Running 64-bit Linux? No Flash For You!

By Caitlyn Martin
June 17, 2010 | Comments: 36

A critical security flaw in Acrobat Reader 9.x and 10.x as reported by CVE can "allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption)". According to an Adobe notice dated June 4: "There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat." The solution is to upgrade to Flash Player 10.1.

Unfortunately, that is easier said than done for those of us who run a 64-bit Linux distribution. On Tuesday Slashdot reported that Adobe has, at least temporarily, ended support for Flash Player on 64-bit Linux. No updated version is available. Adobe's message for 64-bit Linux users, at least for now, is "No Flash for you!"

Adobe explains the decision as follows:

We have temporarily closed the Labs program of Flash Player 10 for 64-bit Linux, as we are making significant architectural changes to the 64-bit Linux Flash Player and additional security enhancements. We are fully committed to bringing native 64-bit Flash Player for the desktop by providing native support for Windows, Macintosh, and Linux 64-bit platforms in an upcoming major release of Flash Player.
Some in the Linux community are no so sure about how "fully committed" Adobe really is. Bob Robertson, writing in the LXer forum, was hardly alone in his doubts:
Adobe's problem is thinking they can survive whilst cherry-picking platforms.
The developers of SalixOS, a Slackware derivative with a 64-bit build, chose to add gnash, an FOSS alternative to Flash, to their repository. They also configured the repository to have the automated updates available in that distribution replace Flash 10.0.45.2 with gnash 0.8.7.

Unfortunately switching from Flash to gnash is not without problems. The official project website notes that gnash "supports most SWF v7 features and some SWF v8 and v9." The fact that the full features of recent Flash versions are not supported means that many websites are simply not displayed properly with the gnash browser plugin. There are additional issues. SalixOS developer gapan described them in his announcement of the change:

CPU usage is high, higher than flash's. And I think that if you leave a page that includes a youtube video open for some time, CPU will hit 100% until you close that page. But at least it plays all youtube videos I tried. There is one issue though: if you get a "An error occured, please try again later" error in youtube, you need to clear your browser of all youtube cookies and block youtube from setting any new cookies.
He goes on to explain the importance of the decision:
I think this is the best course of action we could take. Security should matter above anything else. If someone really needs the proprietary flash-plugin, then they should better stick with a 32-bit system, or add 32-bit libraries in their 64-bit system and run a 32-bit browser that will use the 32-bit plugin.
Others in the forum had a different idea: keep the old Adobe Flash Player plugin but run Flashblock to mitigate some of the risk. The problem with this solution is that whenever Flash is enabled so is the rather serious vulnerability. Flashblock is very useful, however, for eliminating the performance issues associated with gnash on sites where viewing Flash is just not necessary, i.e.: when it is used strictly for advertising.

Until Adobe is ready and willing to resume support Linux distributors with 64-bit builds and end users alike are now forced to choose between a number of less than satisfying solutions.

Note: A tip of the hat to Seinfeld episode which inspired the title of this article. Adobe's decision to leave many Linux users without Flash support seemed every bit as capricious and inappropriate to me as the character in that television program.

UPDATE (22 June 2010): Stephen Shankland at CNet has an excellent article published yesterday which explains why this is a major issue and what is at stake for Adobe. His article in their Deep Tech column is recommended reading for those who have commented and think this is no big deal.

For those who have suggested running 32-bit libraries and nspuginwrapper and pointed to the Debian forums may wish to note the reported may want to note the PulseAudio problems and the reported browser crashes and freezes in that thread. Those who are offering this "solution" should be aware that it is problematic at best for many users.


You might also be interested in:

36 Comments

There is a program called nspluginwrapper that allows you to use the 32bit flash plugin on a 64bit system. I am currently using it to use flash under chromium. Once you get it set up, it works flawlessly and without a hitch.

Bring on HTML5. Flash can go and do one!

just install firefox for x86 and then you can run all the x86 plugins you want. It's quite simple to do.

You could also download the plugin from another source (just google it) and use it in your 64 linux.

Did you read the previous comments before claiming you had "The Solution." You are the second one to post the link to the Debian forums. First, the instructions there are Debian specific, so that can't possibly be a general solution, can it? The concept can be the same on other distros which are not related to Debian, but not the specific steps.

Second, yes, installing 32-bit libraries and nspluginwrapper and 32-bit Flash can get you a working Flash suitable for the typical home desktop user. However, for the large and growing number of Linux users who are not technically adept and comfortable on the command line this is probably not very useful either. This consequently only hurts Linux adoption on the desktop.

Third, if you had read the previous discussion you'd know there are some Flash applications written for business that really and truly need native 64-bit Flash. This solves nothing for those users.

Fourth, this still doesn't change the fact that a major software vendor basically told 64-bit Linux users where to go, both business desktop and home users alike. That is newsworthy and part of the reason this article was published. Your "Solution" doesn't address this issue.

The only real solutions are a resumption of support for 64-bit Linux by Adobe, progress on the development of FOSS alternatives to the point where they work reasonably well most of the time, or for web developers to migrate away from Flash to HTML5 or V8 as others have suggested. None of those are going to happen quickly.

@natxo asenjo: Not all Linux distributions include 32-bit libraries in their 64-bit builds. If they don't installing the 32-bit Firefox on a 64-bit OS becomes non-trivial.

@Zauber: I'm not at all sure it is as flawless as you suggest or that it will work on a distro with no 32-bit libraries.

@MySQLBoy: Eventually you may be right. For now most browsers do not support HTML5 and many websites still use Flash.

All: The fact that Adobe dropped support is still significant news.

For my organisation, at least, this means the end of Flash usage for all corporate systems. We are now in such position, that we can not support installation of 32-bit runtime libraries in this deployment cycle. If Adobe were to kill the 32-bit version, this might have been acceptable, but to kill 64-bit is total madness.
This is costing my company serious amounts of short term development effort, to re-write a small number of components to free them from this dreadful platform. Long term, I can only see advantages. Flash has always performed very badly, and has been a catastrophic security disaster. I can imagine that the code in Adobe Flash must be a complete mess if they can not deliver a stable 64-bit version, based on the same code base.

@Randolf von Hammerdrücker: I agree with your assessment that in the long run this may do good, either by getting people off Flash or pushing the development of FOSS alternatives forward faster.

I'm also glad you've raised the point that this is much more of an issue for businesses than for the typical home user. Businesses need code to work 100% of the time as expected. The workarounds that might be acceptable at home may simply not work for specialized business applications.

Maybe some small distributions do not ship the 32 bit libraries, but all major distros do or can be easily installed through their package manager.

This is not a problem. Just surf the web in 32 bits if you need to see flash stuff, big deal.

Did you read Randolf von Hammerdrücker's comment? Did you understand it? In some circumstances this is a big deal even if that isn't the case for you.

Did it ever occur to you that "some small distros" include specialized distros used in business and industry? Did it occur to you that changing distros might not be trivial in such cases? Did it occur to you that for some applications there are performance issues involved in going back to 32-bit code as well?

Dismissing other people's issues because they don't impact you is narrow minded and self-centered. This is a real issue that has a significant impact on businesses and even some individuals.

Did it occur to you that using *BETA* software (the flash plugin for amd64 linux was that) in production is not really a good business decision?

So yes, no big deal.

Yeah, because no one would *ever* release a useful program as "Beta" for four years straight!

When you release something as beta, you are implying: 1. Short of a few bugs and features, the product is ready for use; and 2. The full version is soon to be on its way.

By their actions, Adobe has pulled the rug from under those who decided to believe this implied promise. Adobe deserves the animosity it is currently receiving for going back on this promise!

Come on VP8 ..

Ha, RIP, Adobe. Ubuntu will only go x64 in 10.10, so it's really time to settle the web with HTML5.

just as shockwave passed so must the flash player...

nspluginwrapper works fine for me on a few openSUSE, Fedora and Ubuntu installations. I can't even imagine how ugly their code must be to have so much problems porting it to 64bit, but this also is reflected by the stability and security problems after all.
I think if you want to use a 64 bit distro and want to use a minor one and want to have a stable and secure flash, well, I'm sorry for you (lol)...

J

Debian User Forums • View topic - Howto get Adobe Flash working in 64bit - http://forums.debian.net/viewtopic.php?f=16&t=53036

I read the instructions. For a technically minded Linux user willing to try and work around issues with sound this might do. For a non-technical user it might as well be gibberish. If Linux is to progress on the desktop this sort of "solution" is totally unacceptable.

I just removed flash with no intention to use it anymore. Never really need it anyway, don't do games or porns thank you.

First, Flash is not just for "games and porn". The most accurate weather forecast in the area where I live is on wral.com. They use Flash for their 7-day forecast. The Jerusalem Post website uses it for videos accompanying their news articles. As much of my family lives in Israel this happens to be important to me.

You can do without Flash. Good for you! What about the people, perhaps the majority of Linux users, who can't?

nspluginwrapper works fine for me too. I switched while the 64 bit version was available because I didn't want to check when new 64 bit versions were available.

I'm so glad it works for you. How does this help people and companies with applications that require native 64-bit Flash? How does this change the fact that Adobe dropping 64-bit support for Linux is major news?

Missing the point...

I use Opera. They take the Linux plattform serious (a dozen packaging formats for BSD/Linux), even if the current version has feature bugs. Flash 32bit runs quite fine in 64bit Opera. No fuss, because there is a custom opera plugin wrapper.

Just more reason to dump Flash for Google's V8.

I watched the CEO of Adobe on PBS's Nightly Business Report last Thurs or Fri. He said Apple doesn't want to allow Flash usage because Apple is strictly about being a proprietary platform.


So based on that remark I can assume that Adobe isn't about being proprietary. And if that's the case, they shouldn't have a problem helping the open source community in the development of an open source version of Flash.


@Adobe: Put your source code where your mouth is or else admit to being every bit as proprietary as Apple.

yea Bring on HTML5 and R.I.P Adobes FLASH.

@Carolyn Martin: "How does this help people and companies with applications that require native 64-bit Flash? How does this change the fact that Adobe dropping 64-bit support for Linux is major news?

Missing the point..."

Flash on linux has been exceedingly poorly implemented / supported from day one. Flash on linux has never been ready for prime time and never should have been deployed in a business / corporate setting. If someone in your company has invested in resources that requires flash on linux desktops, then that someone really needs to answer for how they came to such a dodgy decision.

For someone like me, a linux home user /hobbyist, they can choose a distro that supports running 32-bit wrapper out-of-the box, or roll-up your sleeves and do it yourself :-) Google is your friend.

look in to using gnash! right now it has a bug in the current version but wait a week or two. It should be a great replacement for adobe flash.

just install the plugin

gnash-plugin is the package you need to install if on gnome,

if on kde,

gnash-klash

As I indicated in the article I am using gnash. It really doesn't work for a lot of websites. It is not ready for prime time at this point. It definitely is NOT a "great replacement" for Flash. Maybe in time it will be but it really isn't right now.

I don't use either GNOME or KDE. Why would I need a version of gnash for a specific desktop, anyway? It works as a browser plugin and that is independent of the desktop environment.

Urbi et Adobe - this domination will hopefully be part of the past, better sooner then later. But as a BSD-user (even though I'm writing this on 32bit Linux-System) I'm already used to disclaim flash related contents (at work and at home). Anyhow the flashblocker should be installed on any system, not only to improve security but also to save energy... Let's eliminate flash and ban it from the web!!

@Michael Roost
I agree 100%.
I'm running slackware 13.1 (x86_64 of course) and have the last released linux64bit flash installed, along with flashblock. I would try to use gnash, but youtube videos refuse to display and produce an error.

The only site i use flash for is... well youtube. HTML5 is the way to go, its not platform dependent and will ease alot of transitions to other operating systems.

I currently have a dormant FreeBSD 8 partition setup because of the whole flash isssue. Hopefully flash will die one day, (sooner than i hope) and we can all live in peace with the latest HTML standards. Brings alot less exploits, and alot more ease of use.

@demo: Actually, gnash does work well with YouTube and there is a workaround for the errors you are seeing. From the SalixOS forum:

"There is one issue though: if you get a "An error occured, please try again later" error in youtube, you need to clear your browser of all youtube cookies and block youtube from setting any new cookies."

I do use the FlashBlock plugin with gnash and it works about 50% of the time, but more like 100% of the time with YouTube if you clear the cookies. I find the mnor inconvenience far preferable to the security hole in the last Adobe Flash 64bit version.

Nice balanced and informative article, Caitlyn. Thanks.

Is this worth a try.

http://www.youtube.com/html5

It may be eventually but for me it isn't yet. The Firefox 4.0 beta does not have a 64-bit build and really there isn't a ready for prime time browser that supports HTML5 yet. gnash 0.8.8 handles YouTube videos perfectly. See my review at: http://broadcast.oreilly.com/2010/08/gnash-088-a-huge-improvement-o.html For right now that is what I'm using.

I have to agree with apple and microsoft (yikes!)

Adobe flash and PDF reading products really are horrible in most respects except that they are ubiquitous and widely supported and used.

I will try Gnash anyway and I hope the flash problems really spur development of the alternatives - its about time web users could get away from these buggy insecure products

News Topics

Recommended for You

Got a Question?