308 comments

[ 601 ms ] story [ 4848 ms ] thread
What options are available if I want to keep it, security be damned?
I installed the optional Windows Update and I am not able to reinstall Flash anymore.
Depends what you want to use it for things like https://ruffle.rs/ is getting better all the time and works with quite a few games now.
Virtual windows XP machine?
Why not win7?
Look, man. There is an easy way, and there is the COOL way.
RunAsDate.exe to the rescue
Forgive me if this is a stupid question or a bad place to ask, but I still occasionally go back and play some of the old classic flash games from the internet days of yore. Pandemic, Nekogames Parameters, Alien Hominid, etc...

Will there still be a way to play those games once all the browsers and operating systems pull the plug on flash?

Ruffle.rs and Gnu Gnash are decent emulators, plus Newgrounds had its own player you can install. If you have flv files you can upload them to the internet archive and if you set it up properly, they will be playable with ruffle.rs in the browser, no plugin needed.

https://blog.archive.org/2020/11/22/flash-back-further-thoug...

I don't have a copy of my favourite cartoon from years ago - The Pygmy Shrew - but there is a "ruffle-ised" version of it here:

https://www.newgrounds.com/portal/view/699

However, I can't download the file to upload it to the internet archive. Any tips? (It is, actually, available as a vid file on YT, too, but the original was an flv - here is the YT version: https://youtu.be/d5LA3i_XrVU )

(comment deleted)
You could always use an older version of a browser for the specific purpose of playing those games. It's not great but it works (I have done that with an old version of Firefox for java web applets)
Chrome is dropping support imminently (at the end of the year). It's been showing a warning and date about it for quite a while (if you still have it active).
They're ending it in January? Edge, Chrome and Chromium are set to drop support in january.
By "dropping support", they mean "it won't work, at all". Set the clock forward on your PC to January 12th, 2021, and try using it.

"Adobe will block Flash content from running in Flash Player beginning January 12, 2021"

While millions of kids are doing remote learning? That seems like a terrible idea, there is tons of educational sites using flash.
Not sure why you're being downvoted. Flash needs to go away, for sure, but my kids' teachers have still been assigning Flash websites as school tasks - "play this educational game" sort of stuff - in recent months.
My teachers are also using Flash-enabled sites for their quiz and presentation :(

This is simply because the site owners haven't moved on yet for some unknown reasons.

> for some unknown reasons

ka-ching

educational and government contracts need disruption and this is a symptom

Where "disruption" means "waste a bunch of time and money for people to rebuild something that worked perfectly fine until the entire platform it was built on went belly-up"?

I mean, if it ain't broke, don't fix it, especially if your budget is next to nonexistent.

Maybe building on proprietary platforms was a bad idea from the start and a poor investment of public resources.
Back in the early 2000s there were no equivalent to flash in terms of features and ease of use. It's bordering on whig history criticising people back then for not going FOSS
> I mean, if it ain't broke, don't fix it, especially if your budget is next to nonexistent.

Oh, it was broken alright. From a security perspective, Flash was a nightmare to the extent that you almost had to wonder if Adobe was making it vulnerable on purpose. By using Flash today, organizations are putting themselves and their users at serious risk. Ransomware, identity theft, all of the bad things. School children would be an easy target for hackers to gain access to the parents computer, so it's especially appalling that learning software is still using Flash.

https://www.cvedetails.com/vulnerability-list/vendor_id-53/p...

Well, that problem will quickly fix itself because now that will just not work and there is no workaround. And coincidentally that is why you need to make sure there is 100% no workaround.
Not sure how many people are still stuck with flash, though I wouldn't be surprised. Either way, while it'll suck, maybe a lot, if there are businesses still selling/offering flash-based products, they need to change, immediately.

I'm sympathetic to people who want to keep flash around to play games or experience the "old web", but education and enterprise still requiring flash for <x> is beyond absurd at this point, as long as it's been deprecated and Adobe has been ringing the death bell.

Maybe this isn't a fair sentiment either, but I feel like both teachers and students would benefit from upgrading to a product that doesn't require flash. I know it's more complicated than that, but geeze.

> Not sure how many people are still stuck with flash

My mom is a school teachers and a lot of the web materials provided for their curriculum are still flash-based. Although the publishers have started to transition, the older flash apps tend to be richer in content and less buggy.

They'll never stop using Flash until it's taken away from them, because there's no financial pressure upon them to invest in ongoing maintenance and upgrades otherwise.

This is also going to break a massive chunk of the food permit and driver's ed markets overnight.

Well, overnight after years of warnings, anyway.
They knew and they chose not to prepare, so while I regret that normal people are being punished here, I certainly have no sympathy whatsoever for the companies that chose not to act.
It’s not overnight. Much like the removal of 32bit apps on macOS, this was mentioned time and again. Not paying attention to soft wear that you’re business depends on is not an excuse, neither is “thinking of the children”.
It's not like we didn't know it was going... whose responsibility is it then if some site continues to use it?

It has been a LONG time we knew this was coming, anyone still using it, I don't know what could make them switch outside breaking changes.

I've got flash based devices in foreign offices that were due for upgrade or replacement this year, which has been..... shall we say challenging?
> whose responsibility is it then if some site continues to use it?

It's still a hard pill that a finished and working interactive resource has to be rewritten from the ground up in a different technology after years of working unattended.

There is a big free interactive course to learn Catalan from beginner to advanced entirely in Flash at parla.cat. Hundreds of lessons/exercises, it's been working by itself for years.

None of my machines use flash nor do my 3 kids have flash-based apps.

I'd like to know what these sites are...

Here you go: https://ambrasoft.nl/ambrasoft-school/

It is utterly ridiculous, this company is still selling their Flash crap to primary schools. They are part of Noordhoff, the largest publisher of the education system in The Netherlands.

My 4yo son has an iPad but for home schooling due to COVID we had to install Chrome with Flash and teach him how to work with that on a laptop.

newgrounds is known for hosting flash animations. They created their own flash player desktop app so you can keep watching content that was flash based : https://www.newgrounds.com/flash/player
Flash animations are easily converted into webm/mp4/mkv/put any video container here.
Flash animations could mix bitmap and vector resources. No video container can offer artifact-free scaling of vector resources.
If they are standalone they may work perfectly under Gnash/Lightspark, unlike games using external assets and lots of quirks.
And the onus is on those educational sites to transition away from Flash. We knew for several YEARS it's being decommissioned.

If these websites needed a disrupting event to nudge the transition, then this is it.

These educational sites are probably dead - writing educational material is exhausting and not free.
>Microsoft and Google are planning to disable Flash Player in their Chromium-based web browsers, but no official word has been given as to when this will happen.

So you have two copies of flash on your Win10 computer. One is an OS library that you can see a bit of in the control panel. This is what Microsoft is removing with this update. The other is a containerized copy that Chrome and Edge ships with. That copy isn't going away until MS and Google say so, and if their metrics say there's a lot of flash use, then its going to stay for a while, maybe forever as a whitelist-only legacy technology. Its kinda this already, but I'm guessing it could be stricter, like forcing people to go deep into a menu to activate flash instead of helpfully popping up about it.

MS and Google have already said so. Flash will be blocked from loading in every version of Chrome next month, and the next version of Chrome to ship will remove all Flash support entirely from the codebase. Chromium-based Edge will follow suit.

https://www.chromium.org/flash-roadmap#TOC-Upcoming-Changes

https://blogs.windows.com/msedgedev/2019/08/30/update-removi...

Those sites have had 5-10 years' warning. Some things need to die and the benefit to everyone outweighs the needs of a few. If Flash wasn't killed then people keep writing for it.
The kids will be fine. It's their teachers who will need to do more work to find new resources and update their lesson plans.
How much time did they have to update?

How much they have to wait just because kids have math to do?

Teachers can work around it

Many have moved on to html5.
as an intermediate byte code vulnerability analyst, ActionScript sucks ... royally.

good riddance.

Stop using operating systems that don't respect software freedoms. I know it's a huge ask. But the best time to start dual booting is always now. Adobe abandoned linux flash long ago but I still can easily switch between multiple versions that are available on my whim.
Do you have a TV? Do you have a Roku or other streaming box? Do you use a smartphone?
> Do you have a TV?

No

> Do you have a Roku or other streaming box?

No

> Do you use a smartphone?

Yes, reluctantly.

>Roku or other streaming box

There's LibreElec. The perfect project for that Raspberry Pi you have laying around

>smartphone

There's Linux distros for some phones now like Mobian

Some people want appliances, others want tools. For the people who want an appliance-like computing experience, this type of curation is exactly what they signed up for. For people who want a tool-like computing experience, then managing their own security situation is part of what they've signed up for.

Neither side of this dichotomy is wrong (I know it's technically a spectrum...). While you sound like someone who views their computer as a tool, plenty of people don't. And I'm sure there are things in your life from which you expect an appliance-like experience as well, while other people may use tool-like versions of that same basic concept.

Can one run Flash in Chromium on Linux, by the way? I have only been able to do it in Firefox.
(comment deleted)
Do you use a phone? Which one?
I use a Nokia 6030. It's not a smart phone. I don't carry it with me. When I do bring it I take the battery out and put it back in to receive or make calls.
You seem to be serious about this, then.
As a preface, I'm a web moron. And as a web moron, I don't understand why the major browsers haven't just created some flash sandbox for these apps to run under. Are there technical limitations to shipping a flash "virtual machine"? Or just a complete lack of will to do so?
What would be the point of that? Flash is not an open standard and has been abandoned by Adobe. If you're talking about a sandbox in general, isn't that already the case with Javascript? The environment Javascript executes under in a modern browser is really rich and a lot of work has gone into making it secure and performant, none of which can be claimed by Flash.
The point would be to preserve a fairly large amount of internet culture from the 90's and 00's. Ruffle.js which has already been mentioned utilizes the fantastic JS sandbox already present, no need to create a new one. The browsers just have to support it by default.

I don't know enough about the web to determine whether it would be better to emulate Flash within the JS sandbox, or virtualize the Flash runtime itself

It's fine to want to preserve that but I don't think the browser is the right place for it.

Flash is actually quite independent of the browser. So to preserve the ability to run what is by now historical applications, would simply mean supporting running Flash on new platforms/OS.

https://www.reddit.com/r/flash/comments/h8753v/psa_how_to_us...

This is a great way to preserve dedicated flash apps & games. But the tech being independent of the browser doesn't mean developers have integrated it that way. There are still thousands of web pages using tightly integrated flash & HTML that will be broken. You would then need to run the Flash runtime with an HTML&CSS&JS emulator along side, no?
A website with flash didn't mean the entire website was in flash, there was usually a mixing of html sometimes server side code. The browser is the best place view flash for those reasons.

The browser is the only place for it.

Apple wanted to kill flash because it was CPU intensive and Jobs hated it. They wanted the first iPhone(s) to have great battery life and the web was plagued by flash intros, games, and what not at that time.

It didn’t help it had a lot of security issues and it certainly helped its downfall. IMHO we are better without it and good riddance.

I'm guessing flash sites were also horrible on a small touch screen. The simple act of having to rewrite most of the web without flash in a time where smartphones existed probably did a lot of good.
> Apple wanted to kill flash because it was CPU intensive and Jobs hated it. They wanted the first iPhone(s) to have great battery life and the web was plagued by flash intros, games, and what not at that time.

But now the web is plagued by javascript doing the same, often even more intensively. Is it better or worse?

Better. JavaScript is a web standard.
And flash couldn't have been one?

Edit: I was 9 when Jobs wrote his thing on Flash, so I appreciate the downvotes for asking a question?

Probably would not happen under Adobe.
Flash was proprietary, didn't have a specification and only one real implementation ever existed.
Flash was using actionscript which was ecma262-3/4.
ActionScript only "existed" on the authoring side. Scripts were compiled to (proprietary) bytecode before being embedded in the SWF file.

Besides, there's a lot more to SWF than the scripts.

(comment deleted)
Could have? Sure, if some things broke the right way. Was gonna be? Not that I know of. Did? No.
(comment deleted)
No, because JavaScript isn't nearly the bug factory that Flash was. Literally every month there was a new Flash full compromise bug, for multiple years.
Have you ever read the release notes of your browser?

JavaScript has holes basically every month too

It's true that security bugs are being fixed in most Chrome releases. However, these seem to be much more obscure and/or hard to capitalize on compared to the Flash bugs. I admit I don't have a proof of that.
Worse. You could use most websites with Flash disabled and get by fine. That's a lot more difficult with Javascript today.

Flash had a much more arms-length relationship to the browser and wasn't able to be used as a surveillance tool as effectively as Javascript can be.

The constrained nature of Flash made it less of a threat to an open and standards-based web than Javascript (and more broadly WASM).

Edit: On the last point - Flash wasn't able to boot a virtual x86 in a browser. Obligatory reference: https://www.destroyallsoftware.com/talks/the-birth-and-death...

You can use most websites with javascript disabled just fine. In fact, it generally greatly improves your experience.

Thanks to the ADA, American sites (or sites that do a lot of business with America) must work with assistive technologies, mainly web browsers designed for the blind. Most of those do not run js. So, you cannot design your website so that it doesn't work with js disabled, unless you are willing to expose yourself to massive legal liability. People used to ignore this a lot, but since Domino’s Pizza v. Guillermo Robles, most sites have been fixed so that they are usable without js.

I strongly recommend getting ublock, blocking all js by default, and then whitelisting sites where it is required/useful. It's hard to overstate just how much better it makes browsing in general.

You don't have to sell me. I've had Javascript disabled by default for a couple of years now. I love it. I'm a technical person. I can handle (and have the patience for) fidgeting with settings to get sites to work.

My non-technical friends and family can't do that. Trying to impose that upon them would just frustrate them (and, for my family, increase tech support calls to me).

All my banking and insurance sites are useless w/o Javascript. Squarespace sites, Twitter, Imgur, don't work worth a damn without Javascript. I just gave up and mostly gave Google properties a pass to get Youtube to work. (I don't use Gmail so I have no idea how bad it would be.)

A site better be pretty damned compelling before it rises to the level of getting opened in an unconstrained browser setting. I just end up not opening a lot of stuff (or just closing it again when it lights-up "NoScript").

Since it's relevant, here's a very lightweight javascript toggle I made for Chrome a while back. I still use it every day. No data is sent anywhere, and no unnecessary permissions are required. The code is very simple and easy to validate, in case you're one of those paranoid people like me who insists on looking.

https://chrome.google.com/webstore/detail/js-toggle/bnhjfamo...

As an aside, I thought that the Domino’s Pizza v. Guillermo Robles decision was strange. Domino's Pizza stores are local brick-and-mortar operations. They all have telephones and take orders by telephone. That to me would seem to be a "reasonable accomodation" for a vision-impared person who could not use the website to order a pizza.

In the more general sense, a strictly online service that has no alternate means of access probably does have at least some responsibility under the ADA.

If it was simply a case of ordering over the phone, Dominos would’ve been fine. The problem was that they had “online only” coupons and their website and app weren’t “ADA friendly”. It’s more complicated than it seemed on the surface (like the McDonald’s coffee lawsuit)
Domino's vs. Robles doesn't say you can't use JS. no court ever ordered Domino's to do anything, afaict. all they did was affirm that Robles was allowed to sue Domino's under the ADA (without deciding whether their site was in fact accessible or not.) See http://georgemauer.net/2019/11/04/dominos-v-robles.html for a good breakdown of the rulings.

In particular, Robles wanted the court to order Domino's to make their site WCAG-2.0 compliant. WCAG is completely silent on JavaScript. It's possible that some screen readers don't support JavaScript, but if Domino's site used ARIA tags and complied with WCAG the court would almost certainly consider that accessible (there's no official DoJ guidelines on what constitutes accessibility, so the court and businesses have latitude here.)

The ADA is all about reasonable accomodations. Supporting major screen readers is reasonable; supporting all of them clearly isn't. 98% of screen reader users have JS enabled (https://webaim.org/projects/screenreadersurvey4/#javascript), so it's clearly reasonable to provide an accessible webapp.

"wasn't able to be used as a surveillance tool as effectively as Javascript can be."

Flash cookies, anyone?

These were the only mainstream way to keep tabs on you across different browsers.

Browsers can attempt to improve Javascript performance because it's an open standard. And 2d rendering performance, and 3d rendering performance, and whatever else.

The only people who could improve the Flash plugin's performance were the people at Adobe working on it. And, well, Adobe just doesn't give two shits about performance of any of their tools unless they absolutely have to.

Mildly better. Flash was more like Java applets than JavaScript. It was its own thing running in the browser.
From what I recall, Apple approached Adobe during development of iPhone to nail down performance/battery concerns of Flash and Adobe basically blew them off.
No. This is untrue. Apple had no intention of working with Adobe. Flash competed with the App Store.

Adobe approached Apple many times to nail down performance issues and Apple blew them off

There was no app store when the iphone launched
The App Store launched on July 10, 2008 one year and a half after the announcement of the iPhone. Previously there had been no 3rd party apps on the iPhone, only Apple-made native apps and 3rd party web apps. In that context, Flash's absence needed to be explained. Nevertheless, it took another 2 years for Jobs to write his screed, "Thoughts on Flash". By that time, Apple was well aware what a cash cow the App Store was
If the app store appeared 1.5 years after the first iPhones, it was already conceived and development well underway when the iPhone launched. I don't have any firsthand knowledge of who blew off whom, but I'd guess it was Apple doing the blowing because that's traditionally what they do.
I'm not sure that Apple intended to exclude Flash from day 1. I imagine there were difficult technical integration issues, never mind any other business interests. But once the App Store was launched and Apple commanded a 30% share of every single application sold on the platform, I cannot imagine why they would allow Flash to give away comparable applications for free.

The argument has merit that Apple wanted a more precise control over user experience, and badly written Flash apps could disrupt that, but I honestly believe that was a secondary concern compared to protecting their App Store revenue stream.

Jobs' rant about Flash was really a good example of "shooting the messenger".

Flash is an intrinsically more efficient format; it was designed back when 56k modems were the norm, and computers far less powerful, so SWF made use of lots of interesting tricks to squeeze the most of out the platform and be extremely simple to parse.

Those who remember playing Flash games will definitely know just how much computing power they needed --- a fraction of that needed for today's "equivalent" with HTML/CSS/JS.

You will never get close to that level of efficiency with HTML/JS/CSS, although they are certainly trying with things like WASM.

I say this as someone who has implemented a significant part of a SWF player, including parts of the AS2 VM.

I distinctly remember this and partially believe the growth of the iPhone accelerated the decline.
(comment deleted)
It's kind of funny how Jobs declared War on Flash, but it had to be done. It made the web back in the olden days much more interesting and even amazing, but it had to be killed off, for great justice and, look, it took over a decade.
And Flash was proprietary. And its behavior was opaque. And it didn't mesh at all with the rest of your browser/website experience, as it was an embedded thing.
The makers of the browsers (Apple, Google, Microsoft) didn't want to optimize for someone else's (especially not Adobe, not even Unity3D, if anyone remembers that) plugin. So WHATG and W3C made their own 'html5 canvas' that didn't truly get official until 2014 (but was adopted earlier in browsers).

https://web.archive.org/web/20141106212543/http://www.cnet.c...

That's a generous interpretation vs Apple wanting a monopoly on deciding what apps can run on iphones

Not supporting flash is the basis for the app store

No. Apple was pushing for HTML5. In fact, they were imagining iOS Safari as an app platform in the beginning.
Nope. The App Store wasn’t even a thing until iPhone OS 2.0 a whole year later. As mirthflat83 said, Jobs wanted an HTML5 future.
> Let me just say it: We want native third party applications on the iPhone, and we plan to have an SDK in developers' hands in February.

— Steve Jobs, October 10, 2007 (three month after iPhone release) [1].

How long does it takes to create SDK? Jobs is too smart, he carefully creates narrative, he is playing with audience. It is just a show, think Freddie Mercury, I do not understand how anyone can take his words at face value.

[1] https://gizmodo.com/steve-jobs-iphone-sdk-in-dev-hands-febru...

The real problem wasn't flash games. It was flash banner ads.

Lots of badly written flash content would (even on desktop) completely peg a CPU core. And it would do that even when the content wasn't visible (for background tabs, or if you'd scrolled past the ad).

This is bad enough on desktop, worse on a laptop (where you care more about battery and thermals) but it was a disaster on the very low power phones we had at the time. It made the iphone's browser feel extremely janky and unresponsive, and your phone would warm up in your hand. People had no idea that the problem was that "punch the monkey" banner ad they had already scrolled past. The website operator didn't know what ads were being served. Everyone just had a bad time.

Steve Jobs was asked about it in an interview once and he said he'd never seen flash managing to work smoothly on a mobile device. He said if Adobe could show it working well, he'd reconsider. But as far as I could tell, Adobe never rose to the challenge. I think android had flash working for awhile, but they eventually dropped it too. (Probably for the same reason.)

On desktop, I remember having an option in chrome to make flash not play by default. That way flash banner ads just wouldn't get loaded. I imagine they could have done the same for mobile safari - but that sort of thing was never Apple's aesthetic.

> I think android had flash working for awhile, but they eventually dropped it too. (Probably for the same reason.)

Yep. Between the performance issues and interface hangups (touch screen = no cursor = no mouse movement events), Flash for Android was basically unusable for most applications.

There is the pretext and then there is the real reason.

Which is the same reason that Apple allows only their browser engine used by every browser on iOS, has blocked JIT (again, only allowed for their Javascript interpreter), has a neutered implementation of progressive web apps, does not allow alternate app stores or side loading apps.

Control. Money.

> Apple wanted to kill flash because it was CPU intensive and Jobs hated it.

Of course he hated it, because now everybody is writing software specifically for Apple instead of for the web.

That’s revisionism. When the iPhone first came out, apps weren’t a thing. Jobs advocated for PWA (he didn’t want apps), but people complained about performance. So Apple added the App Store with iPhone OS 2.0.
> Apple wanted to kill flash because it was CPU intensive and Jobs hated it.

Jobs wanted Flash gone because it was direct competition to the App Store. That's it. There is no other reason.

Jobs could not say that of course, so he used his massive platform to assert that HTML5 was just as good as Flash, and that Flash was "riddled with security holes".

None of it was true, of course, but Jobs had charisma and a massive following of True Believers, and so his frontal assault on a competitor was successful.

An entire industry and platform destroyed so that Apple could not only control what games were played on its platform, but to charge for them

Yes, Flash had security issues, like every platform and program and browser ever, but there was nothing about Flash that was uniquely terrible the way Jobs and his minions asserted

Apple wanted native apps, not the ‘one size fits all’ poor experience Flash promotes.
> I don't understand why the major browsers have just created some flash sandbox for these apps to run under

They haven't done this. I don't know where you heard that? The whole point of the article is they're dropping Flash instead of doing this.

That would be a mis-spelling, apologies
I can't believe no one has mentioned Ruffle[0] yet.

[0]: https://ruffle.rs/

Somebody further down in this posts comments did, it might have been paginated for you to the second page of comments
Yes, you're right. I hadn't all of the comments yet.
They already were using some sandboxing measures to control this. But Flash inherently involved native, proprietary code and it was difficult to secure completely, whereas modern WebExtensions are JS that is completely under the browser's security control.
The major browsers do run Flash in a separate, sandboxed process. There have also been several efforts to re-implement the Flash plugin scratch, but none of them have managed able to fully support the long tail of existing Flash content.
Sandboxing and security are only part of the reason Flash fell out of favor. It was also pretty terrible in terms of performance and battery life. While a Flash VM would address some of the security issues, it would not stop it from spinning up your CPU and burning batteries like blackened catfish.
I invite you guys to play some old flash games, for the last time on my 11 year old flash gaming website: boredmob.com
How do I crack it so it won't stop? I don't care it won't get updates but I don't want it to stop working.
It seems like you probably can't, but I think there's some emulators bring written.
There ought to be some registry key for some enterprise users or some bytes to patch in a binary itself. I hope somebody is going to find something like that. If there isn't I'm going to try Windows XP with some old Flash Player version in a VirtualBox.

I also expect a version maintained by Harman[1] to leak occasionally.

[1]https://services.harman.com/partners/adobe

I don't know about cracking, but if you install Trilix Flash decompiler, and can download .swf files of flash games/applets, you can keep using these swf's on your computer forever. You can often find the link to the swf in the source code of the webpage (Ctrl+U on Windows).
There is no reason standalone Flash Projector should stop working too.
I never wanted it in the first place, I was always disappointed the browsers bundled it.
I definitely preferred browsers bundling it, because it was one less security dependency I had to worry about managing. And considering Flash plugins were part of the "older model" of browser add-ons, bringing it in-house allowed browsers to better sandbox and secure it, and prevent other applications from exploiting the same way in.

And every browser bundling it also provided a setting (and corresponding enterprise policy configuration) to disable it.

I don't actually remember it ever being bundled up until Google Chrome?
I wouldn't be surprised if this ends up being a Y2K style surprise to some hopelessly inattentive VMWare customers
Debatable.

The first major VMware version which does not support the installable desktop client has a plenty good enough HTML5 version of the web client. So either/or, you should be good to control your hypervisors without Flash.

And at worst, you shouldn't need to use a Flash-based UI to upgrade VCSA or your hypervisors.

> The first major VMware version which does not support the installable desktop client has a plenty good enough HTML5 version of the web client

That's false. The old thick client stopped working with 6.0, which got a very poor, limited and extremely buggy HTML5 client in one of its latest updates. 6.5, latest update, has a somewhat usable but still limited ( missing features) HTML5 UI ( funnily enough some new features were only in the HTML5 UI, while some others were only in the Flash version). The first version that had a fully usable for everything HTML5 UI is 6.7 Update 3, which came out a few months ago.

I mean, perhaps you use features I just haven't had to, but I don't recall any time in the 6.0-6.5 era needing something the HTML5 client couldn't do servicably.
I've seen it mostly in advanced VM management like weird drive configurations.
iirc, OVA deployment was unavailable, then buggy.
On the bright side, unless VMware's interoperability database is mistaken, vCenter 6.7 U3 can manage hosts back to ESXi 6.0, so this is at least "retrospectively true" unless you're stuck on an earlier vCenter version.
Regardless of whether you like Flash, this should be yet another ominous warning that you do not really own your computer anymore.

It's one thing to shut down servers used by an online service (and there's already plenty of disgust about that), it's something else entirely to essentially reach into everyone's machines and delete what they don't want! Imagine if Microsoft decided to attempt to wipe all traces of MS-DOS from existence --- this is similar, in that people have spent countless hours of effort and built lots of "applications" upon the platform, and while they would not expect the original company will "support" that eternally, they expect it to still be usable.

No doubt there will be something in the EULA that lets them do this, but I still think it's crossing a line.

The frog continues to boil slowly...

There are still ways of playing flash for those who truly need to.

https://lightspark.github.io/

Yeah but thats not the parent's point. The problem isn't a lack of ability to play .swf files, it's about the user's control over his machine
Can you on your own machine run your own bootloader and execute whatever instruction you would like to execute?

If yes, what’s your point?

For an increasing number of devices the answer to your first question is no.

We've already normalized the idea that a significant market percentage of small-form-factor battery-operated general purpose computers don't actually belong to the people who bought them.

We're a hair's breadth away from normalizing that idea with personal computers.

I should be the one to decide when my computer stops being able to do something it could already do. The default should be that I do nothing and my computer continues to be able to do what it already did.

It's wrong every time I have to do something to allow my computer to continue doing something it already did. This is why I have to be exceedingly careful not to install updates on those dwindling platforms where I still have that control. I have no idea what features are going to be removed, and usually have no way to get them back. (Hello e-fuses in the Nintendo Switch, or Apple no longer signing old iOS releases to prevent downgrading.)

We should not normalize the idea that third-parties can take away the capabilities of devices we own.

Edit: I would go so far as to say that it should be illegal for a device manufacturer to prevent you from reinstalling any old firmware onto a device you own. (Yes, yes-- I know that we're getting into the whole "But that old device firmware has security bugs! Think of the Internet!" discussion. Liability, both for device manufacturers and for device owners, is a conversation we need to have too.)

Devil's advocate- as long as that feature is there Microsoft has an obligation to support it. The feature has fallen out of use. Why should Microsoft be forced to support this forever?

You're free to stop updating Windows right?

What does "support" mean? Let the feature continue working has it has. Sure. Yeah.

You shipped the code. It exists forever. You don't get to take it away later because it's not in your business interests.

Fix bugs? I'll pay for that if I want that. Software is a service. They shouldn't be obligated to fix bugs for free (unless they agreed to that in a contract).

With Windows 10 I'm not free to stop updating Windows if I want a computer connected to the Internet. Microsoft does dirty tricks to make if very difficult for me from completely stopping the update treadmill. They've shown that it's an arms race, too. I can't possibly keep up with that opponent.

Maye there's a fitness for service argument that could be made and that the software is dangerous in its current state. Disabling it is one way to make it safe and the license spells out what their obligation is to you when they do so.
Most EULAs disclaim all fitness for purpose, though. They restrict the rights of the end user (no reverse engineering, no benchmarking, etc) and disclaim away any and all liability from the developer (no warranty, not fit for any purpose, etc).
I think the problem is when someone isn't able to decide what's best for their computer - and then decides to blame the vendor.

The vendor has already distributed the software with the QA done as thoroughly as possible/ practical, issued a TOS denying a warranty or any sort of protection from failure - that we all agreed to - and yet the litigation is inevitable if something happens to the end-user on account of a vulnerability in the software.

Its not their computer, but in our litigation-happy cultural climate, its their responsibility. No one is preventing us from doing what we want with our computers with this flash issue - just reducing liability.

Let's have a conversation about "cyber" product liability as society, then, instead of leaving it up to the hardware manufacturers and software companies to decide.

Individuals should bear some of the liability for how their devices are used. If my device that I've opted to take off the vendor-prescribed updated train causes a public menace that should be my liability.

Automobiles are the model here. As an owner I am liable for any damage I cause by my operation of the automobile. However if there is a design defect (e.g. Toyota sticking accelerator, etc.) that I reasonably was unaware of, then the manufacturer has liability. But if I continue to drive my Toyota, knowing of the problem and ignoring the manufacturers recalls, then liability comes back to me.
This exactly and having a discussion as a society and the legal changes necessary will be a much harder solution that literally nobody except relatively diehard techies care about.

I care about true device ownership but there are like literally only probably what? 1000's 10's of thousands globally even a million or two globally of us isn't much compared to billions using the devices.

That's what gives me the crushing sadness. It's never going to rise to the level that individual consumers will care.

Only the "diehard techies" will care. Based on how many of my technical friends have knuckled-under and normalized these kinds of affronts to freedom apparently there are fewer "diehard techies" than I thought, too.

I wish that I could just "turn off" my love for computing and computers. Instead, I get to see my hobby and vocation die a long, painful death.

>It's never going to rise to the level that individual consumers will care.

Could it be possible that it's actually less of an issue than it seems to you?

>Only the "diehard techies" will care.

I'm a diehard techie and I do not care.

(comment deleted)
there is also ruffle, but it does not have as3 support :-(
It is yet another ominous warning about the dangers of proprietary software
Can't you install an older version of Windows (like 7 or XP) to use older deprecated software? At some point we need to let the old stuff dissappear from main branch
Doesn't that rapidly become impossible if you don't already have the installation media? Where would I get a (legitimate/safe) copy of Windows XP at this point?
An ominous warning that you no longer own your computer, or the inevitable consequence of you never owning this proprietary software in the first place?
My bias is definitely to agree with this sentiment, but I'm going to play devil's advocate:

Windows 10 automatically updates itself, which is a reasonable thing for a consumer operating system to do. It happens to be a very "wide and deep" OS which includes a lot of userland stuff as part of the same release bundle, like OS X/macOS. There are FOSS projects that also operate this way. The GNOME environment comes to mind as a similarly "wide and deep" example. I myself have had the experience of having a GNOME feature I was using removed after an update. The recourse in that case isn't much different from the recourse in the Windows 10 Flash case. You can either live without the removed thing or find a third party solution. What you can't do is just stop updating the thing; you'd lose (community) support and important bug fixes.

Of course, as long as it's FOSS you can just fork it, right? But really that's not the appropriate solution for cases like this. We're talking about the removal of a basically stand-alone feature. If the official bundle stops supporting that thing, forking the bundle is not the way forward. Bringing in a third party is.

So the way I see it, both the problem and the solution here are the same for both Windows and large FOSS software bundles like GNOME. They're the opposite of narrow projects, so stuff is bound to get removed eventually. You can't stay on an old version, you shouldn't fork, and in some cases you probably shouldn't even protest, as the reasoning for removal may be sound.

> What you can't do is just stop updating the thing

That's the choice being argued. You should have that option. It's unreasonable to expect that old software will always be supported. There is a real cost to it. But as long as I still have the machine it should be my choice as to when it no longer does the things I need it to do (at least until the point of physical failure).

I didn't mean it that way. I meant to point out that you're stuck between a rock and a hard place whether you're a GNOME user or Windows 10 user. It's possible to stop updating, but you probably can't, because you probably need something in some Windows or GNOME release down the road.
Ah yes that is true. It's a tradeoff between how much you need the old software to keep working and how much you need the other updates to the platform.
The nice thing about OSS software is that you actually can selectively pull patches from upstream to build your own stable version.

It’s way too much effort to do to for all software you use but not too unreasonable for your most used tools. At work we maintain lots of forks of libs we use. I maintain a fork of Ansible that has niceties like blocks you can loop over. It’s somewhat controversial to patch in features but we ended up deciding that it’s more important for software to do what we want.

This has been the case since Google Chrome. If you tolerated Chrome and it's "evergreen browser" behavior, you supported the process that eventually became software developers' assumption that they should update themselves without permission on their schedules, and retire and remove features with regularity.

In 2020, we no longer have a right to act surprised about this, because we should've done something to fight it a long time ago.

I broke that functionality in Chrome so I could control when it updated. I didn't accept it. I won't accept it. I would encourage others not to accept it.

I will abandon platforms that take away my control. That's not tenable for a lot of people. There's just a lot of "cool stuff" that I don't get to use if there isn't a Free solution. I deal with it. I hate it, but I deal with it.

> I broke that functionality in Chrome so I could control when it updated. I didn't accept it. I won't accept it. I would encourage others not to accept it.

> I will abandon platforms that take away my control.

If you are still using Google Chrome, then it sounds like you will work to avoid the limitations of platforms that take away your control, which is very different from avoiding them.

I did not accept Chrome's "evergreen" functionality-- I didn't say that I don't use Chrome.

I continue to use various hobbled Chrome versions when circumstances dictate. I use Firefox when I can.

I wish I didn't need Chrome from time to time. If my underlying OS prevents me from hobbling Chrome I'll ultimately have to abandon Chrome (and probably the OS).

This is also how websites work.
Which is a good reason to eschew software that's delivered via third-party servers versus running on your hardware.
Yes but I don't "own" a website. It's not reasonable for me to expect websites to keep working the way they always have.

For SaaS of course, that's something to be aware of. Since I don't have the hardware and software under my control, I have no say in when the supplier stops providing it. Many people have learned this the hard way with Google services, just as an example (there are many others, not picking on Goggle in particular here).

Weird, I have some saved copies of sites that ceased to exist years ago. The backups are still where I left them and I can open without issues. Apparently Microsoft failed to wipe my backups.
That's why I don't use Chrome, nor do I endorse others doing so (look at some of my other comments, if you want to know what I think of Google and its effective monopoly...)
> If you tolerated Chrome and it's "evergreen browser" behavior, you supported the process

This meme needs to die. If all the choices are bad and you choose the least bad, you don't support it.

Imagine if OS vendors and Intel decided to attempt to install microcode updates that fix severe vulnerabilities on your machine and essentially reach into everyone’s machines and delete what they don’t want!

The frog continues to boil slowly...

Imagine if the President told the NSA to remove every copy of a file. the pathway you've described would be potentially viable to reach a large majority of files in storage someplace.

Terrifying thought.

Child's play compared to add data to a specific file ...
> remove every copy of a file

I vaguely recall that this (or something similar) was one of the worries about Palladium/NGSCB back in the day.

If they didn't, people would instead lament them how their OS is unsafe. Removing or disabling unsafe programs is a security feature, almost as if detecting malware.
Then let's talk liability. Nobody comes and takes away your car if you fail to have safety-related recalls performed. You might face significant liability if you cause injury as a result of ignoring a recall.

I am perfectly fine with a world in which end user companies or individuals assume liability when they fail to adhere to a manufacturer's prescribed update regime.

In the business world, I expect insurers to drive this. As "cyber attacks" get more and more costly the insurance industry is going to put the hammer down.

The car analogy isn't a great one here either because there are seatbelt laws, light/lamp laws, etc that do carry serious penalties (such as fines and even jail time). Nobody will necessarily repossess your car, sure, if you fail to fix a broken headlight or seat-belt, but you can still be fined or jailed for it. (Though even repossession can happen as those fines/jail time can in turn cause repossession of your car as a secondary effect, depending on your loans/liens/bonds and the state in which you live.)
There is the potential for personal liability as a result of ignoring recalls. I'm not talking about failure to maintain a vehicle. I'm analogizing willfully ignoring safety-related recalls.
I'm not talking about "failure to maintain a vehicle" in a general sense, either; I'm talking safety-related recalls as well, because there have been serious repercussions in willfully ignoring safety-related recalls in the automotive world.

IIRC, under the aegis of seatbelt laws some states impounded cars that didn't get a critical safety-related recall due an issue with the Toyota automated seatbelts of the late 80s/early 90s.

Issues like that often end up with class action suits to deal with corporate liability issues, it's not all personal liability either.

Maybe that's still too "one time for one particular issue" to easily dismiss the flaws in your analogy. What about emissions-related recalls?

Some states still have ongoing vigorous emissions testing requirements and some of those requirements include checking for emissions-related recalls. Failures are sometimes impounded, almost always disallowed permits/registrations to use of the roads.

One of the largest scandals of which should still be in recent memory, "Dieselgate", where VW was forced at great expense to recall entire models of cars that would not be allowed on the roads of all states that followed US EPA laws. Which the US federal government led a lawsuit (which included several states as additional complaintants) against VW for the problem, and leveraged a massive corporate liability fine. VW had to work to buy back all the recalled vehicle models, and had to do massive corporate restructuring in response to the US provided mandates that they accepted in lieu of fine payment.

Your car analogy is over-simplified, even if it is not entirely wrong.

I'm not sure what you're suggesting (often the case with analogies). I'm not going to even guess where you think liability in that analogy interfaces with someone, who doesn't even know what Flash is, using Windows on their home computer that gets pwned by a Flash exploit.

But you need to temper your argument across your posts here with the various benefits of the appliancification of computing for most people.

Since you don't, it becomes impossible to parcel whatever argument you're making from the arguments of "people should care more about <arbitrary thing that I happen to care about>" and "anything that addresses the needs of others over me is bad" and "there is literally nothing good about an automatic Windows update removing Flash."

(comment deleted)
I have increasingly felt alienated in my relationship with my computing devices. I started in the mid 90s with Linux and Win95 and you owned and could understand the whole computer. iOS and the trend of walled computing gardens were ostensibly done for security and user experience, but users have lost control of their devices. Not everyone needs that of course, but I t is a big reason I migrated to Linux this year after having an off again on again relationship with Linux on my primary computing device. macOS is good, but it used to be great. Way too many technologists are eating up things like M1 / Apple silicon without asking if it’s a good thing. It performs great, but does it really matter? I’m pretty sure it doesn’t help me code or do things in emacs any more efficiently. After Apple hardware quality dropping a lot I just don’t feel the experience is good enough to justify it anymore. Maybe M1 will be a big evolutionary step that we simply can’t ignore, but I know I can do everything I need to for the next few years on my Linux laptop. I will evaluate again when it’s EOL. Mid-2015 Mac was the last great MacBook IMO. It’s been downhill from there. It’s been a slow incremental decline in quality of both the hardware and the OS. And I really loves my Mac and Apple ecosystem a lot, but the writing is on the wall for these walled gardens. iOS is still solid and my iPhone 12 is great... but it may be my last iPhone as well. Same with Windows, honestly. Win 7 was probably the last great windows operating system. Win10 has been very okay for me. All the forced reboots and telemetry in macOS and Windows... yuck.
I feel like I'm going to end up being a veritable "hermit in a shack" because I won't tolerate the expectation of serfdom to our feudal hardware manufacturer and software developer overlords.
Ultimately we need a world where more than just technologists can run on commodity hardware and free operating systems. Hardware reached a point where most people can do all their computing in cheap hardware and Linux is really quite sufficient for most people, but many small and some medium size issues combine to make it too hard for most folks to embrace.
Sadly there is currently no hardware equivalent to free software. While anyone with a computer can learn programming and enrich the world by contributing, manufacturing modern hardware takes billions of dollars worth of equipment.

We'll always be at the mercy of hardware manufacturers until we can make our own chips at home.

I would argue that this is only half true. In the strictest sense, yes, we are at the mercy of hardware manufacturers.

In practice, however, we can make chips at home, using FPGAs. For example, Lattice ECP5 offers capabilities beyond what can be reasonably expected from true DIY chips, can be programmed using a completely free toolchain, and let you design your hardware as RTL, which gives you all the freedom to build a free hardware layer for your free software stack.

RTL designs in particular have a much reduced chance for FPGA-specific "closedness" to leak into the software stack, like it is the case with BLOB-based device drivers. While the designs will be FPGA-specific for performance reasons, they are not forced to be closed-source, nor will the specifics be visible outside the HDL.

Again, in the strictest sense, Lattice chips are non-free too and you are at their mercy not to withdraw their support and tell their lawyers to go full nuclear on anyone working on the free toolchain, or free designs for their FPGAs. But then, with true DIY chips, the same could happen to your suppliers for wafers or chemicals. Or just other chipmakers threatening you with a lawsuit.

I would definitely prefer "more open", but having to use an FPGA is not something I would consider a show stopper. Whatever holds back free hardware, I don't think this is it.

Given the complexity and specialization and massive physical plant required for modern hardware manufacturing I just can't get as worked up over their antics like I can with software.
Windows95 and 98 were the last versions I really felt I could hold pretty much all of it in my head. I didn't let WindowsME anywhere near my brain's abstraction layer of OS functionality.
Windows 2000 was that for me
(comment deleted)
ME is pretty much 98SE with an attempt at hiding DOS from the user. Internally it identifies itself as "MS-DOS 8.0". They are all based on a hypervisor (VMM) and were actually quite ahead of the time. The NT line, on the other hand, is considerably different and much more similar to "traditional" OSs.
Okay but you can't have that way and then have the liability rest on the company for recompense in the case of a vulnerability. That's why this has gone this way because of the threat of being sued.
Not for nothing, but the "slowly boiled frog" idea is a myth. When the water gets too hot, the frog will jump out.

In other words, when the problem becomes bad enough, we as metaphorical frogs, will react normally.

This is a Good Thing, and you should be wishing Microsoft, Apple, Google did this more often, because if they did, we'd all be meaningfully safer, having lost zero liberty along the way.

Nobody's freedom is threatened because Microsoft removed software that was notoriously unsafe and was also set to stop working at the same time. Maybe a more apt analogy would be "boy who cried wolf"...

How is taking away an ability my computer had, without my consent, not threatening my freedom? (I'd like to see the EULAs for the affected Windows and Flash versions, too. I don't recall reading licenses for on-prem installed software that talk about the licensor being free to arbitrarily disable or remove features.)
You don't own the software. You didn't even purchase the Flash player. Adobe has zero obligations to you. You could turn around and claim their behavior is a CFAA violation but good luck winning.
I get that. I understand that software is licensed.

I agreed to a license. If that license doesn't say that the "manufacturer" can arbitrarily remove features at a later date then I'm not sure how they get a pass for that.

Edit (to your edit): Yeah. It sounds criminal to me. They'd be exceeding their access granted to my system. Definitely sounds like CFAA territory in the US. Fat chance that anything would be done about it, but it can still piss me off (and make me try to gin-up pissed-off feelings in other people).

From the EULA:

7.2 Updating. If your Computer is connected to the Internet, the Software may, without additional notice, check for Updates that are available for automatic download and installation to your Computer and let Adobe know the Software is successfully installed.

10. Limitation of Liability. IN NO EVENT WILL ADOBE, ITS SUPPLIERS, OR CERTIFICATION AUTHORITIES BE LIABLE TO YOU FOR ANY DAMAGES, CLAIMS OR COSTS WHATSOEVER INCLUDING ANY CONSEQUENTIAL, INDIRECT, INCIDENTAL DAMAGES, OR ANY LOST PROFITS OR LOST SAVINGS, EVEN IF AN ADOBE REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS, DAMAGES, OR CLAIMS. THE FOREGOING LIMITATIONS AND EXCLUSIONS APPLY TO THE EXTENT PERMITTED BY APPLICABLE LAW IN YOUR JURISDICTION. ADOBE’S AGGREGATE LIABILITY AND THAT OF ITS SUPPLIERS AND CERTIFICATION AUTHORITIES UNDER OR IN CONNECTION WITH THIS AGREEMENT SHALL BE LIMITED TO THE AMOUNT PAID FOR THE SOFTWARE, IF ANY.

So their argument would be that you accepted that the software would update automatically and that in any event you'd have no claim for loss. Does CFAA apply once you've already bent over?

ok, but if the machine was working offline you'd still be able to play one of those flash games right?

I really couldn't care less about the agreements, they are something nobody can afford to read and many times something that can be changed without notice anyways.

A) You did consent, as you indicated here. B) Your computer still has the ability to run Flash programs, this is removing the Adobe Flash Player, not disabling Flash programs entirely, which leads to C) The Flash Player is disabling itself on January 13th, so Microsoft is not removing any capability for you at all, Adobe is, and D) since it’s free software they licensed to you, the have every right in the world to make it do whatever they want (including making it not work any longer), and you have every right in the world to remove the app early if you don’t like what it provides.
The Flash EULA[1] contains language about updates re:

If your Computer is connected to the Internet, the Software may, without additional notice, check for Updates that are available for automatic download and installation to your Computer and let Adobe know the Software is successfully installed. The Software may automatically download and install updates from time to time from Adobe. These updates may take the form of bug fixes, new features, or new versions. You agree to receive such updates from Adobe as part of your use of the Software.

I could see an argument that a self-destruct mechanism is a "bug fix" or a "new version". I could also see an argument that it's not.

I'm coming around to the line of thinking that another poster mentioned-- that this could be considered Adobe criminally exceeding the access to my system that I've granted them. I agreed to updates. Not to removal of functionality.

I can't do a damned thing about it, but it pisses me off, and I want other people to be pissed off about it to. Taking away functionality in somebody else's computer is unethical in my moral framework. Normalizing that idea is dangerous and wrong to me, too.

[1] https://www.adobe.com/content/dam/cc/en/legal/licenses-terms...

Edit: Would it be your contention that all software developers have the right to remove functionality in their software at any time? Does consideration paid factor into that? What if it's expeditious for my business model to disable my older software to get you to move to my new software? Does such disabling constitute an "update"?

At this point my primary concern is that the language and severity you’re claiming here diminishes the impact of future discussions, when something vastly more serious may actually be an overreach.
It's that important to me. Maybe it isn't to you. So be it.

Computing has been a major part of my life for 35 years. I wish that I didn't have dependence in proprietary software but I do. Within that context this matters a lot to me.

Normalizing the idea that the developers of proprietary software are acting ethically (if within their legal rights, which I would dispute) when they remove functionality is very troubling to me.

I would rather that this kind of behavior, on the part of developers, be both socially taboo and illegal. Failing illegal I'll settle for socially taboo.

What would it look like, if you were over-reacting? What facts would come to light that'd make you say, "Oops, my bad!"?

Alternatively, if this is allowed to pass, what material differences will come into existence as a result? What predictions will you make about the lasting consequences of this specific action?

What would it look like, if you were over-reacting? What facts would come to light that'd make you say, "Oops, my bad!"?

It's difficult for me to conceive of my reaction as an overreaction. I would like to explore that dialogue, but I can't get myself into a place to work from. I just can't do it.

Alternatively, if this is allowed to pass, what material differences will come into existence as a result? What predictions will you make about the lasting consequences of this specific action?

People won't know what general purpose computers are. They'll accept silly ideas like "Well, my computer just can't do that thing anymore." The full value that computers can bring to individuals and to society won't be realized.

General purpose computers are a unique invention in human history. I hold the value they bring to humanity in high esteem. I think their ability to affect positive change on the human condition is difficult to understate.

I perceive a systematic effort, and a manifest effect brought on by the marketplace, to eliminate access to general purpose computing for individuals and to replace computers with vaguely computer-shaped appliances.

We're racing headlong into a "The Right to Read" scenario. Feeling that it's normal to accept somebody altering your computer because you agreed to a vaguely-worded license agreement stilted heavily in the favor of the software developer isn't alright. The more people think that's alright the worse things are for everybody.

> It's difficult for me to conceive of my reaction as an overreaction

Sorry, but if you can't even conceive that you're wrong, you're not equipped to argue about it.

You're not "Sorry", though. You're just dismissing me.

Not being able to conceive that I'm not overreacting doesn't mean that I can't conceive that I'm wrong. It means that I can't conceive that I'm overreacting.

I had a hard time responding to your first inquiry. I responded to your "Alternatively..." inquiry as an alternative. Instead of addressing what I could respond to you just dismiss me. That disappoints me.

I'm sorry I have to dismiss you, as you're not willing to entertain the possibility I'm right.

You might have been right and I'm missing something, but now we won't know.

I need to stop replying, but you've gotten under my skin. I'm not good at walking away from things (particularly Internet bickering).

I'm sorry I have to dismiss you, as you're not willing to entertain the possibility I'm right.

Which is not what I said.

I suppose I should have just dismissed you when I asked questions that you didn't "satisfactorily" respond to.

The discomfort you're experiencing is not caused by me, it's caused by the fact that you're aware of your own unreasonableness here. What you do with that discomfort is up to you.
> How is taking away an ability my computer had, without my consent, not threatening my freedom?

Because "threatening my freedom" is either a) an incredible overreaction, or b) meaningless.

You are not going to have your freedoms curtailed. You will not go to prison. You will be able to share your opinion on the matter without restriction. You may continue to practice your chosen religion. You will not be taxed. You will not have additional restrictions placed upon your travel. You will not be required to house troops in your residence.

You can even choose to not install the OS update, and your old software will continue to work. You can choose to reinstall an old version of the OS, and your old software will continue to work.

Perhaps you desire an ongoing and perpetual right to download new versions of a commercial software product, which will never include changes that you do not personally desire. That right does not exist and it never has. This is not a threat to your freedom.

> You can even choose to not install the OS update, and your old software will continue to work. You can choose to reinstall an old version of the OS, and your old software will continue to work.

?? It's possible to hack around the update, but it's a forcibly-pushed update that breaks something on your machine, and the only easy way to stop it is to go offline permanently

Why would you expect that doing something that goes against what everyone else wants, would have been made easy for you? You're basically becoming your own "distro" of Windows. Of course that's hard.

But the point the GP is making is that it's also not totally implausible to do, if there were any real motivation for people to pursue it.

There was a real reason for people to want to "take control" of Android, and so we got LineageOS.

This is a Good Thing, and you should be wishing Microsoft, Apple, Google did this more often, because if they did, we'd all be meaningfully safer, having lost zero liberty along the way.

Hell no. This is essentially the rise of authoritarianism...

I mean it very literally took Apple refusing to support Flash to start its rapid decline.

Voting with your wallets has never really worked. Consumer preferences do change overtime but getting millions of people to act in unison is an exercise in futility. Until someone with actual market-swaying power brakes the wheel it will keep on spinning.

Like boycotts have and do work. I think the problem is average/majority user does not quite understand the minutia.

Successful boycotts seems to deal with worker mistreatment, racial discrimination and other unethical behavior that a business may be doing. Even then they are not always successful but it certainly is easier to explain the situation to people in those cases. However, still run into issues like it is too essential like food or just too much apathy for the entire market of that product.

The frog thing is about the spinal/muscular reflexes of recently-deceased frogs, or about separated frog legs.

A dead frog will "jump out" if placed in boiling water, but not if brought up to temperature gradually.

> you do not really own your computer anymore.

Wish people would stop using this phrase with regards to PCs. If you buy a laptop, it's yours. Load linux on it and you will never have to deal with this. Even the new M1 Macs will offer this option (though there are some hoops to jump through).

What you don't own is the commercial software which runs atop it. In some cases the hardware makes it difficult to change what software you run (most smartphones), but we're talking about Windows PCs here. You can install what you want on them.

If you don't like what Microsoft and Adobe are doing, don't use their software.

You don't even need to bring Linux into the picture, necessarily.

But whatever piece of proprietary software you run with DRM and obfuscation and licensing, you don't control. It's up to you to do a cost analysis and decide if it's "worth it" -- I use lots of proprietary software, I'll admit. Office365 and Steam are two big examples that I either can't or won't give up because of the professional or personal consequences.

However, in both cases, I'm not in control of either piece of software. That's what I get for using proprietary software. It sounds like crazy Stallman ranting, but maybe he was right on this one -- the real solution is to not let proprietary plugins like Flash become "required" to use the net. As long as your computing platform is free, you have the choice not to.

The number of people agreeing with this sentiment that this is about controlling our computers is kind of disheartening. This isn't OS or firmware level lockdowns, just a piece of software.

> You don't even need to bring Linux into the picture, necessarily.

I only bring in Linux when I need it to get a job done!

I use MacOS and have an iPhone. I don't worry about the philosophy since they have for years done (mostly) what I need. If it look like MacOS will stop being useful to me, good resale values on Macs means I can move on.

>What you don't own is the commercial software which runs atop it.

I do! I bought it after all.

If the software does something I did not agree to at time of purchase, I'm going to hold the seller accountable.

If the gardener you're paying suddenly went and threw a painting in the trash because he considered it ugly you'd have a problem with them too.

Whether or not people 'agreed' to this being done is another question though.

Legally you usually just buy a license. Often with automatic updates and an EULA subject to change at any time.
> I do! I bought it after all.

Did you? Maybe you should re-read that 400 page EULA you browsed past.

When you buy software you are agreeing that you don't own that software. You are instead buying a license to use that software.

> If the software does something I did not agree to at time of purchase, I'm going to hold the seller accountable.

When you buy software, you fundamentally agree that it is suitable for no particular purpose. Since much of the software you "buy" isn't even something you've paid for, the vendor can shut off that hose whenever they want.

> If the gardener you're paying suddenly went and threw a painting in the trash because he considered it ugly you'd have a problem with them too.

I'm sure your agreement with your gardener looks quite different from the EULA you agree to when you use software.

Your comment is summarized by the last sentence of my comment.

Except for:

> When you buy software you are agreeing that you don't own that software. You are instead buying a license to use that software.

This is incorrect in many jurisdictions, including the EU, regardless of what the EULA or whatever would make you believe, for software distributed in the way Microsoft Windows is [1]

[1]: http://curia.europa.eu/juris/document/document.jsf?text=&doc...

Instead ownership works similar to as it would for, for example, a book. You don't own the IP, but you do own the book.

Also I don't own the gardener either, the distinction doesn't even matter.

And I wish that Linux fans would stop saying use Linux as if that is an answer for the vast majority of PC users in the world. It stinks of elitism on so many levels. And yes, I use Linux, but I would never consider putting it on a machine for my mom, or my sister, and nearly anyone else. Linux simply is not a viable solution for so many people.
> as if that is an answer for the vast majority of PC users in the world.

The vast majority of PC users don't give a fuck if they "Own Their Hardware" or any other philosophical questions about their computer. They buy a tool and use it. Generally speaking, those tools work just fine for them until ultimately the drive fails or they drop it into a creek while hiking.

It's the nerds on HN who bitch about "Owning their computer". Literally the people who should have the skills and knowledge to fix the very problem they are complaining about. If you tried to talk to your mom or your sister about how they don't own their computers they would likely look at you as if you were insane.

FWIW, I'm only intermittently a Linux user, mostly I use MacOS.

They don't complain about "not owning their computer" but they complain about downstream problems.
> for my mom, or my sister, and nearly anyone else.

Especially my mom, dad, sister and almost everyone else I know use one application on their computer and that is Chrome. My father still works and so does my sister and yet they do not work with or need anything else. Linux works fine for that. Almost everyone I know would not know the difference between an Ubuntu laptop or a windows one as long as the Chrome button ('the internet') is there.

Ofcourse this differs if people need native applications (maybe) but I would say that most people would not notice Linux at all. Not because Linux is great (I use it exclusively but I do not care about ux/ui), but because most people do not do so much 'natively' with a computer anymore and hence can switch fluently from Mac to win to lin to ios to Android (and frequently do during the day between some combinations of these) as long as they can find 'the internet' button.

Sounds like a Chromebook.
Indeed. Arguing that Linux makes a good web appliance does not endear it to anyone who needs more than a web appliance.
I work in IT, write software, and have a significant number of hobbies centered around computing and I don't even think Linux is a viable choice for me [0]. But there's a lot of Linux evangelists out there who simply refuse to believe there is anything wrong with it for anybody.

[0] and belive me, I've tried [1][2].

[1] Some evangelist is typing a response right now about how I haven't really tried. They are part of the problem.

[2] I've put together my own distro, written and contributed to open source projects, until sometime earlier this year ran Linux on 4/5 computers I used regularly at home (now down to 1/5), and was even president of a LUG for a while. So shut up about how your grandma uses it as a web kiosk so it must be fine for everyone.

Except I'm not remotely a Linux evangelist. I use a Mac. I didn't suggest Linux desktop is for the masses.
(comment deleted)
1999 wants their argument back. My daughter uses Ubuntu Mate and is quite happy with it. None of the bullshit of Windows ten.
Nothing is perfect. Everything is a tradeoff. If you want to avoid corporations controlling your computing environment, Linux is perhaps the easiest way to do that. The alternative is to continue letting corporations control your computing environment and... whine about it, I suppose.

Do you think it's better to offer no suggestion at all? To not even tell people about their options?

We could also have an option for consumer protections to prevent corporations from exercising some types of control.
You’d have a point if Flash Player was paid software.
From a philosophical perspective... Except for your thoughts and perhaps your life, which is another discussion entirely, it is arguable that you don't own ANYTHING. Not your home, your car, software, or the phone in your hand. You only have it because a corporation or government allows you to have it.
Counterpoint - in nearly all cases (and I would say essentially all cases since Windows 8 was released), this was software that the user didn’t decide to install at all. Instead, it was installed for them by either their OEM or was included in Windows or by a browser maker or was part of some other software package (that almost certainly didn’t require it). So removing something that is a proven security risk, that the manufacturer actively deprecated years ago, and that it is shutting down server side in two weeks, seems to be far different than removing something that was a core part of the operating system. And even then, as others have pointed out, software updates remove features from software all the time.

I totally agree that it feels weird and is bad if an update actively uninstalls something for legal reasons, like Amazon taking stuff off of Kindles remotely, but we're talking about software the user didn’t ask to install and that the maker is shutting off anyway.

The vast majority of Flash usage was web-based and the web version will cease to be supported at the server level and at the browser level in a matter of weeks. Users that deliberately want to run insecure software or outdated web browsers have that option, and there are plenty of alternatives to display archival content.

Any non web-based Flash applications have been written using Adobe Air for over 12 years (and desktop Flash apps have always been a rarity anyway), and Adobe Air isn’t going away. If there really is a self-contained app (probably a game) that wasn’t packaged using Adobe Air that absolutely relies on an ActiveX plugin, there are alternatives the user can find and use. Technology becomes obsolete. And software stops running. At least there are preservation efforts out there.

There are infinitesimal edge cases where a user knowingly and specifically installed Flash Player for non web-based purposes. Those users are going to be given a warning before the application is removed, allowing them time to find an alternative way to access those files.

Not just computers but an increasing number of devices in general: some cameras, thermometers, and vacuum cleaners require immediate online activation (w/ software update) or they don't function properly; this is a borderline fraud in my opinion. We should mandate that companies must give a clear warning for things like this.
Thermometers? Seriously!? Unbelievable!

I'm waiting for 2025 when a piece of cutlery or your garden hose will need internet activation.

> Regardless of whether you like Flash, this should be yet another ominous warning that you do not really own your computer anymore.

This is definitely true with regard to applications and services.

People give rms a hard time for going on about free software, but he saw this coming.

"One assumption is that software companies have an unquestionable natural right to own software and thus have power over all its users. (If this were a natural right, then no matter how much harm it does to the public, we could not object.) Interestingly, the U.S. Constitution and legal tradition reject this view; copyright is not a natural right, but an artificial government-imposed monopoly that limits the users’ natural right to copy." -rms[1]

I don't suggest jumping into the deep-end with free software mentality without full consideration.

However, Google Play Music went under recently[2] with all of the content that people bought becoming potentially unavailable, so it's worth thinking about how much we don't own.

[1]- https://www.gnu.org/philosophy/fsfs/rms-essays.pdf

[2]- https://9to5google.com/2020/12/03/google-play-music-dead/

Corporations in general just like to own and control everything. Just look at the mess that is intellectual property rights. There's essentially no limits to what they will delude themselves into believing they can own.
Who starts corporations? Who hires lawyers to try to protect intellectual proprty rights? It all starts with one or a few people exercising free will. To take a more common example than Bill Gates and friends, something as seemingly "non-corporate" as Pi-Hole has become a private corporation and "owns" a trademark. Regardless of reasons, it is what it is -- individuals poised to enforce "rights" against, to block, others. The "delusion" is quite contagious. Not disagreeing with the comment, just pointing out that these problems emanate from wilful participation in the delusion by individual persons.
(comment deleted)
While I generally agree with this sentiment in a lot of cases, I don't think it really applies here.

Microsoft ships Flash with Edge and Internet Explorer, or allows it to be installed, but they have decided they no longer want to support this integration given that the software in question is no longer being supported and has a long history of security problems. They are no longer shipping it with Edge and IE and are preventing it from running there. You can choose to run it in other ways, but Microsoft does not want their browser used as an vehicle for exploits that come through Adobe. Chrome and Firefox are planning to do the same, for similar reasons, and you can also get Flash working on those manually if needed in similar ways.

The title here is pure clickbait. It's not Windows 10, it's a change in the default behavior of Edge and IE, and eventually Firefox and Chrome. A change that's as easy to work around as it was to get flash originally before browser vendors started including it by default.

If you want to talk about signed bootloaders and completely locked down systems and app stores and how those devices aren't really owned by you anymore, I'm totally on board. But to say that a change in the default behavior of a few applications on just some of the operating systems you can install on your PC is evidence of you not owning your computer, I think that's a lot harder of a case to make.

> given that the software in question is no longer being supported and has a long history of security problems.

look, similarly, whilst i think the world would be better off if vaccines were legally mandatory, i would never support someone who tried to make that so. it's not (and never is) about the specifics of this _one_ thing - the world will be a better place without flash - but the general principle of who owns what & freedom. if i _truly_ own my computer, then this could never happen.

> They are no longer shipping it with Edge and IE and are preventing it from running there.

i don't think that's the case. the article mentions removal of the abode flash player component. a user must have already installed this application manually. browsers are to remain unaffected (for now at least). here's a quote from the article:

> It is worth noting that this change won’t affect your browsers where Flash will still remain a built-in component until the next big browser update.

this is more akin to microsoft shipping an update that removes VLC, and hence from the 1st of january, all your mkv videos stop playing.

> if i _truly_ own my computer, then this could never happen.

Sure it could. You can own your house but choose to rent your furniture or borrow a couch from a friend. You then no longer have total control over those pieces of furniture, even if you do own your house.

Similarly, you can control your computer but choose to run specific software on it that automatically updates and changes itself. You can also choose not to do so. You are fully capably of not running Edge or IE, and choosing an old static version of Firefox with automatic updates disabled or some other browser that doesn't automatically update.

By choosing to install and/or use those applications that update automatically, you are opting in to their behavior. It was not forced on you. That goes for browsers, but it also goes for Windows. I don't think it makes sense to say you don't control your computer because of choices you made about what you run on it, especially when you still have the ability to change those choices.

> a user must have already installed this application manually.

All the major browsers switched to shipping Flash with their runtimes years ago so they could control the update process and make sure it was patched. Flash is shipped with Firefox, Chrome, Edge and IE (the latter two with OS updates most likely).

> this is more akin to microsoft shipping an update that removes VLC, and hence from the 1st of january, all your mkv videos stop playing.

No, I think you misunderstand what's going on. From the article itself: "It is worth noting that this change won’t affect your browsers where Flash will still remain a built-in component until the next big browser update." That next major browser update is when those browsers, Chrome and Firefox, are also removing flash. Everyone is doing it now because a year or so ago Adobe announced all support for Flash was ending at the end of 2020, and none of them want to ship an unsupported component with a bad security history.

> Regardless of whether you like Flash, this should be yet another ominous warning that you do not really own your computer anymore.

I'm pretty sure you can choose to not run Windows 10.

"Flash content will automatically stop working in January even if you don’t remove the player manually."

My opinion only here, but the only company to blame for this is Adobe and this isn't corporations slowly taking over your computer (aside from the fact that yes, it is happening) - this is just another example of how Adobe hates their customers, sort of like how you can't buy Photoshop anymore and you have to put up with their cloud updater that will delete your mac's backblaze folder. Software with an expiration date is an old poison that Adobe has repurposed to EOL their own product because they're tired of maintaining it.

This highlights the risk of building upon and investing in a closed-source and proprietary platform (Flash). Once Adobe discontinued it, it was inevitable that browsers would eventually stop supporting it.
>Regardless of whether you like Flash, this should be yet another ominous warning that you do not really own your computer anymore.

If you run Windows or OSX that is.

Does that mean I won't have to suffer through my crappy company interactive training videos?
Sorry to disappoint you, but your company crappy interactive training videos will still exists. They will simply be upgraded to another player, but their horrible content will still be the same.
No, you’ll have to go back to IE under windows XP. Hopefully in a VM.
A lot of the company garbage only works in IE as it is. Great.
Is there a way to keep flash going?
Yes, of course. Don't make that particular update. Or freeze a virtual machine with flash in it and use that when you want/need.
I'm actually very confused about this. They make it sound like the change will happen automatically, which makes it sound like there's a kill switch of some kind. Is there?
From what people are saying above, Chrome has a date-based kill switch built in - if you set your system clock forward, Flash stops working in the current version.
I wonder if the Flash runtime can be rebuilt in asm.js, WebAssembly, or similar, and then made to seamlessly play the video on an emulated version of Flash Player but with barely noticeable changes to the user. One would think that this cannot be easily blocked by Adobe. If Chrome wants to block it, simply use a De-Googled version of Chromium.
(comment deleted)
Maybe it's because I was never a newgrounds kid or whatever but every time I had to use flash for video playback it was always awful and I don't miss it. Good riddance you CPU hungry abomination.
I'm in the Netherlands, we are in a Covid lockdown with schools closed at the moment. Next week Christmas holiday is over, and remote school will start once more.

And many of the sites they use to keep the younger kids busy have games for learning simple addition, spelling, et cetera. Almost all in Flash.

Not looking forward to Monday.

It's happening on January 12, not on Monday
On bullshit propietary formats like Flash and its supporters, I remind you a lot of w95 era games are now unplayable because of similar reasons. Not even under Bochs, Qemu with a perfectly setup VM with PCI under w95 or w98, with both VGA drivers tested: Cirrus and UniVBE.

Flash will follow the same path, but unlike those pesky Direct Draw spin-o-rama games, Ruffle works with ease and back in the day you could play swf embedded videos in a video player with a library. So, stop whinning. We, the older abandonware gaming users have it worse, far worse.

ScummVM may support that w95 game one day, but today it doesn't.

Oh, and for Sure Scummvm in a near future will make standalone SWF games playable.

Those won't fix every game, but fortunately PCem can do a fine job emulating the appropriate hardware.
"La Pesadilla Turca", Spanish edition of "Byzantine: The Betrayal".

I tried several OSes and graphic cards, and no luck.

Windows 95 with Bochs was close, but still slow.

VirtualBox is a no no, too, because the game is really tied to a Pentium processor. Anything faster and you wouldn't react to timed events.

Some people launched it under Virtual PC and W95, but I use Slackware, so it doesn't apply.

>even Win10 ships with own ddraw.dll wrapper.

And w98, but everyone knows is slow as fuck. It makes playing 2D games from 1999 with a worse performance than a Pentium 90.

And, yes, I had to use Wine's DDraw while patching the exes in order to run some games fast on my aunt's W10 machine. Those games (nothing fancy, Trivia games, a fancy Hangman, cards, crosswords, puzzles...) ran like butter in my AMD Athlon with Windows 98, unsurprisily.

PCem (https://en.wikipedia.org/wiki/PCem) is a great improvement in the emulation of Windows 95 era hardware. It can emulate anything from the IBM PC through to Pentium II based systems. It also emulates specific graphics cards (3Dfx, Trident, S3, CGA/EGA/VGA, Tandy graphics, a number of DirectX cards) and specific sound cards (AdLib, Sound Blasters, Gravis Ultrasound).

The project should eventually allow emulation of the entire Windows 95/Windows 98 era. In my mind, it's comparable to what BSNES was to the Super Nintendo - accurate emulation that saves an entire era of software from getting lost.

Flash is homogeneous and hardware-agnostic, unlike those old Windows-based titles. Flash provides ~1 (bar inter-version incompatibility) target platform, and as far as I know, can run entirely in software rendering mode. If your computer is fast enough, there will be no hardware-based problem with running Flash software.

For Windows 95, there were multiple 3D APIs other than DirectX and OpenGL, and some titles depended on hardware-based quirks. Those APIs and hardware needed to be emulated accurately enough or passed through. That's quite a large support surface.

In comparison, Flash needs a Windows XP VM (or a standalone projector) with software-based rendering and that's it. Not nearly as bad.

I know PCEM., but that's a no no under my AMD Turion.

On VooDoo, Bochs does that too, up to VooDoo2 nowadays. There may be clock issues, but if you set the IPS count to the MHZ of the targetted machines, games will run close.

Qemu does Cirrus and Pentium3 compatibility, and still no luck.

I tried with XP on compatibility mode, and no luck. Windows 95, 98, Bochs, Qemu, with Cirrus and VBE. Nada. W2K, compat mode with the RUNDLL trick, both to W95 and W98, still a Direct Draw error on launch.

The game is the Spanish edition of Byzantine: The Betrayal, "La Pesadilla Turca".

If it really is a Macromedia Director game, I hope ScummVM runs it as it does with some games/software.

That's mainly because those VMs don't do a good job of supporting old hardware that OSes like Windows 95 need. You should be using an emulator like PCem instead.
Ahem, it emulates then fine, is not VirtualBox, it's Bochs and Qemu with no virtualisation by setting the TCG interpreter, something good enough with a Cirrus card.

Bochs is unlike VMs, with Bochs for sure you will set up W95 and W98 without BSODing, fore sure. Bochs emulates even an i7, at glacial speeds, but it's a beast for debugging. It emulates even the virtualisation instructions themselves, FFS, in order to debug the inners of a guest OS while "virtualising". And it did VooDoo and VooDoo2 before PCEM several years before even it existed.

The issue is those early games for W95 don't even launch properly on real machines under Windows 98!

Goodbye, old friend. When i was at school i made a nice counter with you and a page loading animation. Your date and text API awed me with its sophistication. And i still have the flash 5 book that i bought with my saved money. Your prophet - 2Advanced, was an inspiration for me.

It's nice of corps to be able to do whatever they want with your PC. And MS is really sunshine and lollipops compared to the mobile space - where not only you don't own your device, but at best you actually rent it and are at the complete mercy at the feet of the master. All for the privilege to actively work towards generating ad revenue for the company you rented it from.

Most tech in 21 century is something out of those shitty 80s low budget cyber dystopian movies with post apocalyptic undertones. It's bad.

We have reached peak GOS (Grandma Operating System). Most recent example is TLS 1.0 sites. Warn but Allow things to keep working.
I wonder why none of the top comments mention Ruffle[1]? It's a wasm flash player emulator, and it provide the necessary sandboxing. That sounds to me like a reasonable alternative to a buggy and now unsupported official player.

[1] https://ruffle.rs/

Some of my kids' distance learning materials are built in Flash. Less than it was in the Spring, so it seems publishers are scrambling to resolve the issue, but it should make distance learning even more "interesting" in the next few months.
So what's the recommended way of still playing old Flash games you have a local copy of?

I'm very fond of some of the older Amanita games, such as Machinarium

Use Adobe's Flash Projector. It runs swf files directly, outside of a browser.
I'm a little surprised no one has mentioned CheerpX[0] in this thread. It's supposed to run any Flash file flawlessly, because it's running the Flash runtime. Just through a x86 emulator in WASM, so it re-sandboxes everything.

[0]: https://www.leaningtech.com/pages/cheerpxflash.html