Flash is evil

04-08-2005, 09:46 PM

"Jay T. Blocksom" <not.deliverable+usenet02@appropriate-tech.net> wrote
in message news:701c511aa5k56hnfpetucacqmkj7b0thol@news.speak easy.net...
> On Thu, 7 Apr 2005 11:17:39 -0500, in <alt.privacy.spyware>,
> <Vanguard> wrote:
>
> Despite the meaningless gobbledygook buzzword-dropping, it seems
> pretty clear
> to me that the "topic" under discussion in these passages is Flash in
> general,
> not one specific function of it in particular.
>
> Then, two rounds of follow-ups later, you claim we were really talking
> about
> something else, which wasn't even mentioned in the pertinent passages.

The OP mentioned the article. The article mentioned shared objects. In
other posts, I noted how to zero the cache so you won't save any, and
the article mentioned a link to do that, too. Yeah, I was way
off-topic, uh huh. And, of course, it is always possible to discuss the
data files used by an applet without ever referring to the applet or the
interpeter for it.

>
> Riiiiiight.
>
> > Flash isn't evil.
> [snip]
>
> That's your opinion.
>
> My opinion is that, at the least, the presence of the (current) Flash
> interpreter on your system enables evil things to be done.

And by similar application of your rationale, korn shell with its
scripting ability, Perl interpreters that can run scripts, Word that can
run macros, or anything that "enable evil things to be done", which
includes even the operating system, are evil. Okay, disconnect and nuke
your computer. You don't get to use rationale on one interpreter
without the same logic applying against all of them. I'm not saying
that you must have Flash, anymore than I'm saying that you need Perl,
Korn, Word, Java, or any other code enabling product, but I don't think
a lot of folks want to regress back to flipping switches on an Altair
box.

> The fact that an
> astute and alert user (which is by definition a rare bird) can
> (sometimes,
> maybe) mitigate the damage through various "workarounds" does not
> change that.

Yes, only the astute can ever figure out to look at the options for a
program. As the topic grows through discussion and publication, more
users will be made aware of how to configure the Flash player based on
their interpretation of the supposed threat. But telling user to simply
wipe Flash from their system does them an inservice because it takes the
extreme approach while leaving them ignorant of the simple fix. So
instead of educating them on how to avoid the problem should they deem
it actually is one, your solution is to leave them ignorant and push out
a flat and uninformative "uninstall it" solution. The users don't have
to be rocket scientists to just be reminded that there are options
available for most programs that they use, and that includes the Flash
player, too.

When and if PIE actually gets implemented, the topic will be much more
discussed and it won't take some astute user that figures out how to
bother looking at the options to know how to eliminate the problem.
Your solution: wipe Flash from the computer. The real solution: set the
cache size to zero. Your solution: can never view any Flash content
again. The real solution: they get to use Flash without any potential
for abuse (which surmounts to just tracking them) from storing shared
objects. With your logic, since there is a flaw then it must be
abandoned, and that would apply to Windows itself - AND it would apply
to every other operating system since none are perfect; else, patches
would never be available.

> Further, the company promoting and profiting from your (and everyone
> else)
> having the Flash interpreter on your system is clearly going in the
> wrong
> direction, in terms of the issues generally considered important in
> this forum
> (cf. <http://www.roughlydrafted.com/flash1.html>, if you have any
> doubt about
> that). Hence, the prudent, responsible, and (especially) ethical
> course of
> action is to boycott that company's products en toto.

Macromedia isn't responsbile for what behavior the coding performs from
someone else, anymore than Borland is responsible for virus or spyware
developed using their C compiler, no more than you are responsible for
how any product that you have produced gets misused by some hacker or
malcontent. Imagine trying to sue Vinton Cerf
(http://web.mit.edu/invent/iow/cerf.html) just because he helped develop
TCP which resulted in enabling the spread of porn, spam, spyware,
viruses, and other malware. Most likely will be that Macromedia will
provide another option (yep, you'll probably have to be one of those
oh-so astute users that actually look at options) regarding PIE-enabled
web sites for those user that still want to locally cache some shared
objects. From what I've seen described of PIE, it will actually
identify itself, so the Flash player could be configured to prompt the
user just like the browser now allows prompting for cookies, or the user
could just configure to always accept or always reject. Until then, set
the cache to zero. Of course, Macromedia might just take the stance
that, hey, it is just another applet reading a data file that any applet
can do regarding the .sol files and this is just one particular case of
that scenario, and just leave us with the global option to never save
shared objects rather than trying to target just one domain. Actually,
you can already target just one domain to zero out any storage of shared
objects from just that domain but, alas, again that's a configurable
option and must surely be outside the realm of the typical user who is
already held hostage by all those other options in all those other
programs that they also run.

Telling users it is an option is no more rocket science than the same
folks, like you, telling them to uninstall it or always refuse to accept
its download and install, or telling them about any other option.

>
> > Since you inferred that you are a
> > Flash programmer,
> [snip]
>
> I "inferred" no such thing. I didn't imply it either.
>
> Why do you make stuff up out of whole cloth?

Sorry, my bad. I figured if you knew that I was wrong about the zero
cache solution which was also mentioned in the article in the OP and
also described at Macromedia that somehow you had more privy knowledge
of how Flash works than what is documented for it.

You don't like Flash and really do consider it evil because it "enables"
malcontents or the less moral to do things that you don't like. I don't
understand why that same logic doesn't apply against almost everything
else that falls under the title of "software". I figure Flash is okay
if you configure its behavior the way that you want it to behave. I
didn't abandon Outlook because they changed the pane layout to something
that I didn't like - because there was an option to make its layout the
way that I do like. You don't like Flash, but is it responsible to tell
users to simply uninstall it, or instead tell them that they can
configure it using an option to avoid the problem altogether (and
perhaps mention uninstalling it as the extreme solution)?

There are viruses that sit in the local Java cache and your solution
would be to uninstall the JVM rather than just flush the cache (and
optionally disable it). After all, the JVM "enables evil things to be
done". Oh wait, since it is an option then only astute users can retain
the product while altering its behavior. Yeah, toss the baby out with
the dirty bath water. Amazing how initiative is assumed dead everywhere
and no one ever considers to even bother to go look.

Thread: Flash is evil

Thread Tools

Display

Hybrid View

Re: Flash is evil

Thread Information

Users Browsing this Thread

Posting Permissions