Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Flash blocked by Firefox,now in the crosshair of big players
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
el muchacho
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2015
Posts: 78

PostPosted: Wed Jul 15, 2015 9:40 am    Post subject: Flash blocked by Firefox,now in the crosshair of big players Reply with quote

Yesterday, Firefox took quite a bold move by blocking by default the Adobe Flash plugin after a few holes were made public.

A few big players tweeted that they were fed up with Flash:

Quote:
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.

[Facebook CSO]


I use the official adobe-flash-player package, but I started trying HTML5 for Youtube but it's s a shame we can't get resolutions higher than 360...

It also looks like Adobe is the new Microsoft in terms of IT security now. I recently learnt that Adobe Acrobat Reader has more lines of code than Linux Kernel.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Wed Jul 15, 2015 10:29 am    Post subject: Reply with quote

flash had security issues since i can remember.

qlist -Iv Flash

nothing :)


I think google-chrome ships its own implementation for it..

https://developer.chrome.com/multidevice/faq
Quote:
What version of Flash is supported on Chrome for Android?
Chrome for Android will not be supporting Flash. As you may have seen in November, 2011, Adobe announced it has stopped investing in Flash for mobile browsing. Google has long been committed to making the web platform more powerful through open web technologies like HTML5 and is working with Adobe and other partners to further advance the web standard.


I wait for the time when adobe flash dies. Binary which had security holes for ages.

A month google chrome on android could render videos another months not. now it works again. sigh.

its time for html5 anyway
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5674
Location: Removed by Neddy

PostPosted: Wed Jul 15, 2015 10:50 am    Post subject: Reply with quote

tw04l124 wrote:
flash had security issues since i can remember.

qlist -Iv Flash

nothing :)


I think google-chrome ships its own implementation for it..

https://developer.chrome.com/multidevice/faq
Quote:
What version of Flash is supported on Chrome for Android?
Chrome for Android will not be supporting Flash. As you may have seen in November, 2011, Adobe announced it has stopped investing in Flash for mobile browsing. Google has long been committed to making the web platform more powerful through open web technologies like HTML5 and is working with Adobe and other partners to further advance the web standard.


I wait for the time when adobe flash dies. Binary which had security holes for ages.

A month google chrome on android could render videos another months not. now it works again. sigh.

its time for html5 anyway


Google does not ship its own implementation, they ship a pepper interface version of flash provided by Adobe
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
The_Great_Sephiroth
Veteran
Veteran


Joined: 03 Oct 2014
Posts: 1367
Location: Fayetteville, NC, USA

PostPosted: Wed Jul 15, 2015 12:55 pm    Post subject: Reply with quote

They need to kill it. I am sick of Flash updates all the time! Do you know how annoying it is to manage five or six domains, all of which have Flash deployed via GPO? It is torture! I feel the same way about retarded "rapid release cycle" projects. This includes Firefox, Thunderbird, and Chrome. How many versions of FF have been pushed just to increment the version number with no fixes so they can claim to be on par with Chrome? After all, a higher number means better to an idiot!

Ranting aside, Flash is also slow and bloated now. It is used for things it was never envisioned to be used for and it keeps various users from seeing your content (Android? iOS?). I wish they'd just get rid of it and let innovation for a replacement thrive.
_________________
Ever picture systemd as what runs "The Borg"?
Back to top
View user's profile Send private message
davidm
Guru
Guru


Joined: 26 Apr 2009
Posts: 557
Location: US

PostPosted: Wed Jul 15, 2015 3:57 pm    Post subject: Reply with quote

All that needs to happen to kill it is that sites quit using it. I'm not sure that trying to kill it at the browser level is the way to go. I think this sets a bad precedent.

The trouble with killing flash is it is still used by many sites and not just for things like ads.
Back to top
View user's profile Send private message
genterminl
Guru
Guru


Joined: 12 Feb 2005
Posts: 488
Location: Connecticut, USA

PostPosted: Wed Jul 15, 2015 8:22 pm    Post subject: Reply with quote

What I don't get is that I have flash 11.2.202.481 installed, and Firefox claims it's blocking all versions <=11.2.202.424, but it is still blocking flash for me. While I agree I'd rather get rid of it totally, I'm not there yet, and this block is just annoying. Is there some version numbering bug in either flash or firefox (firefox-bin 38.1.0)? Is there any point in going to 39.0?
Back to top
View user's profile Send private message
sebB
l33t
l33t


Joined: 02 Mar 2011
Posts: 739
Location: S.O. France

PostPosted: Wed Jul 15, 2015 8:45 pm    Post subject: Reply with quote

el muchacho wrote:
I use the official adobe-flash-player package, but I started trying HTML5 for Youtube but it's s a shame we can't get resolutions higher than 360...

Enable the gstreamer USE in firefox. You'll have 720p in youtube.
Back to top
View user's profile Send private message
Aiken
Apprentice
Apprentice


Joined: 22 Jan 2003
Posts: 221
Location: Toowoomba/Australia

PostPosted: Thu Jul 16, 2015 12:36 am    Post subject: Reply with quote

I have been removing adobe flash from my computers. It is useless to me at the moment and had been getting worse as time went on. Do not have a tv and if there is anything I do want to watch the 2 local tv stations put their shows on the net for a week or 2 so I can still watch what I want but when I want instead of when it is broadcast. Both of those tv stations rely on flash. One of them broke compatability with flash 11.2 awhile back which has already meant a partial move to chrome from firefox. Adobe flash being disabled means more chrome time with the other tv station. Using html5 with youtube. Leaving me with no reason to have the 11.2 flash installed anymore. The 2 tv stations are the only reason I have anything capable of using flash and if I used my tablet for them I would have no need for any install of flash.

The recent cut down of ads and auto playing videos has been a bonus from this change. When on a congested adsl link or using 3g where quota is a concern autoplaying videos are very much unwanted.
_________________
Beware the grue.
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3388

PostPosted: Thu Jul 16, 2015 1:03 am    Post subject: Reply with quote

I certainly sympathize with the desire to get that bug-ridden PoS off of every computer. But my wife was upstairs earlier today struggling with the Macy's web site, and just now with the United web site.

Flash is very deeply ingrained. That doesn't mean we shouldn't get rid of it. I guess my part will be complaining to the webmasters for Macy's and United, probably not tonight, hopefully Friday.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Thu Jul 16, 2015 11:11 am    Post subject: Reply with quote

Aiken wrote:
...


adblocker helps a bit in this regard.

in the past I always checked the domain and added it by hand and so over the time the ads vanished magically.


Code:
head -100 /etc/hosts
# /etc/hosts: Local Host Database
#
# This file describes a number of aliases-to-address mappings for the for
# local hosts that share this file.
#
# In the presence of the domain name service or NIS, this file may not be
# consulted at all; see /etc/host.conf for the resolution order.
#

# IPv4 and IPv6 localhost aliases

127.0.0.1   localhost

#127.0.0.1       http://www.facebook.com https://www.facebook.com www.facebook.com facebook.com
127.0.0.1       *.microsoft.com

... and much much more



chrome has a plugin called flashcontrol. i have to click on a flash box so it starts playing. it is less disturbing as i have to start myself flash playback. youtube and my webradio services are whitelisted anything else i hardly need.
the javascript switcher is hardly in use because else no page really works :( Honestly I have not bothered yet how to tweak it to usability
Back to top
View user's profile Send private message
figueroa
Guru
Guru


Joined: 14 Aug 2005
Posts: 416
Location: GA-USA

PostPosted: Thu Jul 16, 2015 6:21 pm    Post subject: Reply with quote

How does my old version of Firefox (up to date, firefox-bin from May 25) know it is supposed to block Adobe Flash? This sounds like extremely intrusive behavior on the part of Firefox.
_________________
Andy Figueroa
andy@andyfigueroa.net Working with Unix since 1983.
Back to top
View user's profile Send private message
el muchacho
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2015
Posts: 78

PostPosted: Thu Jul 16, 2015 10:07 pm    Post subject: Reply with quote

figueroa wrote:
How does my old version of Firefox (up to date, firefox-bin from May 25) know it is supposed to block Adobe Flash? This sounds like extremely intrusive behavior on the part of Firefox.


Indeed, it would be good to know exactly what liberties Firefox take when communicating with its Headquarters !
Back to top
View user's profile Send private message
ppurka
Advocate
Advocate


Joined: 26 Dec 2004
Posts: 3256

PostPosted: Thu Jul 16, 2015 10:28 pm    Post subject: Re: Flash blocked by Firefox,now in the crosshair of big pla Reply with quote

el muchacho wrote:
I use the official adobe-flash-player package, but I started trying HTML5 for Youtube but it's s a shame we can't get resolutions higher than 360...
Youtube html5 works very well and supports all resolutions for quite a while now. With Chrome it is very smooth and it's almost not possible to tell the difference from flash. With firefox, it is a bit laggy when going fullscreen or vice verse, otherwise it is also indistinguishable from flash.
_________________
emerge --quiet redefined | E17 vids: I, II | Now using kde5 | e is unstable :-/
Back to top
View user's profile Send private message
Apheus
Guru
Guru


Joined: 12 Jul 2008
Posts: 420

PostPosted: Fri Jul 17, 2015 6:00 pm    Post subject: Reply with quote

el muchacho wrote:
figueroa wrote:
How does my old version of Firefox (up to date, firefox-bin from May 25) know it is supposed to block Adobe Flash? This sounds like extremely intrusive behavior on the part of Firefox.


Indeed, it would be good to know exactly what liberties Firefox take when communicating with its Headquarters !


I think mozilla do it via their blocklist. Which can be disabled by setting "extensions.blocklist.enabled" to false in "about:config".
Back to top
View user's profile Send private message
Aiken
Apprentice
Apprentice


Joined: 22 Jan 2003
Posts: 221
Location: Toowoomba/Australia

PostPosted: Sat Jul 18, 2015 1:18 am    Post subject: Reply with quote

tw04l124 wrote:

adblocker helps a bit in this regard.


With 3 desktops + 4 laptops I use the url rewrite functionality of squid. This prompted me to check the commit log. Using a redirector with squid that I started writing just over 15 years ago. Wanted filtering in a central place and ads are not the only thing blocked. No more flash in firefox has made this a bit easier. Where having a redirector on squid falls down is sites moving to https and with squid not seeing the urls it can not filter them. Was very obvious with a site I used to frequent that recently moved from http to https. I had forgotten how annoying the number of ads and the number of flashing ads were in that site. Flashing or animated ads go bye bye. I don't block everything but there comes a point where the ads detract too much and it is either give up on the site or block the ads.

A couple of days on and no complaints yet about the lack of flash on the computers. People were already used to using chrome for the 1 tv station instead of firefox so nothing new there.
_________________
Beware the grue.
Back to top
View user's profile Send private message
Cyker
Veteran
Veteran


Joined: 15 Jun 2006
Posts: 1746

PostPosted: Sat Jul 18, 2015 2:08 am    Post subject: Reply with quote

Unfortunately vast amounts of education stuff uses Flash with no alternative so if it did get killed off we'd just be stuck with old versions that are even more vulnerable but still forced to use.

HTML5 is just as big a PITA as Flash IMHO; Support is patchy at best and, in effect, HTML5 just replaces Flash with Chrome if you actually want it to work.

As for the PITA of keeping it up to date, this applies to everything on-line so I don't see why Flash gets singled out; Chrome, Firefox, Java - All have repeated frequent updates. Heck, doesn't Gentoo fall into this category too?

This frequent cat and mouse cycle of vulnerability/fix is just the sad reality of the modern networked world.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3806
Location: Austro Bavaria

PostPosted: Sat Jul 18, 2015 6:44 am    Post subject: Reply with quote

I think HTML5 is open source, right?
and we all know what a crap closed source things are like Flash / ati drivers / nvidia -drivers... security holes, support dropped when the company does not want to support things anymore.
Thats the reason i use something else as that noobisness 7/8 and yay free upgrade to noobishness 10 for free, but eh only for a year valid, :P
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14071

PostPosted: Sat Jul 18, 2015 2:54 pm    Post subject: Reply with quote

HTML5 is just a specification of browser technologies. Browsers can do a good job or a bad job of implementing it securely. Browser vendors still have a habit of dropping support for old versions of their browsers, but you have a choice of which browser to use for your HTML5 renderer and you have the option to upgrade to a newer version of the browser. However, much like the closed video drivers, some browser vendors have a habit of removing features prematurely or making other unwanted changes (e.g. Firefox Australis, Firefox social media integration), so sometimes telling the user "just upgrade to the latest version" is not met with enthusiasm.
Back to top
View user's profile Send private message
greyspoke
Tux's lil' helper
Tux's lil' helper


Joined: 08 Jan 2010
Posts: 146

PostPosted: Tue Jul 28, 2015 7:05 am    Post subject: Reply with quote

I have had some flash version number confusion. Recently updated flash to v. 11.2.202.491, Firefox recognises it so doesn't keep bugging me about it, Seamonkey still thinks I am using 11.2.202.481, so some sites won't play at all.

Thanks Apheus - I have disabled the blocklist and it now works.
Back to top
View user's profile Send private message
Apheus
Guru
Guru


Joined: 12 Jul 2008
Posts: 420

PostPosted: Tue Jul 28, 2015 7:14 am    Post subject: Reply with quote

greyspoke wrote:
Seamonkey still thinks I am using 11.2.202.481, so some sites won't play at all.


Better check the exact plugin library path with seamonkey in about:plugins, and compare to firefox. Should be

Quote:
/usr/lib64/nsbrowser/plugins/libflashplayer.so


Not that there is an obsolete and insecure version laying around which seamonkey picks up.
Back to top
View user's profile Send private message
greyspoke
Tux's lil' helper
Tux's lil' helper


Joined: 08 Jan 2010
Posts: 146

PostPosted: Tue Jul 28, 2015 7:25 am    Post subject: Reply with quote

Thanks Apheus, both Seamonkey and Firefox list the same file (/usr/lib64/nsbrowser/plugins/libflashplayer.so, the only file in that directory) in about:plugins. I guess Seamonkey is using the newer plugin, just not retrieving the version from it, or not doing so correctly
Back to top
View user's profile Send private message
greyspoke
Tux's lil' helper
Tux's lil' helper


Joined: 08 Jan 2010
Posts: 146

PostPosted: Tue Jul 28, 2015 8:38 am    Post subject: Reply with quote

So I moved libflashplayer.so, stopped Seamonkey, started it again (when about:plugins reported no plugins installed), stopped Seamonkey, moved the file back, started Seamonkey and about:plugins reports the correct version and Seaminkey behaves itself :D I guess it remembers the version number but doesn't re-check it unless it thinks it needs to. And doesn't think too clever at that point.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum