Comments on: FileOpen are wankers http://girtby.net/archives/2005/02/03/fileopen-are-wankers/ this blog is girtby.net Wed, 30 Sep 2009 01:44:34 -0400 http://wordpress.org/?v=2.9-rare hourly 1 By: Matt http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1034 Matt Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1034 <p>How about using the offically sanctioned method and verifying the signature on the control is from a trusted source? Microsoft chose to use cryptographic signatures over URLs for ActiveX trust decisions for many good reasons.</p> How about using the offically sanctioned method and verifying the signature on the control is from a trusted source? Microsoft chose to use cryptographic signatures over URLs for ActiveX trust decisions for many good reasons.

]]> By: Sanford http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1035 Sanford Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1035 <p>As you note, the CD contains an installer. That's the one you'd want to use, since only the Sybex installer will let you open the files on the Sybex CD.</p> <p>And only Adobe can explain why the Acrobat plug-in finder launched IE, rather than some other browser. Obviously that isn't our doing (you didn't yet have any of our code on your machine).</p> <p>Our installers are signed with Authenticode, and the anonymous IP is only because we hadn't yet transfered the fileopen.com domain to that IP. We provide the ActiveX only as a convenience; nobody has to run it, and it doesn't do any spying. We have a message about that at http://www.fileopen.com/privacymessage.html</p> <p>Good luck with your blog, anyway.</p> As you note, the CD contains an installer. That’s the one you’d want to use, since only the Sybex installer will let you open the files on the Sybex CD.

And only Adobe can explain why the Acrobat plug-in finder launched IE, rather than some other browser. Obviously that isn’t our doing (you didn’t yet have any of our code on your machine).

Our installers are signed with Authenticode, and the anonymous IP is only because we hadn’t yet transfered the fileopen.com domain to that IP. We provide the ActiveX only as a convenience; nobody has to run it, and it doesn’t do any spying. We have a message about that at http://www.fileopen.com/privacymessage.html

Good luck with your blog, anyway.

]]> By: alastair http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1036 alastair Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1036 <p>So are you telling me that even if I do the unthinkable and download your plugin from some anonymous IP address it won't even work with the PDFs on the Sybex CD? Sheesh, do you guys <em>like</em> pissing off your users or what?</p> <p>Do you understand why I first opened the PDF in Acrobat instead of using the Sybex installer? It's because I (more or less) trust my copy of Acrobat more than I trust any software on the Sybex CD.</p> <p>Can I take it from your dog-ate-my-homework excuse that you accept that downloads from anonymous IP addresses are bad? Looking at the screenshot above there is no way to tell whether I am downloading from the intended source or not, and hence the trustworthiness of the download is severely in question.</p> <p>The privacy message is meaningless - there is no way for me to associate that message with the software being downloaded.</p> <p>But I don't care about whether or not I can trust your software. It's the global effects that I'm worried about.</p> <p>When supposedly reputable companies start distributing their software in this way, and it becomes acceptable practice to download from anonymous IP addresses, it lowers the barrier to entry for all the malware authors trying to get their crap onto our desktops.</p> So are you telling me that even if I do the unthinkable and download your plugin from some anonymous IP address it won’t even work with the PDFs on the Sybex CD? Sheesh, do you guys like pissing off your users or what?

Do you understand why I first opened the PDF in Acrobat instead of using the Sybex installer? It’s because I (more or less) trust my copy of Acrobat more than I trust any software on the Sybex CD.

Can I take it from your dog-ate-my-homework excuse that you accept that downloads from anonymous IP addresses are bad? Looking at the screenshot above there is no way to tell whether I am downloading from the intended source or not, and hence the trustworthiness of the download is severely in question.

The privacy message is meaningless – there is no way for me to associate that message with the software being downloaded.

But I don’t care about whether or not I can trust your software. It’s the global effects that I’m worried about.

When supposedly reputable companies start distributing their software in this way, and it becomes acceptable practice to download from anonymous IP addresses, it lowers the barrier to entry for all the malware authors trying to get their crap onto our desktops.

]]> By: Sanford http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1037 Sanford Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1037 <p>FileOpen Systems produces software used by publishers to control their content. We don't, and in fact can't, give users permission to open files; only the publishers can do that. Our plugin is necessary but not sufficient to open Sybex's files, you also need to run their installer (or you can run only their installer - there's no requirement that you go to our site first).</p> <p>I do agree with you that it is bad form, and frankly a bit lame, that our installer is at an IP address. The whole browser-install system is new, as i mentioned; we're fixing that now.</p> FileOpen Systems produces software used by publishers to control their content. We don’t, and in fact can’t, give users permission to open files; only the publishers can do that. Our plugin is necessary but not sufficient to open Sybex’s files, you also need to run their installer (or you can run only their installer – there’s no requirement that you go to our site first).

I do agree with you that it is bad form, and frankly a bit lame, that our installer is at an IP address. The whole browser-install system is new, as i mentioned; we’re fixing that now.

]]> By: Matt http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1038 Matt Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1038 <p>It gets even worse. Apparently the sybex installer doesn't get along with the latest version of Adobe Reader, 7.03. This wouldn't be much of a problem, except adobe follows microsofts practice of disallowing the installation of earlier versions once you've got the latest version installed.</p> It gets even worse. Apparently the sybex installer doesn’t get along with the latest version of Adobe Reader, 7.03. This wouldn’t be much of a problem, except adobe follows microsofts practice of disallowing the installation of earlier versions once you’ve got the latest version installed.

]]> By: Conn Campbell http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1039 Conn Campbell Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1039 <p>I too am in the same boat</p> I too am in the same boat

]]> By: Boris Johnson http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1040 Boris Johnson Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1040 <p>Matt</p> <p>If you manage to finally get FileOpen working then let me know and I shall send you an email of a company that sells PDF conversion tools that remove the FileOpen DRM controls. This is not some hacking tool (I am not into that) but a legitimate company that converts PDF documents to other formats (so as long as you can get the fileopen plug-in working then once the file is decrypted then you can extract whatever you want from it). I can't understand why anyone purchases this product. Not only is it a pain in the ass for users to install but it does not seem to provide any security anyway. Maybe companies enjoy giving their customers a lot of pain for no reason what so ever...</p> <p>Boris</p> Matt

If you manage to finally get FileOpen working then let me know and I shall send you an email of a company that sells PDF conversion tools that remove the FileOpen DRM controls. This is not some hacking tool (I am not into that) but a legitimate company that converts PDF documents to other formats (so as long as you can get the fileopen plug-in working then once the file is decrypted then you can extract whatever you want from it). I can’t understand why anyone purchases this product. Not only is it a pain in the ass for users to install but it does not seem to provide any security anyway. Maybe companies enjoy giving their customers a lot of pain for no reason what so ever…

Boris

]]> By: Rod http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1041 Rod Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1041 <p>Boris,</p> <p>We are in the process of adopting FileOpen... your comments about a legit co having a product that will allow me to convert a FileOpen encrypted PDF into another format causes me some concerns. Can you provide me with the name of the software?</p> <p>Thanks, Rod</p> Boris,

We are in the process of adopting FileOpen… your comments about a legit co having a product that will allow me to convert a FileOpen encrypted PDF into another format causes me some concerns. Can you provide me with the name of the software?

Thanks, Rod

]]> By: Boris Johnson http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1042 Boris Johnson Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1042 <p>Hi Rod</p> <p>There are quite a few out there. Try LD-Converter http://www.pdftoall.com/pdf%20magic.htm for starters.</p> <p>Boris</p> Hi Rod

There are quite a few out there. Try LD-Converter http://www.pdftoall.com/pdf%20magic.htm for starters.

Boris

]]> By: Zz http://girtby.net/archives/2005/02/03/fileopen-are-wankers/comment-page-1/#comment-1043 Zz Thu, 03 Feb 2005 00:17:00 +0000 http://girtby.net/2007/09/01/fileopen-are-wankers#comment-1043 <p>What I can read http://files.idg.pl/pdf/macworld/20060208_02_macworld.pdf </p> <p>please help me</p> What I can read http://files.idg.pl/pdf/macworld/20060208_02_macworld.pdf

please help me

]]>