If you’re using Windows or macOS and have Adobe Creative Cloud installed, you may want to take a peek at your hosts file. It turns out Adobe adds a bunch of entries into the hosts file, for a very stupid reason.
They’re using this to detect if you have Creative Cloud already installed when you visit on their website.
When you visit https://www.adobe.com/home, they load this image using JavaScript:
https://detect-ccd.creativecloud.adobe.com/cc.png
If the DNS entry in your hosts file is present, your browser will therefore connect to their server, so they know you have Creative Cloud installed, otherwise the load fails, which they detect.
They used to just hit http://localhost:<various ports>/cc.png which connected to your Creative Cloud app directly, but then Chrome started blocking Local Network Access, so they had to do this hosts file hack instead.
↫ thenickdude at Reddit
At what point does a commercial software suite become malware?
This is reminiscent of the Sony/BMG rootkit fiasco from the mid-2000s. While editing the hosts file is not exactly a rootkit-level exploit, it is still something that should never, ever be touched by third party software; the vast majority of Windows/Mac users themselves don’t even know what it is or what it does.
In this age of vibe-coded bullshit, I wouldn’t be surprised if this kind of system level modification ends up resulting in a corrupted OS installation and data loss when a commercial software company can’t be bothered to QC their Claude-vomited code and it modifies something more vital than the hosts file in the name of copy protection.
Morgan,.
Yes, those were the days.
Every* software wanted to take full ownership of your machine. They had the audacity to assume superiority over the user and other software already installed.
(Splash screens, notification icons, task bar pins, …)
But in theory Windows with built in DRM was supposed to bring order to the zoo. Yet, just like Steam’s strong protections were not enough, 3rd party still pushes for garbage protection schemes.
Ah, I would say we had plenty of bulls**t before vibe coding. Remember the StackOverflow “copy-paste” era? Even before that developers would just paste something that seems to pass, and wanted to push that through.
AI just amplified it. Bad programmers become worse, good programmers become even better.
FYI, standard audio CDs are not subject to any kind of DRM in Windows, you can rip them to MP3 or WAV using Windows Media Player to this day. This is because standard audio CDs are an ISO standard, so not only is the spec available for a modest fee from ISO, but any patent holder has to give you a license under FRAND terms (which means they cannot impose arbitrary restrictions on copying, for example).
The whole Sony/BMG Rootkit fiasco happened precisely because Sony wanted to impose DRM on an ISO format, so their “solution” was to install malware on your machine to prevent any copying software from accessing the audio tracks. If anything, later versions of Windows (Vista and above) broke this DRM, since you’d get an autorun prompt, a UAC prompt (not something you expect from an audio CD, so “no” is the right answer), and maybe an unsigned driver warning.
Even when it comes to DVDs and Blu-rays, Windows doesn’t do anything to prevent copying, if you have an “unlicensed” tool like DVDFab or Xreveal, Windows will let those tools access the drive just fine, it’s only official tools like PowerDVD that have to use Protected Media Path for Blu-ray, and that’s because Hollywood requires it (you can get Blu-ray in HD in Windows XP).
My point was more that right now, “AI” generated code is considered “holy grail, guaranteed 100% working and shouldn’t be questioned, send it to prod as is” by companies like Microsoft and Amazon, with the inevitable and hilarious-if-it-wasn’t-tragic consequences. Microsoft has seen hundreds of new bugs introduced into Windows, and Amazon has had failures across AWS, all due to this cavalier attitude and nonsensical approach to development, and both have had to publicly scale back that attitude and triage fixes.
“AI” isn’t better at coding than humans; it literally cannot be more than garbage in/garbage out, it’s just faster than us at the whole Stack Overflow copy/paste thing. It doesn’t care if it makes a mistake, it has no pride or hubris or sense of responsibility, it’s not going to tell you that it plagiarized wrong or even dangerous code. That falls on actual developers and QA/QC folks to ensure the code is correct and won’t bring down entire systems when shipped.
I see one tangible, provable benefit to “AI” being involved in software development, and that is in bug/vulnerability finding. A year ago it was highly unreliable, sometimes making up new bugs instead of finding the ones it was supposed to find. My understanding is that now it’s more accurate and, **when used by an experienced and talented developer**, it can do so far faster and more thoroughly than the developer alone. Note the emphasis though: At the end of the day a human **must** be involved in the process or it all falls apart like the house of cards that it is.
Morgan,
Yes, I believe I get your point.
AI “assisted” development is dangerous, precisely because it feels like it is competent, and to be honest, it might actually produce higher level code than many developers out there (not necessarily more correct)
So, when an inexperienced dev sees a pretty output, they assume they have a solution.
But when an experienced dev looks at the AI code, he can identify which parts are good, and which parts are plain BS, and call it out.
In other word competent code review is even more important.
The problem is… higher ups are in the “have no idea whether the code is actually correct” camp. For them it looks competent enough.
“Why aren’t you writing more AI code?”
“But, sir, it is garbage”
“John has produced 10 pull requests per day, either catch up, or we will put you in PIP”
Thank you, I feel like we are in complete agreement here. 🙂
Stuff like this should be outright illegal. Period.
Adobe has no business modifying system-level files. Period.
Chris Titus’ Windows cleanup tool has an option to block Adobe cloud BS and it seems he is way ahead into the game. I just had a look on the changes his script does to the hosts file – there are ~900 lines related to adobe, for example:
#New Ver 26.8
0.0.0.0 adobe.io
0.0.0.0 x0850n5e.1q9cz.adobestats.io
0.0.0.0 0ojupfm51u.adobe.io
0.0.0.0 ssrtnxk6uq6x.sf7e3.adobestats.io
0.0.0.0 v62vpzg2av.adobestats.io
0.0.0.0 a1815.dscr.akamai.net
0.0.0.0 ims-na1.adobelogin.com.cdn.cloudflare.net
0.0.0.0 o1383653.ingest.sentry.io
0.0.0.0 wtl71c0ylo.adobestats.io
0.0.0.0 3d5vic7so2.adobestats.io
0.0.0.0 o987771.ingest.us.sentry.io
0.0.0.0 vgetwxoqno.adobe.io
0.0.0.0 cc-api-data.adobe.io
0.0.0.0 cctypekit.adobe.io
0.0.0.0 lm-prd-da1.licenses.adobe.com
0.0.0.0 zqr7f445uc.adobestats.io
0.0.0.0 zz8r2o83on.adobestats.io
0.0.0.0 6ll72mpyxv.adobestats.io
0.0.0.0 g6elufzgx7.adobestats.io
0.0.0.0 gdtbhgs27n.adobestats.io
0.0.0.0 hciylk3wpv.adobestats.io
and many more… =)
Of course, if you own the Adobe creative thing, blocking all of these will break it, but damn, 900 entries!