No more boxed Adobe apps/licenses

[Glenn NK]

To all you who are so concerned, fear not for Adobe will cover your other side with legalese:

http://macperformanceguide.com/blog/...agreement.html

Enjoy.

My take on the whole thing is that users that rely on the "service" for their business could be in a wee bit of a predicament if the "system" goes down (perhaps I should say when it goes down).

Suppose you are processing a wedding (to a deadline of course), and there is an internet failure (please refer to my post on this subject - No. 143).

You have no access to the "system" until service is restored.

What are you going to do?

Glenn

[plugsnpixels]

I think Colin or another member posted that earlier in this thread, but thanks for the reminder. I found it funny.

[Simon Garrett]

Some of that Adobe licence agreement is probably not legally enforceable. The bits about stopping the service for any reason, for example.

I was peripherally involved in disputes between a software service provider and a customer whose service had been terminated. The legal advice was that the data created by the customer using the software remained the property of the customer, and the software provider must provide a means for the customer to access their data (e.g. to export it or print it), even if a dispute existed (e.g. about payment). A service provider may not hold your data hostage in a dispute.

If, however, the service terminates as contracted, the courts might decide that the customer could reasonably have predicted that access to the data would terminate, and should have made arrangement for ongoing access (or pay for the service provider to export the data).

This was UK law, but I'm told it is similar in the US.

In the case of Photoshop or Lightroom, that might mean if Adobe summarily stops the service before the contract ends (even if a dispute exists such as over payment), they might need to provide a means to export your PSD or Lightroom files as TIFFs, say.

Of course, we've recently seen that ownership of data held in the cloud is a contentious and unresolved issue, but I think my comments would be likely to apply to data held on the customers' machines.

I should add: I'm not a lawyer, so this might be horse poo.

[Adrian]

Glenn, the applications are not in the cloud. You choose what you want and download them to your computer over the internet.

[revi]

From what I understood, neither programs nor data (photographs) 'are in the cloud'; both are on your hard disk on your computer (unless you decide otherwise wrt the photographs). The internet connection is only required to verify you have a valid license to use the program (a bit like what Windows is doing already if I understood correctly). So even a complete failure of your internet connection for a short period of time wouldn't hurt in the least. And this also means, that there's no way that Adobe could hold your data hostage by denying you access to your images (wouldn't that fall under illegal access to a computer system under USA law?).

And, afaik, there are already programs that can read PSD (photoshop) files, so the data would stay accessible. You might/will lose some of the photoshop possibilities for further editing, but that's different from losing your data and past edits.

[Simon Garrett]

From what I understood, neither programs nor data (photographs) 'are in the cloud'; both are on your hard disk on your computer (unless you decide otherwise wrt the photographs). The internet connection is only required to verify you have a valid license to use the program (a bit like what Windows is doing already if I understood correctly). So even a complete failure of your internet connection for a short period of time wouldn't hurt in the least. And this also means, that there's no way that Adobe could hold your data hostage by denying you access to your images (wouldn't that fall under illegal access to a computer system under USA law?).

And, afaik, there are already programs that can read PSD (photoshop) files, so the data would stay accessible. You might/will lose some of the photoshop possibilities for further editing, but that's different from losing your data and past edits.

Revi, you may have misunderstood my point - perhaps I expressed it badly.

I was not suggesting that when you use the cloud versions of software that this implies the data is held on the cloud, I merely pointed out that there may be a difference in the legal position.

The issue about access to your files, even when the files are on your own PC: your can't necessarily access them without use of Adobe software. For example, without use of Photoshop you may not be able to use your PSD files, and without use of Lightroom you cannot use your Lightroom edits to your image files. That information (PSD files, Lightroom edits) is your information, and Adobe probably cannot arbitrarily prevent access to it.

In other words, for Adobe to say "we can turn off your use of Photoshop whenever we like without a reason" may not always be lawful, as it prevents access to your information.

Edited to add: I said "may not always be lawful", as there may be other ways for you to access your data. But if there are not - no other program to read all the information in your PSD file, or no other program to read the Lightroom catalogue - this may be an issue, as it is your information, and I think it might be the case that Adobe cannot reasonably prevent you accessing your information. That's not the same as saying you can demand unlimited access to Photoshop and Lightroom - in the event of a dispute it might be enough for Adobe to provide a one-off means to export your Lightroom images to TIFFs, for example.

[Glenn NK]

Glenn, the applications are not in the cloud. You choose what you want and download them to your computer over the internet.

So, tell me, what is Adobe actually proposing? In other words, just what is their "Creative Cloud" all about and how does it actually work?

http://en.wikipedia.org/wiki/Cloud_computing

Glenn

[Glenn NK]

From what I understood, neither programs nor data (photographs) 'are in the cloud'; both are on your hard disk on your computer (unless you decide otherwise wrt the photographs). The internet connection is only required to verify you have a valid license to use the program (a bit like what Windows is doing already if I understood correctly).

So even a complete failure of your internet connection for a short period of time wouldn't hurt in the least.

How long does the internet have to go down to hurt just a little bit?

Glenn

[davidedric]

"Creative" well, that's what we are all about, "Cloud" well everything is in the Cloud nowadays. In other words, simply a sexy marketing term to launch a new licencing model.

Dave

[revi]

@Glen:
According to the FAQ on the Adobe site, you have to connect every 30 days, but will be able to
use the products for 180 days, even working off-line (when you have a yearly contract).

As for how their proposed system would work: you register, engage in a contract and download
the software you subscribed for, on your computer. Then you will have to connect to Adobe's site
every so often (or the programs might do that) to verify that you still have a valid license.
So their proposed system has nothing to do with 'Cloud computing' as described on the Wiki page
you linked to. (There, the processing is done on a remote, and powerful, computer, here, your machine
will have to do the heavy lifting)

@Simon:
I did not read the full license agreement (I can't even use most Adobe products, as I use Linux), I just got
the feeling that a lot of posters here had the impression that programs and/or images would no longer be
stored on their computer. That is clearly not the case. And that also means that it's not that easy for Adobe
to deny you access to your files (access as in copying and moving files; you might have trouble using them).

The legal situation in case Adobe decides to terminate your license is another kettle of fish. Even then there are
still programs that can read PSD files, like the already mentioned GIMP (I don't know to what extend, though).

On a side note: isn't Microsoft already using a system where your computer connects to their site regularly to verify
your Windows installation, and can they can block your system (or parts of it) if they deem the license isn't in order?

[Glenn NK]

"Creative" well, that's what we are all about, "Cloud" well everything is in the Cloud nowadays. In other words, simply a sexy marketing term to launch a new licencing model.

Dave

I'm not operating in the cloud - I can unplug my internet connection, and the software works, and I can access my files because everything is on my HDD.

My understanding of the cloud is what I posted in No. 207 (the Wikipedia link).

The cost doesn't particularly bother me with Adobe's CC, it's the complex system that will inevitably fail leaving users out of business.

In my engineering business, I have many bookmarks linking to useful information (hard paper copies simply take too much space and take longer to access). More and more where possible, I'm downloading pdf files onto my computer rather than risk not being able to access them, or perhaps worse, finding that the material is no longer available online.

Glenn

[plugsnpixels]

That reminds me, I saw Julieanne Kost (Principal Digital Imaging Evangelist, Adobe Systems) speak at Photoshop World a few years ago and she was discussing the Cloud in some form, and remarked they don't call it "bright sunny day" for nothing...

[plugsnpixels]

More and more where possible, I'm downloading pdf files onto my computer rather than risk not being able to access them, or perhaps worse, finding that the material is no longer available online.

First rule of the internet: See something, save something...

[davidedric]

"Creative" well, that's what we are all about, "Cloud" well everything is in the Cloud nowadays. In other words, simply a sexy marketing term to launch a new licencing model.

Pax, everyone!

If only we could all sit around a couple of bottles of something decent (which I'd be happy to provide ) I think we would find ourselves in heated agreement. Unfortunately, on-line forums (or even The Cloud ) doesn't allow us to do that.

With experiences ranging from user bases of one through tens through hundreds through thousands, we could all learn something.

When it comes to photography and PP, I could learn from most everyone.

All I was trying to say in that post was that it seems to me that the Adobe marketing department have taken a couple of buzz words and used them out of context to sell a different licencing model. It's a model which many will want to buy into, and many won't.

Enjoy the rest of your weekend, if it isn't already over .

Dave

[Glenn NK]

Interesting summation on LuLA by Michael Reichmann:

The Winners

Whenever there's a radical change, there are invariably both winners and losers. In the case of Adobe's Creative Cloud (ACC) some of the winners will be Pros for whom $20 or $50 a month is simply a cost of doing business (and, not that big a cost). For these Pros, the ability to work collaboratively on image, graphic or video files, with others located elsewhere in the world, is one of the great benefits of the Cloud. ACC also allows cross-platform usage. You can use your license on two seperate machines, one a Mac and one Windows if you wish. Even more importantly, you can easily authorize and deauthorize computers, and you don't need to be at the machine that is being deauthorized. So, for example, you travel from New York to London and discover that you accidentally left your laptop at home. Simply download the ACC program that you need, deauthorize your laptop, and authorize the machine that you're now using. When you get home, reverse the procedure. Actually quite cool, and useful to travelling Pros.

Other winners are those who want to have the latest and greatest features of any particular program available to them. In the past this meant purchasing a new version, typically every eighteen months. Adobe has indicated that they will be adding features to Photoshop, and all the ACC programs, as they are developed and tested.

The Losers

Sadly we all will lose on the financial front since to continue to use the latest version of Photoshop will mean paying more in aggregate for a yearly subscription than the previous cost of a version upgrade. And for those who in the past would skip a version (unless there was a compelling new feature), the new cost is even higher.

[davidedric]

Thanks, Glenn, very interesting post from Mr. Reichmann.

I will be interested to watch from a distance how the drip feed updating works. If Adobe's QA is good, then obviously some real benefits, though I don't really like ground shifting under my feet. Still remembering bugs being defined as "previously undocumented features", and disappearing features being defined as "previously undocumented undesired behaviour".

Having just started reading LuLa finding it a bit hard to follow

Dave

[Glenn NK]

Dave:

Sorry, I should have provided the link, but since cost has been a major concern, just a clip was posted.

The entire article:

http://www.luminous-landscape.com/essays/adobe_cc.shtml

He has some other very good articles on various aspects of phot0graphy.

Glenn

[plugsnpixels]

Thanks Glenn, that was a good summary and that's the way I see it.

I'm presently plowing through the 30+ page thread over there...

[Black Pearl]

Can this model of delivery/payment be pirated?

Current hacks simply stop the programme dialing home to authorise itself, will it be a simple matter of stopping it wanting to check of its still valid each month.

[Glenn NK]

Can this model of delivery/payment be pirated?

Current hacks simply stop the programme dialing home to authorise itself, will it be a simple matter of stopping it wanting to check of its still valid each month.

Maybe we should ask these guys?

https://en.wikipedia.org/wiki/Julian_Assange

http://www.ctvnews.ca/hack-attack-on...ought-1.715318

http://www.eweek.com/mobile/cyber-ga...rds-bank-atms/

Seriously it does seem possible.

These are part of what I was inferring in previous posts about the stability and safety of the internet and the cloud.

Glenn

PS Edit: This is the text from press release about the Iranian reactor:

The Associated Press
Published Sunday, October 23, 2011 1:59PM EDT

SAN JOSE, Calif. - When a computer attack hobbled Iran's unfinished nuclear power plant last year, it was assumed to be a military-grade strike, the handiwork of elite hacking professionals with nation-state backing.

Yet for all its science fiction sophistication, key elements have now been replicated in laboratory settings by security experts with little time, money or specialized skill. It is an alarming development that shows how technical advances are eroding the barrier that has long prevented computer assaults from leaping from the digital to the physical world.

The techniques demonstrated in recent months highlight the danger to operators of power plants, water systems and other critical infrastructure around the world.

"Things that sounded extremely unlikely a few years ago are now coming along," said Scott Borg, director of the U.S. Cyber Consequences Unit, a nonprofit group that helps the U.S. government prepare for future attacks.

While the experiments have been performed in laboratory settings, and the findings presented at security conferences or in technical papers, the danger of another real-world attack such as the one on Iran is profound.

The team behind the so-called Stuxnet worm that was used to attack the Iranian nuclear facility may still be active. New malicious software with some of Stuxnet's original code and behavior has surfaced, suggesting ongoing reconnaissance against industrial control systems.

And attacks on critical infrastructure are increasing. The Idaho National Laboratory, home to secretive defense labs intended to protect the nation's power grids, water systems and other critical infrastructure, has responded to triple the number of computer attacks from clients this year over last, the U.S. Department of Homeland Security has revealed.

For years, ill-intentioned hackers have dreamed of plaguing the world's infrastructure with a brand of sabotage reserved for Hollywood. They've mused about wreaking havoc in industrial settings by burning out power plants, bursting oil and gas pipelines, or stalling manufacturing plants.

But a key roadblock has prevented them from causing widespread destruction: they've lacked a way to take remote control of the electronic "controller" boxes that serve as the nerve centers for heavy machinery.

The attack on Iran changed all that. Now, security experts -- and presumably, malicious hackers -- are racing to find weaknesses. They've found a slew of vulnerabilities.

Think of the new findings as the hacking equivalent of Moore's Law, the famous rule about computing power that it roughly doubles every couple of years. Just as better computer chips have accelerated the spread of PCs and consumer electronics over the past 40 years, new hacking techniques are making all kinds of critical infrastructure -- even prisons -- more vulnerable to attacks.

One thing all of the findings have in common is that mitigating the threat requires organizations to bridge a cultural divide that exists in many facilities. Among other things, separate teams responsible for computer and physical security need to start talking to each other and coordinate efforts.

Many of the threats at these facilities involve electronic equipment known as controllers. These devices take computer commands and send instructions to physical machinery, such as regulating how fast a conveyor belt moves.

They function as bridges between the computer and physical worlds. Computer hackers can exploit them to take over physical infrastructure. Stuxnet, for example, was designed to damage centrifuges in the nuclear plant being built in Iran by affecting how fast the controllers instructed the centrifuges to spin. Iran has blamed the U.S. and Israel for trying to sabotage what it says is a peaceful program.

Security researcher Dillon Beresford said it took him just two months and $20,000 in equipment to find more than a dozen vulnerabilities in the same type of electronic controllers used in Iran. The vulnerabilities, which included weak password protections, allowed him to take remote control of the devices and reprogram them.

"What all this is saying is you don't have to be a nation-state to do this stuff. That's very scary," said Joe Weiss, an industrial control system expert. "There's a perception barrier, and I think Dillon crashed that barrier."

One of the biggest makers of industrial controllers is Siemens AG, which made the controllers in question. The company said it has alerted customers, fixed some of the problems and is working closely with CERT, the cybersecurity arm of the U.S. Department of Homeland Security.

Siemens said the issue largely affects older models of controllers. Even with those, the company said, a hacker would have to bypass passwords and other security measures that operators should have in place. Siemens said it knows of no actual break-ins using the techniques identified by Beresford, who works in Austin, Texas, for NSS Labs Inc.,

Yet because the devices are designed to last for decades, replacing or updating them isn't always easy. And the more research that comes out, the more likely attacks become.

One of the foremost Stuxnet experts, Ralph Langner, a security consultant in Hamburg, Germany, has come up with what he calls a "time bomb" of just four lines of programming code. He called it the most basic copycat attack that a Stuxnet-inspired prankster, criminal or terrorist could come up with.

"As low-level as these results may be, they will spread through the hacker community and will attract others who continue digging," Langer said in an email.

The threat isn't limited to power plants. Even prisons and jails are vulnerable.

Another research team, based in Virginia, was allowed to inspect a correctional facility — it won't say which one — and found vulnerabilities that would allow it to open and close the facility's doors, suppress alarms and tamper with video surveillance feeds.

During a tour of the facility, the researchers noticed controllers like the ones in Iran. They used knowledge of the facility's network and that controller to demonstrate weaknesses.

They said it was crucial to isolate critical control systems from the Internet to prevent such attacks.

"People need to deem what's critical infrastructure in their facilities and who might come in contact with those," Teague Newman, one of the three behind the research.

Another example involves a Southern California power company that wanted to test the controllers used throughout its substations. It hired Mocana Corp., a San Francisco-based security firm, to do the evaluation.

Kurt Stammberger, a vice president at Mocana, told The Associated Press that his firm found multiple vulnerabilities that would allow a hacker to control any piece of equipment connected to the controllers.

"We've never looked at a device like this before, and we were able to find this in the first day," Stammberger said. "These were big, major problems, and problems frankly that have been known about for at least a year and a half, but the utility had no clue."

He wouldn't name the utility or the device maker. But he said it wasn't a Siemens device, which points to an industrywide problem, not one limited to a single manufacturer.

Mocana is working with the device maker on a fix, Stammberger said. His firm presented its findings at the ICS Cyber Security Conference in September.

Even if a manufacturer fixes the problem in new devices, there's no easy way to fix it in older units, short of installing new equipment. Industrial facilities are loath to do that because of the costs of even temporarily shutting its operations.

"The situation is not at all as bad as it was five to six years ago, but there's much that remains to be done," said Ulf Lindqvist, an expert on industrial control systems with SRI International. "We need to be as innovative and organized on the good-guy side as the bad guys can be."