At this point I consider the Adobe suite to be basically the same as malware. Their apps seem to want to take over your system, install all kinds of "helpers" that run in the background constantly doing god knows what, etc. And their security record is terrible.
It's a shame because as someone who has a lot of interest in design, photography, etc. I acknowledge that they create some very powerful tools. I still miss Lightroom. But I'm just not willing to give them this much control over my computing environment any longer.
Yes, Creative Cloud also vomits a bunch of random stuff everywhere. Right now I can see 5 launchagent/launchdaemons just from having Photoshop and Illustrator installed, which seems insane lol
I stopped using Lightroom because it seems to want to modify the Windows Explorer to have a Creative Cloud section and their background software constantly pops up to tell you that it still exists.
What's nice about their subscription model is that there is no sunk cost when giving up. It's $5/month and you just stop paying it.
(I switched to Affinity Photo for editing but never found anything I liked for organization/library management. I just copy files around now. It ends up being OK because about 50% of my photos are from my phone, 25% are from a DSLR, and 25% are from film scans. Lightroom never helped me with phone or scanned photos, really, so I didn't give much up. Would still like some central self-hosted photo collector, though. Maybe Perkeep is what I want.)
> What's nice about their subscription model is that there is no sunk cost when giving up. It's $5/month and you just stop paying it.
Don't they try to get you to make a year commitment? I remember spending about 30 minutes with someone at Adobe getting them to cancel it when Lightroom was too slow to use on my Mac at the time (which had been more than fast enough for Aperture). After the second or third time that I told them I wasn't going to buy a new computer just for the privilege of running their software, they agreed not to charge a hefty early termination fee.
Yes, I had to pay a fee equal to 50% of the remaining year contract. I will no longer receive PSDs directly from designers, so the designers must now to export stuff to web spec so I can work with it outside adobe.
I've not tried for several years, but it was never that great at doing that. Last time I had to do this, I gave up and bought a photoshop subscription. Has it improved now?
Thanks for the tip! I took a look, and it turns out Affinity Photo is 50% off right now. So, a one-time $25 purchase (via App Store for family sharing)! And it handles PSDs. And the iPad version is $10. Adobe is toast.
I really, really wish that was the case, but there's no competition for Photoshop, Illustrator and InDesign.
Even after years of destroying their software with cloud crap, useless home screens, changing 30 years of muscle memory just because, all while adding a WebKit and Node.js instance for every new dialog box…
Affinity is definitely a step in the right direction. The Photo/Designer/Publisher combo holds its own and the iPad apps are pretty slick. It would be nice if they added something similar to Data Merge in InDesign, but for the most part, you can pretty much accomplish a lot of the same things for a fraction of the cost. And it's really not that big of a switch, considering a good swath of the market had to make the switch from PageMaker/Quark/Freehand/whatever as Adobe gobbled up the desktop market. It's similar to what Adobe did to the workstation suites 30 years ago.
"No competition" -- for some users, for now, maybe. (Speaking as someone doing web-related UI for a living since the late 90's, and using tools for digital art since the 80's.)
QuarXPress thought they owned the market and then they started taking advantage of their users. Same goes for Adobe. The resentment is building up. Once there's a viable alternative people will quickly switch and never look back.
It took many years and millions, being bundled with the rest of the Adobe suite and, perhaps most importantly, the arrival of OS X and Quark’s inability to migrate to it, for InDesign to displace Quark. And let’s not forget that Adobe had years of experience with PageMaker.
Hell, I remember 2003-2005 and being _excited_ to switch to InDesign. I think the issue pro software has is that at some point it's basically "done", with only small updates still required, yet the developers of said pro software need to make their sales numbers.
I'd be fine with cloud subscription software if the TCO ended up being lower than buying a boxed product, but it's seemingly more expensive than it ever was. $10USD/mo doesn't seem bad, but if you're comparing to a two-year, $200 upgrade price, then you're spending $40 more and can't opt to skip the latest menu reshuffle.
I don't even want to use it but the client passes me a PSD which I have to open accurately.
Photoshop puts like 5 folders in Utilities folder for no reason in macOS and runs bunch of daemons (which apparently can be a cause of bad vulnerabilities) and is dog slow in performance compared to a modern alternative like Affinity Photo.
Market dominance surely puts customer satisfaction to the end of the line.
For Photoshop, a big part of it is inertia. Companies worked with PS for years, and changing costs money. So students are taught what they’ll use (which is PS), and the cycle continues.
I have 2 licenses for affinity photo, Mac and Windows. But when I actually needed to get work done for a project, at least for my particular needs, I ended up going back to Photoshop.
It was a small thing. With Photoshop I can open a .PNG or .JPG file, edit, and pick Save (cmd-s/ctrl-s) and it saves back to the .PNG/.JPG. If I added layers or something I can press Ctrl/Cmd-Shfit-E to merge it all down then Cmd/Ctrl-S. This means the workflow is fast.
Affinity has no such workflow. You can open a .JPG but you have to follow the export workflow to save back to .JPG which is tedious.
I had say 150 files to edit. I reasoned my time was worth more than $120 to pay for a current version of Photoshop than to put up with a slow workflow.
I also recently tried to use Affinity's batch processing features but they aren't ask good as Photoshop's. I think they are trying to be helpful in that they scan all the photos before you start so you can see what they are going to operate on before you pick "Go". Unfortunately that's not actually a good flow if you're going to process 100s or 1000s of files. Instead of getting stuff done you have to wait for Affinity for several minutes while it goes and makes a thumbnail of all 100 or 1000+ images just so you can then click "Ok, do it!"
There are other ways to automate workflow that don't require the tool to do everything for you. IMHO, limiting yourself to what Photoshop can do is a trap, eg "export for web" which doesn't come close to generating production-ready assets. Given a need for workflow automation that's external to the editor, I feel it makes more sense to compose a workflow from tools that follow a less monolithic, more unix-y "do one thing well", kind of approach. But use cases abound. YMMV.
Try DarkTable and RawTherapee. Both of these options are pretty decent open source alternatives to Lightroom for the majority of basic workflows and common cameras.
I'd say they both are more than adequate, and allow for some pretty advanced workflows, since they expose a lot more tools with more fine-grained control than Lightroom.
For anyone who tries these programs, many of their developers and users hang out at https://discuss.pixls.us/
I've found DigiKam to be the most fully featured of the photo managers I've used. It even does facial recognition on your local box w/o sharing your data like most of the cloud hosted options. I'm not in love with the UI/workow but it works and can be installed on most OS I think.
Absolutely this. I'm a very casual user and this is the main point why I'm thinking of getting rid of photoshop. Great tool for whenever I'm in the mood for some drawing but my god does it make me nervous about my security and privacy.
The rumour a decade ago was that Adobe was the biggest producer of Adobe cracks. The idea was that it'd get people using it for free so it was the goto tool and then they could slam anyone using it commercially.
They can be still efective. Even a simple scheme may prevent a corporate user misusing some 30 day trial over and over and instead go through the trouble of getting proper license.
Yes, it's probably worth it to get a simple scheme for corporate users only. But Photoshop's protection isn't simple, but it is so widely cracked that in third world countries with limited internet access there are wandering sellers with DVDs of cracked Photoshop for 2-3$ (!)
I’m not finding much searching around either. I probably have an old spinning rust drive somewhere with the files still on them. This was somewhere around the CS5 or CS6 days, pre-subscription model.
From memory, in addition to sticking some pseudo-randomly named files in /System/Library, /Library, and -/Library, it would place a file in the root directory of all hfs+ volumes with xattrs set to hide and write-protect the file. Installers would then look for these files to check licensing status.
At the time, this was a fairly common trick with pro/prosumer proprietary software.
I believe on Windows the FlexNet DRM they use(d?) would overwrite Sector 32 and/or sometimes other nearby ones [0], which broke a fair few people’s GRUB2 bootloader installs as well as TrueCrypt as Flexera apparently didn’t check to see if it was in use for something else first.
This past week mine has started doing something even more fun on Windows 10: creating "WpSystem" folders on the root of all of my secondary hard drives and putting AppData>Local>Packages>Adobe.CC folders inside of them with a bunch of Internet Explorer and other dump files in it.
Stuff like this is why I'm still hanging on to my old Photoshop CS3. Some of the newer features are cool, but my needs are pretty basic and haven't really changed in the time CS3 has existed.
Sadly with OS upgrades that's often not possible. I suspect CS3 runs on Windows but with Apple's aggressive removing support for old features you can no longer run CS6 on MacOS AFAIK.
I only run their software in a Windows VM since it installs background services (AAMUpdater, AdobeGCClient) that don't go away even after uninstalling and using their cleanup tool. Not to mention the terrible cloud integration that hangs Chrome after trying to rebuild the font cache out of nowhere.
It's pretty much spyware behavior at this point. Like with certain video games DRM, Adobe software is one of those cases where the pirated version is actually better than the paid one.
I always really liked the idea of Sandboxie (https://www.sandboxie.com/) where you can run any and every application in its own sandbox, but I was never convinced that its security was as strong as it promised to be. I wish MS would implement something like this.
You do not want to run such things in an XP VM if you can help it. XP is such a hot mess security wise that flaws in it allowed attackers to break VM sandboxing more than once.
On the Mac, by default, Creative Cloud has an option enabled that indicates it will sync your entire home directory to their cloud storage service! I don’t think it actually does that, because I couldn’t see any of my files when I accessed their cloud storage product via their website, but what in the actual fuck.
The "Folder Location" option determines the parent directory where the "Creative Cloud Files" folder is stored, which is the actual sync folder. You can verify this by creating an empty directory and moving the sync location there. Bad, alarming UI though.
Wow, I’ll have to double check my system when I get home, that’s horrible.
I’ve been meaning to get out of the adobe photo software ecosystem, maybe this weekend is the time to find the right alternatives. Save a few bucks per month too.
just in case you didn't see below, this is for you to choose the location of your CC Files Sync folder. Not that it's syncing your hard drive to the cloud. the label is unclear, and I've filed feedback with the team to update the string.
While I've got your ear: the software update process is insane. It constantly notifies me about updates even though I dismiss the notifications (I'm not a frequent user, so I really don't care about updates much). Then, after I finally update Illustrator (the only CS app I use), I try to close the Creative Cloud app, but it asks me to confirm because there are pending installations. But I've double checked and there aren't! And then I get another notification letting me know that the updates are finished!
this is something we're definitely working on, there's a few things going on at the same time.
1. The CC app itself gets updates. If you're a purely Illustrator user you might not notice (or use! which is ok!) the features we've added, but it now has the ability to add custom fonts to your Adobe account, we've added new tutorials, and community features, support for CC Libraries, and a new unified search. One of these new features is notifications, which is #2.
2. Our notifications can be a little noisy, especially if you're not a frequent user. In the Creative Cloud app, you should see under Preferences > Notifications, the ability to select which notifications you want. So, if you want to disable App update notifications, you can.
3. On top of the features, there are some update/sync processes that go on in the background that won't function. Our current messaging just says "pending installations" which doesn't cover it all and we've heard a lot of feedback from users internally and externally about it. We're going to make that message more tailored to anything that's actively going on, and if there's nothing, allow you to close the app silently. To double check that nothing is actively installing, you can check the cloud icon in the top right to confirm. If there's nothing there, you can close it with confidence that it isn't installing an update.
Hope to get these enhancements out to our user base soon. Thanks for your feedback! Please note, we do actively track anything we see on our User Voice (http://creativecloud.uservoice.com) and try to engage on social media, in case you'd like to keep giving us more feedback outside of HN. Thank you!
1) Words can't adequately explain how little I care about Creative Cloud. I would really appreciate it if Adobe's stuff only ran on my machine when I was actually using one of the tools.
2) See above
3) Again, see above. I don't want anything to work in the background.
It re-iterate what nikanj said, agreed. I have absolutely zero use for Creative Cloud. Wish I could run without it. Wish Photoshop and Lightroom would at most check for updates when run instead of some constant processes.
Haha, its as if they took the legendary Adobe greentext story literally and took the effort to automatically update the entire beast constantly! For anyone not familiar with the great story: https://imgur.com/gallery/iJD8f
Great. Maybe you can explain why "Adobe Desktop Service" needs 2.16GB of memory wired with no Adobe products running (including the Creative Cloud app) and sync turned off.
Open Creative Cloud app. Click Preferences, then Syncing. Folder Location = “/Users/toasterlovin”. That, to me, indicates that it will try and sync that folder.
Ah, no. I see your point, this is as a fellow poster indicated, the location for your Creative Cloud Files folder. I will check with the team to see if we can make the language clearer.
Thanks for being so responsive. This is a truly alarming UI.
While you're at it, please ask the user whether he wants to sync at all during installation. By default it should not sync.
I only have Creative Cloud installed because I am a Lightroom and Photoshop user. I use the sync feature in Lightroom but do not need another generic file system cloud sync.
"Folder Location" = "location where a folder will go." Like when choosing where to unzip something, or where to create a new library bundle in Photos/Music.
Because, like every other sync solution out there, though for what reason I don't know, it fears the consequences if you are allowed to name the sync folder yourself.
Not perfectly analogous to specifying folder names yourself, but the infamous Steam deletion bug comes to mind. (https://github.com/valvesoftware/steam-for-linux/issues/3671) Caused by a failure to use readlink (plus not sanity checking variable contents), so introducing a symlink would break it.
50% off each product (one-time purchase with updates, no subscription) too during the COVID pandemic.
Won't take you long to adjust at all as they're very similar and the apps are more lightweight and faster than Adobe's products have ever been. Also iPad versions if you want to edit on a tablet.
Been using Affinity Photo for a while now as an alternative to Photoshop and wouldn't look back.
I’ve used Affinity Designer as a cheap alternative to Illustrator. Not surprisingly it’s way better than Inkscape (the Inkscape UI alone makes me lose all interests in designing anything), but Illustrator definitely has a lot more features and power tools, and arguably more importantly, a hell lot more online resources. So I guess Affinity Designer fulfills the role as a budget alternative, but not much more.
I've always wondered why the space of professional graphics programs isn't like the space of professional DAW (audio) programs. With DAWs, everything is a standardized plugin (a VST) that can be run inside any of the workstation programs. Customers can buy VSTs separately from any consideration of what ecosystem they're going to be using them with.
Because only now are viable professional alternatives to Adobe programs starting to show up. Adobe would be shooting themselves in the foot by working with some interoperable plugin format. Also, for graphic design at least, plugins are a much smaller part of your workflow than they are in audio production— the basic tools really are the most important thing in design. I'd say most professional graphic designers, if absolutely necessary, could replace their entire digital workflow with a few hundred dollars in art supplies, maybe minus typesetting and color matching functionality, and likely produce more interesting (if much slower and less polished) results. I don't even think they make Letraset letters anymore.
That's very true! Although, I don't think it used to be true; there used to be several different, incompatible font systems. There were many simple bitmap-font formats for operating systems/display protocols (Windows, MacOS, and X11 all had their own); and then there were more complex, vector font formats, originally designed for printers to use internally, but then extended to computers through desktop-publishing software (e.g. Adobe Type1, Apple TrueType.)
If you think about it, much of the original point of desktop-publishing software, back when OSes could only natively use bitmap fonts, was that desktop-publishing software could do WYSIWYG layout and preview-rendering for vector-font "instructions" (e.g. PostScript.) Fonts were indeed a lot like VSTs!
I have no experience with graphic design programs, but I would guess that it has something to do with the fact that VSTs are self contained and have extremely simple interfaces. A VST takes some input (MIDI or audio) and produces some output (MIDI or audio). That's it. They're extremely modular, and you can chain them together in arbitrary ways so long as the inputs/outputs line up.
I imagine it's not so simple in the graphic design world, and without such a simple interface that everyone can agree on, it's much harder to create standardized plugins that everyone can use.
I lost my adobe license from my old job and gave designer a go. For my purposes, I’ve found it to be a superior solution. Runs faster, and basically the same shortcuts.
I needed to do some water color recently. Corel Painter blew my mind. The interface looks a little outdated but the brush styles and effects out of the box are just a joy to use.
Have you checked out Adobe Fresco? It's a free app that works for iPad and Windows, and let's you draw/paint in Fresco and use that same document in Photoshop
I am looking to replace Adobe because 50 USD per month is quite a number. I prefer one time price like Affinity. Too bad they don't have replacement for Premiere Pro and After Effects. For now I'm stuck in Adobe's purgatory.
I tried both. Pixelmator lacked (or I couldn’t find) vector tools I was looking for at the time, then the trial expired. That pushed me to Affinity and I had less trouble. Take this with a grain of salt, but vector work feels like a bit of an afterthought with Pixelmator.
What level of bug would it take for you to believe that a company is inept and bug reporting to be a waste of time?
For example if I was selling lemonade, you bought some and when you tried to drink it, you discovered sand instead of lemonade, would you come back to my lemonade stand and report a bug in my lemonade making abilities?
By the way, no refunds, you keep the sand. Legit lemonade business right?
Know any Premiere Pro alternatives? I know nothing about videos except we pay $70 a month and Premiere Pro still can't edit our older iPhone videos because they were filmed without a certain compatibility setting turned on for the phone.
We have to run an older (years older) Premiere Pro on our Macbook that somehow can edit them without any issues at all, with a newer up-to-date version on our much faster PC for recent videos. We've tried transcoding and various things like using an older version on Windows, but nothing else seems to work.
Then the other day I had to stay up until 3am because a video being edited just stopped saving with an uncaught exception and no useful information on both versions. I finally figured out that some effects like loudness and reverb control applied to the sound channel had become corrupted (after noticing it would save with sound off, then fiddling with the clips for another 2 hours having no idea what I'm doing).
Ever since the Flash days I've been wary of their software quality. Paying over $800 per year is fair if you're earning money and the stuff just works, but they don't seem to be holding up their end of the bargain.
However, if you don't need the absolutely full array of switches available in FFmpeg, Ive used the fork FFmbc to get into standard broadcast formats with easy presets:
Thanks, I've heard of DaVinci Resolve and found out shortly after commenting that there is a free version. We should give it a try.
I've got ffmpeg and Handbrake for transcoding but for some reason they both caused issues in Premiere Pro still (audio sync, choppy/repeating footage, etc) on those files. I'm not very experienced, so that might be on me, but it didn't seem to happen outside of Premiere Pro.
I just made the switch for exactly this reason! Still getting the hang of the UI but seems promising so far. I shoot with Fuji cameras which seem well-supported here.
a bit off-topic, but would you have any interest in a barely-used FUJIFILM XF 80mm f/2.8 R LM OIS WR Macro. and also a FUJIFILM XF 1.4x TC WR Teleconverter.
my Fujifilm XT2 was stolen during a trip to Europe last year and i've switched back to Nikon since the battery life of the mirrorless was disappointing (due to the EVF).
now i have some Fujinon macro glass collecting dust as rather expensive paperweights :(
I learned on Darktable as an amateur using Youtube tutorials and absolutely love it. I really "get" the concept of the digital darkroom now, and I love the conscious effort of "developing" my photos.
For just a free, straight-forward, full-featured PDF reader/viewer/text-finder I've been a long time user of Foxit Reader: https://www.foxitsoftware.com/pdf-reader/
It's a mature product at this point and have had a good experience for years now.
I haven't used it on Mac, but PDF Expert[1] from Readdle has been great on my iPad - I use it to both read and edit PDFs. It's fast and the UI is intuitive.
Just tried it. PDF Expert would not display the government fillable forms that Preview also will not display.
The app offered to convert the PDFs if I would email them to PDF Expert, and suggested Adobe products as an alternative. Nice try, but Foxit displayed the PDFs and allowed me to fill in the fields.
I still routinely encounter fillable forms that Preview.app can't handle, particularly with checkboxes or large text areas. It also frequently uses the wrong font in PDF forms meaning text doesn't fit in the prescribed form fields.
That doesn't work for sites that then process filled PDF forms, unfortunately. And it incredibly time consuming for some forms that have dozens or more of checkboxes and fields to fill in.
Does Foxit work for those and other edge cases? I've used Preview.app for years and only the past few months have encountered incompatible PDFs. I reluctantly downloaded Acrobat Reader. The PDF required a signature and locked the document for editing...that was annoying and not completely obvious.
Just tried it. Foxit works with the fillable government forms that I have not been able to read for months because Preview won't display them.
I agonized about installing Acrobat Reader, but Suspicious Package says it wants to run 88 install scripts. I don't feel like tracking down that much malware when I uninstall it after filling out a form.
My use case is making lots of highlights in textbook PDFs and I usually can't highlight for long before it beachballs. PDF Expert is a huge upgrade in this respect.
Readdle just needs to add exact phrase searching/finding; then it'll be wholly better than Preview imo.
The problem with PDF is that it's a bag of needles disguised as a piece of paper. Most of the time people expect a PDF to be a document, not a Form, Rich Media, Contract, Javascript, or any of the other crap it can do. All that extra crap dramatically increases the attack surface area of Acrobat or any other PDF reader that supports it.
At least the PDF reader in Firefox is a Javascript App that runs in a Browser sandbox and doesn't support 99% of the crap a PDF can do.
On Windows this can easily be remedied in the options accessible via the taskbar. I always turn this off and tell it to show the full window titles instead of just the icons. Windows are not browser tabs, I don't ever have enough of them open to need that stacking behaviour.
But do they remember your position in the PDF between restarts? I some times read books or lecture notes in PDF format, and dedicated programs works much better for that than the support in browsers
Safari "supports PDF", but not well. The PDF viewer is run in an extremely janky view that clearly has not been updated in years. It runs out-of-process, but takes little advantage of the many advances in XPC rendering that have come in recent years; as such it cannot handle looking up services correctly, or vibrancy, or even have Retina support for its UI. And those are just visual: the PDF support itself is shoddy; it's unable to do many things that other browsers can do out-of-the-box (forms?), searching for text has been broken for the better part of a year. It's an obvious rough spot in Safari's otherwise polished interface.
Fair criticism. I guess my bar for what I define as "good PDF support" is much lower than yours - I only generally read them or plug in a digital signature when signing my lease.
Personally, I am loath to download documents. I actually like what iOS Safari does, which is run the generic document previewer on files inside the app itself. I hate clicking on a link on my computer and then getting a PPTX that I have to open in PowerPoint.
I feel exactly the same and I totally depend on Lightroom and Premiere/AE/Audition for making a living. I would _never_ install their suite outside my editing machines.
Creative Cloud is also spyware, transmitting and uploading your logs and activity within the apps silently and without your consent. I use Little Snitch and deny them almost all network access after the first ten minutes they are installed/activated. It’s a big patchwork of stuff, much of it running as admin, including node and other stuff. I don’t trust it at all, and would have a dedicated machine or VM for it if it were practical.
Hopefully I can move to the KDE video editor for NLE, and Pixelmator is already better than Photoshop IMO. The only other two I need to replace are Lightroom and After Effects. I think the latter will be hard/impossible.
A workaround is to use LittleSnitch (or Windows Firewall Control if on Windows) and block everything Adobe except what you actually need.
No freaking app should ever be given this much or any control over a user computer. Every app (except system maintenance tools and other apps which genuinely need full access to fulfill their very purpose) should be constrained within a directory meant right for it + the files the user wants them to open.
CPU usage goes up in case of blocking, be caerful when on battery. I tried to remove adobe background services crap (or disabling it via services.msc) when used adobe apps on windows.
That kinda stuff runs well in a VM. Not too GPU dependent, so you generally get very-near-native performance. The only problem I end up having is constantly blowing away my VMs, racking up too many new installs, and running afoul of key limits.
Have you seen qubes os? [1] Obviously this would not work on OS X, but the concept is fascinating and definitely a different and unique approach at security and isolation.
Qubes is great but be careful... I tried giving a specific usb port to a windows vm to play games with a joystick and accidentally gave all of my USB inputs to it, effectively locking myself out of dom0. Oops.
I wanted to try running in a VM and actually have not considered believing bad performance. How is performance degradation - is it very very noticeable?
With the virtualization primitives in modern CPUs it's like 95%+ of native. GPUs are a total lost cause though, so you won't be playing games (unless you do GPU passthrough).
As someone who works in film production I am so done with adobe creative cloud. I use FCPX because I can’t stand how inefficient adobe is on a Mac. It grinds your processor for no reason and renders at half the speed it should. After effects is way better than Motion but it’s just not worth it. I spent $300 in 2011 and FCPX has been flawless (well...after they fixed that first year or so of problems haha). With FCPX having a one time payment and davinci resolve being free, I just can’t justify adobe’s relatively expensive monthly payments when it’s so inefficient and insecure. And the updates! Jesus christ.
Years ago (pre cloud - master collection) I was on Windows and made the switch to Mac with a written guarantee that the apps (I used Flash a lot) would have the same functionality. It turns out that the ability to zoom in with the mouse was crippled and they removed .eps output ability. They continuously removed output formats (eg at least FXG allowed some format interchange until it too was taken away). So, workflows had to be abandoned.
Amusing to think about how used to terrible Adobe 0day people are. Zoom has some stumbles and the tech giants seize in the opportunity to promote their solutions. Adobe? More 0day? Just another day at the office.
I used Photoshop for digital painting but wilfully ditched it when I got a new laptop and decided to install Mint on it instead of staying with Windows 10. Then I discovered Krita, which is a linux based open source illustration program which works just as well and I don't have to worry about Adobe eating up half my memory on useless background processes I don't need nor want.
There is quite a bunch of "PDF" features around forms which basically only work with Adobe PDF and maybe one or two other ones. But good luck if non of them are available for you.
Worse many "office" people which create PDF's with form fields use Adobe tools, so they never see that what they hand out to thousends of students isn't working with >90% of PDF viewers....
Installed Acrobat a few weeks ago for this use case specifically. I feel like Preview used to be a lot better at editing fields, recently it has been a real pain.
PDF has two types of forms: native and JS driven. I'd bet that the problems are with the JS. I'd also be willing to bet that Adobe makes Acrobat author forms in a way that intentionally breaks third party readers.
Apple's Preview does a pretty good job with generic pdf forms. Unfortunately, Adobe has created multiple types of pdf forms using different technologies and very complex specs.
Apple does not support all of these. (You can also find many cases of PDF forms using Adobe tools that do not round trip between platforms).
OTOH, Preview renders PDFs way better than Adobe Reader does. Tweaking the settings in AR didn't help either.
I only wish Preview would do two things:
- open files in "maximized" view.
- when opening a file, Left/Right arrow keys don't let you navigate the pages. Instead, they move the current page a few pixels left/right! (they work like horizontal scrollers)
They are actually quite handy when the only allowed method of submission is via snail mail or fax. Much better than the alternative of printing an empty form and filling it all in by hand.
The problem is that if the PDF forms where create with an Adobe program even things which should work with generic PDF might not do so because the Adobe program used JS or whatever below the cover.
EDIT: I looked into some of the PDFs again and it seems I had been wrong. Not sure what they use but it doesn't seem to be js.
EDIT EDIT: But I found other forms which where affected see my response below.
I've encountered JavaScript-heavy PDF's before, but which were obviously so. (Automatically calculating values for one form field based on another, generating QR codes, etc.)
I've never come across a seemingly "normal" form PDF but which secretly used JavaScript for normal things like form filling, so that normal form-filling tools didn't work. I don't understand why the normal PDF type-in-a-text-box tool wouldn't work.
Have you actually come across this? Can you point to any examples?
The Canadian govt forms like Visa application forms or Tax forms don't work on any Linux pdf tool that I tested with. The pdf would display empty with a JS error message. This was a few years ago though.
Had to install the linux version of Adobe, which is many years out of date now.
This lack of differentiation really grinds my gears. Why in the world do both of these activities share a name? It would be really interesting to take a random sample of the population and ask them some basic context like their occupation/education, and ask them whether a digital signature comprises a graphic of handwriting (validated with eyeballs) or something more sophisticated (validated with math).
There will be some obvious trends, but I suspect there will also be some surprises.
You're referring to "term overloading". This is pervasive throughout all domains of engineering, but more so in software because there are so many conflicting standards, definitions and citations. It's really hard to get a handle on. Like, I would assume that posting on HN the audience would assume I would not confuse "overlaying pixels of my signature on a document," with, say ECDSA sign & verify. But I was wrong to assume that. So, barring a common definition, should we speak with increased precision thus verbosity? Perhaps. But if THIS example grinds your gears, hooo boy, hang of for a ride.... :)
The point of a signature is to affirm the authenticity of something. When you sign something by hand, you're showing that you reviewed it. If you cryptographically sign something, you're doing the same thing to a bunch of bits, and arguably in a way that's a less easy to forge.
Just dealt with this yesterday. It’s too bad because I really like the signatures I have saved under Preview.
So I sign all signatures on a lease with Preview except for the very last one, which I did using a digital signature under Adobe Reader. it was a self-signed one certificate but the goal is still to have the other person feel comfortable with doing a contract over email than in person anyways.
What’s the benefit of signing the pdf itself rather than the distribution? If there’s a large need for this seems like an easy way to make a bit of money cutting out adobe.
The good news is, unlike Windows, macOS has a fantastic default PDF viewer ("Preview") and I don't know why anyone would ever install Acrobat on it
I, too, prefer Preview to Acrobat. But part of my workflow occasionally involves copying text from a PDF to create a web page. Preview cannot be counted on to reliably or accurately copy that text. It seems to have particular problems with the letter "f" when next to a letter "s," in addition to other flaws.
Acrobat, on the other hand, always copies the text correctly.
Aside from this one use, however, I always employ Preview because otherwise it is far superior.
Windows 10 has had a built in PDF viewer for at least 5 years. It's the Edge browser which is now based on Chromium. You can sign and save documents too.
Yes it's pretty good. I actually used PDF.js to debug a malformed issue at work once. The javascript console error log gave a clue about the issue where no other tools said anything.
Preview is such a great app. For simple image editing too... I used to have to get gimp to crop, rotate, and resize images, preview does the task simply and well.
It seems crazy, but Preview is genuinely a big part of keeping me stuck in the Apple ecosystem. That iOS doesn't have anything like it is the main thing keeping me from ditching macOS for iOS (+ remote Linux VMs), even. It's a sign of how crap the UX is or has become on Windows or Linux that it's so surprising to have a basic utility program function so reliably, so well, and with such light resource use, while consistently delighting with its versatility.
I have similar feelings about their office suite. In general their add-on and utility software is just great. I'd miss all of it on any other platform (and do, when I use those—yes, even the file manager, which is still less crashy, less prone to weird interface bugginess, and more consistent than any featureful equivalent I've used on Linux, and I've used... oh, all the big ones, over the last 20 years, and I don't find it any worse than Windows Explorer, aside from preferring some of the latter's hotkeys) but of all of them... yeah, Preview may be #1, which was not something I expected when I first started using OSX/macOS about 10 years ago.
It does a decent job for heavily text based pdfs like legal forms or manuals and even lets you annotate the document with a pen or highlighter but it chokes on more image based pdfs like slide decks or schematics.
Thanks. I’ve tried about a million different tricks at the time, none of which worked. I’ve given up on it. There has been a Twitter thread by an Apple engineer which I won’t be able to locate now, but the crux was that they know they’re breaking things for non-4K screens, but they don’t care enough/don’t have the resources (lol) to fix that.
You buy Acrobat DC the impacted product because you’re using it as more than a reader. OCR image to text (laying the text invisibly within the pdf as metadata behind the image) is a common use case. Slim down a bloated pdf eg that came out of a scanner driver. Properly redact sensitive information (legal, govt, journalism context).
The software is flawed even beyond security issues but for creating or editing PDF files there is not much competition. (There is some and I’ve used that too and it’s mostly worse. It’s a hard problem apparently.)
As a general rule, Acrobat ignores and silently fixes a lot of issues with PDFs that more stricter implementations will complain about (it goes beyond the spec to be accommodating). This unfortunately means a lot of programs out there are making malformed PDFs but their users don't know because "it works here on Acrobat!". So that's one reason I have to install it despite alternatives on Windows, but maybe Preview is the same in this regard and fine for general users.
as far as I know the macOS display subsystem was built around the PDF specification. You'd think the OS can handle viewing documents without much additional third-party overhead:
If you're on Win10, the Xodo PDF app is the best/fastest - and it allows editing and page order changes. And it's free.
And it's a dream to use on a touch screen. Trying to open the same high quality/density PDFs in Adobe (even just the reader) is an unresponsive nightmare.
I don't even understand how there can be such a significant difference in performance when Adobe created the format....
At this point Adobe have to be responsible for some overwhelming fraction of all desktop exploits. There's always bugs in PDF readers. Not to mention their history of Flash (admittedly bought in rather than written)
And this "inventing your own launcher/updater" fetish that seems to be pervading software. There is a corollary to Zawinski's law here: every piece of software eventually installs yet another shitty updater alongside itself.
Fuck the perfectly functional updater built in the Mac store.
Yeah, for all the complaining we do about the various app stores, shitty devs like Adobe really forced the platform vendors' hands on this. Users and devs can't be trusted with that capability, the platform vendor needs to be the adult in the room.
> Yeah, for all the complaining we do about the various app stores, shitty devs like Adobe really forced the platform vendors' hands on this. Users and devs can't be trusted with that capability, the platform vendor needs to be the adult in the room.
It doesn't even have to be like this though. Why not a simple notification directing me to the download? I guess reduced friction but is that really it?
Those updaters do work great, probably because (at least on Windows) they circumvent elevation by not requiring it.
The problem is that, if every app decides to use its own updater, there's a good chance that your internet line could get saturated when everything decides to update at once (especially when this awful PDF reader is 180MB). A system-wide updater avoids this issue.
30% revenue cut so that you get no increased market? Yeah, fuck the perfectly functional updater. The dollar loss through distributing a security flaw is way lower than that.
Sparkle is slightly more limited in what it can do and grabs an authorization right (to run things as root) when updating using the system APIs to do so rather than always running as root. Some would say this is a much better design (myself included) but Adobe presumably did not go this way because they are either lazy or actually would like more access to the system than Sparkle needs.
Is anyone else tired of having all these "updaters" installed by default, running perpetually in the background? I just want to run your application. I do not want to run (as root!) your marketing puppy that begs me to update to the next version every three days. I wish there was a way to opt out of them. Or even better, have the OS treat them as malware and block them before they even get installed.
Some applications do a check on start-up to see if there is a new version available. This is a lot better. Why isn't this good enough for Adobe?
> Some applications do a check on start-up to see if there is a new version available.
Infuriating. I just want to use the software not randomly be interrupted throughout the day as one of the 50ish applications I use on a regular basis decides to do a "minor bugfix and localizations" update and thus totally interrupting what I'm doing. Oh and after it does its update, the document I double-clicked on isn't opened or there is a FTUE showing me "exciting updates."
Most modern software sits there idle all the time, why not do this nonsense in the background? Why do you need to interrupt me at precisely the one moment I actually want to use you? (This is especially annoying of gaming consoles and other "appliances")
My favorite recent example is DBeaver. The update to v7 destroyed their own SQL directory which had saved in it a SQL scratchpad document containing little SQL snippets I had written over the last few months, some fairly complex that I ran once or twice a week. I had restarted DBeaver dozens of times over those months, my SQL snippets returning each time ready to be run...
Then one day, like an idiot, I clicked the "Update" button and all that hand-written SQL was gone, like tears in the rain. Gee, thanks DBeaver! I love v7! Tell me more about your new features! I love having my careful work destroyed for an update...
To be fair, if you work with only Mac App Store apps and brew-managed packages, it's a similar (but less uniform) experience on Mac (and the `mas` utility fills in for the App Store on the CLI).
And things are better and worse depending on your Linux distro (ref: Snaps in Ubuntu).
The problem is a lot of useful software isn't (for good reason) available on the App Store.
Exactly, the main app could have been a hello world app, but when the updater for it is created with classic adobe lack of care, and root access, it doesn’t matter.
What prevents them from running updater unprivileged and asking for root before installing the update? Or better - why can't it be installed and run under the user. Most other apps are simply copied to Applications and run as the user. I can imagine they want Windows-inspired multi-user install. But still there is no need for running the updater full time with root privileges.
If you were to try to meet the full specs of PDF for satisfying the same purpose, the outcome would be 10-20 separate specs, all of the same complexity.
the better idea is to segment out what exactly you want to use it for and use a specific file format for it.
IE. Do you want vector graphics? Do you want document signing? Do you want to just do printing of a text only document? Do you want to encode picture bitmap information? Do you want to show a document online? Do you care about colour spaces? Unicode? If unicode, what kinds of unicode? Font rendering? How do you like your glyphs and ligatures to look?
The spec is so big because it has like 10-20 purposes.
> the better idea is to segment out what exactly you want to use it for and use a specific file format for it
What I want is basically an entirely static (no javascript, forms, media elements, etc) copy of a web page, with a logical deterministic rendering, and a fixed page size (no reflowing). Basically, if you took a web page and printed in color on pieces of paper, the HTML + CSS that describes the stuff shown on the piece of paper is what I want a "portable document format" to be. (Along with a set of rules that specify exactly how that code should be rendered.)
What I want in the spec is basically dictated by that:
* bitmap support: yes, let's start with PNG, JPEG, etc, and updates to the spec can introduce new formats
* color management: yes, should be required by the spec
* unicode: yes, we can probably be UTF-8 only at this point?
* font rendering: deterministic; make it part of the spec. Fonts should be embeddable in the document. Ideally the font rendering for the end users should be as high quality as possible (this is quietly one of the things PDFs are already doing very well).
* glyphs / ligatures: should look exactly as they are determined by the author of the document. The spec should allow for the full use of the capabilities of an OTF font.
I think this probably covers the stuff 95% of people want from 95% of their PDFs, and it's vastly simpler than what's currently in the spec.
Honestly, PDF/A comes pretty darn close to getting there. The most recent version allows embedding arbitrary files, however, and there's lots of annoying cruft from the PDF format. (Renderers have to support displaying embedded XML forms, for example.)
* All rendering done by raster chunks that get pieced together. If the pdf has a photo in it, it would be used as its own raster chunk.
* No special font rendering, but an idea of where text is so it can copy paste as though it is selecting text. Really it just outlines parts of the pre-rasterized text. Potentially text could be rasterized per letter for compression, but no dependency on font rendering abilities or local fonts should exist.
* No vector rendering, but the ability to select a rasterized vector image chunk and save as either .svg or .imgType.
* The ability to click html links
* The ability to write (with non-special fonts) into areas as to fill out a form
* A basic Regex (limiter => error/warn message) for form fields
-------
I think this would be enough to cover everything I've done with a pdf. Tests to pass:
1. Looks the same everywhere
2. Can click links (great for resumes)
3. Can view photos, and select them for download
4. Can fill out forms
5. Can copy text
6. ???
-------
Obviously size would be an issue here as you get to larger documents but I suspect compression could be made efficient enough to be just fine in most cases.
I'll just add that's version 1.4 (Acrobat 5) which is typically what many digital printing companies will request if possible. After 1.4 it was basically all useless features being added which bloat the file size (though 1.4 has a bunch too). So later versions of the spec will be longer.
I do like the spec a lot and have actually used it to track down bugs in files before. It's very easy to follow if you're just looking at certain operations.
Correct me if I'm wrong, but PDF contains a JS engine within it.
The spec is also partially used for specifying and bootstrapping a publishing and printing system on its own, so it's like JS + cups + PostScript + Unicode + font rendering all combined into one mega spec.
Adobe patched this to prevent symlinks but apparently didn’t bother to add any sandboxing to their root helper tool. Logically this means that any future bugs in this tool will result in the same level of exploitability.
Nowadays self-updating software, from the user perspective, can be as easy as using Touch ID, so why Adobe and other companies are still messing around with complex, insecure and fragile autoupdate permission bypasses is beyond me.
The idea that any pdf reader, or indeed any aspect of itself, might require to run as root is ridiculous. We’ve had drag and drop install the entire history of adobe-on-mac os x. What is taking them so long?
It's amazing how the software industry has managed to insulate itself from any kind of serious liability when it comes to the dumpster fire that is security and privacy.
Could you imagine if other engineering disciplines had the kind of liability protection that software companies do?
PC takeovers leading to millions of people being victims of identity theft, or used as a backdoor for national security relevant hacking efforts... We need to stop acting like these things are “insignificant” and accept responsibility for our actions.
Why does anyone install a dedicated app for reading PDFs?
Edge, Chrome, and Firefox all have built-in PDF readers. macOS's built-in Preview app can read PDFs. Just counting those four solutions, most users already have at least two PDF readers on their computer without installing Acrobat, Nitro, Foxit, or whatever.
Stop installing dedicated apps for reading PDFs! They are bloatware meant to encourage users to buy PDF editors which most will never need!
You know how some people make websites? Well, what if instead of a website, we make a pdf that you can upload a document to and then click a submit button in the pdf. And for good measure, lets make it so it only works in Adobe Reader's internet explorer plugin.
Welcome to the Bank Secrecy Act e-filing system brought to you by the united states department of treasury.
I spend a lot of time reading .pdfs because I'm in grad school right now. Using Okular is way more convenient than trying to use browsers. This is not a strange use case at all, many people who frequently read .pdfs have the same needs.
And it's clearly not trying to sell me on a pdf editor, because it's not related to a paid editor. Or at least I'm not aware of it, either way is fine by me.
(To a sibling comment, just stop using MacOS: it's not a rule, but the usability and craftsmanship sensibilities that create software like LiquidText tend to cluster with the usability and craftsmanship sensibilities that appreciate MacOS.)
I'm not sure if this could be considered a niche audience, but I install Adobe Reader by default on user machines, mainly because the built in readers with Chrome or Edge don't handle printing natively very well, due to not using the system's print settings immediately. You can bypass it with a shortcut and make changes, but it's not so great when users will select print and click ok, it's difficult to educate them against that. It's much easier to use Acrobat Reader and set it to open by default in that. So this may be the install base, SMB and schools, some large enterprise as well.
Whether that preference will get changed back to edge in a feature update is another story.
Actually... stop using OS X altogether. The infamous High Sierra root-login vulnerability is harrowing enough and I'm gobsmacked as to why folks didn't abandon Apple at that point.
I've been happy, gainfully employed, and quite successful in all ventures using Debian + free software, exclusively, for nearly 8 years. I'm not the only one. Happy to help anyone migrate should they have challenges!
Can you elaborate on the kind of "serious work" you are doing which cannot be accomplished with one of those solutions?
Obviously those are all readers, so they are not able to edit PDFs or create them from scratch. However, neither can Adobe Acrobat Reader or most free PDF bloatware.
The main purpose is trying to fill out annoying legal / banking forms that have tons of fields and sometimes field validation, digital 'eSignatures', etc. And every browser renderer treats these things differently and often breaks.
Try and work off a 1600 page reference manual for actual work on a desktop. Bonus modern design is informed by the need to support monkey's fat fingering stuff on their smartphone. Any use case outside of that is less and less supported.
Adding and saving annotations/notes/highlights, fast full text search (aggressive preload), double page/single page views, form filling and saving (perhaps not even to the original PDF) are the minimum you really need for "working" with PDF...just "viewing" them is not really enough for serious academic work/research on PDF files. The more well integrated, the better. The functionality should look like in Acrobat, Okular, Mendeley, or similar tools.
I tend to use Adobe's little-known Acrobat Customization Wizard DC for Windows[1] to disable some of the unnecessary features in Adobe Reader. It is free and does not require a license, nor does the enterprise installer for Adobe Reader require a license. Features I disable include the online subscription services (actually a checkbox labelled "Disable Upsell"), cloud storage integrations, and Adobe sign-in. I enable Protected View for documents from "potentially unsafe locations" (basically downloads/emails). You can also disable automatic updates, though I tend not to. These changes make the UI far less cluttered. I suspect that these changes also improve speed, security and privacy, though I have not done any particular testing to confirm that.
Basically you use it by uninstalling any existing Adobe Reader installations, installing the customization wizard and then downloading the enterprise installer for Adobe Reader[2] and extracting it with 7-Zip[3] (or the commands Adobe provides in the documentation). Then, you open the msp file in the wizard and customize your options. Finally, you save the changes and run setup.exe in the directory of extracted files. Once you're done, you can uninstall the customization wizard.
There is also a version of the wizard for macOS[4], but it seems to be far more limited in terms of what can be configured through the UI, and most of the configuration has to be done by manually editing plist files.
> Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities
If you have a mac, you might want to know what version of Adobe Acrobat Reader DC is necessary to have the patches.
The OP doesn't appear to say? The CVE's referenced (which ordinarily would say the patched version I think) all still appear to be protected/private, at the point I write this.
My Mac does have "Adobe Acrobat Reader DC" on it. [btw, when did "DC" become part of the name and what does it mean?] If I open it up and choose "Check for Updates" from the "Help" menu, it does say "Adobe Acrobat Reader is already up to date." I'm not sure exactly when/how it would have been updated though.
Under "About Acrobat Reader DC", it claims to be version `2020.009.2063`. It does not include a release date with the version.
Has anyone had success using this with Adobe? I once had to install some Creative Cloud apps for a short-term project so I ran tree on the root directory as superuser before and immediately after installing and then used a diff checker so I’d know exactly what they put on my machine.
It took forever. When I was done with the project I “uninstalled” everything and then deleted every single file and folder from the list and manually poked around to see if there was anything lurking that I might have missed. I thought for sure I’d won.
About a week later I got a notification that Adobe Creative Cloud was requesting keychain access.
Believe me when I say your machine will still be sprinkled with crap after running AppZapper. If you want to remove it, you need something like https://rixstep.com/4/0/tracker/
You're right, it's only 19 years old. But it might have a cross platform C++ library for parsing PDFs that is even older that was used on OS 9 and other platforms.
Business as usual with Acrobat Reader. There are so many PDF alternatives out there, I don't see why so many people keep using it. I understand that there are some Adobe-specific extensions that won't work in other viewers, but typically those are use-cases for things that should not be done via PDF.
Please list for me the alternatives that are so ubiquitous as PDF that I can send someone a copy of a document that they cannot modify while still being able to read/print/etc, and is not a pure image format that is multiple MBs in size.
Except Acrobat lets you modify PDFs. If you're trying to send someone something that they cannot usefully modify, you're kind of doomed from the start.
Except Acrobat lets you modify PDFs. If you're trying to send someone something that they cannot usefully modify, you're kind of doomed from the start.
Acrobat won't let the Average Joe modify a password-protected PDF. Neither will Preview. There are ways around it, but for 95% of the people receiving a PDF, it's as good as locked.
That's why these "read-only" PDF are laughable. Just sign your PDFs (there is full support, no excuses possible) to create an authoritative/accurate version.
I think I kind of wish there were fines for this kind of issue. I know all software has bugs and I certainly wouldn't want to be on the hook for my free software but I don't charge for free software.
IANAL but I seems like for many non-software products there would be legal repercussions of they caused damage or had other issues. Is there any reasonable way to apply or morph those kinds of laws to software? Ideally it seems like it would be nice if the incentives changed so running all these services in the background is too big a legal risk and they stop?
Of course there are. I checked the processes running on my macOS machine a few days after installing creative cloud because it kept loading upon stat. only to find there are like 5 creative cloud processes constantly running in the background. No clearly visible setting within the application to stop these or keep it from running at launch either. This type of software design is unacceptable imo
It starts to look like Mozilla's pdf.js is the most secure viewer, at least it's using the browser's sandbox that is way more battle hardened than anything Adobe can come up with.
Is there sufficient sandboxing going on under the hood with Firefox? I wrap it with firejail because I was under the impression that Firefox was lacking in that regard.
On Linux, as of Firefox 60, Firefox now uses Linux namespaces to isolate the various processes it starts from the rest of the system, where supported. https://wiki.mozilla.org/Security/Sandbox#Linux This is the same approach taken by Chromium. I can't say anything for certain about other operating systems, haven't really looked into it.
I suppose that doesn't answer the question of whether pdf.js specifically runs inside one of the sandboxed processes, but it seems very likely that it does.
Good thing the Canadian government has decided to only use Adobe's proprietary pdf format (only openable by Acrobat btw) for all PDFs (lease agreements, academic forms) hahaha!
The problem is there still are PDF forms many people need Adobe Acrobat Reader for. I use Okular and SumatraPDF to read normal PDFs but there is a form I am required by the state to fill regularly so I had to manually extract Adobe Acrobat Reader from an old Ubuntu repository.
By my last count there were 36 separate sections in the Adobe acrobat reader preferences, including a fair bit of internet and javascript related preferences, and gems like "Security" and "Security (Enhanced)".
I've lost track of the services they have scattered around my Mac that are running silently, doing things I can only hope are not malign.
Just today I was debating whether to move back fully to Preview or keep Adobe's bloatware on my Mac, and I think this made the decision for me.
Given that Adobe has generously scattered a bunch of random stuff around my Mac, could one expect something like AppCleaner to find and clean out all the bits and pieces, or is that too much to ask?
Does the updater need to run as root, though? They could install a launchd process running as the installing user who owns the /Applications folder. This is what everything else does -- privileged helper daemons are not common.
It's kind of amazing that PDFs are still a thing after all of these years. Also, the UI in Acrobat is one of the most creative (in a bad way) I've used since Lotus Notes.
I remember going blind to the "Update adobe reader" popups back in 2005 when I was using Windows XP. I can't imagine it's gotten better in the past 15 years.
I’ve been trying to delete every trace of creative cloud from my computer. Despite scouring the file system and rm-rf everything I can find, it comes back every restart ️
Aside from /Applications, I'd look through ~/Library/Application Support, ~/Library/{ADOBE_LOOKING_THINGS}, ~/Library/LaunchDaemons/, ~/Library/LaunchAgents/, the /Library versions of the last two (and /System/Library if you have SIP disabled), and /Library/PrivilegedHelperTools.
This is one those timeless headlines which could be from any given year over the past 20 years. Perhaps substitute "Flash" for Acrboat Reader intermittently.
Using PIDs to lookup the calling process doesn't seem like a great idea given the small PID space on macOS, I wonder if there could be a race there too.
Generally, code like this should be using the XPC audit token rather than the PID for such authentication. Alas, Apple, in its infinite wisdom, has kept this SPI private and undocumented but in a "if you care about security you should be using this nudge nudge wink wink" state for many years.
Serious question: what is the reason for the existence of the PDF format today?
From wikipedia: "to present documents, including text formatting and images, in a manner independent of application software, hardware, and operating systems."
I wish W3C would come up with container format for a HTML webpage that would pack all assets and run in any standard browser.
HTML was never designed to be "device independent", display pixel-perfect the same everywhere regardless of user-agent.
PDF was, in relationship with printing.
I think this is clearly a quality people want (whether they "should" or not), so it's unlikely they will stop using PDF unless there's another thing that can provide that quality. I don't think HTML is the right avenue for it.
I would say the ePub format comes pretty close to what you are asking for though, a container format for HTML webpage that would pack all assets and run in... well, standards-based software from several different sources. I'm not sure if browsers will actually display ePub or not? They presumably could fairly easily if they had a desire to, since it's all standard html/web technology. ePub is not W3C maintained though, I don't think.
It has moved in on PDF territory in some limited areas -- mainly ebooks of course, the use-case it's focused on. I think this is because it turns out "pixel perfect same everywhere" is a clear DOWNSIDE for ebooks, you want them to be formatted properly for your device's screen size, not have the same page size everywhere. So while PDFs were sometimes used for this, it works poorly enough for the user that another solution was demanded. (and thankfully we got an open standards one). Most uses of PDF still work "good enough" for most users (certainly not all; there can be accessibilty probelms). Even if it's a nightmare under the hood, PDFs generally work "good enough" for most developers too (again not all). It's a lot of investment to reproduce to replace, it would require popular use cases failing hard probably, with money to made from serving them better.
I do not get why people use Adobe Acrobat to read pdfs. It is extremely slow, bloated, eats up your memory, has more holes than Swiss cheese, it is non-free, and probably has all sorts of telemetry on it. I use Sumatra on windows and zathura on Linux (evince if I want to fill forms) and I have been pretty happy with it.
Everyone is talking about Adobe but that's not the right question to me.
- Why the PDF reader has root rights ? Apple should never have allowed this.
- How a programming error in a third party software can cause this ? Seems like a bug in macOS
If you can answer positively to the first question, burn your computer now.
Flash was ubiquitous few years ago. What happened? Of course, as browsers added features, there was no longer a justification for Flash. But also: security flaws.
Flash had many security issues and that was also a significant motivation for its "deprecation".
But it did not have to be that way. Now, the same is happening with Adobe Acrobat.
Why anyone would install acrobat on a mac is beyond me. The native PDF support is plenty good and if there are adobe reader specific features I dont want them anyway. I may not be the majority opinion here, but I try not to use the format anyway if I dont need to.
I wonder why Mac OS continue to allow this. They should have learned from zoom to disallow this kind of updating altogether. I suppose they are reluctant to drop the hammer on Chrome.
macOS is not iOS, and at least for the time being can't be iOS either even if Apple wanted it to be because there is no crypto signed hardware chain stack on all supported Macs. Users can still modify essentially all aspects of the system if they want to (though Apple has made it more and more work for system stuff), and in turn allow software to do so as well. There is also plenty of legacy software that a lot of customers care a great deal about.
So it'd be immensely difficult to try to retrofit the kind of system that would be needed to give users more control over this sort of thing, and impossible/very heavy to do so in a way that wouldn't break a lot of stuff without developers updating. It's a genuinely tough nut to crack and involves some trade offs. Apple's chosen decent-in-principle solution is to harden the base default system pretty heavily and have a curated ecosystem (the MAS) that they nudge users into by default, and where they can flat out ban this kind of thing. Ideally users who opted for other channels would know what they were doing.
The big problem is that the MAS fucking sucks in a ton of unforced ways (like no update pricing system), and is also far too limited in many others (from non-Apple source options to single safety levels). So in turn a vastly higher percentage of users than would be ideal are forced to turn elsewhere for a lot of quality software even from small indy players. The many bad parts relieves pressure on lazy/bad developers to deal with parts that would be genuinely good. That's life with Apple sometimes though. They're bad at multitasking.
Also note that Apple has "promised" to keep this door open on macOS, unlike iOS, although they may raise the number or annoyance of the steps required to get to this state.
But then what? You have local admin, but still no SIP bypass as far as I know. If there is an exploit for that you do of course have the option to chain that in there as well.
Unfortunately you need it for some other features of PDFs. For example, if you download the AWS SOC report it has attachments on the PDF (apparently that is a thing?!). You need to open it in Acrobat Reader to extract the attachments. I tried Chrome and Preview and neither work.
Preview is my first choice but when you deal with BoringOldOrg their PDFs won’t work and I have wasted a lot of time trying. Big financial orgs, state govts, etc... I understand that this isn’t the case for many people, but for someone that has to deal with these forms all the time, the Adobe app is the most consistent.
You certainly can. It's been a standard feature in PDFs for a long time. It's just that the PDF has to be created to that standard. Good chance the forms being generated by Acrobat is not conforming to that standard to discourage use of 3rd party readers.
I've encountered PDF's that simply don't work in Preview by design -- as far as I've been able to figure out, Preview won't run JavaScript embedded in PDF's for instance.
But all my experiences with filling out forms, makring up annotations, and all that jazz has been totally on par with Acrobat Reader. The same tools are present and all seem to work generally the same way.
What specifically have you run into that is poor in Preview?
Installing code as root does not necessarily mean granting root privileges to said code. (Even running an application under the root account shouldn't require or imply that. For example, if I use a text editor as root, I still do not want it to be able to reformat the hard drive.)
Yes. In fact, maybe we can agree that Apple is notorious for glaring security flaws in their operating software and in turn we can, as a community, reach towards better solutions?
Installing decades-old C++ programs on your computer is an invitation for hackers to take over your computer. That includes Acrobat and Microsoft Office.
Getting you to open PDFs and Office files is one of the primary ways in which your computer is taken over by hackers. They may send you an attachment or a link by email.
The sad thing is that PDF was designed to be safe by removing all dynamic features of PostScript. Office docs on the other hand don't run macros by default and are safer today than in the distant past.
My comment was not about this particular instance. In general, installing decades old C++ programs is asking for trouble. C++ language, unlike Rust, Java and .NET applications tend to contain memory related bugs, and that is inherent in C/C++ language.
It's a shame because as someone who has a lot of interest in design, photography, etc. I acknowledge that they create some very powerful tools. I still miss Lightroom. But I'm just not willing to give them this much control over my computing environment any longer.