A quick reminder on 64-bit Flash

Adam Williamson

2010-06-26 07:14

Yes, Flash sucks. But many of us need it for one site or another. And lots of us are running 64-bit Linux these days, where Adobe has famously refused (so far) to update the plugin for the recent serious vulnerabilities in Flash, leaving us between a rock and a hard place.

Just a quick reminder - the bad old way of doing things still works...that is, nspluginwrapper. First, get a copy of the Flash plugin from the Adobe web site. Don't use the yum repo, as it pulls in Adobe Reader as a dependency of Flash (classy move, Adobe) which will result in even more 32-bit crap getting installed on your system than necessary. Just get the .tar.gz, and extract it into /usr/lib/mozilla/plugins (not /usr/lib64). Now do:

yum install nspluginwrapper.i686

(you'll also need to install the x86-64 package, for most people it should be installed already, but check - thanks Hansvon!)

and it should do its stuff. Remove gnash if you installed it, then restart Firefox, and you should be good to go. If not, use about:plugins in Firefox, and mozilla-plugin-config (useful parameters - -l, -v) at the console as root to diagnose.

Comments

LG wrote on 2010-06-26 15:53:

I've been trying to make do with epiphany webm support. Figuring most of my Flash needs would be Youtube related. However it's incredibly sad to see how many websites rely on Flash for critical navigation components of their site (mostly retail i.e. http://arcteryx.com)

adamw wrote on 2010-06-26 17:42:

yup, that's what I found. Plus not all Youtube vids are available in WebM, yet. And I can't really switch to Epiphany as I rely heavily on browser history and there's not an easy way to export that from Firefox, AFAIK...

Hansvon wrote on 2010-06-26 16:02:

I'm using Adobe's yum repo and the flash-plugin package doesn't require AdobeReader ?! Also, I think you need both the i686 and x86_64 packages of nspluginwrapper.

adamw wrote on 2010-06-26 17:41:

Huh, it does for me. 'yum install flash-plugin' pulls in Adobe Reader. Oh well. You're right about nspluginwrapper, but the x86-64 version is actually installed by default, or was for me anyway. I'll add a note just in case, though. thanks!

Stephen Moehle wrote on 2010-06-26 17:47:

I found that installing alsa-plugins-pulseaudio.i686 made flash work a lot better since it would play nicer with pulseaudio.

Andreas Schneider wrote on 2010-06-27 07:47:

You should try lightspark. It looks like a promising project and works well with youtube. http://sourceforge.net/apps/trac/lightspark Maybe someone will create a package on rpmfusion. It requires ffmpeg.

adamw wrote on 2010-06-27 21:27:

Again, just Youtube isn't really the issue. Lots of sites use Flash, and most of them don't work in Gnash or Lightspark.

Isaac Fischer wrote on 2010-06-27 17:07:

Here's a question: Since Google Chrome is available in 64bit, and includes Flash, does it bundle the latest 64bit version of Flash, not currently under development?

Aram Agajanian wrote on 2010-06-28 04:04:

I found that installing nspluginwrapper.i686 would somehow also try to install some non-english builds of Adobe Reader. I got around that problem with the following command: yum install nspluginwrapper.i686 -x AdobeReader_sve -x AdobeReader_suo

adamw wrote on 2010-06-28 05:28:

aram: like I said, don't enable Adobe's repository. It's full of weird dependencies.

DH wrote on 2010-06-28 12:44:

I'm not convinced that it actually MATTERS if you update this plugin. Adobe doesn't exactly run tight code, its surely loaded with other vulnerabilities. Best bet is probably to stick with the latest 64bit (there's no proof that the newer 32bit plugin is any more secure), and run one of those flash blocking mozilla add-ons. If you *really must* view the flash, then you can judge whether or not you trust the source enough to actually activate it.

adamw wrote on 2010-06-28 15:11:

"Adobe doesn’t exactly run tight code, its surely loaded with other vulnerabilities." Well, sure, but normal security practice is not to run code with known public vulns. A vulnerability that everyone knows about because it's been massively publicised and is known to be being actively exploited is more of an issue than potential vulnerabilities that haven't yet been exposed. "Best bet is probably to stick with the latest 64bit (there’s no proof that the newer 32bit plugin is any more secure)" It has the major vulnerability that was widely publicised fixed, that makes it more secure in my book! "and run one of those flash blocking mozilla add-ons" NoScript does this, so I get it for free.

DH wrote on 2010-06-28 17:52:

If you don't run them, they can't hurt you and knowing that there are probably LOTS of other equally "disastrous" defects in it, you really should be careful about running flash to begin with. Again, just because one bug was found doesn't prove that it is safe, and it is definitely NOT WORTH running to begin with and certainly not worth installing nspluginwrapper for...

Adam Williamson wrote on 2010-06-28 18:00:

"Again, just because one bug was found doesn’t prove that it is safe" This you can say of any piece of software. "Again, just because one bug was found doesn’t prove that it is safe, and it is definitely NOT WORTH running to begin with and certainly not worth installing nspluginwrapper for…" This isn't a judgment you can make for anyone else, only for yourself.

Andre Robatino wrote on 2010-07-01 21:41:

You can use the Adobe repo on 64-bit without pulling in the Adobe Reader. Here's a thread about what's going on with the dependencies: http://lists.fedoraproject.org/pipermail/users/2010-May/373309.html and I also made a few comments near the end of the 64-bit Flash thread http://forums.fedoraforum.org/showthread.php?t=205642 regarding this issue. It's basically a matter of first getting the right packages installed from the non-Adobe repos first, after which it won't try to pull the Reader in anymore.

Ankur Sinha wrote on 2010-07-07 08:30:

We have a page on the wiki for this : http://fedoraproject.org/wiki/flash

adamw wrote on 2010-07-07 15:33:

yes. Also, I have a blog. :) I'm not particularly comfortable writing in detail about non-free software on the official wiki.

Thub wrote on 2010-07-07 18:16:

Personally, I'd rather enable Adobe's repo. Yes, it does install some foreign language packages of Adobe Reader, but once I remove them, they don't come back or cause dependency problems. Interestingly, the last time I used the repo on a new machine it didn't install anything extra, so it's possible they've fixed it. The advantage of using the repo is that they are actually really good about providing security updates in the repo, so you're probably better off than the Windows folks as far as getting the fix fast. For me that's worth the one-time hassle of removing the extra packages.