Comment by RIMR

18 hours ago

>One slow but much beloved board, /f/ - Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.

Wow, this is a pretty incredible level of incompetence. Server-side SWF exploits are easily mitigated, unless they are using some sort of server-side SWF interpreter, which is absolutely not needed if you implement client-side Ruffle (or just require people to install the browser extension).

They can complain all they want that advertisers and payment processors refuse to work with them, but it's clear that no competent engineers want to work with them either if they're saying stuff like this.

2 comments

RIMR

r9zgWUN7WS3k6i 11 hours ago

It seems that you're thinking about the SWF content in terms of playback, which is not what they were doing. They were looking inside the bundles for ZIP files and malware (4chan users to shove horrible things into the files they upload), and extracting metadata from the SWF. We'll never know the exact details unless they share the source code. It is possible to write a secure SWF parser, but I think they decided to stop supporting this relic instead.

> Ruffle

Yes, they used that. Take a look at the board.

moralestapia 12 hours ago

You can always volunteer to help "the incompetents".