PDF was meant as an electronic paper. Don't crap over it with JS.
If we are to get rid of the paper, we need PDF as something that can conveniently replace it without nasty issues.

As far as JS in VM goes, that is crap, too. Exploits that can breach it are used widely.

what WEB BROWSER let you manipulate files? did any have a local directory tree or functionality to batch/recursive download?? the demoscene has no relation to ftp in web browsers just because release pages contain mirror links that can easily open up a dedicated client set as the protocol handler... web browsers didnt exist when the demoscene started

why is this thread full of people acting like the entirety of the ftp ecosystem is shutting down

as for those claiming ftp let you view timestamps, that's a bit misleading since server time is still available on http files as seen by wget's default modified time of a downloaded file, or the web site can simply display a list of files with their times like a basic apache/nginx listing, or the web site could be nice & write in the times on the html page next to a file's download button

but any ftp or http site can have incorrect or fake timestamps, so why would knowing them be that important, a sha256+ hash is more important


you cant be serious... writing an absolutely counter-intuitive comment with a reference to ms-dos in 2021 is one of the most popular ways of delivering sarcasm, it's hilarious that you are reading it seriously, you have probably never seen comments on controversial topics or else you would have known this

You can't be serious.... Embedding malicious code in various documents is one of the most popular ways of delivering malware. It is hilarious that you are mentioning MS-DOS, you have probably never used it or else you would have known this....

Do publishers interested in DRM actually even use PDFs? I figured they'd just use epub or some proprietary format, rather than making it in PDF - just seems like you're asking for people to break it in that format.

Honestly I thought pdf.js was the fastest (since it was built into Chromium)...

Sure, if PDF specified a protected canvas that is better protected then DRM in Web browsers, sure then it is *impossible to bypass*. Which means it doesn't have an open source implementation and a mandated protected media path from the hardware decoder encrypted with the latest HDCP transfered to your monitor. I don't think Javascript is your problem then.

5 minutes to find out about Chromium, 1 week to learn how to install Linux to build Chromium, 8 hours to build, 16GB RAM and 150GB disk space.
Chromium takes forever to build...

What about the protected canvas method? Now that is impossible to bypass.

Sure that works. But it'll take like 5 minutes to modify *one* PDF reader (that supports JS) to wait 5 seconds before printing. PDF already has a no-print Password that is easily circumvented. Unless you have a security module like the browsers do, there is not much you can do to protect your documents - and even that one is not secure.

Not yet, but here is the example.

Blank document, and the pages are loaded after 1-2 seconds with a nice fade-in.
Most PDF printers will print a blank document (before the JS kicks in), therefore hindering printing that document.

Or even something more advanced, create a protected canvas upon loading that you cannot screenshot or record.
Still may be bypassed by the analog medium, but becomes harder.

Is it really used that way? Seems like a veeeery weak DRM.

Like I said, my comment was meant in the context of browser based PDF readers. I agree that it can be a problem with everything else and thus it can be a problem.

I don't know much about JS in PDF, but I think one could define a well defined JS subset (maybe borrow from asm.js?) that is easy to parse and implement a pretty secure JS Interpreter (!), maybe in Rust that is tiny, secure and fast enough for form validation. But they probably defined full blown JS with all it's quirks handling...