63 comments

[ 3.0 ms ] story [ 108 ms ] thread
Apple and Adobe killed Flash. MS is merely a "me too" Flash-killer here.
Videos chugging along at -1fps to 10fps on phones is what killed flash.

Edited...

Flash killed flash. Video runs just fine on phone hardware.
Macromedia killed Flash, Adobe has been using the defibrillator for quite some time now.
What's killing Flash is 10 years of buggy, awful software. No other multi-platform VM has had so many performance issues, so many security holes, and so many bugs that significantly degraded the user experience. JavaScript interpreters have never been as terrible as Flash. Java has never been as terrible as Flash. Flash's only claim to fame is its ubiquity. It will not be missed.
I made another reply here - MS will be packaging Flash automatically with IE...so it may be a little bit of a helping hand for Flash, while trying to keep it secure.
Wouldn't surprise me. Everyone is trying to kill flash; HTML5 has filled in the gaps.
If your video delivery company isn't already supporting user-transparent alternatives to Flash at this late date, you should probably be looking for a different video delivery company.

It looks like Brightcove does support mobile (at least they claim to) so what's the big deal? Can't they just deliver different content for the new IE, the same way they are presumably already doing for the other non-Flash platforms?

I'd be royally pissed if they told me it was my responsibility to get my site whitelisted with Microsoft.

Its all about the DRM. Flash is the only viable way of streaming with enough protection that keeps rights-holders happy :(

Video on the web would be a lot simpler if DRM/content protection would die die die...

I'm not even convinced that these supremely ignorant "rights holders" really exist, except in scary tales handed down from one generation to the next. I mean, surely they don't think their "protection" is actually working, do they? Have they never been on the internet?

RTMPE was cracked years ago (the handshaking consists of little more than sending an HMAC of a magic string and the player file)[1].

It's all just obfuscation. Putting a transparent layer over the video and obfuscating the file name will achieve the same effect, that is, preventing casual downloads. That's all they've got at the moment, even with Flash "DRM".

1. http://lkcl.net/rtmp/RTMPE.txt

"I'm not even convinced that these supremely ignorant "rights holders" really exist, except in scary tales handed down from one generation to the next"

I do some work in the mobile space around rights protected video. Trust me, they exist. Particularly if the content you're handling isn't on public release yet.

Oh they exist believe me... Working with a local broadcaster you run into all sorts of things like:

1) You didn't buy the streaming rights

2) You can only put it on line X days after broadcasting it

3) You can only keep it online for X days

4) All data packets sent to user must be transient, encrypted and not cacheable (that's a fun one to try get right )

5) etc etc etc

They do exist; and the rules basically amount "use a whitelisted DRM solution or don't get our content".

A solution that you believe to be good and secure but that they haven't validated can't be used; and that validation takes significant time and money.

And you can't really force your terms on DRM unless you are Apple - even multinational cable companies (that have been distributing the same content on cable for decades) have the same problems for any IP-based transmission, even for them the content providers have all the trumps, and any changes can be negotiated (paying a lot for removing each restriction) only with the next round of content deals every 3-5 years or so.

This is just because html5 doesn't have a way of hiding the video stream from the html source, right?

Hasn't anyone figured out how to proxy it, or only allow a connection to the hosting server if the browser has a specific cookie, or some other way of obfuscating the video's URL?

I'm sure there are JS-based obfuscation techniques, but Hollywood's approval process is probably highly political. So developing fake HTML5 DRM costs X, but getting it approved may cost zero (if you're Steve Jobs), 10X, 100X, or infinity.
Yes - the problem really lies with the rights holders here. Because when constrained by the restrictions put in place by content holders you're really faced with two options for mobile DRM video: use Flash (which few devices support, and none well), or use a native app (Netflix, etc). But since it's rather unlikely a DRM solution through the <video> tag is going to be supported by all (any?) browser vendors, the buck really does stop with the rights holders.
> Flash is the only viable way of streaming with enough protection that keeps rights-holders happy :(

Silverlight seems to work out for Netflix.

> Video on the web would be a lot simpler if DRM/content protection would die die die...

Let's say it did. What web standard (particularly that IE10 implements) makes it relatively easy to implement even non-protected streaming?

So, having teams rewrite everything for a different proprietary framework because people "don't like Flash" is somehow a viable alternative?
What web standard (particularly that IE10 implements) makes it relatively easy to implement even non-protected streaming?

HTML5 (video tag), H.264, and (coming soon) DASH.

Only progressive delivery if you're talking about IE10.
HBO and pretty much any major Network all have iOS apps.

HLS streaming can be protected, you can encrypt the chunks and decrypt on the player. Ironically enough for my previous job I built a HLS prototype solution that did exactly this... in the Flash Player.

> HBO and pretty much any major Network all have iOS apps.

What does that have to do with anything?

Did you find that approach to be effective at all?

If you are decrypting on the player then the decryption key must be on the clients device. What is to stop them grabbing the key from memory and ripping the stream anyway?

Yeah, it was just a prototype to protect live video streaming on Android devices... Performance was pretty bad and so the frame rate was pretty low. I think it would work decently for desktop Flash. JW Player have a HLS plugin for Flash which is pretty good, a lot more fleshed out than my prototype ended up being.

Apple do something similar http://developer.apple.com/library/ios/#documentation/Networ... this approach is more secure than what we de (Restrict access to the manifest file and have Flash request the current key when needed at runtime).

I can see that that could work on a locked down iOS device but a rooted android phone would surely be able to access to manifest file and make a copy of the keys and stream contents.

After all you only need one device to copy the stream and re-stream DRM free to others.

Probably mostly a security strategy, with a side of merciless.
That's funny, because I won't use IE10 unless your site is on a whitelist.
Can't tell because the page won't load, perhaps MS indirectly killed the webserver of the blog ;)
Cue stanard Betteridge's Law remark.

The whitelisting only applies to the "mobile" version of their browser. To that end, Microsoft's policy is markedly more Flash-friendly than what's happening on other Mobile platforms. After all, at least some Flash content will be permitted. By contrast, iOS and (as of recently) Android are effectively Flash-free platforms.

I think the fact that there's no restriction on desktop, combined with their published requirements for how to get whitelisted for mobile, make it pretty clear that this isn't really meant to be an attack on Flash. It's more an attempt to deal with the large number of websites whose Flash content is fundamentally incompatible with touchscreens because it assumes the presence of a mouse. Blocking Flash on those sites hopefully results in a better user experience because the site is theoretically degrading to a Flash-free version instead.

Far from being a Flash-killing move, in hindsight the other mobile platforms adopting a similar policy might have been the one thing that could have saved Flash for them.

The headline did not end in a question mark.
Flash can be downloaded and installed on Jellybean. Sure it doesn't come standard anymore, but it works just fine. Android is far from a flash free platform. In fact I'd say its still the superior mobile flash platform.

Its kind of crazy to me Google doesnt include Flash with jellybean when it works just fine. I'm all for killing flash asap, I hate it... but when it works... why deprive people of that bullet point feature?

Either way, its beyond false to call Android (even jellybean) a "flash free platform". You have to download and install flash on a desktop computer, just like you have to download and install Flash on Jellybean. Still works like a dream though.

It can be installed. But it's not supported, and Adobe has specifically recommended against doing so, and is telling everyone to uninstall Flash before installing Jellybean. So while sideloading it might work for now, most people probably won't bother. And sooner or later it's going to break, anyway. Meaning anyone who's looking to support a mobile browsing experience on Android needs be thinking of it as a Flash-free zone, on pain of being alienated from their userbase.
Maybe you meant this by putting quotes around the word mobile, but this applies to IE10 on desktops as well; when running IE10 in Metro... I mean Windows 8 UI. In the official documentation [1] they refer to it as "Windows UI". I think it's a bit misleading to claim it only applies to "mobile" [sic].

1 - http://msdn.microsoft.com/en-us/library/ie/jj193557(v=vs.85)...

Right. IE 10 Metro being the mobile version of their browser.

It's true that it runs on desktops. But it's also true that it's primarily intended as the version of the browser that's used on touchscreen devices.

Eh, I hate to split hairs here, but I feel like the author of this blog post is being unfairly taken to task for a misleading headline. I disagree with the characterization of the WinUI version of IE being the "mobile version of their browser". It's the only version available on mobile, but WinUI is the default UI when you boot Windows 8, isn't it? That's not rhetorical. I haven't used Windows 8 much, but I did install the beta in a VM, and it booted to Metro (...er Windows UI). When I launched IE, it launched in WinUI, so it's reasonable to assume that mom & pop are going to use IE10 in WinUI at least as much as they do "desktop" mode.

The whole kerfuffle here centers around the ambiguity of the terms in use. It is unfair to take the blog author to task over his language, only to use unclear language in return. Characterizing this as the "mobile version" of the browser is incredibly unclear, considering it's the default on the OS that will ship with desktop and laptop computers.

EDIT: Here's a little matrix I posted further down the page. I think this makes the context a little more clear.

                        Windows UI  |  Desktop
                        (default)
    ================================+================                    
    Tablet or phone :   Affected    |  N/A
    Desktop or laptop:  Affected    |  NOT affected
Maybe, I suppose it depends on how you use it. I've been using the consumer release Windows 8 on my personal laptop for about a month now, and I honestly haven't even seen the Metro version since then. I know it's there, but the desktop version's generally quicker and easier to get to.

As far as the whole "mobile/not mobile" thing goes, I think that ambiguity is totally inescapable on Windows 8. Windows 8 has an identity complex, and is full of bits of UI that were clearly designed for touchscreen devices but are also used on the desktop OS. But I don't think the fact that they're available negates the fact that they're primarily optimized for a mobile experience. It's more just a symptom of Microsoft trying (and, as illustrated by cases like this, not necessarily succeeding) to shoehorn a mobile experience and a desktop experience into the same environment.

mmm but default mode for Windows 8 is "Windows UI" (Metro). You have to specifically switch to Desktop mode.

You have to wonder how many people will never switch modes...

That page refers to it as "new Windows UI", not simply "Windows UI". Sorry to nitpick, but there's enough ambiguity around the naming for the new/modern/metro/Windows 8 UI already.
IE10 in RT mode. Title is a bit misleading.
Exactly. If anything this is more lenient than most other mobile browsers
This article should be edited-away by the moderators. Not just link-bait garbage but the title is an actual lie.
NoScript under Firefox, and ClickToFlash* under Safari can help the transition to a Flash-free environment.

* hoyois.github.com/safariextensions/clicktoplugin/

disabling plugins in chrome works fine too (which ends up being clicktoflash). But it also makes it needlessly difficult to whitelist sites.
I hope Ballmer issued a memo about "cutting off their air supply," for old time's sake.
Isn't this old news?
Oops my server went boom (I really need to toughen it up)...

Here is the link to the Developer guidance for websites with content for Adobe Flash Player in Windows 8: http://msdn.microsoft.com/en-us/library/ie/jj193557(v=vs.85)...

That document clearly states that the desktop version of IE isn't affected.
But the Windows UI version is and that is the default for Windows 8...
Unfortunately, I think you're being judged based on your headline because the site is down. Cached versions are coming up slowly as well.

Are you running on WP? Got a cache plugin installed?

I do but my Apache config sux so ran out of RAM (its a low traffic server).

I was gonna put Varnish in front but have just never got around to it.

Server resize in progress :)

I'm afraid the issue isn't all that clear.

There's some confusion of terms going on in this whole discussion. Traditionally, when people hear "desktop version", they think: "the version that runs on desktop and laptop PC, as opposed to mobile devices like tablets and phones." This distinction doesn't hold for Windows 8, because the "desktop" version of IE10 isn't alone on Windows 8. Windows 8 UI will run the "mobile" version (loosely speaking) of IE10.

Based on this, we have the following:

                        Windows UI  |  Desktop
    ================================+================                    
    Tablet or phone :   Affected    |  N/A
    Desktop or laptop:  Affected    |  NOT affected
http://blog.rabidgremlin.com.nyud.net/2012/10/11/did-microso...

Instead of a mortal wound from Apple or death by a thousand cuts, it seems like Flash is dying from a series of maiming injuries.

Although DRM is often cited for the main reason Flash still exists, from my experience it exists because it is still being taught at community colleges and universities to graphic design students. They enter the workforce, do something at their new job in Flash like a restaurant menu or whatever, it looks good on a desktop and so Flash persists.

Windows is getting better and better.

I recently committed a website to a design review site. FLASH pages are not allowed any more.

These pages used to be called FLASH–award, now they are called CSS-awards, what comes next?

Somewhat OT and tin foil hat:

I was talking to a friend the other day about whether it was best investing time into getting really good at developing for the web vs native mobile/desktop.

My argument was that the big advantage of web dev was that you not only had more choice of backend tools but it was also the best way to get your apps to run on any platform including locked down ones without having to worry about app store policies etc.

His counter argument was that the browser is becoming the new target for malware etc especially as the new HTML5 APIs become more sophisticated. He thought that it might be likely that some browser APIs would become locked down by platform vendors. In other words if you want your web app to do stuff like WebGL/Local Storage etc you would need to be explicitly whitelisted by the OS or browser vendor. In which case there could be rules like "your web app cannot do xyz, your website must not have content related to abc".

Outright website blocking would seem out of the question, but perhaps things like this are the first sign of a move in that kind of direction?

Wishful thinking says that they're taking a kick at Adobe because they're aware of an effort to port Creative Suite to Linux.
Sigh... title got edited... somebody didn't read the article.

This effects desktop windows 8 too not just mobile

I think this is occurring because of some news released by Microsoft on Monday - Flash will now be packaged with IE by default. This provides a better user experience - never need to download and install/update Flash, but they provide a way to keep it secure. Heard it on today's Security Now.

http://twit.tv/show/security-now/373