Flasher Archive

[Previous] [Next] - [Index] [Thread Index] - [Previous in Thread] [Next in Thread]


Subject: RE: FLASH: [RESPONSE] Recent Flash Player Release
From: Connie Schachel
Date: Tue, 25 Jan 2000 03:45:22 GMT

As a real "newbie" here, I hesitate to post anything but I'm so grateful
that the info on this "bug" was on the list. Last night when I was showing
my grandson (yeah, I'm THAT old), the Disney site, I was asked to download a
newer version Shockwave Player and directed to the macromedia site. There I
discovered that the new shockwave player is grouped with the Flash Player
version in question. Having read of the problem, I dug around for about 15
minutes before I found a place where I could download JUST the Shockwave
Player without getting the "added blessing!"

Unfortunately, my ten-year-old grandson's attention span was just about as
long and he had moved on to the video games in another room.

Connie Schachel,
Old Dog/New Tricks

>-----Original Message-----
>From: owneratchinwag [dot] com [owneratchinwag [dot] com]On">mailto:owneratchinwag [dot] com]On Behalf Of unique
>Sent: Monday, January 24, 2000 9:06 PM
>To: flasheratchinwag [dot] com; Eric J. Wittman
>Subject: Re: FLASH: [RESPONSE] Recent Flash Player Release
>
>
>Eric,
>
>Thank you for your post!
>
>However, you leave unaddressed some serious concerns regarding this
>defective player. Furthermore, I do not follow the logic behind
>the security
>issue.
>
>At the exact moment of 2000.01.24.17.21, her/his local time, Eric
>J. Wittman
><emanatflash [dot] com> put forth:
>
>> Dear FlashR-Ls,
>>
>> It is with the Flash Team's deepest regret that the latest Flash Player
>> releases (versions 4.0r20 Macintosh and 4.0r25 Windows)
>
>(being distributed to the public from December 6, 1999, through this very
>moment)
>
>> contain behavior
>> that has broken several sites utilizing load variables from external data
>> sources.
>>
>> The nature of this issue is documented in TechNote #14234 on the
>> Macromedia Flash Support Center.
>
>http://www.macromedia.com/support/flash/ts/documents/ampersand.htm
>
>> The problem discovered is that Flash
>> Player is inserting an extra ampersand character when passing variables
>> from a Flash movie. This effects users who are sending data to a
>> server-side mechanism, such as ASP, ColdFusion or CGI.
>>
>> Another change made to the latest release of Flash Player is also related
>> to loading external variables from a data source. Previous releases of
>> Flash Player allowed variables to be loaded from a domain source outside
>> of the current one the Flash movie was playing from. What this means in
>> theory is that someone could load or send data from one site and send to
>> another site. This behavior has been considered a "feature" by many a
>> Flash developer for the ease of access to information however is
>> considered a breach of security by industry security experts. It was at
>> the request by several developers and industry experts that prompted this
>> change in behavior.
>
>I'm surprised that the developers and industry security experts
>are placated
>by this meaningless gesture! Closing the barn door after the horse has been
>stolen. Surely anyone with malicious intent can avail themselves
>of an older
>plugin.
>
>> This issue and appropriate solution is documented in
>> TechNote #14213 in the Macromedia Flash Support Center.
>
>http://www.macromedia.com/support/flash/ts/documents/loadvars_security.htm
>
>> We are currently working overtime to resolve the extra ampersand
>issue. We
>> anticipate a new Flash Player release with this fix within the next 1-2
>> days after thorough QA has been done. To ensure all angles of this issue
>> are tested, we would like to have Flash developers who are currently
>> experiencing the extra ampersand problem to forward me (emanatflash [dot] com)
>> their site URLs so we can incorporate them into our testing matrix.
>>
>> Again, we apologize for this inconvenience and are working hard
>to resolve
>> this issue ASAP.
>
>"Inconvenience"?
>
>Eric, this is far more than an inconvenience! For many, it is an
>income-threatening and even income-destroying situation.
>
>That's a BIG "inconvenience"!
>
>That which still baffles me the most is Macromedia's *insistence* upon
>continuing to distribute these broken players *long* after their defects
>have been known. This is something that Macromedia wants to proliferate?
>
>Am I missing some important point here?
>
>To summarize, two questions:
>
>(1) Why was the 25/20 player not withdrawn from public distribution
>immediately upon Macromedia's awareness that it is defective? Think it
>through, and you will discover that the release of a new player will *not*
>erase the existence of how-many thousands of bad ones! Are we supposed to
>design around these players? You keep pumping them out, even today.
>
>(2) How many thousands of these players have been released to the public
>since December 6, 1999? How many were released since MM's awareness of the
>problem?
>
>(2a) And, more to the point, what percentage of Flash 4 Players
>that are out
>there are of the 25/20 variety?
>
>If you don't have answers for these questions, please advise as to
>appropriate direction.
>
>Thank you for your time.
>
>Still not getting it,
>
>Ken Sherwood
>Professional Windmill Jouster
>
> *zenkat: the Flash trailer*
> http://www.kensherwood.com/zenkat.htm
>
>kensherwood.com
>http://www.kensherwood.com
>
>
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> To unsubscribe or change your list settings go to
>http://www.chinwag.com/flasher or email helpatchinwag [dot] com
>
>


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To unsubscribe or change your list settings go to
http://www.chinwag.com/flasher or email helpatchinwag [dot] com


Replies
  RE: FLASH: [RESPONSE] Recent Flash Playe, unique

Replies
  Re: FLASH: [RESPONSE] Recent Flash Playe, unique

[Previous] [Next] - [Index] [Thread Index] - [Next in Thread] [Previous in Thread]