Flash2K

As Adobe Flash stops running, so do some railroads in China

The railroad system in Dalian, northern China, collapsed citywide on Tuesday for up to 20 hours after the Adobe Flash programing software stopped running.

Adobe had announced as early as 2017 that it would cease support for the multimedia software on Dec. 30 last year. The American software company eventually ended the operation of all Flash content on Tuesday.

Tuesday's chaos arose after China Railway Shenyang failed to deactivate Flash in time, leading to a complete shutdown of its railroads in Dalian, Liaoning province. Staffers were reportedly unable to view train operation diagrams, formulate train sequencing schedules and arrange shunting plans.

Authorities fixed the issue by installing a pirated version of Flash at 4:30 a.m. the following day.

Why didn't they just run it on archive.org?

Also: did Adobe push out Flash updates with time bombs in them? I assumed the deadline just meant they were going to remove the download link!

Previously, previously, previously, previously, previously, previously, previously.

Tags: , , ,

13 Responses:

  1. moof says:

    Yeah, post 32_0r0_371 it refuses to load any content unless you specifically monkey around with mms.cfg to whitelist specific URLs - in addition to the "auto uninstall" and "disable download" stuff it has. And, of course, it tries to autoupdate to said version if you have flash installed.

  2. Michael Kohne says:

    Ahh, Adobe. They never change.

  3. a says:

    Yeah, their time bomb is quite interesting, really.

    I don't think I've ever seen software that actively tries to uninstall itself from every machine like that.

    Also: I remember reading that there was a special deal for the PRC where some Volkseigener Betrieb company was allowed to distribute it there after the deadline passed.

    • /df says:

      http://www.flash.cn
      So what was the point of that?
      Still good for downloading "working" Flash versions with who knows what Great Firewall compatibility features.

    • thielges says:

      Was this really a time bomb in the sense that behavior changed some time after the software bundle was assembled? Could have been an untested update?

      To protect robustness of turnkey “appliance” applications like this you should run a total retest if anything changes in the software bundle, including 3rd party package upgrades. And that rules out auto updates which some packages annoyingly make the default.

      Another way is to connect the appliances via an isolated air gapped network. The departure boards communicate directly with a data server probably in the dispatch office and nothing else. As a bonus this disables any forgotten auto updates.

      • /df says:

        Configuration control and testing of 3rd party dependencies - how quaint!

        The last public Flash update from Adobe included a "time-bomb" in the sense that it stopped working after the EOL date ... but it can be avoided by continuing to use an old version or overridden:
        (https://www.adobe.com/uk/products/flashplayer/enterprise-end-of-life.html)
        > Will Flash Player still work after the EOL Date?
        >
        > Adobe will block Flash content from running in Flash Player beginning 12 January 2021 to help secure users’ systems.
        >
        > This can be overridden by using the domain-level allow list functionality available in Adobe’s latest release of Flash Player. ... After the EOL Date, Adobe does not intend to issue Flash Player updates or security patches.

        Separately, browsers are having plugin and Flash support removed.

        Here https://bluemaxima.org/flashpoint/ is a site that's using portable standalone versions of Flash to run old Flash games, possibly of interest to our host.

        • thielges says:

          Thanks. So it is a real time sensitive change in behavior. That’s pretty rude because there’s no easy way to test the whole package. I guess you could advance the clock and see if it still works N years in the future, but wow this is a problem that was intentionally created.

  4. ccr says:

    Adobe apparently likes having timebombs in their software, recently the final "perpetual" license version of Lightroom (6.x) has had another degradation in its functionality. This time it's the face recognition module that has stopped working sometime in late 2020 possibly due to some kind of license expiration timebomb regarding the code they licensed for the feature.

    Previously LR6 "perpetual" degraded in the map module which stopped working as Adobe's Google Maps key expired. At least it is possible to patch in a personal GMaps key (some "hacking" required), but who knows how long the GMaps API version used by the module continues to work ..

    The last update to Lightroom 6, version 6.14 was released in late 2017, so it's not that old either.

    • jwz says:

      Oh, that explains it! My copy of Lightroom stopped working recently in the sense of: if I ever select anything to do with facial recognition it crashes, and then forevermore crashes immediately at startup, until I restore the preferences plists from backup.

      So that was fun.

      If anyone has a patch to turn off that time bomb in macOS Lightroom, I would appreciate it.

      • ccr says:

        Two "solutions" are currently known .. one is to turn system clock back. Some people report that this works for them also when scripting "turn clock back in time -> start LR -> turn back to normal", but other people say that it still causes the crash. Dunno.

        The other "solution" is to remove the face recognition plugin/module. In Windows version it seems to be enough to remove/rename libfrsdk-8.6.0.dll .. no idea about macOS.

        I am hoping someone will throw Ghidra/IDA Pro at this eventually and see if something can be done.

        • ccr says:

          Should've really said "workarounds" instead of "solutions" (even with the quotes), as neither of them are real satisfactory solutions. Messing with system clock will inevitably bring other problems and removing the module will obviously remove the feature.

          • jwz says:

            Yeah, I actually used the facial recognition feature. Though it's certainly been a non-issue of late, as I haven't taken a photo of another human in over 318 days.

  • Previously