One of the main problems I see is that Flash is used as a first preference as opposed to falling back to it. Prime example that I ran into today: first time I visit the 8tracks I am prompted to enable Flash, after about 10 seconds of me refusing to enable vulnerabilities it concedes and gives me the option to use HTML5 instead which, surprise surprise, obviously hasn't even been tested and does absolutely nothing.
That's a worst-case scenario, but I get the "enable Flash bar" all too often - even when the website automatically upgrades to HTML5 instead. Even YouTube tries Flash first.
Flash should be a fallback plan, not the first preference. Stop it. Please. I'm growing weary of ignoring that bar, it's like it's actually part of the browser chrome.
Flash will be with us for quite some time still. You can't get everyone to agree to uninstall Flash in one fell swoop. You can't expect Adobe to completely abandon it over night; which would mean no more updates and more security vulnerabilities.
They kinda have. They killed the next-gen compiler and Flex. It's essentially in maintenance mode now. Most of the effort is now expanded on Air which has some utility as a mobile dev platform.
I wish we would kill flash by providing a stronger solution. Does any application exist today that can replicate the functionality of even Flash MX (now 11 years old) in HTML5? An actual application that could be given to non-developers and not a series of javascript libraries.
First, you can only do so much with flash without writing code. And ActionScript 3 looked pretty similar to javascript anyway.
But more importantly, we should decouple the idea of Flash the authoring tool and Flash the runtime. I believe Flash the authoring tool already allows you to output to HTML 5 rather than an SWF file. So you can have all the benefits of flash authoring, without the drawbacks (killing your customer's batteries).
Then there's Shumway (Mozilla's JS based flash runtime).
There are already lots of alternatives to the nasty Flash runtime.
So you can have all the benefits of flash authoring, without the drawbacks (killing your customer's batteries).
How true is the battery thing today, really?
Objectively, on my relatively powerful workstation PC, watching Flash videos using Flash widgets on web sites doesn't tend to bump either CPU or GPU frequencies up noticeably.
In contrast, watching HTML5 video can cause either or both to go way up, with consequent extra power consumption, temperature rises, fan noise, etc. And all these trendy modern animations and canvas/SVG effects in browsers that are replacing some of what Flash used to be used for apparently require more effort from that workstation-class hardware than literally doing full-screen real-time 3D rendering in a graphics application.
Of course it's possible that this is just dodgy graphics drivers -- I do have an extremely low opinion of AMD's supposedly premium products since I've actually used some of them -- but those same dodgy drivers are there when using Flash too, and it can still play videos without raising the ambient room temperate by multiple degrees.
Well hardware decoding of flash video has improved over the years, but I can tell you that while I can play 1080p hi def videos without seeing much bump in my CPU (on the laptop), when my aluminum macbook pro is freezing cold to put on my lap in the winter, nothing warms it up as fast as playing a random youtube video with Flash.
Writing games in AS3 is actually pretty nice. It will run on any OS/Browser that has the Flash plugin installed, without compatibility issues, and can export to all the major mobile devices as apps.
Flash for desktop browsers, apps for mobile devices, even Adobe agrees on that. And if you just have a simple website, make it in HTML5 (Adobe also agrees on that)
People confuse website content (which should be built on HTML5, I agree) with rich 'clients' such as games. If you want to build games for the web, good luck with HTML5.
As with Java, the problem is not Flash per se but the browser plugin implementing SWF runtime. Flash can and probably will live long and prosper as the Flash "creator" app will switch to generating JavaScript+HTML5 istead of SWF.
Yeah good luck with that, about as much as luck as building desktop applications with HTML 5 and JS wrapped in a web view component. It can be done but the result is sh*t.
Shameless plug: we've been building Tumult Hype over the past 4 years because we knew there'd need to be an HTML5 toolchain to let designers accomplish what they once did with Flash:
A colleague of mine was a very vocal anti-Flash proponent - he used to say that he's tired of his laptop overheating from those 5 stupid animated Flash banners (on his favourite news site).
The irony of it is - I'm not sure 5 animated WebGL banners would keep his laptop any cooler...
getting the GPU to offload stuff and letting the host OS deal with it instead of layers of browser plugins still sounds better (even when Flash tries to use hardware acceleration).
for example, it's much more efficient to let the browser (Safari) play html5 video and hardware decode it than the same video through flash.
it's also much easier to control things when it's not in a black box such as flash, browsers let you disable or whitelist things like JS, WebGL, etc.
If you're implying that Flash is using only software-based rendering while WebGL is hardware accelerated - thats not really true. Look it up - Flash has been doing HW acc. for years now across platforms. Its 2015 now and it took WebGL 5 years to get to decent (but not perfect) desktop support - forget about mobile. Same with video - as far as I know Flash does HW acc. video too.
To a developer Flash is not a black box - to a user, again - it seems that that technology gets a lot of blame for what developers are doing with it. If you have 5 animated banners hogging your CPU/GPU, whether in WebGL or Flash - who is to blame?
I specifically mention that even when it tries to do hardware acceleration it isn't as efficient. I know it does h264 hardware acceleration along with 3D stuff. It does it, it just does it really poorly compared to native alternatives.
The blackbox comment is referring to it not being part of the DOM.
Efficiency is a really subjective benchmark. Especially when there are multiple browsers and platforms in play. Look at the WebGL example posted a few comments above - it will very efficiently warm up your GPU :)
Of course the content of a plugin is not a part of the DOM - however you're not calling MP4 videos or webfonts "blackboxes" for not being able to read their source code from the web inspector either...
Playing SD quality video in HTML5 in Safari; minimal CPU usage, 7 hours battery life (on a 2012 MBA). Playing SD quality video in Flash in Safari; heavy CPU usage, audible fan noise, 2 hour battery life.
In a past life I did some Flash development; the Windows player was generally a little better (with the Mac one being in between and the Linux one being _horrendously_ inefficient), but it was still far from _good_.
it isn't, it's pretty easy to measure CPU usage along with energy usage with the exact same video file across multiple browsers on the same computer and across different players (html5 vs flash).
In which browser can I whitelist the usage of WebGL without turning of JavaScript completely? (which makes large parts of the web hard to use or totally unusable)
Whitelisted/Click-to-play flash works relatively well.
Particle tests are a dime a dozen. You could have seen the same things in Flash 10 years ago.
BTW I'm on a Mac viewing your (66k polygons) example in Chrome - and my fans started spinning almost a few seconds after opening your link. Five of those running in parallel and my laptop would probably explode.
It took less than 2 minutes for that page to put my workstation-class graphics card up over 10 degrees C with the fans at 100% and audible from the next room.
You know what's actually kinda interesting? There's going to have to be an independent flash file player in order to view a lot of content that was produced when Flash was king. Like, I mean a lot of games and videos are going to be strictly inaccessible without downloading a tailored piece of software to specifically view them. Think about all the other common file formats that your computer will just open for you now. All those flash files are going to be basically in the dustbin.
There has been for a very long time a desktop player packaged with Flash Professional, I'm not sure if it comes with the free player download but I expect it would.
The real problem will be the Flash games and applications that try and call home to domains that no longer exist.
Ask Google Music developers why they still require Flash for the best experience? You can call for its death but the call is hollow without a replacement.
Isn't there also a possibility for the browsers to sandbox the plugins enough to keep them safe?
Let's say that we can get every major site to stop using Flash going forward, and that we can paper over it with HTML5 and polyfills. Great.
What do we do about the historic content that will never, ever be ported to anything other than Flash? Every thing on Kongregate? Newgrounds? Homestarrunner.com? Desktop Tower Defense? We're talking about taking a decade's worth of interactive web content and declaring it no longer relevant. Without a plan for preserving that material and continuing to make it accessible, I think that killing off Flash rather than deprecating it is a terrible idea.
As an aside, we shouldn't even accept your first assumption there, because it's demonstrably not true. There are all kinds of thing that tools like Flash (and Java, and Silverlight, and even ActiveX controls) have previously been useful for that HTML5 and JS can't yet replace.
But your main point is a very good one. There are way too many people in the industry right now complaining about those older technologies who think that the world somehow magically owes them updates to 10-20 years of past work, just because their bleeding edge browser-native tools have finally reached the point in the very recent past when they can do some of the same work to a useful degree.
There are also way too many people moaning about how these plug-ins are such horrendous security problems while ignoring the facts that (a) every major browser also has a less than stellar track record on security issues, with Firefox and Chrome patching numerous vulnerabilities in updates every few weeks, and (b) moving the more advanced, and often hardware-accelerated, functionality from plug-ins to native browser capabilities isn't really reducing the area of the attack surface, it's just reshaping it. Given these facts, there is little reason to assume that browsers will inherently be more secure just because plug-ins were forced out in favour of native technologies. As others have been pointing out today, the reverse might actually be true, because at least the plug-ins have a degree of isolation and click-to-play safeguards are now widespread, while the trend with browsers (again, particularly Firefox and Chrome) is to remove obvious settings that would allow users to turn off certain functions.
Exactly. This is why the argument of "well, you can't complain about Flash/Java exploits because the browser itself also has exploits too" is not valid. By adding Flash/Java to the browser you are increasing the attack surface of the browser "package" as a whole.
By adding Flash/Java to the browser you are increasing the attack surface of the browser "package" as a whole.
By adding HTML5 video and now its DRM-related infrastructure, WebGL, and other features that developers used to use Flash/Java for, you are also increasing the attack surface of the browser "package" as a whole. The comparison is a perfectly reasonable one.
On the other hand, those will be separate implementations on different browsers, so it reduces the applicability of any one exploit. An exploit in Flash or Java becomes cross-browser.
On the other hand, those will be separate implementations on different browsers
Unless more than one browser uses, say, the same video codecs, or the same third-party DRM-related module, or the same system services for doing hardware-accelerated 3D rendering.
There may be some marginal advantage to having different implementations in different browsers, but marginal is probably all it is. Realistically, as things we used to do in the likes of Flash or Java move into browser-native implementations, there is still no reason to assume that the people writing those implementations will magically produce completely secure implementations where no-one ever has before.
I get really tired of the industry's widespread bandwagoning on this issue in particular. This bandwagoning dismisses more collective works and industries than any technology in the past just for the sake of promoting bleeding edge, evergreen tech.
What about the game industry? What about the animation industry? HTML5 doesn't replace Flash for those arenas. It's blatant ignorance for individuals to even come out and claim Adobe should set and end of life date for the product. Sure Flash has had some issues, and they came at the expense of FutureWave Software, Macromedia, and Adobe moving faster than anyone in the web industry at the time, with different goals, that just happen to now be of interest to web developers at large.
The reality is that web tech has just eaten into and provided standardized variants of features that Flash/Shockwave has had for over TWO decades. Yeah, real progressive of the web community. _Slow clap._
> What about the game industry? What about the animation industry? HTML5 doesn't replace Flash for those arenas
In the gaming arena, you can look at http://html5games.com/ or http://www.kongregate.com/html5-games or http://www.html5games.net/ or even just Google "HTML5 Games". Based on all of those HTML5 games it's clear that HTML5 can replace Flash in the gaming arena. There's only 1 place where HTML5 games and Flash games are really that different - on mobile devices (Flash doesn't work well if at all, HTML5 works like a charm).
I definitely wouldn't say that HTML5 "works like a charm" on mobile devices. I did a simple frame rate counter for a basic Canvas scene; the Chrome iOS browser was only 25% the frame rate of Chrome on a 4-year-old laptop.
But I see your point and expect HTML5 to improve, but it is along way from being what a lot people think it is.
> Chrome iOS browser was only 25% the frame rate of Chrome on a 4-year-old laptop.
That would be because Chrome on iOS is not Chrome, it's a wrapper around a UIWebView with all the performance pitfalls that entails. Go try it in Safari on iOS or Chrome on Android if you want a proper performance comparison.
WKWebView was released in iOS 8 that does bring the performance on par, it is still missing features that UIWebView provides and as such Chrome for iOS is still utilizing UIWebView instead of WKWebView.
What you say is true, however, the performance on iOS Safari was only marginally better than Chrome. My 60 fps on Chrome Desktop gets about 18 fps on Safari iOS and 15 fps on Chrome iOS.
HTML5 doesn't replace Flash. It's certainly an alternative, like my engine is an alternative to LÖVE, but it doesn't replace it. This is akin to saying SDL replaces lwjgl, or Unity replaces UE4.
I'm a game developer who has used flash in the past, and does HTML5 mostly now.
HTML5 without WebGL doesn't match the functionality offered by flash, even for just 2D content.
HTML5 with WebGL runs fairly poorly on a lot of machines, and not at all on many as well.
I'm not really sad to see flash go (though I truly hope there is a way to preserve it's content, and would be very sad to see that go), but HTML5 is a ways off from providing the feature set and reliability of Flash.
Yep, very well stated. I think Adobe should make an effort to remove features from Flash that are no longer relevant and focus on a core set of functionality that allows Flash to go back to its roots and facilitate the needs of animators over anything else, really.
That's Flash's domain predominantly, and that's what it does best out of its feature set.
The solution is to add functionality to html5 to support all the major features offered by flash, and then replace flash with interpreted javascript players such as Shumway.
It's not about features. I doubt that many people think that HTML5 is better than Flash at games or animation.
The world has just changed around Flash. The performance and security problems, which were an annoyance 7 years ago, are today seemingly fatal--not least because Adobe has spent 7 years trying to fix them and failing.
At some point it seems like we should just throw up our hands and invoke the sunk cost fallacy.
>This bandwagoning dismisses more collective works and industries than any technology in the past just for the sake of promoting bleeding edge, evergreen tech.
Flash needs to go for the sake of our security, not to climb up to a bleeding edge. The security risks are way beyond unacceptable.
Perhaps you could argue that some similar functions in HTML5 have just as serious of threats but additionally lack an off switch??
As for accessing legacy content, treat Flash like Ebola and keep an old machine around for that? It would help if the old machine has no writable flash or drives (or at least includes a non-writable restore image if there's a drive).
If our machines have writable flash for the network adapter, video card, hard drive, bios, and a few other things, how secure can they be? Even our flash isn't safe from Flash.
> "Without a plan for preserving that material and continuing to make it accessible, I think that killing off Flash rather than deprecating it is a terrible idea."
I'll miss some of the content to be sure, but ultimately the security of hundreds of millions of users trumps nostalgia and old Flash games from the 90s.
If there's a good way to preserve the content in some way, I'm all for it, but justifying the continued use of Flash purely on the grounds of historical content is IMO pretty weak.
Side note: a lot of the old Flash animations have been "ported" to YouTube, the non-interactive stuff at least. Heck, the YouTube versions show up before the real Flash versions sometimes...
Flash was the major source of online rich-media games up until a couple of years ago, not "the 90's". It's still used in that arena because HTML/CSS/JS is not as good of a platform for interactive gaming.
I'd argue that Flash as a gaming platform has been fairly marginal for quite some time, and that most of what people would want to preserve existed somewhere between the late 90s to the mid-00s - but that's purely a subjective argument and we can argue about that till the cows come home and never agree.
Ultimately it comes down to this: keeping a notoriously insecure runtime around in active use, by hundreds of millions of people, is a non-starter. Unlike, say, Java applets, the frequency and severity of security holes found in Flash is just ridiculous. After years of allegedly focusing on cleaning up Flash, serious exploits are still being discovered regularly.
The strongest argument in favor of keeping Flash around is IMO the fact that there is important functionality provided by Flash that has not been effectively (or at all) replicated by HTML. The weakest argument is IMO any centered around historical preservation.
Personally, even considering the strongest argument, keeping an insecure runtime running on hundreds of millions of machines vs. better in-browser games... The choice seems pretty clear.
Why is deprecation insufficient for the security concerns? Say that Firefox/Chrome/Edge will no longer execute Flash code without explicit user permission on a per-SWF file basis. No more background execution of Flash as a default. But the Flash runtime is still there to display Flash content if the user trusts the source. Doesn't that address the security concern AND allow people to continue to access the entire web?
Oh don't get me wrong - deprecation is the right move. We are after all unable to simply remove Flash from every website and every user machine overnight.
But right now we're not moving towards deprecation, Flash is not officially stated by Adobe (nor anyone else of any authority) to be a deprecated technology, and new work is being created for it still (with the encouragement of Adobe, even).
Deprecation at the community level will also require us to define replacements and expand the current limitations of HTML5 so that functionality lost with Flash can at least in some way be recovered.
That being said, my ideal solution here is a bit harsher than yours. Like you, I hope all browsers immediately stop executing Flash code without explicit user permission on a per-SWF basis, and I want them to unbundle Flash. The only people who should be running Flash are the ones who have chosen explicitly to put it on their machine.
In any case, my original post was in response to the notion that Flash should be kept alive because of all the old games/animations that have already been created for it - that is IMO a pretty bogus argument for keeping around something so infamously insecure. Flash needs to be deprecated.
Not to mention from a preservation of history perspective deprecation of Flash is not harmful. You can run an old copy of Windows in a VM with an old copy of a browser with an old copy of Flash (and not have any back compat issues, sweet). I do not believe it should be a priority to preserve everyone's ability to view old Flash content without any prior setup at the drop of a hat. If you want to rewind to the mid-00s it's easy enough to get something like this set up - certainly easier than buying your own 35mm projector or microfilm machine like other archival formats.
Much of the content will disappear. Wasn't that one of the arguments against using Flash in the first place? People used it anyway. Now it's time for the emotional blackmail?
If Apple kills iOS in a decade what happens to all those apps? They're not sentimental.
Well, no, they're not sentimental. But I am. And that's a hell of an incentive to not use iOS if you ask me. At least with Android I know that I'll be able to still run those versions in an emulator if I want to.
This isn't about emotional blackmail. And heck, I'm not the person who made any of those things. I'm just the person who remembers them fondly and still wants to have them around. The difficulty of preserving digital works is bad enough without callous disregard for the task.
In hundreds of years, let alone thousands of years, the Flash content isn't going to matter. Neither will those iOS and Android apps. Flash has been dying for 5 years. A quicker death will be better for everyone. If we wait another 5 years, the problem will just grow.
Also, consider that the next couple billion people to come online will be mobile only. Why create content that they can't use?
We still watch hundred-year-old movies and read thousand-year-old books. Because people have put in the effort to preserve those things for us. Meanwhile, you're arguing that we shouldn't expend any effort so that people can watch five-year-old Flash cartoons.
In multiple posts, I've said deprecate it. No new Flash content. No reason to create more content that is encumbered by Flash's legacy status. (Although others here have pointed out that HTML5 is not quite as capable of replacing Flash as some think.) But why the huge rush to completely abolish the Flash content that already exists?
We absolutely don't watch all of the hundred-year-old movies or all of the thousand-year-old books, we read the BEST of those. The best of the flash content is going to be preserved via other mediums.
Removing flash entirely has the added benefit of forcing the best content onto modern mediums. Depreciating it doesn't fix the security problems associated with it, it just extends them indefinitely.
True. And in fact even Steve Jobs said a decade or two ago that the digital videos people were making at the time would never run on any computer in the future. And I do have a bundle of digital media from the mid-90s that I can't open in anything.
Look at the various computer museums and organizations that deal in archiving old technology. They have been dealing with this problem for years. It could be as simple as mirroring the website or service and firing up a virtual machine with windows 2000 and Adobe Flash installed. Thats easy compared to dealing with old magnetic media like floppies and reels.
And what about all the games from 15-20 years ago, or all the "explanatory" pages (e.g., visualizing different types of balanced binary search trees) that used Java applets? This has been done before, and not that long ago. And just like with DOS or NES games, people will build emulators that work well enough and that will suffice for enjoying historical content.
Actually, the really annoying stuff isn't Flash, it's Shockwave. The format's not been reverse-engineered, and it's hard-to-impossible to find a working plugin for it that seems to play some of those old Shockwave games.
that is a very important issue that is very common with everything software related.... hopefully someone will keep porting them to newer technologies.. but more then likely lots of stuff will be lost forever... even backups can suffer from this in the long run, but maybe the physical media would become defective first..
IMHO Flash was pretty good when it was still Macromedia Flash; after Adobe bought it, things started going downhill.
I think the file format itself is quite nice (it's much more compact than SVG, for example) - the real problem is with the interpreter's implementation...
Unfortunately, Flash still plays Youtube videos more efficiently than HTML5. On weak hardware this can make a difference between smooth playback or choppy video or watching videos in much lower resolution that you normally would with Flash.
Maybe that's true on Windows? On Linux the HTML5 version of youtube is way more reactive, feels(!) to download faster, and the GUI itself is broken less often (flash player often had some broken lines, or some elements that seemingly haven't been in the right place)
The browser vendors are fixing bugs faster. Also, Flash is not required for surfing most of the Web where as a Web browser is. Flash is additional and unnecessary risk.
WebAssembly will have all the good parts of the Flash VM, with the important advantage of being an open standard, right from the beginning, with multiple competing implementations. It will really be the final nail in the coffin for Flash.
Flash runs in the browser, so any random web page can run malicious Flash content. Adobe Air is a standalone application runtime, so Air users know what content they're running.
it's been 5 years or so that I constantly hear ppl saying "flash is dead", OK maybe, maybe not.
Apparently it's not dead enough, HTML5 didn't grow enough in those last 5 years to kill it, so what ppl are asking now ? "oh please Adobe kill it yourself"
and why ?
oh because this remote code execution flaw is unacceptable, humm OK, so following this logic we should kill any technology that get the same flaw right ?
How about killing Firefox ? Chrome ? Windows ? etc.
I mean that's what we are talking about here right, preserve ppl from security flaw by killing bad technology that constantly have flaw, well ... why stop at Flash only ?
ouh it took Adobe 48h to fix a security flaw, if your platform take more than 48h to fix the same kind of security risk it should be killed too, and there we look into the details and oh surprise, how long does it take Mozilla to fix a remote code execution ?
at least few weeks, well that's it we should all ask Mozilla to kill Firefox too.
Let's review the others now, Google with Chrome, Microsoft with Windows, etc.
I mean really we have the great opportunity here to ask every single big software vendors who ever had some security flaw in their software to just kill them because duh it's just keep happening and it is unacceptable.
No, no worries, don't even bother to fix them, just kill them.
Because everyone knows that only good secure software never have bugs or security flaws right, so let's do this logic thing let's kill all software that have flaws and only keep using those with no flaws.
Hahaha it is ridiculous, every single software out there have bugs, flaws, etc.
and among all that yeah sure you have big security exploits waiting to be discovered, but the important thing to understand is that it does concern everyone.
If you say or think it is only Adobe with Flash you are lying to yourself big time.
But fair is fair, if you want to lash out on Flash, yeah be my guest but then do the same for every other tech out there because they are all guilty of the same problems.
Software can not be bug free, it's like that, accept it and live with it.
You will always have a bunch of people trying to find those bugs and exploit them,
and as well you always have another bunch of people trying to fix those bugs.
But if your logic is just about "oh this piece of crap of software is ridden with bugs we should just kill it", then be ready to kill the next one, and the next one, and the next one, till there is no software anymore out there.
117 comments
[ 3.4 ms ] story [ 152 ms ] threadAlso Flash nowadays also compiles to native code and is used by many mobile games, even on iOS.
And DRM video of course.
That's a worst-case scenario, but I get the "enable Flash bar" all too often - even when the website automatically upgrades to HTML5 instead. Even YouTube tries Flash first.
Flash should be a fallback plan, not the first preference. Stop it. Please. I'm growing weary of ignoring that bar, it's like it's actually part of the browser chrome.
http://www.colorado.edu/geography/foote/geog4043/notes/flash...
http://www.colorado.edu/geography/foote/geog4043/notes/flash...
But more importantly, we should decouple the idea of Flash the authoring tool and Flash the runtime. I believe Flash the authoring tool already allows you to output to HTML 5 rather than an SWF file. So you can have all the benefits of flash authoring, without the drawbacks (killing your customer's batteries).
Then there's Shumway (Mozilla's JS based flash runtime).
There are already lots of alternatives to the nasty Flash runtime.
How true is the battery thing today, really?
Objectively, on my relatively powerful workstation PC, watching Flash videos using Flash widgets on web sites doesn't tend to bump either CPU or GPU frequencies up noticeably.
In contrast, watching HTML5 video can cause either or both to go way up, with consequent extra power consumption, temperature rises, fan noise, etc. And all these trendy modern animations and canvas/SVG effects in browsers that are replacing some of what Flash used to be used for apparently require more effort from that workstation-class hardware than literally doing full-screen real-time 3D rendering in a graphics application.
Of course it's possible that this is just dodgy graphics drivers -- I do have an extremely low opinion of AMD's supposedly premium products since I've actually used some of them -- but those same dodgy drivers are there when using Flash too, and it can still play videos without raising the ambient room temperate by multiple degrees.
Flash for desktop browsers, apps for mobile devices, even Adobe agrees on that. And if you just have a simple website, make it in HTML5 (Adobe also agrees on that)
People confuse website content (which should be built on HTML5, I agree) with rich 'clients' such as games. If you want to build games for the web, good luck with HTML5.
http://tumult.com/hype/
It isn't a Flash Professional clone though; we've made a lot of decisions based on the newer medium and newer ideas.
The irony of it is - I'm not sure 5 animated WebGL banners would keep his laptop any cooler...
for example, it's much more efficient to let the browser (Safari) play html5 video and hardware decode it than the same video through flash.
it's also much easier to control things when it's not in a black box such as flash, browsers let you disable or whitelist things like JS, WebGL, etc.
To a developer Flash is not a black box - to a user, again - it seems that that technology gets a lot of blame for what developers are doing with it. If you have 5 animated banners hogging your CPU/GPU, whether in WebGL or Flash - who is to blame?
The blackbox comment is referring to it not being part of the DOM.
Of course the content of a plugin is not a part of the DOM - however you're not calling MP4 videos or webfonts "blackboxes" for not being able to read their source code from the web inspector either...
Playing SD quality video in HTML5 in Safari; minimal CPU usage, 7 hours battery life (on a 2012 MBA). Playing SD quality video in Flash in Safari; heavy CPU usage, audible fan noise, 2 hour battery life.
In a past life I did some Flash development; the Windows player was generally a little better (with the Mac one being in between and the Linux one being _horrendously_ inefficient), but it was still far from _good_.
Whitelisted/Click-to-play flash works relatively well.
http://f.cl.ly/items/2J3Y0W473c3y1N2s401k/Screen%20Shot%2020...
http://f.cl.ly/items/2X2X303p3q2i2a2d2M3o/Screen%20Shot%2020...
BTW I'm on a Mac viewing your (66k polygons) example in Chrome - and my fans started spinning almost a few seconds after opening your link. Five of those running in parallel and my laptop would probably explode.
GPU seems to be going crazy - http://i.imgur.com/t4qC0LJ.png
That's not a good sign.
The real problem will be the Flash games and applications that try and call home to domains that no longer exist.
https://helpx.adobe.com/flash-player/kb/archived-flash-playe...
In the later versions it was renamed to "projector" but you can still tell them apart from the "_sa" in the filename.
Isn't there also a possibility for the browsers to sandbox the plugins enough to keep them safe?
What do we do about the historic content that will never, ever be ported to anything other than Flash? Every thing on Kongregate? Newgrounds? Homestarrunner.com? Desktop Tower Defense? We're talking about taking a decade's worth of interactive web content and declaring it no longer relevant. Without a plan for preserving that material and continuing to make it accessible, I think that killing off Flash rather than deprecating it is a terrible idea.
But your main point is a very good one. There are way too many people in the industry right now complaining about those older technologies who think that the world somehow magically owes them updates to 10-20 years of past work, just because their bleeding edge browser-native tools have finally reached the point in the very recent past when they can do some of the same work to a useful degree.
There are also way too many people moaning about how these plug-ins are such horrendous security problems while ignoring the facts that (a) every major browser also has a less than stellar track record on security issues, with Firefox and Chrome patching numerous vulnerabilities in updates every few weeks, and (b) moving the more advanced, and often hardware-accelerated, functionality from plug-ins to native browser capabilities isn't really reducing the area of the attack surface, it's just reshaping it. Given these facts, there is little reason to assume that browsers will inherently be more secure just because plug-ins were forced out in favour of native technologies. As others have been pointing out today, the reverse might actually be true, because at least the plug-ins have a degree of isolation and click-to-play safeguards are now widespread, while the trend with browsers (again, particularly Firefox and Chrome) is to remove obvious settings that would allow users to turn off certain functions.
By adding HTML5 video and now its DRM-related infrastructure, WebGL, and other features that developers used to use Flash/Java for, you are also increasing the attack surface of the browser "package" as a whole. The comparison is a perfectly reasonable one.
Unless more than one browser uses, say, the same video codecs, or the same third-party DRM-related module, or the same system services for doing hardware-accelerated 3D rendering.
There may be some marginal advantage to having different implementations in different browsers, but marginal is probably all it is. Realistically, as things we used to do in the likes of Flash or Java move into browser-native implementations, there is still no reason to assume that the people writing those implementations will magically produce completely secure implementations where no-one ever has before.
What about the game industry? What about the animation industry? HTML5 doesn't replace Flash for those arenas. It's blatant ignorance for individuals to even come out and claim Adobe should set and end of life date for the product. Sure Flash has had some issues, and they came at the expense of FutureWave Software, Macromedia, and Adobe moving faster than anyone in the web industry at the time, with different goals, that just happen to now be of interest to web developers at large.
The reality is that web tech has just eaten into and provided standardized variants of features that Flash/Shockwave has had for over TWO decades. Yeah, real progressive of the web community. _Slow clap._
In the gaming arena, you can look at http://html5games.com/ or http://www.kongregate.com/html5-games or http://www.html5games.net/ or even just Google "HTML5 Games". Based on all of those HTML5 games it's clear that HTML5 can replace Flash in the gaming arena. There's only 1 place where HTML5 games and Flash games are really that different - on mobile devices (Flash doesn't work well if at all, HTML5 works like a charm).
As for animations, doing some simple Googling will bring up results that also show HTML5 can replace Flash: https://www.freshdesignweb.com/examples-html5-animation/
But I see your point and expect HTML5 to improve, but it is along way from being what a lot people think it is.
That would be because Chrome on iOS is not Chrome, it's a wrapper around a UIWebView with all the performance pitfalls that entails. Go try it in Safari on iOS or Chrome on Android if you want a proper performance comparison.
HTML5 doesn't replace Flash. It's certainly an alternative, like my engine is an alternative to LÖVE, but it doesn't replace it. This is akin to saying SDL replaces lwjgl, or Unity replaces UE4.
HTML5 without WebGL doesn't match the functionality offered by flash, even for just 2D content.
HTML5 with WebGL runs fairly poorly on a lot of machines, and not at all on many as well.
I'm not really sad to see flash go (though I truly hope there is a way to preserve it's content, and would be very sad to see that go), but HTML5 is a ways off from providing the feature set and reliability of Flash.
That's Flash's domain predominantly, and that's what it does best out of its feature set.
The world has just changed around Flash. The performance and security problems, which were an annoyance 7 years ago, are today seemingly fatal--not least because Adobe has spent 7 years trying to fix them and failing.
At some point it seems like we should just throw up our hands and invoke the sunk cost fallacy.
Flash needs to go for the sake of our security, not to climb up to a bleeding edge. The security risks are way beyond unacceptable.
Perhaps you could argue that some similar functions in HTML5 have just as serious of threats but additionally lack an off switch??
As for accessing legacy content, treat Flash like Ebola and keep an old machine around for that? It would help if the old machine has no writable flash or drives (or at least includes a non-writable restore image if there's a drive).
If our machines have writable flash for the network adapter, video card, hard drive, bios, and a few other things, how secure can they be? Even our flash isn't safe from Flash.
I'll miss some of the content to be sure, but ultimately the security of hundreds of millions of users trumps nostalgia and old Flash games from the 90s.
If there's a good way to preserve the content in some way, I'm all for it, but justifying the continued use of Flash purely on the grounds of historical content is IMO pretty weak.
Side note: a lot of the old Flash animations have been "ported" to YouTube, the non-interactive stuff at least. Heck, the YouTube versions show up before the real Flash versions sometimes...
Ultimately it comes down to this: keeping a notoriously insecure runtime around in active use, by hundreds of millions of people, is a non-starter. Unlike, say, Java applets, the frequency and severity of security holes found in Flash is just ridiculous. After years of allegedly focusing on cleaning up Flash, serious exploits are still being discovered regularly.
The strongest argument in favor of keeping Flash around is IMO the fact that there is important functionality provided by Flash that has not been effectively (or at all) replicated by HTML. The weakest argument is IMO any centered around historical preservation.
Personally, even considering the strongest argument, keeping an insecure runtime running on hundreds of millions of machines vs. better in-browser games... The choice seems pretty clear.
But right now we're not moving towards deprecation, Flash is not officially stated by Adobe (nor anyone else of any authority) to be a deprecated technology, and new work is being created for it still (with the encouragement of Adobe, even).
Deprecation at the community level will also require us to define replacements and expand the current limitations of HTML5 so that functionality lost with Flash can at least in some way be recovered.
That being said, my ideal solution here is a bit harsher than yours. Like you, I hope all browsers immediately stop executing Flash code without explicit user permission on a per-SWF basis, and I want them to unbundle Flash. The only people who should be running Flash are the ones who have chosen explicitly to put it on their machine.
In any case, my original post was in response to the notion that Flash should be kept alive because of all the old games/animations that have already been created for it - that is IMO a pretty bogus argument for keeping around something so infamously insecure. Flash needs to be deprecated.
Not to mention from a preservation of history perspective deprecation of Flash is not harmful. You can run an old copy of Windows in a VM with an old copy of a browser with an old copy of Flash (and not have any back compat issues, sweet). I do not believe it should be a priority to preserve everyone's ability to view old Flash content without any prior setup at the drop of a hat. If you want to rewind to the mid-00s it's easy enough to get something like this set up - certainly easier than buying your own 35mm projector or microfilm machine like other archival formats.
If Apple kills iOS in a decade what happens to all those apps? They're not sentimental.
This isn't about emotional blackmail. And heck, I'm not the person who made any of those things. I'm just the person who remembers them fondly and still wants to have them around. The difficulty of preserving digital works is bad enough without callous disregard for the task.
Also, consider that the next couple billion people to come online will be mobile only. Why create content that they can't use?
In multiple posts, I've said deprecate it. No new Flash content. No reason to create more content that is encumbered by Flash's legacy status. (Although others here have pointed out that HTML5 is not quite as capable of replacing Flash as some think.) But why the huge rush to completely abolish the Flash content that already exists?
Removing flash entirely has the added benefit of forcing the best content onto modern mediums. Depreciating it doesn't fix the security problems associated with it, it just extends them indefinitely.
Stick it in our history books as an example of what happens when you tie yourself to a proprietary platform?
Just like Commodore 64, Apple IIe, the original PlayStation, NES, XBox, and a slew of other platforms made obsolete by something called "progress".
It's time for flash to die.
I'm pretty comfortable calling these things irrelevant.
Actually, the really annoying stuff isn't Flash, it's Shockwave. The format's not been reverse-engineered, and it's hard-to-impossible to find a working plugin for it that seems to play some of those old Shockwave games.
I think the file format itself is quite nice (it's much more compact than SVG, for example) - the real problem is with the interpreter's implementation...
please point to me a remote code execution exploit from any browsers that have been fixed in 48h or less, I dare you.
> Publish Date : 2015-07-05
> Last Update Date : 2015-07-07
Admittedly, most CVEs tend to take longer, but there's your counterexample.
[1]: http://www.cvedetails.com/cve/CVE-2015-2733/
Seriously, there was no better/easier way to visit a site, download an app, and have it push out updates. It was beautiful.
No other cross platform solution comes close to AIR in that regard.
Apparently it's not dead enough, HTML5 didn't grow enough in those last 5 years to kill it, so what ppl are asking now ? "oh please Adobe kill it yourself"
and why ?
oh because this remote code execution flaw is unacceptable, humm OK, so following this logic we should kill any technology that get the same flaw right ?
How about killing Firefox ? Chrome ? Windows ? etc.
I mean that's what we are talking about here right, preserve ppl from security flaw by killing bad technology that constantly have flaw, well ... why stop at Flash only ?
ouh it took Adobe 48h to fix a security flaw, if your platform take more than 48h to fix the same kind of security risk it should be killed too, and there we look into the details and oh surprise, how long does it take Mozilla to fix a remote code execution ?
at least few weeks, well that's it we should all ask Mozilla to kill Firefox too.
Let's review the others now, Google with Chrome, Microsoft with Windows, etc. I mean really we have the great opportunity here to ask every single big software vendors who ever had some security flaw in their software to just kill them because duh it's just keep happening and it is unacceptable.
No, no worries, don't even bother to fix them, just kill them.
Because everyone knows that only good secure software never have bugs or security flaws right, so let's do this logic thing let's kill all software that have flaws and only keep using those with no flaws.
Hahaha it is ridiculous, every single software out there have bugs, flaws, etc. and among all that yeah sure you have big security exploits waiting to be discovered, but the important thing to understand is that it does concern everyone.
If you say or think it is only Adobe with Flash you are lying to yourself big time.
But fair is fair, if you want to lash out on Flash, yeah be my guest but then do the same for every other tech out there because they are all guilty of the same problems.
Software can not be bug free, it's like that, accept it and live with it.
You will always have a bunch of people trying to find those bugs and exploit them, and as well you always have another bunch of people trying to fix those bugs.
But if your logic is just about "oh this piece of crap of software is ridden with bugs we should just kill it", then be ready to kill the next one, and the next one, and the next one, till there is no software anymore out there.
go here http://www.cvedetails.com/top-50-vendors.php and starts to ask all those companies to kill their products