Hacker News new | past | comments | ask | show | jobs | submit login
Security Flaws in Adobe Acrobat Reader Allow Gaining Root on macOS Silently (rekken.github.io)
871 points by feross 19 days ago | hide | past | web | favorite | 418 comments

At this point I consider the Adobe suite to be basically the same as malware. Their apps seem to want to take over your system, install all kinds of "helpers" that run in the background constantly doing god knows what, etc. And their security record is terrible.

It's a shame because as someone who has a lot of interest in design, photography, etc. I acknowledge that they create some very powerful tools. I still miss Lightroom. But I'm just not willing to give them this much control over my computing environment any longer.

Yes, Creative Cloud also vomits a bunch of random stuff everywhere. Right now I can see 5 launchagent/launchdaemons just from having Photoshop and Illustrator installed, which seems insane lol

I stopped using Lightroom because it seems to want to modify the Windows Explorer to have a Creative Cloud section and their background software constantly pops up to tell you that it still exists.

What's nice about their subscription model is that there is no sunk cost when giving up. It's $5/month and you just stop paying it.

(I switched to Affinity Photo for editing but never found anything I liked for organization/library management. I just copy files around now. It ends up being OK because about 50% of my photos are from my phone, 25% are from a DSLR, and 25% are from film scans. Lightroom never helped me with phone or scanned photos, really, so I didn't give much up. Would still like some central self-hosted photo collector, though. Maybe Perkeep is what I want.)

> What's nice about their subscription model is that there is no sunk cost when giving up. It's $5/month and you just stop paying it.

Don't they try to get you to make a year commitment? I remember spending about 30 minutes with someone at Adobe getting them to cancel it when Lightroom was too slow to use on my Mac at the time (which had been more than fast enough for Aperture). After the second or third time that I told them I wasn't going to buy a new computer just for the privilege of running their software, they agreed not to charge a hefty early termination fee.

Yes, I had to pay a fee equal to 50% of the remaining year contract. I will no longer receive PSDs directly from designers, so the designers must now to export stuff to web spec so I can work with it outside adobe.

I marked my card as damaged, and when it was replaced I refused to give them the new details...

I've done this an number of times to avoid the usual cancellation nightmares.

Be careful though, some card issues will forward the new card details on to (some?) services you have a payment agreement with.

GIMP handles PSD, no?

I've not tried for several years, but it was never that great at doing that. Last time I had to do this, I gave up and bought a photoshop subscription. Has it improved now?


Adjustment and FX layers don't translate, as well as some compositing and blending options.

I managed to get out of this by just explaining that I didn't have the money to pay the subscription anymore. They seem pretty sympathetic to that.

That’s probably a better angle

Thanks for the tip! I took a look, and it turns out Affinity Photo is 50% off right now. So, a one-time $25 purchase (via App Store for family sharing)! And it handles PSDs. And the iPad version is $10. Adobe is toast.

> Adobe is toast.

I really, really wish that was the case, but there's no competition for Photoshop, Illustrator and InDesign.

Even after years of destroying their software with cloud crap, useless home screens, changing 30 years of muscle memory just because, all while adding a WebKit and Node.js instance for every new dialog box…

…nothing comes even close to any of those tools.

Affinity is definitely a step in the right direction. The Photo/Designer/Publisher combo holds its own and the iPad apps are pretty slick. It would be nice if they added something similar to Data Merge in InDesign, but for the most part, you can pretty much accomplish a lot of the same things for a fraction of the cost. And it's really not that big of a switch, considering a good swath of the market had to make the switch from PageMaker/Quark/Freehand/whatever as Adobe gobbled up the desktop market. It's similar to what Adobe did to the workstation suites 30 years ago.

Let's not forget the postgres instances they start. Why my illustration app needs a postgres server? Who knows

Sheesh. Why didn't they use sqlite?

"No competition" -- for some users, for now, maybe. (Speaking as someone doing web-related UI for a living since the late 90's, and using tools for digital art since the 80's.)

QuarXPress thought they owned the market and then they started taking advantage of their users. Same goes for Adobe. The resentment is building up. Once there's a viable alternative people will quickly switch and never look back.

It took many years and millions, being bundled with the rest of the Adobe suite and, perhaps most importantly, the arrival of OS X and Quark’s inability to migrate to it, for InDesign to displace Quark. And let’s not forget that Adobe had years of experience with PageMaker.

Pro software is hard.

Hell, I remember 2003-2005 and being _excited_ to switch to InDesign. I think the issue pro software has is that at some point it's basically "done", with only small updates still required, yet the developers of said pro software need to make their sales numbers.

I'd be fine with cloud subscription software if the TCO ended up being lower than buying a boxed product, but it's seemingly more expensive than it ever was. $10USD/mo doesn't seem bad, but if you're comparing to a two-year, $200 upgrade price, then you're spending $40 more and can't opt to skip the latest menu reshuffle.

I just wish I understood what everyone is doing that needs adobe? Anything.

I don't even want to use it but the client passes me a PSD which I have to open accurately.

Photoshop puts like 5 folders in Utilities folder for no reason in macOS and runs bunch of daemons (which apparently can be a cause of bad vulnerabilities) and is dog slow in performance compared to a modern alternative like Affinity Photo.

Market dominance surely puts customer satisfaction to the end of the line.

Affinity Pro seems to deal w PSD pretty handily; have you tried it?

For Photoshop, a big part of it is inertia. Companies worked with PS for years, and changing costs money. So students are taught what they’ll use (which is PS), and the cycle continues.

Do you print anything? Draw? Layout?

If you assume the answers to these questions are "yes", what is your response to GP?

If you assume the answers to these questions are "no", what is your response to GP?

I have 2 licenses for affinity photo, Mac and Windows. But when I actually needed to get work done for a project, at least for my particular needs, I ended up going back to Photoshop.

It was a small thing. With Photoshop I can open a .PNG or .JPG file, edit, and pick Save (cmd-s/ctrl-s) and it saves back to the .PNG/.JPG. If I added layers or something I can press Ctrl/Cmd-Shfit-E to merge it all down then Cmd/Ctrl-S. This means the workflow is fast.

Affinity has no such workflow. You can open a .JPG but you have to follow the export workflow to save back to .JPG which is tedious.

I had say 150 files to edit. I reasoned my time was worth more than $120 to pay for a current version of Photoshop than to put up with a slow workflow.

I also recently tried to use Affinity's batch processing features but they aren't ask good as Photoshop's. I think they are trying to be helpful in that they scan all the photos before you start so you can see what they are going to operate on before you pick "Go". Unfortunately that's not actually a good flow if you're going to process 100s or 1000s of files. Instead of getting stuff done you have to wait for Affinity for several minutes while it goes and makes a thumbnail of all 100 or 1000+ images just so you can then click "Ok, do it!"

There are other ways to automate workflow that don't require the tool to do everything for you. IMHO, limiting yourself to what Photoshop can do is a trap, eg "export for web" which doesn't come close to generating production-ready assets. Given a need for workflow automation that's external to the editor, I feel it makes more sense to compose a workflow from tools that follow a less monolithic, more unix-y "do one thing well", kind of approach. But use cases abound. YMMV.

Try DarkTable and RawTherapee. Both of these options are pretty decent open source alternatives to Lightroom for the majority of basic workflows and common cameras.

I'd say they both are more than adequate, and allow for some pretty advanced workflows, since they expose a lot more tools with more fine-grained control than Lightroom.

For anyone who tries these programs, many of their developers and users hang out at https://discuss.pixls.us/

I've found DigiKam to be the most fully featured of the photo managers I've used. It even does facial recognition on your local box w/o sharing your data like most of the cloud hosted options. I'm not in love with the UI/workow but it works and can be installed on most OS I think.

If you need fast import/large curation/file management and you're willing to pay, I haven't found anything like Photo Mechanic.

Wouldn't Syncthing do the collection part for you?

Absolutely this. I'm a very casual user and this is the main point why I'm thinking of getting rid of photoshop. Great tool for whenever I'm in the mood for some drawing but my god does it make me nervous about my security and privacy.

Not sure if they still do it, but they also used to put hidden / protected files on any and all disk volumes as part of their copy protection scheme.

Which is pointless when you realize that their copy-protection systems are broken in minutes every time. They should honestly give up.

The rumour a decade ago was that Adobe was the biggest producer of Adobe cracks. The idea was that it'd get people using it for free so it was the goto tool and then they could slam anyone using it commercially.

They can be still efective. Even a simple scheme may prevent a corporate user misusing some 30 day trial over and over and instead go through the trouble of getting proper license.

Yes, it's probably worth it to get a simple scheme for corporate users only. But Photoshop's protection isn't simple, but it is so widely cracked that in third world countries with limited internet access there are wandering sellers with DVDs of cracked Photoshop for 2-3$ (!)

I searched for this but couldn’t find any technical articles giving details. Have any links or search bait to share?

I’m not finding much searching around either. I probably have an old spinning rust drive somewhere with the files still on them. This was somewhere around the CS5 or CS6 days, pre-subscription model.

From memory, in addition to sticking some pseudo-randomly named files in /System/Library, /Library, and -/Library, it would place a file in the root directory of all hfs+ volumes with xattrs set to hide and write-protect the file. Installers would then look for these files to check licensing status.

At the time, this was a fairly common trick with pro/prosumer proprietary software.

I believe on Windows the FlexNet DRM they use(d?) would overwrite Sector 32 and/or sometimes other nearby ones [0], which broke a fair few people’s GRUB2 bootloader installs as well as TrueCrypt as Flexera apparently didn’t check to see if it was in use for something else first.

[0]: https://en.wikipedia.org/wiki/FlexNet_Publisher#Issues_with_...

On Windows 10 with only Photoshop installed I see: Adobe Update Service, Adobe Notification Client, Adobe IPC Broker, Adobe Installer, Adobe Genuine Software Service, Adobe Genuine Software Integrity Service, Adobe CEF Helper, Adobe CEF Helper, Adobe CEF Helper.

That is 9 background processes for an app I haven't used in a week.

Count the node.js and postgres instances as well

This past week mine has started doing something even more fun on Windows 10: creating "WpSystem" folders on the root of all of my secondary hard drives and putting AppData>Local>Packages>Adobe.CC folders inside of them with a bunch of Internet Explorer and other dump files in it.

Funny as on windows whatever creative cloud is supposed to do it just quits randomly....I have to wake it up all the time.

Stuff like this is why I'm still hanging on to my old Photoshop CS3. Some of the newer features are cool, but my needs are pretty basic and haven't really changed in the time CS3 has existed.

Sadly with OS upgrades that's often not possible. I suspect CS3 runs on Windows but with Apple's aggressive removing support for old features you can no longer run CS6 on MacOS AFAIK.

Wonder if that is because everything from CS6 and earlier is 32-bit and Apple nuked 32-bit support in MacOS.

I have CS6 on my windows machine and it is 64b. I would be surprised if CS6 wasn't available as a 64b option on macos.

I only run their software in a Windows VM since it installs background services (AAMUpdater, AdobeGCClient) that don't go away even after uninstalling and using their cleanup tool. Not to mention the terrible cloud integration that hangs Chrome after trying to rebuild the font cache out of nowhere.

It's pretty much spyware behavior at this point. Like with certain video games DRM, Adobe software is one of those cases where the pirated version is actually better than the paid one.

In general I think we should all be running every single app in their own VMs. And in the oldest or most basic OS possible. Something like Windows XP.

> In general I think we should all be running every single app in their own VMs.

Qubes OS says hello.


I always really liked the idea of Sandboxie (https://www.sandboxie.com/) where you can run any and every application in its own sandbox, but I was never convinced that its security was as strong as it promised to be. I wish MS would implement something like this.

That’s what Microsoft App-V does.


This seems totally unsuited to desktop non-enterprise use.

You do not want to run such things in an XP VM if you can help it. XP is such a hot mess security wise that flaws in it allowed attackers to break VM sandboxing more than once.

Eh what? Bypassing VM sandboxing demonstrates a vulnerability in the VM host, not the VM guest.

Yeah, something like a sandbox!

On the Mac, by default, Creative Cloud has an option enabled that indicates it will sync your entire home directory to their cloud storage service! I don’t think it actually does that, because I couldn’t see any of my files when I accessed their cloud storage product via their website, but what in the actual fuck.

The "Folder Location" option determines the parent directory where the "Creative Cloud Files" folder is stored, which is the actual sync folder. You can verify this by creating an empty directory and moving the sync location there. Bad, alarming UI though.

Wow, I’ll have to double check my system when I get home, that’s horrible.

I’ve been meaning to get out of the adobe photo software ecosystem, maybe this weekend is the time to find the right alternatives. Save a few bucks per month too.

just in case you didn't see below, this is for you to choose the location of your CC Files Sync folder. Not that it's syncing your hard drive to the cloud. the label is unclear, and I've filed feedback with the team to update the string.

Hi, work for Adobe. Where do you see this feature?

While I've got your ear: the software update process is insane. It constantly notifies me about updates even though I dismiss the notifications (I'm not a frequent user, so I really don't care about updates much). Then, after I finally update Illustrator (the only CS app I use), I try to close the Creative Cloud app, but it asks me to confirm because there are pending installations. But I've double checked and there aren't! And then I get another notification letting me know that the updates are finished!

this is something we're definitely working on, there's a few things going on at the same time.

1. The CC app itself gets updates. If you're a purely Illustrator user you might not notice (or use! which is ok!) the features we've added, but it now has the ability to add custom fonts to your Adobe account, we've added new tutorials, and community features, support for CC Libraries, and a new unified search. One of these new features is notifications, which is #2.

2. Our notifications can be a little noisy, especially if you're not a frequent user. In the Creative Cloud app, you should see under Preferences > Notifications, the ability to select which notifications you want. So, if you want to disable App update notifications, you can.

3. On top of the features, there are some update/sync processes that go on in the background that won't function. Our current messaging just says "pending installations" which doesn't cover it all and we've heard a lot of feedback from users internally and externally about it. We're going to make that message more tailored to anything that's actively going on, and if there's nothing, allow you to close the app silently. To double check that nothing is actively installing, you can check the cloud icon in the top right to confirm. If there's nothing there, you can close it with confidence that it isn't installing an update.

Hope to get these enhancements out to our user base soon. Thanks for your feedback! Please note, we do actively track anything we see on our User Voice (http://creativecloud.uservoice.com) and try to engage on social media, in case you'd like to keep giving us more feedback outside of HN. Thank you!

1) Words can't adequately explain how little I care about Creative Cloud. I would really appreciate it if Adobe's stuff only ran on my machine when I was actually using one of the tools.

2) See above

3) Again, see above. I don't want anything to work in the background.

It re-iterate what nikanj said, agreed. I have absolutely zero use for Creative Cloud. Wish I could run without it. Wish Photoshop and Lightroom would at most check for updates when run instead of some constant processes.

I am a fine artist and I am really scared.

Haha, its as if they took the legendary Adobe greentext story literally and took the effort to automatically update the entire beast constantly! For anyone not familiar with the great story: https://imgur.com/gallery/iJD8f

Great. Maybe you can explain why "Adobe Desktop Service" needs 2.16GB of memory wired with no Adobe products running (including the Creative Cloud app) and sync turned off.

Open Creative Cloud app. Click Preferences, then Syncing. Folder Location = “/Users/toasterlovin”. That, to me, indicates that it will try and sync that folder.

Ah, no. I see your point, this is as a fellow poster indicated, the location for your Creative Cloud Files folder. I will check with the team to see if we can make the language clearer.

Thanks for being so responsive. This is a truly alarming UI.

While you're at it, please ask the user whether he wants to sync at all during installation. By default it should not sync.

I only have Creative Cloud installed because I am a Lightroom and Photoshop user. I use the sync feature in Lightroom but do not need another generic file system cloud sync.

"Folder Location" = "location where a folder will go." Like when choosing where to unzip something, or where to create a new library bundle in Photos/Music.

I get that now. But it’s trying to sync a folder, so why not just point to the folder it’s syncing?

Because, like every other sync solution out there, though for what reason I don't know, it fears the consequences if you are allowed to name the sync folder yourself.

Not perfectly analogous to specifying folder names yourself, but the infamous Steam deletion bug comes to mind. (https://github.com/valvesoftware/steam-for-linux/issues/3671) Caused by a failure to use readlink (plus not sanity checking variable contents), so introducing a symlink would break it.

If you haven’t already, try Capture One. It’s so much faster than Lightroom and, at least for my needs, has much better functionality as well.

Serif Affinity alternatives for

Photoshop - https://affinity.serif.com/en-gb/photo/

Illustrator - https://affinity.serif.com/en-gb/designer/

InDesign - https://affinity.serif.com/en-gb/publisher/

50% off each product (one-time purchase with updates, no subscription) too during the COVID pandemic.

Won't take you long to adjust at all as they're very similar and the apps are more lightweight and faster than Adobe's products have ever been. Also iPad versions if you want to edit on a tablet.

Been using Affinity Photo for a while now as an alternative to Photoshop and wouldn't look back.

I’ve used Affinity Designer as a cheap alternative to Illustrator. Not surprisingly it’s way better than Inkscape (the Inkscape UI alone makes me lose all interests in designing anything), but Illustrator definitely has a lot more features and power tools, and arguably more importantly, a hell lot more online resources. So I guess Affinity Designer fulfills the role as a budget alternative, but not much more.

I've always wondered why the space of professional graphics programs isn't like the space of professional DAW (audio) programs. With DAWs, everything is a standardized plugin (a VST) that can be run inside any of the workstation programs. Customers can buy VSTs separately from any consideration of what ecosystem they're going to be using them with.

Because only now are viable professional alternatives to Adobe programs starting to show up. Adobe would be shooting themselves in the foot by working with some interoperable plugin format. Also, for graphic design at least, plugins are a much smaller part of your workflow than they are in audio production— the basic tools really are the most important thing in design. I'd say most professional graphic designers, if absolutely necessary, could replace their entire digital workflow with a few hundred dollars in art supplies, maybe minus typesetting and color matching functionality, and likely produce more interesting (if much slower and less polished) results. I don't even think they make Letraset letters anymore.

Come to think of it, one of the most important graphical resources we have is even more interchangeable than VST plugins— fonts.

That's very true! Although, I don't think it used to be true; there used to be several different, incompatible font systems. There were many simple bitmap-font formats for operating systems/display protocols (Windows, MacOS, and X11 all had their own); and then there were more complex, vector font formats, originally designed for printers to use internally, but then extended to computers through desktop-publishing software (e.g. Adobe Type1, Apple TrueType.)

If you think about it, much of the original point of desktop-publishing software, back when OSes could only natively use bitmap fonts, was that desktop-publishing software could do WYSIWYG layout and preview-rendering for vector-font "instructions" (e.g. PostScript.) Fonts were indeed a lot like VSTs!

I have no experience with graphic design programs, but I would guess that it has something to do with the fact that VSTs are self contained and have extremely simple interfaces. A VST takes some input (MIDI or audio) and produces some output (MIDI or audio). That's it. They're extremely modular, and you can chain them together in arbitrary ways so long as the inputs/outputs line up.

I imagine it's not so simple in the graphic design world, and without such a simple interface that everyone can agree on, it's much harder to create standardized plugins that everyone can use.

I lost my adobe license from my old job and gave designer a go. For my purposes, I’ve found it to be a superior solution. Runs faster, and basically the same shortcuts.

Do you do any digital painting? That's a large component of photoshop for me, although lately its been sharing with Procreate.

I needed to do some water color recently. Corel Painter blew my mind. The interface looks a little outdated but the brush styles and effects out of the box are just a joy to use.

I own Corel Painter 2019 but it hasn't been very stable for me. Lately I've been doing my digital work on an ipad pro on procreate.

Have you checked out Adobe Fresco? It's a free app that works for iPad and Windows, and let's you draw/paint in Fresco and use that same document in Photoshop

I use procreate on ipad.

For windows I'm done with adobe. I'm not looking for an alternative to photoshop to stick with the company that made me leave photoshop.

I am looking to replace Adobe because 50 USD per month is quite a number. I prefer one time price like Affinity. Too bad they don't have replacement for Premiere Pro and After Effects. For now I'm stuck in Adobe's purgatory.

You probably already have, but DaVinci Resolve is worth a try

For Premiere Pro, did you take a look at Final Cut Pro X? Sure it's mac only, but it ticks all the other boxes

How does Affinity Photo compare with Pixelmator Pro? I'm trying to pick between the two.

I tried both. Pixelmator lacked (or I couldn’t find) vector tools I was looking for at the time, then the trial expired. That pushed me to Affinity and I had less trouble. Take this with a grain of salt, but vector work feels like a bit of an afterthought with Pixelmator.

I've never used Pixelmator, but Pixelmator is Mac Only where Affinity works on Windows too.

Yes! I also switch to all of the Affinity apps in addition to Capture One.

Affinity Photo literally freezes trying to open 5-10 raw files taken with a Nikon camera.

Pathetic. I tried to get a refund, oops buying through Apple's App Store makes that impossible.

What iPad are you using?

RAW files are more a lightroom thing from what I've heard


What a shitpost. Just bug report it, and surely they will be happy to fix it in the next release.

What level of bug would it take for you to believe that a company is inept and bug reporting to be a waste of time?

For example if I was selling lemonade, you bought some and when you tried to drink it, you discovered sand instead of lemonade, would you come back to my lemonade stand and report a bug in my lemonade making abilities?

By the way, no refunds, you keep the sand. Legit lemonade business right?

Know any Premiere Pro alternatives? I know nothing about videos except we pay $70 a month and Premiere Pro still can't edit our older iPhone videos because they were filmed without a certain compatibility setting turned on for the phone.

We have to run an older (years older) Premiere Pro on our Macbook that somehow can edit them without any issues at all, with a newer up-to-date version on our much faster PC for recent videos. We've tried transcoding and various things like using an older version on Windows, but nothing else seems to work.

Then the other day I had to stay up until 3am because a video being edited just stopped saving with an uncaught exception and no useful information on both versions. I finally figured out that some effects like loudness and reverb control applied to the sound channel had become corrupted (after noticing it would save with sound off, then fiddling with the clips for another 2 hours having no idea what I'm doing).

Ever since the Flash days I've been wary of their software quality. Paying over $800 per year is fair if you're earning money and the stuff just works, but they don't seem to be holding up their end of the bargain.

DaVinci Resolve is worth a look and is a one time licence. Also, there is a free version.


For transcoding your footage nothing but the best, FFmpeg:


However, if you don't need the absolutely full array of switches available in FFmpeg, Ive used the fork FFmbc to get into standard broadcast formats with easy presets:


Thanks, I've heard of DaVinci Resolve and found out shortly after commenting that there is a free version. We should give it a try.

I've got ffmpeg and Handbrake for transcoding but for some reason they both caused issues in Premiere Pro still (audio sync, choppy/repeating footage, etc) on those files. I'm not very experienced, so that might be on me, but it didn't seem to happen outside of Premiere Pro.


Best if it works on Windows, our Windows PCs are quite a bit more powerful.

I just made the switch for exactly this reason! Still getting the hang of the UI but seems promising so far. I shoot with Fuji cameras which seem well-supported here.

a bit off-topic, but would you have any interest in a barely-used FUJIFILM XF 80mm f/2.8 R LM OIS WR Macro. and also a FUJIFILM XF 1.4x TC WR Teleconverter.

my Fujifilm XT2 was stolen during a trip to Europe last year and i've switched back to Nikon since the battery life of the mirrorless was disappointing (due to the EVF).

now i have some Fujinon macro glass collecting dust as rather expensive paperweights :(

Check out Darktable, too!

I learned on Darktable as an amateur using Youtube tutorials and absolutely love it. I really "get" the concept of the digital darkroom now, and I love the conscious effort of "developing" my photos.

For just a free, straight-forward, full-featured PDF reader/viewer/text-finder I've been a long time user of Foxit Reader: https://www.foxitsoftware.com/pdf-reader/

It's a mature product at this point and have had a good experience for years now.

I haven't used it on Mac, but PDF Expert[1] from Readdle has been great on my iPad - I use it to both read and edit PDFs. It's fast and the UI is intuitive.

1: https://pdfexpert.com/

Just tried it. PDF Expert would not display the government fillable forms that Preview also will not display.

The app offered to convert the PDFs if I would email them to PDF Expert, and suggested Adobe products as an alternative. Nice try, but Foxit displayed the PDFs and allowed me to fill in the fields.

On the Mac (which this article is about), what do you use Foxit for that built in Preview.app can’t do?

I still routinely encounter fillable forms that Preview.app can't handle, particularly with checkboxes or large text areas. It also frequently uses the wrong font in PDF forms meaning text doesn't fit in the prescribed form fields.

You can also overlay your own text in Preview, ignoring the PDF's own textbox.

That doesn't work for sites that then process filled PDF forms, unfortunately. And it incredibly time consuming for some forms that have dozens or more of checkboxes and fields to fill in.

Does Foxit work for those and other edge cases? I've used Preview.app for years and only the past few months have encountered incompatible PDFs. I reluctantly downloaded Acrobat Reader. The PDF required a signature and locked the document for editing...that was annoying and not completely obvious.

Just tried it. Foxit works with the fillable government forms that I have not been able to read for months because Preview won't display them.

I agonized about installing Acrobat Reader, but Suspicious Package says it wants to run 88 install scripts. I don't feel like tracking down that much malware when I uninstall it after filling out a form.

Go Foxit!

My use case is making lots of highlights in textbook PDFs and I usually can't highlight for long before it beachballs. PDF Expert is a huge upgrade in this respect.

Readdle just needs to add exact phrase searching/finding; then it'll be wholly better than Preview imo.

You can read more about Preview's struggles with annotations here https://eclecticlight.co/2020/04/07/how-preview-mangles-anno...

I used to recommend Foxit too, but all major browsers now ship with good PDF support.

For me, not being in the browser is a feature, not a bug. I often want to be able to open a PDF in a dedicated window I can easily switch to.

The problem with PDF is that it's a bag of needles disguised as a piece of paper. Most of the time people expect a PDF to be a document, not a Form, Rich Media, Contract, Javascript, or any of the other crap it can do. All that extra crap dramatically increases the attack surface area of Acrobat or any other PDF reader that supports it.

At least the PDF reader in Firefox is a Javascript App that runs in a Browser sandbox and doesn't support 99% of the crap a PDF can do.

Sure, but you can open a PDF in a new browser window. I'd rather not broaden my trusted codebase by installing another PDF reader.

OSs have this annoying habit of condensing multiple windows of a single application down to one taskbar item/dock item/whatever.

On Windows this can easily be remedied in the options accessible via the taskbar. I always turn this off and tell it to show the full window titles instead of just the icons. Windows are not browser tabs, I don't ever have enough of them open to need that stacking behaviour.

Another option for Chrome/Windows is to open a Guest window or an Incognito window, which is treated as a separate window-group.

Too late to edit: I see now that only a Guest window gets its own window-group. Incognito windows do not.

What is the difference between having multiple pdf reader windows vs multiple browser windows then? If you are on a mac: cmd+` is your friend.

I only have one PDF window open.

But do they remember your position in the PDF between restarts? I some times read books or lecture notes in PDF format, and dedicated programs works much better for that than the support in browsers

Not Safari.

How so? I have no problem opening PDF links directly in Safari.

Safari "supports PDF", but not well. The PDF viewer is run in an extremely janky view that clearly has not been updated in years. It runs out-of-process, but takes little advantage of the many advances in XPC rendering that have come in recent years; as such it cannot handle looking up services correctly, or vibrancy, or even have Retina support for its UI. And those are just visual: the PDF support itself is shoddy; it's unable to do many things that other browsers can do out-of-the-box (forms?), searching for text has been broken for the better part of a year. It's an obvious rough spot in Safari's otherwise polished interface.

Fair criticism. I guess my bar for what I define as "good PDF support" is much lower than yours - I only generally read them or plug in a digital signature when signing my lease.

Personally, I am loath to download documents. I actually like what iOS Safari does, which is run the generic document previewer on files inside the app itself. I hate clicking on a link on my computer and then getting a PPTX that I have to open in PowerPoint.

For Windows, there's great SumatraPDF: https://www.sumatrapdfreader.org

On Linux, Okular[0] offers some of paid Reader's functionality for free. c:

0: https://okular.kde.org/

You basically can't do much with the free version. Here's the list of things you ave to pay for: https://www.foxitsoftware.com/downloads/pdf-reader-thanks.ph...

Foxit reader is quite decent and much faster than Acrobat

I feel exactly the same and I totally depend on Lightroom and Premiere/AE/Audition for making a living. I would _never_ install their suite outside my editing machines.

Creative Cloud is also spyware, transmitting and uploading your logs and activity within the apps silently and without your consent. I use Little Snitch and deny them almost all network access after the first ten minutes they are installed/activated. It’s a big patchwork of stuff, much of it running as admin, including node and other stuff. I don’t trust it at all, and would have a dedicated machine or VM for it if it were practical.

Hopefully I can move to the KDE video editor for NLE, and Pixelmator is already better than Photoshop IMO. The only other two I need to replace are Lightroom and After Effects. I think the latter will be hard/impossible.

Look into Davinci Resolve to replace After Effects.

A workaround is to use LittleSnitch (or Windows Firewall Control if on Windows) and block everything Adobe except what you actually need.

No freaking app should ever be given this much or any control over a user computer. Every app (except system maintenance tools and other apps which genuinely need full access to fulfill their very purpose) should be constrained within a directory meant right for it + the files the user wants them to open.

CPU usage goes up in case of blocking, be caerful when on battery. I tried to remove adobe background services crap (or disabling it via services.msc) when used adobe apps on windows.

That kinda stuff runs well in a VM. Not too GPU dependent, so you generally get very-near-native performance. The only problem I end up having is constantly blowing away my VMs, racking up too many new installs, and running afoul of key limits.

Have you seen qubes os? [1] Obviously this would not work on OS X, but the concept is fascinating and definitely a different and unique approach at security and isolation.

1. https://www.qubes-os.org/

Qubes is great but be careful... I tried giving a specific usb port to a windows vm to play games with a joystick and accidentally gave all of my USB inputs to it, effectively locking myself out of dom0. Oops.

That's the UNIX philosophy.

    Unix gives you just enough rope to hang yourself - and then a couple of more feet, just to be sure.
[0]: https://www.azquotes.com/quote/1293001

That looks really fun, thank you. I'm going to check this out.. maybe in a VM :D.

I really like these kinds of projects. NixOS and Fedora Silverblue are a couple others.

Qubes isn't designed to run in a VM, but it can.

I wanted to try running in a VM and actually have not considered believing bad performance. How is performance degradation - is it very very noticeable?

With the virtualization primitives in modern CPUs it's like 95%+ of native. GPUs are a total lost cause though, so you won't be playing games (unless you do GPU passthrough).

if you set the VM UUID + keep the MACs of the NICs the same it usually bypasses key limits

The fact that I've had to use Adobe's own "cleaner" app to fix problems says a lot.

As someone who works in film production I am so done with adobe creative cloud. I use FCPX because I can’t stand how inefficient adobe is on a Mac. It grinds your processor for no reason and renders at half the speed it should. After effects is way better than Motion but it’s just not worth it. I spent $300 in 2011 and FCPX has been flawless (well...after they fixed that first year or so of problems haha). With FCPX having a one time payment and davinci resolve being free, I just can’t justify adobe’s relatively expensive monthly payments when it’s so inefficient and insecure. And the updates! Jesus christ.

Years ago (pre cloud - master collection) I was on Windows and made the switch to Mac with a written guarantee that the apps (I used Flash a lot) would have the same functionality. It turns out that the ability to zoom in with the mouse was crippled and they removed .eps output ability. They continuously removed output formats (eg at least FXG allowed some format interchange until it too was taken away). So, workflows had to be abandoned.

Amusing to think about how used to terrible Adobe 0day people are. Zoom has some stumbles and the tech giants seize in the opportunity to promote their solutions. Adobe? More 0day? Just another day at the office.

I used Photoshop for digital painting but wilfully ditched it when I got a new laptop and decided to install Mint on it instead of staying with Windows 10. Then I discovered Krita, which is a linux based open source illustration program which works just as well and I don't have to worry about Adobe eating up half my memory on useless background processes I don't need nor want.

This is why you should have completely distinct systems, install the creative software on separate system, with no capabilities.

Adobe doesn't even respect the windows start removal and starts background tasks even you disable it from startup menu.

Every single step connects and calls home. If a SINGLE step doesn’t then it immediately notifies you to log in. It’s pathetic.

The good news is, unlike Windows, macOS has a fantastic default PDF viewer ("Preview") and I don't know why anyone would ever install Acrobat on it

Preview has issues with PDFs with form fields right now. It causes a bunch of people to need to install Acrobat for that use case. :(

There is quite a bunch of "PDF" features around forms which basically only work with Adobe PDF and maybe one or two other ones. But good luck if non of them are available for you.

Worse many "office" people which create PDF's with form fields use Adobe tools, so they never see that what they hand out to thousends of students isn't working with >90% of PDF viewers....

This sounds like a page in a playbook for a company that wants to maintain their monopoly.

- it is plausibly open

- there are enough edge cases that your tool is the only one that does it reliably.

This is similar to doc format - apple tools or openoffice can open it, but screw it up for everyone if they try to write it.

There is a wonderful rant about another adobe file format .PSD in this code here:


That's beautiful. However, if I weren't an only child in two weeks I would take exception to that "old" bit describing the Uncle.

Installed Acrobat a few weeks ago for this use case specifically. I feel like Preview used to be a lot better at editing fields, recently it has been a real pain.

PDF has two types of forms: native and JS driven. I'd bet that the problems are with the JS. I'd also be willing to bet that Adobe makes Acrobat author forms in a way that intentionally breaks third party readers.


Are there not any alternatives to Adobe Acrobat Reader on macOS for editing fields and other use cases listed in the other comments?

Apple's Preview does a pretty good job with generic pdf forms. Unfortunately, Adobe has created multiple types of pdf forms using different technologies and very complex specs. Apple does not support all of these. (You can also find many cases of PDF forms using Adobe tools that do not round trip between platforms).

PDF Export does a good job of filing in the gaps.


Not just complex specs. Some of them are proprietary.

There's some non-free options:

Editing/Form Fill/etc: Nitro[1]

Signing: Nitro[1], HelloSign[2], airSlate[3], Smallpdf[4] (limited functionality)

[1] https://www.gonitro.com

[2] https://www.hellosign.com

[3] https://www.airslate.com

[4] https://smallpdf.com

OTOH, Preview renders PDFs way better than Adobe Reader does. Tweaking the settings in AR didn't help either.

I only wish Preview would do two things:

- open files in "maximized" view.

- when opening a file, Left/Right arrow keys don't let you navigate the pages. Instead, they move the current page a few pixels left/right! (they work like horizontal scrollers)

Luckily other PDF editors do well with form fields and don't bundle a JS VM into their runtime.

That’s interesting. The iPad version works extremely well for editing.

Why would anyone in their right mind create a PDF form?

They are actually quite handy when the only allowed method of submission is via snail mail or fax. Much better than the alternative of printing an empty form and filling it all in by hand.

Man I don’t know what industry you’re in but I get 3-4 PDF’s a week.

What about Skim? It is the one I use.

It's good, but creates additional files for your annotations and comments - which btw, cannot be read in other software.

Yea, that is right.

For sure, however it seems like vast majority of use of PDF, (which is to view a printed document as it is) is addressed by Preview.

For stuff like sign a PDF and form are not things normal people need to use.

so the only people doing that are abby normal?

People keep saying this, but the form-filling tools are basically identical to Reader's. I don't get it.

What Preview doesn't support is JavaScript, as far as I can tell, so it can't work with "smart" PDF's, e.g. that will do calculations for you.

Is that what you're referring to? Or I'd love to know any specific issue you've run into with form fields.

The problem is that if the PDF forms where create with an Adobe program even things which should work with generic PDF might not do so because the Adobe program used JS or whatever below the cover.

EDIT: I looked into some of the PDFs again and it seems I had been wrong. Not sure what they use but it doesn't seem to be js.

EDIT EDIT: But I found other forms which where affected see my response below.

Is that a real thing?

I've encountered JavaScript-heavy PDF's before, but which were obviously so. (Automatically calculating values for one form field based on another, generating QR codes, etc.)

I've never come across a seemingly "normal" form PDF but which secretly used JavaScript for normal things like form filling, so that normal form-filling tools didn't work. I don't understand why the normal PDF type-in-a-text-box tool wouldn't work.

Have you actually come across this? Can you point to any examples?

While (like it can be seen in the EDIT) the forms I found where not affected with JS. Other forms from my uni where.

For example I found following:

`/JS (if \(this.getField\("inst1"\).value == "bitte auswählen"\){\r\nthis.getField\("Hinweis"\).display = 2\r\n} else\r\n{\r\nthis.getField\("Hinweis"\).display = 1\r\n}\r\n)$ /S /JavaScript`

This (in the given PDF) causes a "notice" overlapped on top of other form fields to disappear once the first multiple choice field was selected.

So if you try to fill it out without JS some form fields are not visible (but selectable by tab). Luckily it's not included in prints.

Yes, as another commenter pointed out, Canadian govt citizenship forms, e.g. https://www.canada.ca/en/immigration-refugees-citizenship/se...

I have run into this with regard to basic, but "slightly" more advanced features then text fields on forms in my university.

You can be sure that even Adobe won't add JS for forms with plain text fields. ;=)

EDIT: I looked into some of the PDFs again and it seems I had been wrong. Not sure what they use but it doesn't seem to be js.

Sorry about this.

The Canadian govt forms like Visa application forms or Tax forms don't work on any Linux pdf tool that I tested with. The pdf would display empty with a JS error message. This was a few years ago though.

Had to install the linux version of Adobe, which is many years out of date now.

Preview can't digitally sign PDFs. I have to do this on a near daily basis.

EDIT: I mean sign with a certificate, not add an image. Personally I would prefer to not have any adobe software on my mac.

By "digitally sign", do you mean insert a picture of your handwritten signature? It can do that: https://www.macrumors.com/how-to/digitally-sign-a-pdf-using-.... If you mean cryptographically sign, then disregard my comment.

This lack of differentiation really grinds my gears. Why in the world do both of these activities share a name? It would be really interesting to take a random sample of the population and ask them some basic context like their occupation/education, and ask them whether a digital signature comprises a graphic of handwriting (validated with eyeballs) or something more sophisticated (validated with math).

There will be some obvious trends, but I suspect there will also be some surprises.

You're referring to "term overloading". This is pervasive throughout all domains of engineering, but more so in software because there are so many conflicting standards, definitions and citations. It's really hard to get a handle on. Like, I would assume that posting on HN the audience would assume I would not confuse "overlaying pixels of my signature on a document," with, say ECDSA sign & verify. But I was wrong to assume that. So, barring a common definition, should we speak with increased precision thus verbosity? Perhaps. But if THIS example grinds your gears, hooo boy, hang of for a ride.... :)

To my own surprise, it was a pretty pleasant read and I didn't realize you were intentionally being over-verbose until "overlaying pixels".

The point of a signature is to affirm the authenticity of something. When you sign something by hand, you're showing that you reviewed it. If you cryptographically sign something, you're doing the same thing to a bunch of bits, and arguably in a way that's a less easy to forge.

Yeah, the latter: keychain certificate (under "Certificates").

Just dealt with this yesterday. It’s too bad because I really like the signatures I have saved under Preview.

So I sign all signatures on a lease with Preview except for the very last one, which I did using a digital signature under Adobe Reader. it was a self-signed one certificate but the goal is still to have the other person feel comfortable with doing a contract over email than in person anyways.

Could you use JSignPDF instead?


What’s the benefit of signing the pdf itself rather than the distribution? If there’s a large need for this seems like an easy way to make a bit of money cutting out adobe.

The good news is, unlike Windows, macOS has a fantastic default PDF viewer ("Preview") and I don't know why anyone would ever install Acrobat on it

I, too, prefer Preview to Acrobat. But part of my workflow occasionally involves copying text from a PDF to create a web page. Preview cannot be counted on to reliably or accurately copy that text. It seems to have particular problems with the letter "f" when next to a letter "s," in addition to other flaws.

Acrobat, on the other hand, always copies the text correctly.

Aside from this one use, however, I always employ Preview because otherwise it is far superior.

It seems to have particular problems with the letter "f" when next to a letter "s," in addition to other flaws.

That's such a weird bug. I wonder if Preview is trying to be too cute with "less common" stylistic ligatures. Try some of the other ones mentioned in Wiki: https://en.wikipedia.org/wiki/Orthographic_ligature#Stylisti...

Windows 10 has had a built in PDF viewer for at least 5 years. It's the Edge browser which is now based on Chromium. You can sign and save documents too.

It still can't form fill. Edge's pdf viewer is definitely a lot more pleasant to use than anything else I've used.

I really like Firefox's built in PDF viewer. It even shows the table of contents where available.

Yes it's pretty good. I actually used PDF.js to debug a malformed issue at work once. The javascript console error log gave a clue about the issue where no other tools said anything.

So does Preview. So does Acrobat Reader.

Preview is such a great app. For simple image editing too... I used to have to get gimp to crop, rotate, and resize images, preview does the task simply and well.

It seems crazy, but Preview is genuinely a big part of keeping me stuck in the Apple ecosystem. That iOS doesn't have anything like it is the main thing keeping me from ditching macOS for iOS (+ remote Linux VMs), even. It's a sign of how crap the UX is or has become on Windows or Linux that it's so surprising to have a basic utility program function so reliably, so well, and with such light resource use, while consistently delighting with its versatility.

I have similar feelings about their office suite. In general their add-on and utility software is just great. I'd miss all of it on any other platform (and do, when I use those—yes, even the file manager, which is still less crashy, less prone to weird interface bugginess, and more consistent than any featureful equivalent I've used on Linux, and I've used... oh, all the big ones, over the last 20 years, and I don't find it any worse than Windows Explorer, aside from preferring some of the latter's hotkeys) but of all of them... yeah, Preview may be #1, which was not something I expected when I first started using OSX/macOS about 10 years ago.

Yeah, preview for simple annotation or cropping, photopea for heavier tasks. I haven't installed 3rd party photo editors in years.

Windows uses Edge IIRC, and it does pretty well.

It does a decent job for heavily text based pdfs like legal forms or manuals and even lets you annotate the document with a pen or highlighter but it chokes on more image based pdfs like slide decks or schematics.

Old Edge was a great PDF reader and EPUB viewer. New edge... well it's just the same as Chrome, which is to say that it's fine.

Because PDFs in Preview are blurry on external screens ever since Sierra. Acrobat works fine. I hate most third-party PDF viewers, but here we are.

That’s...odd. I’ve never noticed it, and I’m viewing an AWS user guide right now on a 4K display (MacBook Pro, Mojave) with no crispness issues.

> 4K display

That’s your answer. Apple being Apple either have no lower-res screens to test on, or once again have decided to force the industry forward.

Thanks. I’ve tried about a million different tricks at the time, none of which worked. I’ve given up on it. There has been a Twitter thread by an Apple engineer which I won’t be able to locate now, but the crux was that they know they’re breaking things for non-4K screens, but they don’t care enough/don’t have the resources (lol) to fix that.

You buy Acrobat DC the impacted product because you’re using it as more than a reader. OCR image to text (laying the text invisibly within the pdf as metadata behind the image) is a common use case. Slim down a bloated pdf eg that came out of a scanner driver. Properly redact sensitive information (legal, govt, journalism context).

The software is flawed even beyond security issues but for creating or editing PDF files there is not much competition. (There is some and I’ve used that too and it’s mostly worse. It’s a hard problem apparently.)

As a general rule, Acrobat ignores and silently fixes a lot of issues with PDFs that more stricter implementations will complain about (it goes beyond the spec to be accommodating). This unfortunately means a lot of programs out there are making malformed PDFs but their users don't know because "it works here on Acrobat!". So that's one reason I have to install it despite alternatives on Windows, but maybe Preview is the same in this regard and fine for general users.

as far as I know the macOS display subsystem was built around the PDF specification. You'd think the OS can handle viewing documents without much additional third-party overhead:



It uses the same drawing primitives as PDF, but it certainly isn’t built around the PDF specification, which is enormous.

To give a few examples, there is no JavaScript interpreter in Quartz (https://www.adobe.com/devnet/acrobat/javascript.html), nor does it have 3D graphics rendering built in (https://helpx.adobe.com/acrobat/using/displaying-3d-models-p...), or a Flash engine (https://helpx.adobe.com/acrobat/using/flash-player-needed-ac... this has bee removed from the Acrobat install, but used to ship with it)

To support PDFs fully, all of that would have to be implemented on top of Quartz.

If you're on Win10, the Xodo PDF app is the best/fastest - and it allows editing and page order changes. And it's free.

And it's a dream to use on a touch screen. Trying to open the same high quality/density PDFs in Adobe (even just the reader) is an unresponsive nightmare.

I don't even understand how there can be such a significant difference in performance when Adobe created the format....

That's interesting. I've been using SumatraPDF for years. I might give this a try.

Preview doesn't support a lot of stuff such dynamic forms. Most of the gov documents I need to sign are not displayed in preview.

PDFs with XFA forms are not supported by Preview

Redaction, for one, is a desired feature that don't usually come with free PDF viewers on macOS like Preview.

A good open-source PDF reader I've used in the past on Windows is Sumatra. Very lightweight and functional.


Def check out Xodo PDF reader. It's been my favourite in terms of speed/functionality. It has been the best for use on Win10 touch screen.

Windows has a default PDF viewer that works very well. Try it!

To fill out government forms.

At this point Adobe have to be responsible for some overwhelming fraction of all desktop exploits. There's always bugs in PDF readers. Not to mention their history of Flash (admittedly bought in rather than written)

Even if a PDF viewer is full of security holes like a colander, I don't see why this should lead to gaining root access.

Why on Earth should Acrobat have any part even running as root? This design seems detective.


And this "inventing your own launcher/updater" fetish that seems to be pervading software. There is a corollary to Zawinski's law here: every piece of software eventually installs yet another shitty updater alongside itself.

Fuck the perfectly functional updater built in the Mac store.

Yeah, for all the complaining we do about the various app stores, shitty devs like Adobe really forced the platform vendors' hands on this. Users and devs can't be trusted with that capability, the platform vendor needs to be the adult in the room.

> Yeah, for all the complaining we do about the various app stores, shitty devs like Adobe really forced the platform vendors' hands on this. Users and devs can't be trusted with that capability, the platform vendor needs to be the adult in the room.

It doesn't even have to be like this though. Why not a simple notification directing me to the download? I guess reduced friction but is that really it?

if done well, an updater is fine. See chrome/firefox's updaters.

Those updaters do work great, probably because (at least on Windows) they circumvent elevation by not requiring it.

The problem is that, if every app decides to use its own updater, there's a good chance that your internet line could get saturated when everything decides to update at once (especially when this awful PDF reader is 180MB). A system-wide updater avoids this issue.

30% revenue cut so that you get no increased market? Yeah, fuck the perfectly functional updater. The dollar loss through distributing a security flaw is way lower than that.

That’s weird, if I remember correctly, all the apps that use Sparkle to update don’t need to run as root.

What makes Adobe’s apps so special that they do need privileged access?

Sparkle is slightly more limited in what it can do and grabs an authorization right (to run things as root) when updating using the system APIs to do so rather than always running as root. Some would say this is a much better design (myself included) but Adobe presumably did not go this way because they are either lazy or actually would like more access to the system than Sparkle needs.

Is anyone else tired of having all these "updaters" installed by default, running perpetually in the background? I just want to run your application. I do not want to run (as root!) your marketing puppy that begs me to update to the next version every three days. I wish there was a way to opt out of them. Or even better, have the OS treat them as malware and block them before they even get installed.

Some applications do a check on start-up to see if there is a new version available. This is a lot better. Why isn't this good enough for Adobe?

> Some applications do a check on start-up to see if there is a new version available.

Infuriating. I just want to use the software not randomly be interrupted throughout the day as one of the 50ish applications I use on a regular basis decides to do a "minor bugfix and localizations" update and thus totally interrupting what I'm doing. Oh and after it does its update, the document I double-clicked on isn't opened or there is a FTUE showing me "exciting updates."

Most modern software sits there idle all the time, why not do this nonsense in the background? Why do you need to interrupt me at precisely the one moment I actually want to use you? (This is especially annoying of gaming consoles and other "appliances")

Modern software is actively work-hostile.

> Modern software is actively work-hostile.

My favorite recent example is DBeaver. The update to v7 destroyed their own SQL directory which had saved in it a SQL scratchpad document containing little SQL snippets I had written over the last few months, some fairly complex that I ran once or twice a week. I had restarted DBeaver dozens of times over those months, my SQL snippets returning each time ready to be run...

Then one day, like an idiot, I clicked the "Update" button and all that hand-written SQL was gone, like tears in the rain. Gee, thanks DBeaver! I love v7! Tell me more about your new features! I love having my careful work destroyed for an update...

Imagine paying money for software that did this.

It's so odd that the Linux ecosystem solved this decades ago with package managers.

`sudo dnf -y update` is such a time saver

To be fair, if you work with only Mac App Store apps and brew-managed packages, it's a similar (but less uniform) experience on Mac (and the `mas` utility fills in for the App Store on the CLI).

And things are better and worse depending on your Linux distro (ref: Snaps in Ubuntu).

The problem is a lot of useful software isn't (for good reason) available on the App Store.

Exactly, the main app could have been a hello world app, but when the updater for it is created with classic adobe lack of care, and root access, it doesn’t matter.

What prevents them from running updater unprivileged and asking for root before installing the update? Or better - why can't it be installed and run under the user. Most other apps are simply copied to Applications and run as the user. I can imagine they want Windows-inspired multi-user install. But still there is no need for running the updater full time with root privileges.

Adobe needs to play ball, sandbox themselves to the hilt and get on the damn Mac App Store. If dozens of pdf apps can be there, then so can Adobe.


Why there's that much exploit in this PDF software?

Where does this complexity comes from?

Wow. Is there something other than PDFs that can be used to meet the same purpose? PDFs are looking really old and stanky right now.

If you were to try to meet the full specs of PDF for satisfying the same purpose, the outcome would be 10-20 separate specs, all of the same complexity.

the better idea is to segment out what exactly you want to use it for and use a specific file format for it.

IE. Do you want vector graphics? Do you want document signing? Do you want to just do printing of a text only document? Do you want to encode picture bitmap information? Do you want to show a document online? Do you care about colour spaces? Unicode? If unicode, what kinds of unicode? Font rendering? How do you like your glyphs and ligatures to look?

The spec is so big because it has like 10-20 purposes.

> the better idea is to segment out what exactly you want to use it for and use a specific file format for it

What I want is basically an entirely static (no javascript, forms, media elements, etc) copy of a web page, with a logical deterministic rendering, and a fixed page size (no reflowing). Basically, if you took a web page and printed in color on pieces of paper, the HTML + CSS that describes the stuff shown on the piece of paper is what I want a "portable document format" to be. (Along with a set of rules that specify exactly how that code should be rendered.)

What I want in the spec is basically dictated by that:

* vector graphics: yes, SVG is supported in all major browsers. https://developer.mozilla.org/en-US/docs/Web/SVG

* bitmap support: yes, let's start with PNG, JPEG, etc, and updates to the spec can introduce new formats

* color management: yes, should be required by the spec

* unicode: yes, we can probably be UTF-8 only at this point?

* font rendering: deterministic; make it part of the spec. Fonts should be embeddable in the document. Ideally the font rendering for the end users should be as high quality as possible (this is quietly one of the things PDFs are already doing very well).

* glyphs / ligatures: should look exactly as they are determined by the author of the document. The spec should allow for the full use of the capabilities of an OTF font.

I think this probably covers the stuff 95% of people want from 95% of their PDFs, and it's vastly simpler than what's currently in the spec.

Honestly, PDF/A comes pretty darn close to getting there. The most recent version allows embedding arbitrary files, however, and there's lots of annoying cruft from the PDF format. (Renderers have to support displaying embedded XML forms, for example.)

this comes out to be a pretty good rundown! interesting discussion!

Hmmm... just for fun, this is what I would like:

* All rendering done by raster chunks that get pieced together. If the pdf has a photo in it, it would be used as its own raster chunk.

* No special font rendering, but an idea of where text is so it can copy paste as though it is selecting text. Really it just outlines parts of the pre-rasterized text. Potentially text could be rasterized per letter for compression, but no dependency on font rendering abilities or local fonts should exist.

* No vector rendering, but the ability to select a rasterized vector image chunk and save as either .svg or .imgType.

* The ability to click html links

* The ability to write (with non-special fonts) into areas as to fill out a form

* A basic Regex (limiter => error/warn message) for form fields


I think this would be enough to cover everything I've done with a pdf. Tests to pass:

1. Looks the same everywhere

2. Can click links (great for resumes)

3. Can view photos, and select them for download

4. Can fill out forms

5. Can copy text

6. ???


Obviously size would be an issue here as you get to larger documents but I suspect compression could be made efficient enough to be just fine in most cases.

Looks like DjVu might be what you want?

I'll just add that's version 1.4 (Acrobat 5) which is typically what many digital printing companies will request if possible. After 1.4 it was basically all useless features being added which bloat the file size (though 1.4 has a bunch too). So later versions of the spec will be longer.

I do like the spec a lot and have actually used it to track down bugs in files before. It's very easy to follow if you're just looking at certain operations.

These days, I'd say the web–it's similarly complicated!

Correct me if I'm wrong, but PDF contains a JS engine within it.

The spec is also partially used for specifying and bootstrapping a publishing and printing system on its own, so it's like JS + cups + PostScript + Unicode + font rendering all combined into one mega spec.

Don’t forget a complete 3D rendering engine (based on u3d models)

It’s not even the PDF reading part with the bug here.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact