

Adobe's response to Flash Crash - zain
http://blogs.adobe.com/emmy/archives/2010/02/flash_bug_repor.html

======
philwelch
Things that have happened since Matthew Dempsky reported this crash bug, which
Adobe has yet to release a fix for:

-Mozilla Firefox 3 had several alpha, beta, RC, and final releases, moving from late version 2 to version 3.6.

-Google Chrome was initially released and ported to Mac and Linux

-Safari evolved from version 3 to version 4

-Apple developed and released a new version of the iPhone, announced the iPad, and released a new version of Mac OS X

-Windows 7 was betad, improved and shipped

-Apple's market capitalization nearly doubled from 93 billion to 177 billion

-The entire global financial crisis came to a head, with multiple banks and other large firms either collapsing, being acquired for their assets alone, or being bailed out by national governments

-Barack Obama was elected president, sworn in, and served his entire first year of office

-Sarah Palin, then a surprise pick at running mate, made a series of media gaffes, resigned as governor of Alaska, and parlayed her fame into a television deal with Fox News

------
brandon
So, they verified the bug over a year ago and haven't pushed out the fix
because it's slated for an as-of-yet unreleased point upgrade?

Confidence inspiring.

~~~
sosuke
They did at least say they messed up on that.

"The mistake we made was marking this bug for "next" release, which is the
soon to be released Flash Player 10.1, instead of marking it for the next
Flash Player 10 security dot release."

The 0.1.0 releases are for actual player upgrades and the 0.0.1 releases are
for security fixes. The 10.1 release is actually a pretty big upgrade to the
player that will be out some time near the CS5 release that features iPhone
native app export, woot!

Besides that, I reviewed the Flash Crash code and the situation that causes
this bug and it doesn't seem like a common situation where you load a single
unique URL that sends two different Flash version files (7/8) when requested
one after another. I know my own QA department would be tickled pink if they
could recreate this problem in any of my applications but even then I'd first
say "who the hell would do something so crazy, this isn't on the top of my
pile of stuff to do, I'm still working on making the player run well on the
Mac, awesome bug though we'll get to it later"

~~~
brandon
The bug is capable of completely locking up modern browsers (to say nothing of
the situation back in 2008 when the issue was discovered). Esoteric or not,
this should have been on the _very_ top of the work pile and dropped into a
security patch immediately.

Yes, they admitted a mistake, but they wouldn't have done so if their actions
had been at all defensible.

------
allenbrunson
Adobe is really feeling threatened now, no doubt about it. They are starting
to see an eventual Flash-free web as a real possibility.

I wonder if Lotus, Borland, CompuServe, and the other mini-monopolies of their
day saw it coming, or just blithely rested on their laurels until they were
irrelevant. I was in the tech scene back then, but without something like the
internet to keep us informed, it was hard to know what those companies were up
to.

~~~
grandalf
So true. Let's hope Adobe's fear motivates investment in improving (and
possibly open sourcing) Flash.

------
bigiain
So in <http://www.pcmag.com/article2/0,2817,2358815,00.asp> the Adobe CTO
says:

"Regarding crashing, I can tell you that we don't ship Flash with any known
crash bugs"

and here the Flash Product Manager says:

"The team is actively reviewing all unresolved crash bugs in JIRA and will
reach out to the submitter if we need their help."

That gives me a _great_ deal of confidence they're not lying to me...

~~~
chronomex
That says to me that "We have several outstanding issues we need to resolve
before we next ship". It doesn't say that they're leftover from previous
versions.

And so I find myself defending Flash. Strange things are afoot.

~~~
Lazlo_Nibble
Yes, except "ship" to most people in most contexts means "make available", not
"cut a point release". Say there was an egregious typo in an O'Reilly
manual—if their spokesman said "we don't ship books with typos," would that
imply to you "we're not selling another copy of this book until we fix it" or
"we're going to keep selling the version with the typo until we get around to
publishing the next edition?"

~~~
chronomex
That's a different situation, as pulping and reprinting books represents a
significant outlay. I would interpret that as "we'll give the publisher a new
PDF and instruct them to print with that instead, effective immediately".

------
natch
"it is a tenant of the Flash Player team that..."

Facepalm.

I think "tenet" is the word you were looking for.

~~~
nostrademons
Yeah, some of the grammar in the post could've used some proofreading. There
were a lot of places where the author used a comma when they should've used a
period.

------
slackerIII
A company that lets crashing bugs accidentally slip through the cracks like
that isn't taking security very seriously yet. That's pretty scary,
considering Flash's market share.

------
larsberg
I'm probably the only one, but I find this somewhat hope-inspiring. This
response by their CTO gives the Flash team permission to go back and fix all
of the crashing bugs and improve performance.

If Adobe is like most other large companies, I'd bet those same engineers have
been stuck in the downward-spiral feature crunch to support more codecs, more
language features, more more more. It takes a pretty high-level push -- like
this one! -- to reverse that trend.

A good analogy is MSFT and the turnaround on security in ~2001/2002.

------
niktech
In related news:

The truth about user perception of Flash finally emerges:
<http://i.imgur.com/xbA8W.png>

------
razerbeans
Sure, I have complete confidence in using a beta product, prone to crashing,
to solve a bug that's two years old.

------
barnaby
To paraphrase their response: "The bug was filed right before release... sorry
guys we have a lllloooonnnnggg release cycle"

~~~
bajsejohannes
This is not what I read at all. They just did a bookkeeping mistake, that
prevented the fix from coming in the security releases, which I can only
assume has a quick release cycle.

> The mistake we made was marking this bug for "next" release, which is the
> soon to be released Flash Player 10.1, instead of marking it for the next
> Flash Player 10 security dot release.

------
niktech
The way Adobe handled this issue just goes to show how terrible their QA and
bug triage processes are.

Personally, I've been withholding from using Flash blocking plug-ins because I
always thought that it would take away from my experience of most modern web-
sites - that is despite Flash being a big pile of crap in terms of full-screen
HD video performance on a gaming-grade laptop that plays Far Cry on maxed out
settings.

I believe my cup of anger just overflowed - I will be installing Flashblock
today.

And until Adobe learns how to truly test performance of their software on a
variety of machines (oh, don't get me started on GPU acceleration problems in
Photoshop CS4 when it first came out and perf issues with Flash HD video
playback on specific GPUs) as well as how to properly respond to security
issues, Flashblock will be kept enabled.

------
dirtbox
Weak. "It's not our fault you don't keep up with our beta cycle."

~~~
csarva
Too bad it still crashes with 10.1b2 for Mac..

------
zachware
Instead of working within the confines of native OSs Adobe has managed to dupe
us into installing essentially an overlay OS with Flash/ActionScript/Air. They
have a responsibility to manage it as such.

They have the same problems as Java. They develop a complete OS without regard
to core OS code and hardware changes. It's irresponsible curating that no one
is reporting on.

Forget fixing the bug. If we combine our resources and create a Flash killer
that plays nice with native OSs, we won't have to care about Adobe's reckless
development.

------
jpd
Could someone plase chime in for me on this: Does Flash have a way of directly
patching the current level of software like, say, Google Chrome does? Does
Flash 10? It really should.

Secondly, a high-impact pervasive problem which allows a plug-in to crash the
entire platform should not be marked fixed in next release.

------
chanux
Knowing that adobe uses this type of a development cycle, I have to agree more
with Steve Jobs.

------
crackhead
allowing plugins to take down the whole plugin environment is clearly a faulty
software design. Sure adobe is lazy/incompetent, but the mozilla/safari teams
are no better for not isolating plugins better. Back to school id say learn
something about reliable software engineering and sandboxing.

~~~
epochwolf
Safari 4 on Snow Leopard doesn't crash when flash crashes. You get a nice
little blue box with a question mark on it where the flash used to be.

------
aresant
This & similar response time from Adobe for bug fixes = great excuse for Apple
to block Flash from iPhone / iPad

------
earl
Let us not forget their inability to write a flash plugin that doesn't freeze
/ stutter while playing video in current firefox and safari on a new macbook
pro with tons of available ram and cpu. Their ceo is a liar -- if he actually
used a macbook pro as his daily machine as he claimed on tech crunch, he'd be
screaming at people on his engineering team until they fixed this.

~~~
bad_user
I worked there ... lots of people are using Macs inside Adobe, including
people in upper-management.

I also own a 2 year old MacBook Pro, and while I did had some problems with
some badly written advertisements, in general Flash works fine (including
video on Youtube) ... although HD content is not rendered as well as on my
home Windows box ... but it's watchable ... I watched The Office on Hulu and
it was OK ;)

This whole thing reminds of the browser wars, only now it's between 3 camps
... the freetards, Adobe's fanboys and Apple's fanboys. I found myself to be
in all 3 camps, depending on my mood :)

