10.3.181.23 for ActiveX) by downloading it from the Adobe Flash Player Download Center.
<snip>
Hmm... these are dated just a few days ago:
Technical Cyber Security Alert TA11-166AFlash Exploits on the Loose[the 2nd one there goes into more detail.]
Yep... looks like v.10 is done for, and v.11 is (out of beta and now) the new kid on the block:
<
http://www.adobe.com/products/flashplayer.html>
Adobe Flash Player 11<
current version>
11.0.1.152
[btw artie, visiting adobe's site there is one place where i seem to acquire those apmebf cookies... or so it appears, sometimes.]
> [btw artie, visiting adobe's site there is one place where i seem to acquire those apmebf cookies... or so it appears, sometimes.]
I visit Adobe's site regularly when I hit "Check Now," but I've never acquired an "apmebf," and, as a matter of fact, I haven't found one on my deuced Mac(hina) since I posted the issue (how long ago?).
What I have found, though, is that my blocked "Local Storage" and "Camera and Microphone" sites periodically disappear after an update.
Clickjacking the Flash Player Settings Manager:
Bug in Flash Player allowed Mac webcam spying (fixed now).
Meanwhile, there's another
Trojan Flash Player installer around.
Sophos:
Adobe says goodbye to Flash for mobile platformsZDNet:
Exclusive: Adobe ceases development on mobile browser Flash, refocuses efforts on HTML5Adobe: Flash to Focus on PC Browsing and Mobile Apps; Adobe to More Aggressively Contribute to HTML5--
So it seems that the Flash
"web browser player plugin" concept is being eschewed on mobile devices (in favor of HTML5), while the Flash
"development environment for apps" concept will continue on mobile devices (mainly for games i guess).
Good start.
I went to that site and thought I'd do a "test run" of their disinfecting procedure. I entered their Instruction
plutil -convert xml1 /Applications/Safari.app/Contents/Info.plist into Terminal but, instead of Plist Files, I got a
Permission Denied response.
I also tried their
%malware_path% but got
No such job.
What am I missing? Thanks.
I went to that site and thought I'd do a "test run" of their disinfecting procedure. I entered their Instruction plutil -convert xml1 /Applications/Safari.app/Contents/Info.plist into Terminal but, instead of Plist Files, I got a Permission Denied response.
That plist is owned by root, so one would need to prepend
sudo and enter an admin password when prompted.
But i disagree with their instructions. There's no need to convert to xml at all. We can read or delete the offending key while it's still in "binary" form.
To read:
defaults read /Applications/Safari.app/Contents/Info LSMinimumSystemVersion
10.6.0
I used a
valid key there, to show how
normal output appears for a key that *
should* exist. (according to that key, Safari 5.1.1 requires a minimum OS of 10.6.0).
Now, let's try to read the bad guy:
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2011-11-10 13:53:26.696 defaults[80926:903]
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
Good, that key doesn't exist in my Safari plist. If anyone doesn't see that exact error, but instead gets some sort of "output"... then that's a problem.
I also tried their %malware_path% but got No such job.
Yeah well, the instructions provided by F-Secure are a little difficult to follow... so I'll try to clean it up.
Since they instructed folks to convert to xml format, here's how their version of the offending data
should look:
<key>LSEnvironment</key>
<dict>
<key>DYLD_INSERT_LIBRARIES</key>
<string>%malware_path%</string>
</dict>
If done using my
defaults read method, the output would be something more like this:
LSEnvironment = {
"DYLD_INSERT_LIBRARIES" = (
%malware_path%
);
};
So "%malware_path%" isn't anything to be entered as a command, but rather, it was their way of indicating that some sorta path string should be there, which tells us where the malware is located. E.g., instead of "%malware_path%" there would be a pathname:
/folder/folder/folder/file
maybe something like:
/Library/Printers/Epson/phony_file (idunno)
So —assuming one
is infected (i.e., my 2nd
defaults read example doesn't generate an error message) —then the way to 'disinfect' oneself is to delete whatever file or folder exists at the end of that "%malware_path%" location, and then delete the offending plist entry using:
sudo defaults delete /Applications/Safari.app/Contents/Info LSEnvironment
Ah, okay... i only searched that page for "%malware_path%" and focused on that section, to answer Rick's questions. Later on i see they narrow down the actual location a bit better, to:
/Applications/Safari.app/Contents/Resources/%payload_filename%
Where "%payload_filename%" is the important item we should destroy. So apparently the %malware_path% will be inside the browser's Resources folder (not externally in /Library as my example theorized).
Thanks very much for both posts. I have just used your sets of instructions....
defaults read /Applications/Safari.app/Contents/Info LSMinimumSystemVersion
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
.... and got exactly the same results as you.
And thanks for the additional %payload_filename% information.
FYI, this and other things I learn at FineTunedMac are all very helpful for more people than me. I will keep this information a file with other step-by-step instructions where I can pull it out if needed.
e.g. If one of my daughters ever gets in a fix. Or if it's needed to help a couple of older ladies living nearby (one is past 80) who are both Mac users. FTM has a wide reach.
Thank you and all the other FTM folks who are always so willing to educate.
Back to "normal" business then...
Security update available for Adobe Flash Player
Release date: November 10, 2011
Vulnerability identifier: APSB11-28
Platform: All Platforms
SUMMARY
Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and . . .
From all I can gather, Adobe's Flash Player is not affected with respect to "non-mobile" hardware, eg desktop and laptop computers.
So I don't understand the big kerfuffle. Any short, sweet answers?
y'know I was just thinking that one side issue Apple may have had is that as long as Flash was on the iphone, "click to jailbreak" apps would be a nonstop weekly occurrence for Apple to deal with.
Flash for desktops is continuing unabated, so a lot of the panic surrounding the abandonment of mobile Flash seems overblown to me. There are things it's more difficult to do without Flash, granted, but for the most part, I think folks who want to do those things--games, especially--are better served with "native" mobile apps.
Adobe has just announced that it is
ceasing development of Adobe FLEX in house and turning that over to the open source community, though, and people are getting upset about that. FLEX is a tool for building apps using Flash, and a lot of (well, okay, SOME) business app developers use it to build business apps that run over the Web. And, naturally, rely on Flash to function.
I personally wonder whether Adobe's turn away from FLEX signals that Flash is in for a long, cold winter.
From all I can gather, Adobe's Flash Player is not affected with respect to "non-mobile" hardware, eg desktop and laptop computers. So I don't understand the big kerfuffle. Any short, sweet answers?
Yes well... it won't last. More and more
and more, websites are being accessed by mobile devices. And if webmasters have to retool their pages to cater to non-flash devices, then why not go whole-hog?
“Forget†flash... it's definitely in its death throes.
[edit: As i understand it, the only real "need" for flash (as a browser player plugin) is that associated with
DRM-regulated video. Everything else it does (which one might deem as being
vital) can easily be replaced. And again, everyone who likes to whine about google and facebook tracking their movements should keep in mind that flash does that stuff too.]
[edit: As i understand it, the only real "need" for flash (as a browser player plugin) is that associated with DRM-regulated video. Everything else it does (which one might deem as being vital) can easily be replaced. And again, everyone who likes to whine about google and facebook tracking their movements should keep in mind that flash does that stuff too.]
It's also needed for certain types of interactivity. Complex games with scripted actions, for instance, can't (yet) be done in pure HTML.
However, as time goes on, I think that will be less and less the case.
It's also needed for certain types of interactivity. Complex games with scripted actions, for instance, can't (yet) be done in pure HTML.
You're right of course... which is why i highlighted '
vital' (as online games aren't such for me).
If someone wants to play interactively, or shop at a website with fancy wiggling special effects... let THEM download flash. The rest of us news-watchers and you-tubers should be free to enjoy
basic (normal) video, delivered via some standard protocol, etc.
Unfortunately, not all online flash presentations are trivial or backed up by HTML5 counterparts....
The Aviation Safety Foundation (a sub-entity to the Aircraft Owners and Pilots Association) recently sent me a link to one of their current online ASF presentations...and it wouldn't run using Safari 5.1.1 under OS X 10.7.2 with the latest Flash-Player plug-in 11.1.102.55 installed --- the only way I could view it was to open the link using Firefox 6.0.2 on the same platform, where it ran just fine.
I sent their web-team the details, but this particular issue appears to be more browser-related than server-side.....
Still re Flash, but a different aspect... I just noticed that the prefs I had set in my Flash Player pref pane reverted to default, probably when I updated to v 11.1.102.55, and I suggest that everybody check their own prefs no less often than after every Flash update. (My prefs reverted once before with no apparent cause, but that predated the Flash pref pane.)
The same thing is happening to me. I have trashed Flash preferences repeatedly (actually, ~/Library/Preferences/Macromedia/Flash Player) and that used to work. Yesterday, I used System Preferences>Flash Player>Storage, clicked Delete All and then Delete All Site Data and Settings. I reset my preferences and, so far, they seem to be sticking. Apparently, Delete All also clears ~/Library/Caches/Adobe/Flash Player so that may have been the cure.
The same thing is happening to me. I have trashed Flash preferences repeatedly (actually, ~/Library/Preferences/Macromedia/Flash Player) and that used to work. Yesterday, I used System Preferences>Flash Player>Storage, clicked Delete All and then Delete All Site Data and Settings. I reset my preferences and, so far, they seem to be sticking. Apparently, Delete All also clears ~/Library/Caches/Adobe/Flash Player so that may have been the cure.
I just trashed ~/Library/Prefs/Macromedia and ~/Caches/Adobe in their entirety, but I'm not the least bit optimistic about the reversions to default stopping.
We'll see...
As an experiment, I just reinstalled the latest version of Flash and restarted, but uneventfully.
Oh, well... Time will tell.
Damn!!! I've been checking my prefs periodically, and I just found them reverted to default again.
Aaargh!!!
Heads-up to all.
One wonders whether Adobe even
tries to "get it right" . . . ever.
Seems like they don't
learn anything, from one patch to the next.
Two zero-day vulnerabilities found in Flash Player Â
I don't think this is a matter of getting it right on Adobe's part. I think it is more a matter of cutting their losses and doing the minimum effort they can get away with to keep their corporate customers happy. Adobe has already announced they are dropping development of Flash for handheld and tablet devices as well as tacitly acknowledging HTML 5 has already won the day on the desktop.
From my knowledge of Macromedia, the originator of Flash and Dreamweaver, my strong suspicion is Adobe is using a huge library of legacy code, which they did not write, developed at time when "security" was an unused word in the programmer's dictionary, and in a programming style that makes maintenance difficult and consequently
very expensive. So Adobe has lots of patches to the code and each patch risks exposing and/or creating additional potential exploits. Apple was in a similar position when Steve Jobs returned to take the helm and made the decision to bet the company and invest in a completely new operating system and applications code base written in an unusual dialect of the C language. I have not seen anything from Adobe indicating they have either the vision or the resources to do anything that risky or daring.
Personally I don't think Flash will be around much longer. When Microsoft endorses any Open Source technology, and when Apple and Microsoft agree on anything, the game is over and Adobe lost.
From my knowledge of Macromedia, the originator of Flash
Just an FYI. While Macromedia popularized Flash, it originated as Futurewave's Futuresplash before Macromedia bought it and renamed it Flash. Interesting aside... Futurewave actually tried to sell it to Adobe first, but they passed on it.
Interesting, I was only aware of Flash as a Macromedia product. Thanks for the additional background.
Technical Cyber Security Alert TA11-350A: Flash and related vulnerabilities. This report includes the suggestion to '
Disable Flash in Adobe Reader and Acrobat'.
Flash prefs reverted to default again...13 days since the last time.
Edit: Am I the only one experiencing this?
I get the same thing. Instead of trashing a plist and a cache, I tried simply resetting my preferences. They seem to stick for awhile and then revert. I can't explain it.
I get the same thing. Instead of trashing a plist and a cache, I tried simply resetting my preferences. They seem to stick for awhile and then revert. I can't explain it.
All I do is reset my prefs; it's easier than and just as effective as trashing stuff.
If someone wants to play interactively, or shop at a website with fancy wiggling special effects... let THEM download flash. The rest of us news-watchers and you-tubers should be free to enjoy basic (normal) video, delivered via some standard protocol, etc.
Interestingly, Facebook now refuses to let me watch embedded YouTube videos, insisting I must download the latest version of Flash—fat chance! says I
—but the same videos are viewable without incident, in Flash, at YouTube.
Interestingly, Facebook now refuses to let me watch embedded YouTube videos, insisting I must download the latest version of Flash—fat chance! says I
—but the same videos are viewable without incident, in Flash, at YouTube.
So far i haven't seen that misbehavior (using MacOS 10.6.8, Safari 5.1.2, Flash Player
11.1.102.55 and ClickToFlash 2.5.6)
Does that happen with every YouTube link, or most, or?
Does the preview image (if there is a preview image) have the
play button (a right-pointing arrow)?
There
has been a history of facebook/youtube problems with respect to the play button which i
have experienced myself sometimes (seemingly randomly), when
posting links. [[e.g., no play button, no preview and/or a Captcha instead of either.]] But those issues seemed to go away once i adopted youtube's
shorter URLs (replacing the "http://www.youtube.com/watch?v=" part with "http://youtu.be/").
So far i haven't seen that misbehavior (using MacOS 10.6.8, Safari 5.1.2, Flash Player 11.1.102.55 and ClickToFlash 2.5.6)
OS X 10.5.8, Safari 5.0.6, Flash Player 10.1.102.64. Happens with every YouTube link, though it only started within the last week or so. The preview image does have the play button.
There may have been another site or two at which I've encountered the out-of-date Flash admonishment, but clearly Facebook implemented some kind of under-the-hood change (no flies on those Facebook engineers!).
No doubt upgrading Flash would be the simple solution, but
- I've disliked Flash for a long time
- I don't generally watch videos, due to
- minimal DSL download speeds
- a preference for reading-based rather than TV-based self-education, which preference no doubt dates to the highly-restricted TV-watching environment of my childhood (thanks forever, Mom!)
- I've enlisted as a foot soldier in the ersatz War on Flash by those embracing HTML 5 and the open Web, so I run with Flash off in both Safari and Camino and click to activate Flash content that I just can't live without (not much).
Doing away with Flash altogether will have to await my next computer upgrade, since pre-Intel Mac browsers don't seem to be able to handle a lot of HTML 5 content.
OS X 10.5.8, Safari 5.0.6, Flash Player 10.1.102.64. Happens with every YouTube link, though it only started within the last week or so. The preview image does have the play button.
Based on a few test clips I can confirm this with the same config on a 20" G5 'iSight' iMac. Fortunately (I seem to be a tad more visually inclined despite my voracious reading habit
), the direct link to the Youtube clip present next to the embedded clip window bypasses the Flash update requirement.
i agree with the anti-Flash sentiment... but wouldn't having the latest version also be 'wiser' (safer) then?
Anyway, regardless of version, a seasoned flash-hater should add the
ClickToFlash Safari extension to the equation (and perhaps it might even alleviate your current ailment as well).
... a seasoned flash-hater should add the
ClickToFlash Safari extension to the equation ...
I second that!
Any specific reason to prefer the Extension to the WebKit plugin, which is already in use here?
No, as long as the functionality is the same or comparable (I am not familiar with the plugin's use).
Edit:
A bit more detail may be appropriate here. The extensions
* work as advertised right 'out of the box', but allow for detailed
custom settings. They are also under continuous development and see regular updates. That said, updating 32-bit Macs like ours is not particularly straightforward, as installing the latest update directly may (and in our case will) crash Safari. To prevent that you need to re-install version 2.4.1 first, uninstall it, and only then install the latest version.
As a user of the Webkit plugin you should be able to assess how its functionality and configurability compare with those of the extensions.
*) There are actually
two related extensions, ClickToPlugin and ClickToFlash, the latter of which represents a special case of the former. This allows for control of all plugins, not just Flash.
Any specific reason to prefer the Extension to the WebKit plugin, which is already in use here?
Yes... the extension was updated to version 2.5.6
yesterday, while the plugin posted its
final beta back on April 1st 201
0.
The very first words on the
WebKit plugin's page are:
Note: Safari 5.1 drops support for WebKit Plugins, which unfortunately includes ClickToFlash. Try out Marc Hoyois’ ClickToPlugin Safari Extension. Oh wait... you still have OS 10.5.8 and Safari 5.0.6?
Nevermind... but why not run Snow Leopard instead?
Oh wait... you still have OS 10.5.8 and Safari 5.0.6?
Nevermind... but why not run Snow Leopard instead?
Won't run on a G5...
I get the same thing. Instead of trashing a plist and a cache, I tried simply resetting my preferences. They seem to stick for awhile and then revert. I can't explain it.
All I do is reset my prefs; it's easier than and just as effective as trashing stuff.
I think that I have found the cause. I checked my Flash preferences and they were OK (Block all sites from storing information on this computer). I then used
Flush, which found no Flash cookies, of course, but deleted the relevant preference file. Immediately, my Flash preferences reverted to default (Allow sites to save information on this computer). I reset my preferences and then used
Cocktail (via its Pilot setting) to clear Flash Player caches and Flash Player cookies. Again, Flash preferences reverted to default. I reset them and they seem to be holding.
Have you been doing anything similar?
I get the same thing. Instead of trashing a plist and a cache, I tried simply resetting my preferences. They seem to stick for awhile and then revert. I can't explain it.
All I do is reset my prefs; it's easier than and just as effective as trashing stuff.
I think that I have found the cause. I checked my Flash preferences and they were OK (Block all sites from storing information on this computer). I then used
Flush, which found no Flash cookies, of course, but deleted the relevant preference file. Immediately, my Flash preferences reverted to default (Allow sites to save information on this computer). I reset my preferences and then used
Cocktail (via its Pilot setting) to clear Flash Player caches and Flash Player cookies. Again, Flash preferences reverted to default. I reset them and they seem to be holding.
Have you been doing anything similar?
Funny you should post today, because my prefs reverted to default just last night (for the first time since I last reported on Dec. 21), but what, precisely, do you think is the cause?
The only utility I use is Yasu, which doesn't clear anything that causes reversion...just tried.
On the other hand, I cleared two Flash cookies (two separate occurrences...via Safari Cookies) last night, but I've cleared other such cookies in the interim with no reversion.
I'm still at a loss, but I'm trying to be fastidious about watching what's happening.
> "the relevant preference file"
Will you please identify it?
My prefs just reverted...yet again, and I found that /Users/artie/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/settings.sol had been deleted; resetting my prefs resulted in the file's being recreated.
Now I've got to figure out what's causing that file to be deleted. (This time it disappeared when I cleared a Flash cookie with Safari Cookies, but deleting Flash cookies doesn't always have this result.)
> "the relevant preference file"
Will you please identify it?
My prefs just reverted...yet again, and I found that /Users/artie/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/settings.sol had been deleted; resetting my prefs resulted in the file's being recreated.
I deleted ~/Library/Preferences/Macromedia/Flash Player (the entire folder) and it was re-created when I reset my preferences. Unlike you, my preferences have not reverted to defaults. I don't know why yours did. Maybe you should delete the entire Flash Player folder?
> Maybe you should delete the entire Flash Player folder?
For the moment, I think I'll just watch and see if I can discern some sort of pattern.
Please keep me posted on whether your prefs stick or revert.
Thanks.
> Maybe you should delete the entire Flash Player folder?
For the moment, I think I'll just watch and see if I can discern some sort of pattern.
Please keep me posted on whether your prefs stick or revert.
Thanks.
That was short-lived; my prefs reverted again, /Users/artie/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/settings.sol was
not deleted, and I've got absolutely no recollection of having seen any Flash cookies.
I'm still confused, though, by the fact that this exchange has remained our private venue; is it that nobody else is experiencing the issue or that nobody else cares?
Edit: I just trashed everything on my deuced Mac(hina) that had "Flash," "Macromedia," or "Adobe" in its path and reinstalled Flash; let's see what happens.
That was short-lived; my prefs reverted again, /Users/artie/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/settings.sol was
not deleted, and I've got absolutely no recollection of having seen any Flash cookies.
I'm still confused, though, by the fact that this exchange has remained our private venue; is it that nobody else is experiencing the issue or that nobody else cares?
Edit: I just trashed everything on my deuced Mac(hina) that had "Flash," "Macromedia," or "Adobe" in its path and reinstalled Flash; let's see what happens.
fwiw, the script in
this post is still the version i use today to view (and optionally delete) those flash cookies & caches. [Run without arg to just list items. Run with any arg to delete everything except adobe's own sol file.]
fwiw, the script in
this post is still the version i use today to view (and optionally delete) those flash cookies & caches. [Run without arg to just list items. Run with any arg to delete everything except adobe's own sol file.]
On the one hand, I think I now know what to do with your script (
), but on the other hand, I have no more than a vague idea what
"run without any arg" means, even after perusing
Unix FAQ (for OS). (
Edit: Does it mean to omit
if [ $# -ne 0 ] && [ $k -ne 0 ]
then # clear cookies & caches but preserve useful files and directory trees:
GoToFolder $DR1 &&
ls -d1 {macromedia.com/support/flashplayer/sys,#SharedObjects/*}/* \
2>/dev/null |grep -v $PREF |tr '\n' '\000' |xargs -0 rm -fR
((x+=$?))
GoToFolder $DR2 && ls -d1 AssetCache/*/* 2>/dev/null |grep -v $CASH |
tr '\n' '\000' |xargs -0 rm -fR
((x+=$?))
[ $x -eq 0 ] && printf '\e[30;42m FLASH COOKIES CLEARED \e[0m\n' >&2
fifrom the script?)
That aside, though, I accomplish the same thing via
Safari Cookies > Flash Cookies.
But what does your script accomplish as respects Flash prefs (apparently) spontaneously reverting to default?
On the one hand, I think I now know what to do with your script (
), but on the other hand, I have no more than a vague idea what
"run without any arg" means,
It means —when we go to execute the script —we
only type its name:
cfc
[cfc, or whatever string with which you chose to name the file... and no other text at all.]
i.e., "args" are
anything after the command itself [usually options or pathnames]
In this case,
any non-whitespace after the command is treated as an argument.
So...
cfc x
cfc -v
cfc FTM
cfc /System/Library/* /mach_kernel
cfc -i been working on the railroad all the live-long day
...
any of those (or etc., etc.), will
erase flash cookies.
EDIT/ looks like i excluded -h in order to print out some help text.
(Edit: Does it mean to omit [ . . . ] from the script?)
No... but you (or anyone) is certainly free to edit the script to alter its behavior in that (or any other) regard.
[at which point i take no credit or blame for any consequences]
That aside, though, I accomplish the same thing via
Safari Cookies > Flash Cookies.
Safari Cookies clears the flash cache too???
Great.
But what does your script accomplish as respects Flash prefs (apparently) spontaneously reverting to default?
Nothin'.
It doesn't touch adobe's stuff at all (other than displaying mod date, size, etc.)
The
deletion only applies to
3rd-party item's (in this case adobe is a 1st or 2nd party).
In conclusion: I use it for listing mostly, to keep track of goings on... only rarely do i desire to wipe out all (3rd-party) junk. So it's mainly a way to observe everything stored in those areas, without fishing around in Finder.
another (beta) released on Jan 19th apparently:
11.2.202.183http://labs.adobe.com/downloads/flashplayer11-2.html
hmmm, might stick with the <cough> stable 11.1.102.55 version for now myself.
Thanks for the args clarification. (If I were to want to run your script, could I put it in ~/bin without any further ado [as I suspect is the case], or would it require modification?)
> Safari Cookies clears the flash cache too???
Oops! I overlooked the cache clearing part, but, on the other hand, /Users/artie/Library/Caches/Adobe/Flash Player never seems to be populated. Will you please link me to something that you know for a fact populates that cache so I can check it out?
Thanks.
Using your post as a springboard...
This thread has now merged with my
Safari > Prefs > Privacy > Details > Plug-ins??? thread.
This is only one example of four that I've found...
Viewing
Simon's Cat in 'Fowl Play' leaves me with a ytimg.com Plug-Ins item in Safari > Prefs > Privacy > Details.
Simultaneously, s.ytimg.com appears in (Safari > Prefs >) Safari Cookies >
Flash Cookies.
Further, I find /Users/artie/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/#s.ytimg.com/settings.sol.
And, finally, clearing the Flash Cookie with Safari Cookies clears [...]/#s.ytimg.com/settings.sol.
I've got absolutely no idea how I stumbled on this, but I'm beginning to feel like I've swallowed my tail, it's come out the other end, and I'm working on a second swallow.
If I were to want to run your script, could I put it in ~/bin without any further ado [as I suspect is the case], or would it require modification?
Just to make it executable first [via
chmod a+x ~/bin/cfc]
Will you please link me to something that you know for a fact populates that cache so I can check it out?
Can't recall any specific site. And —since my script was written a while back —it seems adobe may have changed flash somehow... as i don't often see any cache files anymore (but perhaps my flash prefs have been set to prevent that from happening). ::shrug::
another playa fer ya...
11.1.102.62
http://get.adobe.com/flashplayer/for those who may be confused:
11.2.x.x == beta
11.1.x.x ==
“stable
â€http://www.adobe.com/support/security/bulletins/apsb12-03.htmlRelease date: February 15, 2012
Vulnerability identifier: APSB12-03
This update addresses critical vulnerabilities in Adobe Flash Player 11.1.102.55 and earlier versions.
<snip>
These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only).
Thanks for that....and here's a "Whew, close one" for you.
I don't keep Flash Player installed as I have found fewer and fewer sites actually require it. However, I keep a download available just in case.
Given the caution you provided I thought I'd check to see which version I have in my download folder. When I single-clicked on it to check, I got the red stop sign and exclamation mark with this ominous message:
"Flashplayer-11-macos.pkg" will damage your computer. You should move it to the Trash.
Safari downloaded this file on January 7, 2012 from h5t.vigvam.in. It contains the "OSX.FlashBack.C" malware.Needless to say, I moved the file to the trash and subsequently did a Secure Empty Trash. I'm usually careful about downloads and go directly to the publishers' sites but I guess I dropped my guard at least once - perhaps redirected to a realistic looking fake Adobe site.
Thanks for the link. I've downloaded and things back to being good.
another playa fer ya...
11.1.102.6
4http://get.adobe.com/flashplayer/as per my previous message:
11.2.x.x == beta
11.1.x.x == “stableâ€
I'm gonna give myself a canary and post that my Flash prefs have remained intact since Jan 22, when I trashed everything on my deuced Mac(hina) that had "Flash," "Macromedia," or "Adobe" in its path and reinstalled Flash. (Note that "everything" means everything that didn't have /System in its path.)
I've got no idea whether I deleted a conflicting legacy file, whether the issue was corrected by a Flash update, or whether my prefs will revert to default immediately after I hit "Submit," but we'll see.
another playa fer ya...
11.1.102.64
Thanks. It's in my Downloads folder, uninstalled but ready if I should need it. I must say there certainly seem to be fewer and fewer occasions that it's needed - in fact, I don't recall the last time.