Things that have happened since Matthew Dempsky reported this crash bug, which Adobe has yet to release a fix for:
-Mozilla Firefox 3 had several alpha, beta, RC, and final releases, moving from late version 2 to version 3.6.
-Google Chrome was initially released and ported to Mac and Linux
-Safari evolved from version 3 to version 4
-Apple developed and released a new version of the iPhone, announced the iPad, and released a new version of Mac OS X
-Windows 7 was betad, improved and shipped
-Apple's market capitalization nearly doubled from 93 billion to 177 billion
-The entire global financial crisis came to a head, with multiple banks and other large firms either collapsing, being acquired for their assets alone, or being bailed out by national governments
-Barack Obama was elected president, sworn in, and served his entire first year of office
-Sarah Palin, then a surprise pick at running mate, made a series of media gaffes, resigned as governor of Alaska, and parlayed her fame into a television deal with Fox News
Adobe is really feeling threatened now, no doubt about it. They are starting to see an eventual Flash-free web as a real possibility.
I wonder if Lotus, Borland, CompuServe, and the other mini-monopolies of their day saw it coming, or just blithely rested on their laurels until they were irrelevant. I was in the tech scene back then, but without something like the internet to keep us informed, it was hard to know what those companies were up to.
"The mistake we made was marking this bug for "next" release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release."
The 0.1.0 releases are for actual player upgrades and the 0.0.1 releases are for security fixes. The 10.1 release is actually a pretty big upgrade to the player that will be out some time near the CS5 release that features iPhone native app export, woot!
Besides that, I reviewed the Flash Crash code and the situation that causes this bug and it doesn't seem like a common situation where you load a single unique URL that sends two different Flash version files (7/8) when requested one after another. I know my own QA department would be tickled pink if they could recreate this problem in any of my applications but even then I'd first say "who the hell would do something so crazy, this isn't on the top of my pile of stuff to do, I'm still working on making the player run well on the Mac, awesome bug though we'll get to it later"
The bug is capable of completely locking up modern browsers (to say nothing of the situation back in 2008 when the issue was discovered). Esoteric or not, this should have been on the very top of the work pile and dropped into a security patch immediately.
Yes, they admitted a mistake, but they wouldn't have done so if their actions had been at all defensible.
One thing I read from this is that Adobe isn't agile enough to ship security or crasher fixes more than once a year. No process for out-of-band fixes? Not something I like to hear from the developer of a plugin on most computers.
Possibly all the folks actually capable of fixing the bugs quickly have quit or were laid off. If Adobe has only second tier developers left that would explain this kind of situation.
This actually makes them look even worse if they're honest. "We haven't been able to fix this bug because we're bad programmers"--understandable but shitty. "We have fixed this bug, but no one knows that because of our byzantine release policies--oh, but for all you know we're lying through our teeth and using vaporware to cover ourselves"--now that pisses me off.
I know you're kidding, but that's actually happened to us before. There are a large number of bugs in .NET's mail handling that, if you call Microsoft, they'll say they've fixed for an upcoming point release. And, to be honest, I do believe them, insofar as there is some repository, somewhere, where a programmer at MS checked in a fix. It just doesn't do a lot of good to you if you're trying to ship software now instead of next year.
This may come across as some amount of fanboy-itis, apologies in advance for that.
But, I wonder if this is the kind of "lazy-ness" that Jobs was referring to with Flash. Not necessarily lazy in the sense of not doing anything, but lazy in the sense of inability to keep "control" and an eye on your major properties (Apple qualities.)
That says to me that "We have several outstanding issues we need to resolve before we next ship". It doesn't say that they're leftover from previous versions.
And so I find myself defending Flash. Strange things are afoot.
Yes, except "ship" to most people in most contexts means "make available", not "cut a point release". Say there was an egregious typo in an O'Reilly manual—if their spokesman said "we don't ship books with typos," would that imply to you "we're not selling another copy of this book until we fix it" or "we're going to keep selling the version with the typo until we get around to publishing the next edition?"
That's a different situation, as pulping and reprinting books represents a significant outlay. I would interpret that as "we'll give the publisher a new PDF and instruct them to print with that instead, effective immediately".
Yeah, some of the grammar in the post could've used some proofreading. There were a lot of places where the author used a comma when they should've used a period.
A company that lets crashing bugs accidentally slip through the cracks like that isn't taking security very seriously yet. That's pretty scary, considering Flash's market share.
I'm probably the only one, but I find this somewhat hope-inspiring. This response by their CTO gives the Flash team permission to go back and fix all of the crashing bugs and improve performance.
If Adobe is like most other large companies, I'd bet those same engineers have been stuck in the downward-spiral feature crunch to support more codecs, more language features, more more more. It takes a pretty high-level push -- like this one! -- to reverse that trend.
A good analogy is MSFT and the turnaround on security in ~2001/2002.
This is not what I read at all. They just did a bookkeeping mistake, that prevented the fix from coming in the security releases, which I can only assume has a quick release cycle.
> The mistake we made was marking this bug for "next" release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release.
The way Adobe handled this issue just goes to show how terrible their QA and bug triage processes are.
Personally, I've been withholding from using Flash blocking plug-ins because I always thought that it would take away from my experience of most modern web-sites - that is despite Flash being a big pile of crap in terms of full-screen HD video performance on a gaming-grade laptop that plays Far Cry on maxed out settings.
I believe my cup of anger just overflowed - I will be installing Flashblock today.
And until Adobe learns how to truly test performance of their software on a variety of machines (oh, don't get me started on GPU acceleration problems in Photoshop CS4 when it first came out and perf issues with Flash HD video playback on specific GPUs) as well as how to properly respond to security issues, Flashblock will be kept enabled.
Instead of working within the confines of native OSs Adobe has managed to dupe us into installing essentially an overlay OS with Flash/ActionScript/Air. They have a responsibility to manage it as such.
They have the same problems as Java. They develop a complete OS without regard to core OS code and hardware changes. It's irresponsible curating that no one is reporting on.
Forget fixing the bug. If we combine our resources and create a Flash killer that plays nice with native OSs, we won't have to care about Adobe's reckless development.
Could someone plase chime in for me on this: Does Flash have a way of directly patching the current level of software like, say, Google Chrome does? Does Flash 10? It really should.
Secondly, a high-impact pervasive problem which allows a plug-in to crash the entire platform should not be marked fixed in next release.
allowing plugins to take down the whole plugin environment is clearly a faulty software design. Sure adobe is lazy/incompetent, but the mozilla/safari teams are no better for not isolating plugins better. Back to school id say learn something about reliable software engineering and sandboxing.
Let us not forget their inability to write a flash plugin that doesn't freeze / stutter while playing video in current firefox and safari on a new macbook pro with tons of available ram and cpu. Their ceo is a liar -- if he actually used a macbook pro as his daily machine as he claimed on tech crunch, he'd be screaming at people on his engineering team until they fixed this.
I worked there ... lots of people are using Macs inside Adobe, including people in upper-management.
I also own a 2 year old MacBook Pro, and while I did had some problems with some badly written advertisements, in general Flash works fine (including video on Youtube) ... although HD content is not rendered as well as on my home Windows box ... but it's watchable ... I watched The Office on Hulu and it was OK ;)
This whole thing reminds of the browser wars, only now it's between 3 camps ... the freetards, Adobe's fanboys and Apple's fanboys. I found myself to be in all 3 camps, depending on my mood :)
I'm not a fan of Flash, but all the gripes about Mac performance are strange to me, since it has never been apparent on my MBP or the MacBook I used before that.
-Mozilla Firefox 3 had several alpha, beta, RC, and final releases, moving from late version 2 to version 3.6.
-Google Chrome was initially released and ported to Mac and Linux
-Safari evolved from version 3 to version 4
-Apple developed and released a new version of the iPhone, announced the iPad, and released a new version of Mac OS X
-Windows 7 was betad, improved and shipped
-Apple's market capitalization nearly doubled from 93 billion to 177 billion
-The entire global financial crisis came to a head, with multiple banks and other large firms either collapsing, being acquired for their assets alone, or being bailed out by national governments
-Barack Obama was elected president, sworn in, and served his entire first year of office
-Sarah Palin, then a surprise pick at running mate, made a series of media gaffes, resigned as governor of Alaska, and parlayed her fame into a television deal with Fox News