User: Password:
|
|
Subscribe / Log in / New account

So which/how many users use Adobe Reader on Linux ?

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 19:53 UTC (Thu) by Lennie (guest, #49641)
Parent article: Google warns of using Adobe Reader - particularly on Linux (The H)

So I wonder, how many users on Linux use Adobe Reader ?

Aren't most use-cases covered already ?

I've been using Evince for years now. Haven't had a PDF it couldn't read in the last 3 years or so.

The last couple of months I've even had pdf.js in Firefox handle all the PDF's I view when surfing the web. For such a new project, I've had very little which it couldn't handle almost perfectly.

So the only use case that remains is PDF-forms. Where you get a PDF which has a enbedded form.

Something which I've not encountered on my home-desktop machine ever so I don't have Adobe Reader installed.

So how many users of Adobe Reader on Linux could there be ?


(Log in to post comments)

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 20:07 UTC (Thu) by tnoo (subscriber, #20427) [Link]

Forms are seriously broken under okular, at least. This is my only usecase for Acrobat Reader.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 20:11 UTC (Thu) by Lennie (guest, #49641) [Link]

I wouldn't even expect the alternatives to have a good implementation of forms. There might be one that does though, I don't know.

Do you encounter them on a regular basis ?

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 20:32 UTC (Thu) by sfeam (subscriber, #2841) [Link]

Sure - every year at tax time. The IRS provides PDF versions of all the required tax forms as, well, forms. Sure you have the option of buying some commercial tax-preparation software with copies of the forms built in, but the history of running such under linux is quite the cautionary tale - remember the TurboTax-trashed-my-boot-sector drama? Anyhow, the free PDF ones from the IRS do the job. Or they would, if you could use them reliably with anything other than Acrobat/Acroread. Other US government agencies do the same thing. For example, some (though not all) of the required NIH grant application and reporting forms are form-based PDF documents. To be fair, I've had reasonably good luck using okular for the NIH forms. Not so with the tax stuff.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 20:55 UTC (Thu) by Lennie (guest, #49641) [Link]

See I knew there most be a reason people have it installed.

I didn't know they did that in the US. I knew my government was probably pretty unique anyway.

My government has a program people can download from their website so people can do their taxes.

I haven't done my own taxes the last couple of years, but this program used to be based on some open source components (there was at least a license file which made that very clear) and it was thus available for Windows, Mac and Linux (I wouldn't be surprised if you could run the Linux program on BSD with Linux emulation as well).

You could print the result or submit it over the Internet.

I just downloaded the one for 2011 and it seems to be mostly a bunch of HTML-files with a program around it (it also has a license file which says it used LGPL software) and it is still available for Windows, Mac and Linux.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 13:24 UTC (Fri) by drag (subscriber, #31333) [Link]

> I didn't know they did that in the US. I knew my government was probably pretty unique anyway.

> My government has a program people can download from their website so people can do their taxes.

How it works for USA federal government is that if your filing 1040 EZ, which means that you are probably renting your house and have relatively low income. If you do that then there is a number of tax prep software you can download or use online free of charge that are from corporations.

If your a using itemized deductions and/or have investments and higher income to support then you have to use the 1040 form, which means that you can use the same applications as 1040ez, but you have to pay for them.

Probably about half the people I know use accountants. Certified public accountants and their assistants helping average people prepare taxes is a very large business.

There were a couple open source software written for it. I used one of those one year actually and it worked quite well.

Nowadays I just use online version from one of the tax software companies.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 20:04 UTC (Fri) by Per_Bothner (subscriber, #7375) [Link]

If your a using itemized deductions and/or have investments and higher income to support then you have to use the 1040 form, which means that you can use the same applications as 1040ez, but you have to pay for them.

Actually, taxact.com provides free Federal online fill-in, printing, and e-file. I've been using it the last few years, partly because I can use it without booting into Windows! Fairly full set of forms. You do have to pay for state (but if you're a cheap-skate doing state forms by hand isn't as painful as Federal).

On a related topic: California Tax Franchise Board offers forms you can fill-in and print - but not save because the forms don't have the correct "permisisons". Of course that only applies to Acrobat - Evince will happily save the forms for you. Another win for Free Software!

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 21:41 UTC (Thu) by pjtait (subscriber, #17475) [Link]

I'm currently using Okular 0.13.2 to fill-in IRS Form 990 - seems to be working well enough.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 23:32 UTC (Thu) by shmerl (guest, #65921) [Link]

Same here - I just tested Okular 0.14.3 with that form and didn't see any anomalies so far.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 23:39 UTC (Thu) by sfeam (subscriber, #2841) [Link]

The problems I had in the past were mostly of the nature that edits to the form data were not properly saved and restored for later re-editing. One pass through - OK. Save and re-open - no good. But hey, if newer versions work better I'll be quite happy.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 0:07 UTC (Fri) by shmerl (guest, #65921) [Link]

I see. I tested editing, saving and reloading - everything works fine so far. So for next tax returns you can try using Okular if that helps avoiding the Reader ;)

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 3:33 UTC (Fri) by wagner17 (subscriber, #5580) [Link]

Okular doesn't save the form data as part of the PDF. See https://bugs.kde.org/show_bug.cgi?id=267350.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 20, 2012 8:53 UTC (Mon) by fb (subscriber, #53265) [Link]

If you move that PDF to some other computer, say from desktop to laptop, your edits are all gone.

Perhaps some KDE file managers are smart enough to move the metadata, but a normal shell "cp here/doc.pdf there" will certainly not.

Really a great thing to discover when you are emaling your PDFs back to your lawyer close to the tax submission deadlines.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 20, 2012 11:44 UTC (Mon) by hummassa (subscriber, #307) [Link]

Yeah, "save as" does not work, but as a workaround you can print the form to another PDF after you fill the form. That second PDF will carry your data around.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 2:22 UTC (Fri) by pabs (subscriber, #43278) [Link]

I had something similar with evince, but it turned out the data was still present but not displayed. Anyway I encourage you to submit a bug (I need to as well).

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 19:59 UTC (Fri) by daniel (guest, #3181) [Link]

I managed to fill out pdf forms a couple of times with Okular. Some dodgy behavior with saving as has been noted. But Okular seems close to obsoleting Adobe's insecure, proprietary product.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 22, 2012 9:07 UTC (Wed) by tnoo (subscriber, #20427) [Link]

OK, so Okular now shows forms nicely, BUT when I interact with the forms, it hides all other content. So I have to click back and forth between view mode and forms mode: this is not user friendly at all.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 11:40 UTC (Fri) by RobSeace (subscriber, #4435) [Link]

> Sure you have the option of buying some commercial tax-preparation
> software with copies of the forms built in, but the history of running
> such under linux is quite the cautionary tale - remember the TurboTax-
> trashed-my-boot-sector drama?

Do people still buy the boxed retail TurboTax software and run it anymore? I've been using the all-online TurboTax web interface every year since 1998, and always from a Linux-based web browser... For a while, they were checking User-Agent, and not letting you in unless you changed it to lie to them about what OS you were on... But, everything worked fine once you actually get in! But, they thankfully stopped that stupid practice some years ago, and now merely put up a scary warning at the start that you appear to be on an unsupported system, but give you the option of continuing on anyway...

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 21:36 UTC (Fri) by jreiser (subscriber, #11027) [Link]

Do people still buy the boxed retail TurboTax software and run it anymore?

Yes, and I file by printing paper, then physical post.

I've been using the all-online TurboTax web interface ...

You've been feeding the targeted marketing trolls, or at least Intuit's captive ones. All your tax data is kept forever by Intuit, and used to make money by sending you advertisements based on that data: age, gender, filing status, number and age of dependents, filing (residence) address, amount and kind of income, specific employers, specific dividend payers, amount and kind of deductions, amount and kind of tax credits, amount of refund, history of any category over multiple years, etc. Advertisers deliver the content and desired profile to Intuit. Intuit matches you against the profile, prints and applies the address label (or logical equivalent) to the content, and sends the ads. Your tax data never leaves Intuit [except of course when Intuit forwards it to the IRS or sends it back to you over SSL], but it is used for a lot more than just being forwarded to the IRS (or being held for your "convenience" in filing an amended return, defending an audit, etc.)

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 22:12 UTC (Fri) by RobSeace (subscriber, #4435) [Link]

> used to make money by sending you advertisements

Ads? I've been running AdBlock Plus for ages...

Google also revolves around ads, but that doesn't stop me from using their products... If people want to send me ads I'll never see because they're blocked, let them... If it makes Google/Intuit money, and loses the advertisers money, so much the better!

So which/how many users use Adobe Reader on Linux ?

Posted Aug 18, 2012 1:25 UTC (Sat) by hummassa (subscriber, #307) [Link]

Sometimes you have to remember that targeted ads (especially when well-executed) means *less* and *better* ads (of the kind that may actually be useful to you). :-D

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 21:02 UTC (Thu) by xnox (subscriber, #63320) [Link]

In university, I used Adobe for:
* drm protected academic papers
* high density vector images (evince shows spurious triagles and got z-order wrong)
* embedded 3D images & movies (although 3D is suppose to work now in evince i think)
* embedded flash content
* forms

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 21:05 UTC (Thu) by josh (subscriber, #17465) [Link]

If you encounter vector images that don't look correct in evince, please report the PDFs to the Poppler project.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 10:54 UTC (Fri) by Lennie (guest, #49641) [Link]

I knew Acrobat supported all kinds of stuff, like embedded zipfiles and javascript. But I had never encountered them.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 19, 2012 19:32 UTC (Sun) by mathstuf (subscriber, #69389) [Link]

FWIW, I remembering successfully embedding video in a PDF and viewing it in Okular in 2010 or so. The PDF was created with LaTeX, but I don't remember which package.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 12:25 UTC (Fri) by Wol (guest, #4433) [Link]

I actually find Okular seems to handle forms better than Acrobat on occasion!

But I run gentoo, so I'm always up-to-date, except when there's a dependency screw-up with poppler :-)

That's really the only downside - anything goes wrong with poppler, and pdf support is completely screwed until I fix the mess.

Cheers,
Wol

So which/how many users use Adobe Reader on Linux ?

Posted Aug 20, 2012 4:13 UTC (Mon) by tnoo (subscriber, #20427) [Link]

Thanks for this information, I should try it again for that. I sure hope you are right!

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 21:05 UTC (Thu) by josh (subscriber, #17465) [Link]

Forms (including IRS forms) work fine in Evince.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 23:08 UTC (Thu) by JoeBuck (guest, #2330) [Link]

Is this a recent development? A couple years back I tried to make evince work with tax forms and failed miserably. Guess I'll try again.

The evince developers should use the IRS tax forms as test data and for regressions; they are freely redistributable (not subject to copyright if I understand correctly as a US government work).

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 23:38 UTC (Thu) by josh (subscriber, #17465) [Link]

I don't know how recently this started working reliably, but I've used evince for several forms in the last ~2 years or so.

DRM'd/locked forms don't save

Posted Aug 16, 2012 23:39 UTC (Thu) by jjs (guest, #10315) [Link]

Under Evince (3.4.0-2+b1) or Okular (4.8.4-2) on Debian. Can pull up the forms fine, fill them out, but they don't save. I can save the filled forms with Adobe Reader.

DRM'd/locked forms don't save

Posted Aug 17, 2012 0:08 UTC (Fri) by shmerl (guest, #65921) [Link]

I didn't test DRMed forms, but non DRMed save and reload fine.

not subject to copyright as a US Government work

Posted Aug 17, 2012 12:29 UTC (Fri) by Wol (guest, #4433) [Link]

Actually, technically, I think that's not true. As per Berne, EVERYTHING of that sort IS subject to copyright.

As per, however, the US law implementing copyright, the US government cannot ENFORCE that copyright, within the US at least.

So, if you're an American, it's a distinction without a difference :-)

Cheers,
Wol

So which/how many users use Adobe Reader on Linux ?

Posted Aug 16, 2012 21:39 UTC (Thu) by ay (subscriber, #79347) [Link]

Evince and other open-source PDF viewers screw up schematics (output from orcard, cadence, etc.) whereas adobe reader renders them properly. They also don't search as well in schematics (adobe's app has better search options). The rendering thing is the worst and to make it even worse I don't have any schematics that exhibit this and can also be shared as a sample on a bug report (they cover proprietary circuits). Ugh.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 8:18 UTC (Fri) by epa (subscriber, #39769) [Link]

I have encountered PDFs (produced by a scanner) which printed correctly with Acrobat but came out blank with Evince. Quite likely the PDF was malformed somehow, but if you need to get your job done...

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 9:06 UTC (Fri) by zdzichu (subscriber, #17118) [Link]

On line banking I use (Raiffeisen) generates PDFs which are mostly blank in Evince, but look fine in Adobe Reader.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 17:13 UTC (Fri) by thedevil (guest, #32913) [Link]

"I've been using Evince for years now. Haven't had a PDF it couldn't read in the last 3 years or so."

But the UI is terrible.

https://github.com/nobrowser/spadeful/blob/master/README

So which/how many users use Adobe Reader on Linux ?

Posted Aug 17, 2012 20:51 UTC (Fri) by khim (subscriber, #9252) [Link]

So how many users of Adobe Reader on Linux could there be ?

Good point. If you'll recall that security-wise evince is worse then Adobe Reader and there are more users of evince in general... it's not clear what the hoopla is all about.

Valgrind?

Posted Aug 19, 2012 7:29 UTC (Sun) by gmatht (subscriber, #58961) [Link]

Would running Acrobat or Evince under valgrind with the right options make it safe? It would be cool if there was a way to run existing software in a mode that gave it well defined and hard to exploit behavior to moving a pointer outside its original malloc'd space. I've heard the x32 abi may make it easier to implement Fat pointers, though that doesn't help much for Evince.

Or perhaps Softbound.

Posted Aug 19, 2012 13:16 UTC (Sun) by gmatht (subscriber, #58961) [Link]

Opps, I meant it wouldn't help for Acrobat (because we can't recompile it). Anyway for code that we can recompile with LLVM I guess the answer is something like SoftBound, assuming the code doesn't rely on undefined behavior just to work at all. Apparently the overhead of softbound can be under 20%, so it seems like it could make a good default for development versions of all C programs. I am not sure if SoftBound supports C++ yet though.

Or perhaps Softbound.

Posted Aug 19, 2012 21:23 UTC (Sun) by cmccabe (guest, #60281) [Link]

We already have a way to do this. See http://lwn.net/Articles/353203/, where Dan Walsh explains how to sandbox Acroread using selinux. No speed hits required, and it catches more things than just boundary errors.

I still think that a seccomp-based solution would be the way to go. Similar to what Google did with Webkit in Chrome. That would not require SELinux to be enabled (it's not available on my current distribution) and would be a true upstream solution.

Or perhaps Softbound.

Posted Aug 27, 2012 21:07 UTC (Mon) by idupree (guest, #71169) [Link]

As I understand it, neither the SELinux nor seccomp methods catch the boundary errors. The boundary errors can still be used for exploits that display silly doodles in the Acroread window instead of displaying the PDF, for example. Catching the boundary errors as boundary errors means we can prevent attacker-controlled code execution altogether in some cases.

Or perhaps Softbound.

Posted Sep 1, 2012 3:49 UTC (Sat) by cmccabe (guest, #60281) [Link]

> As I understand it, neither the SELinux nor seccomp methods catch the
> boundary errors. The boundary errors can still be used for exploits that
> display silly doodles in the Acroread window instead of displaying the
> PDF, for example.

Um, displaying content is not an exploit. Or if it is, the only secure PDF decoder is /dev/null.

I don't need to be a hacker to give you a PDF that displays a silly doodle. I can just create a pdf that embeds a silly doodle.

Or perhaps Softbound.

Posted Sep 1, 2012 15:06 UTC (Sat) by bronson (subscriber, #4806) [Link]

As you quoted, the OP is talking about creating a PDF that displays a silly doodle due to a boundary error.

Just because an exploit is a silly doodle, that doesn't mean we can just ignore the exploit vector.

Or perhaps Softbound.

Posted Sep 1, 2012 18:21 UTC (Sat) by cmccabe (guest, #60281) [Link]

Think about the Chrome sandbox. The website rendering process is sandboxed using seccomp, so that even if it is compromised, it can't do anything but modify the way the web page it is displaying looks. Since you could do that anyway by editing the HTML for your web site, attacks against Chrome stop being interesting. (The exception seems to be attacks against Chrome's embedded Adobe Flash, which they are still in the process of fully sandboxing).

If we did something similar for PDF readers, all a bug in the PDF rendering code could do is change the way the PDF looks-- which is not an exploit.

Or perhaps Softbound.

Posted Sep 3, 2012 10:36 UTC (Mon) by ekj (guest, #1524) [Link]

That's not -entirely- true.

HTML-injection-attacks can become interesting if a bug in the rendering means that you can affect the looks of a part of the page which you're not supposed to be able to affect.

Let's say you're allowed to enter plain-text but that <strong>-tags are allowed and preserved. If a bug in the rendering means that the user is able to affect not only how his comment is rendered, but also some other arbitrary part of the page, then that is a potential security-problem.

The assumption that the entire html-string being rendered is from *one* source, and thus that it's always a noninteresting bug that one part of that string can affect other parts of that string, isn't valid. It's *incredibly* common for websites today to output HTML where parts of the HTML are strings entered by users. (sanitized to varying degrees)

Or perhaps Softbound.

Posted Sep 5, 2012 3:10 UTC (Wed) by cmccabe (guest, #60281) [Link]

Whenever software doesn't work correctly, it's a concern.

However, taking this to its logical conclusion leads to a kind of reductio ad absurdum: any bad behavior could be exploited by someone, therefore all bad behaviors are security bugs. Therefore the only way to get secure software is to run only bug-free software-- i.e., no software.

In the real world, we accept that deleting your files and p0wning your home directory is a heck of a lot more interesting than changing the bold tag on something outside your IFRAME. The former could be used for industrial espionage. The latter will just lead to someone navigating away from your site, because it "looks weird."

Or perhaps Softbound.

Posted Sep 5, 2012 8:36 UTC (Wed) by ekj (guest, #1524) [Link]

I don't think it's quite that absurd.

HTML-rendering-engines live in a world where a common use for them, is to render a string of HTML where different parts of the string comes from different entities which you trust to differing degrees. LWN itself is an example of this, the text you're reading right now is a string entered by me, while the layout and rest of the window is markup and text made by LWN.

This is the reality of the situation. The same isn't true for (say) an image-viewer. It's not, infact, common to be viewing a jpg-image where the pixels in a certain part of the picture are created by one entity, and the pixels elsewhere by another entity. If it was, then yes, the situation would be parallell.

Often it doesn't matter. But sometimes it matters very much indeed. If I pay a bill by net-bank, I can enter a string that is displayed (in the net-bank) to the person receiving the payment. If it was possible for me to enter a string that would, for example, change what the recipient sees in the "amount" field, not merely the "comment"-field, that'd be a major problem.

Yes, they sanitize the strings (allow only [a-zA-Z 0-9]). This reduces the attack-surface, and makes sense. But the basic principle of the attack remains: bugs in the rendering-engine may make one part of the string able to affect other parts which it shouldn't by the standard, such bugs are security-bugs.

Yes that means many bugs in rendering untrusted content are security-bugs. A bug in OpenOffice that somehow causes what is displayed on screen (for a specially crafted document) to differ from what is printed, is a security-bug. (imagine what would happen if someone read a contract on-screen, then printed and signed the paper-copy without validating that the paper-contract match the on-screen contract)

Or perhaps Softbound.

Posted Sep 6, 2012 0:24 UTC (Thu) by cmccabe (guest, #60281) [Link]

We're not talking about HTML, we're talking about PDF, where everything is supposed to come from one source (99.99999% of the time; Adobe introduced this Javascript embedding nonsense, but you shouldn't ever enable it).

As far as HTML goes, sandboxing the HTML rendering thread is an important step towards shutting down browser-based attacks. At the end of the day, perfect security is impossible-- yes, even in Java. However, additional layers of security can add to your confidence level. BTW, if you haven't read "reflections on trusting trust," you should check that out.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 18, 2012 12:29 UTC (Sat) by spaetz (subscriber, #32870) [Link]

> I've been using Evince for years now. Haven't had a PDF it couldn't read in the last 3 years or so.
Display might be fine, but have you ever:
received pdf's with annotations that you had to reply to? You can't even see those annotations in all cases, nor can you insert comments of your own.

tried to fill in forms that use javascript and what not? not funny/possible.

I know, one can blame the original pdf creator apps, but often that is out of your control....

So which/how many users use Adobe Reader on Linux ?

Posted Aug 29, 2012 8:17 UTC (Wed) by Tet (subscriber, #5433) [Link]

So how many users of Adobe Reader on Linux could there be ?

Me. There are no alternatives. For daily use, xpdf works fine. But when I need to send a book to a printer, I have to proof it with Acroread first. It's what the printer uses, and it's no use turning round after it's printed incorrectly and saying "well it looked fine to me in xpdf/evince/whatever". The fact is that none of them are pixel for pixel identical to Acroread (usually gradient fills are wrong, for example). If I want to see what my final printed output will look like, Acroread is the only option. Ideally, I'd be able to check it through a Fiery RIP too, but that's not an option.

So which/how many users use Adobe Reader on Linux ?

Posted Aug 29, 2012 10:28 UTC (Wed) by ssam (guest, #46587) [Link]

> I've been using Evince for years now. Haven't had a PDF it couldn't read in the last 3 years or so.

I'd say I hit a couple per year. of course they are not evince bugs, so the evince devs just bounce them off to the poppler bug tracker.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds